DavidParnas reports success using a review method, based on reconciling the formal specification of a system with a formal description of the system as implemented (similar to what architects call an AsBuilt).
I think the paper that describes this is titled A Rational Design Process: How and Why to Fake It. Corrections? -- AllanBaruz
The overall methodology is to break down the specification into parts called displays that use tables and predicate calculus to formalize system behavior. The system can be reviewed a piece at a time.
The methodology has been used successfully several times, including the review of the control software for a nuclear power plant.
The review process is carried out by four teams:
- ProblemDomainExpertReviewers
- SolutionDomainExpertReviewers
- VerifiersForTheReview
- AuditorsForTheVerifiers
This small pattern language describes those teams.
-- JimCoplien
Go up to VerificationPatterns