  1. Jonathon Jacky
  2. Lessons from the Formal Development of a radiation therapy machine control program
  3. In [HincheyBowen99] pp185-205
  4. =EXPERIENCE Z tools TABULAR CSR SMV TMC radiation therapy machine
  5. formal methods can help create novel designs and original code not just post hoc.
  6. A detailed informal specification checked by users and designers must come first.
  7. Creating formal description requires design judgment.
  8. All documentation require much revision: content, correctness, clarity, organization.
  9. It is harder to do a useful formal description than a subset of the whole. educated developers can easily do small specifications.
  10. Good implementation is not easy.
  11. Inspection and paper-and-pencil can detect most but not all errors in large Z... if modularized.
  12. Minor errors don't make a document useless.

