The 1989 Workshop on the Assessment of Formal Methods for Trustworthy Com­ puter Systems (FM89} was an invitational workshop that brought together repre­ sentatives from the research, commercial and governmental spheres of Canada, the United Kingdom, and the United States. The workshop was held in Halifax, Nova Scotia, Canada, from July 23 through July 27, 1989. This document reports the activities, observations, recommendations and conclusions resulting. from FM89. 1. 1 Purpose of Workshop The primary purpose for holding FM89 was to assess the role of formal methods in the development and fielding of trustworthy critical systems. The need for this assessment was predicated upon four observations: 1. Critical systems are increasingly being controlled by computer systems; 2. Existing techniques for developing, assuring and certifying computer-based critical systems are inadequate; 3. Formal methods have the potential for playing the same role in the devel­ opment of computer-based systems as applied mathematics does for other engineering disciplines; and 4. Formal methods have had limited impact on the development of comput- based systems and supporting technologies. · The goal of the workshop was to complete the following tasks: 1. Assess the problems retarding the development of trustworthy critical systems; 2. Determine the (potential) impact of applying formal methods techniques to the development of trustworthy critical systems; 3. Determine the research and development required to facilitate a broader ap­ plication of formal methods techniques; 4.