program correctness proof
program correctness proof A formal mathematical demonstration that the
semantics of a program are consistent with some specification for that program (see
program specification). There are two prerequisites to the provision of such a proof: there must be a formal specification for the program, and there must be some formal definition of the semantics of the programming language. Such a definition may take the form of a set of
axioms to cover the semantics of any simple statement in the language, and a set of
inference rules that show how the semantics of any compound statement, including a complete program, can be inferred from the semantics of its individual component statements (simple or compound).
For a typical sequential program written in some
imperative (procedural) language, the program specification can conveniently be given in the form of two
assertions: an
input assertion and an
output assertion. These are expressed in terms of properties of certain program variables and relationships between them. The proof then consists of a formal demonstration that the semantics of the program are consistent with the input and output assertions; this demonstration is of course based upon the formal definition of the semantics of the programming language. Interpreted operationally, the assertions characterize program states and the proof shows that if execution of the program is initiated in a state for which the input assertion is “true” then the program will eventually terminate in a state for which the output assertion is “true”.
This kind of proof is known as a
proof of total correctness. Historically, however, such a proof has often been resolved into two parts: first, a
proof of partial correctness, which shows that if the program terminates then it does so in a state for which the output assertion is “true”, and second, a
proof of termination, which shows that the program will indeed terminate (normally rather than abnormally).
A common approach to the proof of partial correctness begins by attaching the input and output assertions to the program text at the very beginning and very end respectively. Further assertions, called
intermediate assertions, are attached to the program text both before and after every statement (simple or compound). The assertion attached immediately before and immediately after a statement are known respectively as the
precondition and
postcondition of that statement.
The proof of partial correctness consists of a formal demonstration that the semantics of each statement in the program, whether simple or compound, are consistent with its precondition and postcondition. This demonstration can begin at the level of the simple statements and then proceed through the various levels of compound statement until eventually it is demonstrated that the semantics of the complete program are consistent with its precondition and postcondition, i.e. with the input assertion and the output assertion. The semantics of an individual statement are shown to be consistent with its precondition and postcondition by applying to the precondition and postcondition the appropriate axiom or inference rule for that statement. This yields a theorem, called a
verification condition, that must be proved using conventional mathematics in order to demonstrate the required consistency.
Note particularly that the overall proof of correctness is achieved not by consideration of execution histories, but rather by treating the program as a static mathematical object to which certain axioms and inference rules apply.
The central problem with such a proof is the devising of the intermediate assertions. This requires a full appreciation of the design of the program and of the semantics of the programming language. Often the key lies in finding appropriate intermediate assertions to attach inside the various loops in the program, i.e. loop
invariants. Devising intermediate assertions for some arbitrary program is often extremely difficult and a constructive approach, in which program and proof are developed together, is definitely preferable.
In order to present a proof of termination it is necessary to demonstrate first that the program does not suffer from abortive termination and second that the program does not endlessly repeat some loop. A demonstration of the former may become very complex, e.g. it may be necessary to demonstrate that arithmetic overflow will not occur. A demonstration that the program will eventually exit from some loop can be based on a
well-ordered set. For example, suppose that for some loop an expression E can be found such that the loop can be shown to terminate immediately if the value of E is negative. Further suppose that the value of E can be shown to decrease on each iteration around the loop. It then follows that the loop must terminate.
Proofs of correctness do not offer a complete solution to the problems of software reliability in practical systems. The sheer size and complexity of proofs presents many difficulties that are only partly alleviated by
mechanical verifier systems. Issues such as the limitations of computer arithmetic, indeterminacy, and parallelism all present additional problems. It may be very difficult to develop a specification against which to verify a program, and impossible to demonstrate that this specification is itself “correct” in that it properly reflects the intentions of the developers (and even more difficult to prove that it satisfies the needs of the intended users).
Work on proofs of correctness has made a major contribution to software engineering in that many advances in the understanding of programming languages, principles, and methods have their origins in this work. In addition the scope for practical applications of program proofs is growing and the formal approach to program correctness is of increasing significance.
Cite this article
Pick a style below, and copy the text for your bibliography.
|
Esters of Acrylic Acid: Trends and Prospects in International Trade Features Invaluable Information on Esters of Acrylic Acid Export/Import Operations.
Newspaper article from: Economics Week; 1/30/2009; 628 words
; ...researchandmarkets.com/research/d3ac20/esters_of_acrylic) has announced the addition of the Esters of Acrylic Acid: Trends and Prospects in...and worldwide market trends pertaining to Esters Of Acrylic Acid. The report will be of...
|
|
Esters of Methacrylic Acid Report: Trends and Prospects in International Trade Examined.
M2 Presswire; 11/12/2009; 627 words
; ...November 2009-Research and Markets: Esters of Methacrylic Acid Report: Trends and...researchandmarkets.com/research/b42330/esters_of_methacry) has announced the addition of the "Esters of Methacrylic Acid: Trends and Prospects...
|
|
Examine the World Fatty Esters Market.
News Wire article from: Canadian Corporate News; 3/27/2008; 700+ words
; ...9 Polyglycerol Fatty Acid Ester II-9 Sucrose Fatty Acid Esters II-10 Other Emulsification...Methyl Esters II-22 Soy Methyl Esters II-22 Alpha-Sulphonated Methyl Ester - A New Addition to the Methyl Esters Group II-23 7. Fatty Acids...
|
|
Are Ester-C and Ester-E better absorbed? more potent?
Magazine article from: Environmental Nutrition; 7/1/2005; 700+ words
; Q. Are Ester-C and Ester-E better than regular vitamin C or E supplements? A. Different...claims they are superior. But EN thinks the differences are overblown. Ester-C is said to contain natural vitamin C metabolites (byproducts of...
|
|
Glycerol Esters from the Reaction of Glycerol with Dicarboxylic Acid Esters
Magazine article from: Journal of Surfactants and Detergents; 4/1/2006; ; 700+ words
; ...addition, this synthetic ester [bis-(glycerol 1...esterified glycerol esters which are useful for...chain dicarboxylic acid esters, the present study on synthesis of glycerol ester by the transesterification...with dicarboxylic acid esters (C^sub 2^-C^sub...
|
|
Ester Mabry Remembers Thriving 7th Street
Newspaper article from: Oakland Post; 11/24/2002; ; 700+ words
; Aikens, Charles Oakland Post 11-24-2002 Ester Mabry, the owner of Ester's Orbit Room on 7th Street in Oakland was a popular...nightclub owner Slim Jenkins, before she started her own Ester's Breakfast Club, when 7th street was thriving...
|
|
Properties of polyol esters--lubrication of an aluminum silicon alloy
Magazine article from: Tribology Transactions; 7/1/1997; ; 700+ words
; ...7808 dibasic acid ester-based lubricants. The advantage of the polyol esters over the dibasic acid esters is that they possess...lower energy path for ester decomposition via a...intensive use of polyol esters as refrigerating lubricants...
|
|
Ester-E Sales Grow at Retail Despite Category Declines; Zila Attributes New Research, Form Differentiation, and Marketing Support to Sales Growth.
Business Wire; 5/4/2005; 700+ words
; ...of Zila Nutraceuticals, Inc., maker of Ester-C(R), announces growing retail sales for Ester-E(R), its unique, patented form of...Merchandisers. However, for the same period, Ester-E sales increased, up 35 percent on a dollar...
|
|
Reactive ester plasticizer for elastomers.(Tech Service)
Magazine article from: Rubber World; 11/1/2008; ; 700+ words
; Ester plasticizers are traditionally...of elastomers. New esters have been designed recently...Ideally, reactive esters, which provide non...this study, a reactive ester is compared to high performance traditional esters in an HNBR elastomer...
|
|
Can fatty esters exhibit extreme pressure behavior when used as boundary additives in hot rolling aluminum metal?
Magazine article from: Lubrication Engineering; 8/1/1998; ; 700+ words
; Fatty esters are common boundary additives...exact mechanism of how a fatty ester lubricates is not well understood. A fatty ester can adsorb on the surface of aluminum...proposed that a certain type of fatty ester, one which has at least one hydrogen...
|
|
Ester
Encyclopedia entry from: The Gale Encyclopedia of Science
...ester or lactone. If an ester group is treated with...acid and an alcohol. Esters are classified according...x2014; A cyclic ester. Salicylic acid acetate...is only one of many esters used as medicines. Phenyl...a similar aromatic ester, is used in the treatment...
|
|
ester
Book article from: The Columbia Encyclopedia, Sixth Edition
...ethyl acetate (an ester) and water are formed...extracts, and lacquers. Esters react with water ( hydrolysis...Naturally occurring esters of organic acids in fruits...their distinctive odors. Esters perform important functions...body; e.g., the ester acetylcholine is a chemical...
|
|
esters
Book article from: A Dictionary of Food and Nutrition
esters Compounds formed by condensation between an acid and an alcohol, e.g. ethyl alcohol and acetic acid yield the ester ethyl acetate. Fats are esters of the alcohol glycerol, and long‐chain fatty acids . Many esters are used as synthetic flavours .
|
|
Boserup, Ester
Encyclopedia entry from: International Encyclopedia of the Social Sciences
Boserup, Ester 1910-1999 Ester Boserup was born in Copenhagen in 1910 and graduated from the University of Copenhagen in 1935 in theoretical economics within a broad social science background. Her research work began with a decade at the United...
|
|
|
sucrose esters
Book article from: A Dictionary of Food and Nutrition
sucrose esters Di‐ and trilaurates and mono‐ and distearates of sucrose. Used as emulsifiers, wetting agents, and surface...
|
