A proposal for publication and exchange of program proofs

One criticism often directed toward program verification is the repeated appearanc e in published papers of only trivial, easily specified, or mathematical programs, such a s sorting, integer division by repeated subtraction, or greatest common divisor . A partia l answer to the criticism is that the papers are presenting new methods or refinements o f existing methods for which simple, familiar examples fulfill a pedagogical and comparativ e need. However, the criticism may still indicate a serious lack of depth and breadth o f experience and practice. The simple fact is that there have been few publication outlet s for free-standing program proofs; consequently, it should be no surprise that there are fa r more published papers on program proving than actual published proofs of programs. One way of remedying this situation is to encourage authors who formally publish ne w algorithms, analyses of existing algorithms, or variations of programming methodologies t o apply the known methods to now and diverse examples . Another approach is for an informal publication, say Software Engineering Notes, to include free-standing progra m proofs, i.e . proofs which are interesting in their own right . The latter course is being proposed and illustrated here, in the hope of facilitating reporting experience with an d examples of program proving and thereby to encourage wider and more effective study o f the subject . Several criteria which make program proofs interesting for this purpose are : 1. The proof of a familiar program or algorithm which shows something useful no t recognized previously or explicated clearly, e.g. the essence of an algorithm or the motivation for data and control structure choices . In my experience, program proofs ofte n assist greatly in clarifying material in older, elementary computer science textbooks, e .g . the topological sort algorithm in Section 2 .2.3 or the marking algorithms in Section 2 .3.5 of Knuth, Volume I . 2. A program which illustrates strengths and weaknesses of established or currently developing approaches to program proving . The example of this proposa l compares functional and iterative types of proofs and uses transformations to link thes e types . 3. A program which challenges the feasibility of proving or perhaps seems to require no proof . Numerical programs are often claimed to be "unprovable " by inductive assertion methods. Is this really so? Why? Programs in very high level languages wit h powerful operators and data structures are often taken as specifications and not proved . Is this sufficient ? 4. A generalization which supports proofs of many programs at once . Our example uses a "unique existence" schema which eases its proof substantially and also applies t o other programs . 5. An actual experience, positive or negative, with program proving in rea l software development .