Methods for teaching program verification

“Program verification” is generally defined as the process of ascertaining and demonstrating that a program is correct, i.e., that a program satisfies a given set of specifications. The most common method of verifying a program is by testing, the process of executing a program for a set of selected inputs and inferring from the results of those executions that the program is correct for all possible inputs. In practice today, a few programs are being proved correct but the most common method of program verification is still testing. Both methods are unreliable in different ways, but when combined, their complementary relationship can provide a high degree of assurance that programs are correct. The purpose of this paper is (1) to review the state of the art of these two approaches to program verification and the relationship between them, and (2) to suggest a number of ways in which program verification can be introduced into the computer science curriculum.