Deductive program verification (a practitioner's commentary)

A proof of ‘correctness’ for a mathematical algorithm cannot be relevant to executions of a program based on that algorithm because both the algorithm and the proof are based on assumptions that do not hold for computations carried out by real-world computers. Thus, proving the ‘correctness’ of an algorithm cannot establish the trustworthiness of programs based on that algorithm. Despite the (deceptive) sameness of the notations used to represent them, the transformation of an algorithm into an executable program is a wrenching metamorphosis that changes a mathematical abstraction into a prescription for concrete actions to be taken by real computers. Therefore, it is verification of program executions (processes) that is needed, not of program texts that are merely the scripts for those processes. In this view, verification is the empirical investigation of: (a) the behavior that programs invoke in a computer system and (b) the larger context in which that behavior occurs. Here, deduction can play no more, and no less, a role than it does in the empirical sciences.

[1]  Peter Naur,et al.  Formalization in program development , 1982, BIT.

[2]  C. A. R. HOARE,et al.  An axiomatic basis for computer programming , 1969, CACM.

[3]  Paul G. Bassett Brittle Software: A Programming Paradox , 1987 .

[4]  Richard J. Lipton,et al.  Social processes and proofs of theorems and programs , 1977, POPL.

[5]  Herman H. Goldstine The Computer from Pascal to von Neumann , 1972 .

[6]  Ramez Elmasri,et al.  The Structural Model for Database Design , 1979, ER.

[7]  Barry W. Boehm,et al.  Software Engineering Economics , 1993, IEEE Transactions on Software Engineering.

[8]  Gerald M. Weinberg,et al.  Psychology of computer programming , 1971 .

[9]  Brian Cantwell Smith,et al.  The limits of correctness , 1985, CSOC.

[10]  Chris F. Kemerer,et al.  Corrigenda: laws of programming , 1987, CACM.

[11]  Gregor von Bochmann,et al.  Trace Analysis for Conformance and Arbitration Testing , 1989, IEEE Trans. Software Eng..

[12]  Christiane Floyd,et al.  Outline of a Paradigm Change in Software Engineering , 1993 .

[13]  James C. King,et al.  A new approach to program testing , 1974, Programming Methodology.

[14]  Gerald B. Williams,et al.  Software design issues: a very large information systems perspective , 1989, IWSSD '89.

[15]  Peter G. W. Keen,et al.  Information systems and organizational change , 1990, CACM.

[16]  Stanley Dubinsky,et al.  Objects and Other Subjects , 2001 .

[17]  Michael Jackson Banquet speech - objects and other subjects , 1988, OOPSLA 1988.

[18]  Imre Lakatos,et al.  On the Uses of Rigorous Proof. (Book Reviews: Proofs and Refutations. The Logic of Mathematical Discovery) , 1977 .

[19]  George W. Gerrity Computer Representation of Real Numbers , 1982, IEEE Transactions on Computers.

[20]  Loo Keng Hua,et al.  Introduction to number theory , 1982 .

[21]  Christiane Floyd,et al.  A paradigm change in software engineering , 1988, SOEN.

[22]  C. A. R. Hoare,et al.  Laws of programming , 1987, CACM.

[23]  Terry Winograd,et al.  Beyond programming languages , 1979, CACM.

[24]  T. G.,et al.  Number: the Language of Science , 1931, Nature.

[25]  Tobias Dantzig,et al.  Number: the Language of Science , 1931 .

[26]  C. A. R. Hoare,et al.  Programming: Sorcery or Science? , 1984, IEEE Software.

[27]  David A. Nelson,et al.  Modelling Enterprise Dynamics , 1991, DMIS.

[28]  Richard Platek Formal methods in mathematics , 1990 .

[29]  Nancy G. Leveson,et al.  The Consistent Comparison Problem in N-Version Software , 1989, IEEE Trans. Software Eng..

[30]  C. Hoare,et al.  Mathematics of Programming , 1993 .

[31]  David Lorge Parnas,et al.  A Rational Design Process: How and Why to Fake It , 1985, TAPSOFT, Vol.2.

[32]  W E Suydam Approaches to software testing embroiled in debate , 1986 .

[33]  David Lorge Parnas Software aspects of strategic defense systems , 1985, SOEN.

[34]  Ronald Brown Another point of view. , 2004, Journal of the American Dental Association.

[35]  Bruce J. MacLennan Values and objects in programming languages , 1982, SIGP.

[36]  I. Lakatos,et al.  Proofs and Refutations: Frontmatter , 1976 .

[37]  James H. Fetzer Program verification: the very idea , 1988, CACM.

[38]  Richard J. Lipton,et al.  Social processes and proofs of theorems and programs , 1979, CACM.