A Perspective on Program Verification (original) (raw)

2008, Lecture Notes in Computer Science

A perspective on program verification is presented from the point of view of a university professor who has been active over a period of 35 years in the development of formal methods and their supporting tools. He has educated until now approx. 25 Ph.D. researchers in those fields and has written two handbooks in the field of program verification, one unifying known techniques for proving data refinement, and the other on compositional verification of concurrent and distributed programs, and communication-closed layers. This essay closes with formulating a grand challenge worthy of modern Europe. 1 Background Conjecture: It has become a real possibility that Germany's most powerful industrialist, Jürgen Schrempp, heading the largest industry of Germany, Daim-lerChrysler, will be fired next year because his company has not spent sufficient attention to improve the reliability of the software of its prime product, Mercedes Benz cars. For, as a consequence of the poor quality of the top range of Mercedes Benz limousines, BMW has now replaced Mercedes Benz as the leading top-range car manufacturer in Germany. And this fact is unpalatable for the main shareholders of DaimlerChrysler (Deutsche Bank, e.g.). 1 The underlying reason for this fact is that 60% of the current production of Mercedes Benz cars has to be frequently called back because of software failures, the highest percentage of any car manufacturer in the world. And this percentage cannot be changed in, say, a year, the period of time Schrempp has to defend again his industrial strategy to his shareholders (this year his defense took place on April 6, 2005). This conjecture is at least the second of its kind: The Pentium Bug convinced the top level chip manufacturers that chips should be reliable and bug-free to the extent that any bug occurring after the production phase should be removable, at least to the extent that patches should be applicable circumventing those bugs. A third fact, not a conjecture, would be that two crashes of a fully loaded Airbus 380 due to software failure in a row would lead to the demise of the European aircraft industry. And one such crash of the Airbus 380 would have