TESTING OF PROGRAM CORRECTNES IN FORMAL THEORY (original) (raw)
Related papers
Resolution methods in proving the program correctness
Yugoslav Journal of …
Program testing determines whether its behavior matches the specification, and also how it behaves in different exploitation conditions. Proving of program correctness is reduced to finding a proof for assertion that given sequence of formulas represents derivation within a formal theory of special predicted calculus. A well-known variant of this conception is described: correctness based on programming logic rules. It is shown that programming logic rules may be used in automatic resolution procedure. Illustrative examples are given, realized in prolog-like LP-language (with no restrictions to Horn's clauses and without the final failure). Basic information on LP-language are also given. It has been shown how a Pascal-program is being executed in LP-system proffer.
Formal Program Verification Using Symbolic Execution
IEEE Transactions on Software Engineering, 2000
Symbolic execution provides a mechanism for formally proving programs correct. A notation is introduced which allows a concise presentation of rules of inference based on symbolic execution. Using this notation, rules of inference are developed to handle a number of language features, including loops and procedures with multiple exits. An attribute grammar is used to formally describe symbolic expression evaluation, and the treatment of function calls with side effects is shown to be straightforward. Because symbolic execution is related to program interpretation, it is an easy-to-comprehend, yet powerful technique. The rules of inference are useful in expressing the semantics of a language and form the basis of a mechanical verification condition generator.
Specification-based automatic verification of Prolog programs
Lecture Notes in Computer Science, 1997
The paper presents an analyzer for verifying the correctness of a Prolog program relative to a speci cation which p r o vides a list of input/output annotations for the arguments and parameters that can be used to establish program termination. The work stems from Deville's methodology to derive Prolog programs that correctly implement their declarative meaning. In this context, we propose an algorithm that combines, adapts, and sometimes improves various existing static analyses in order to verify total correctness of Prolog programs with respect to formal speci cations. Using the information computed during the verication process, an automatic complexity analysis can be also performed.
Automatic Program Verification III: A Methodology for Verifying Programs
National Technical Infornation Servici U. S. DEPARTMENT OF COMMERCE ' ■ mim mCLAüüIl IED SECURITY CLASSIFICATION OF THIS PAGEfHT,», D.I. Enl.r.rfJ lhe_paper investigates msthods for applying an on-line interactive vtnlication system derigned to prove properties or PASCAL programs. The methodology is intended to provide techniques for developing a debugged and verified version startin,: from a program, that (a) is possibly unfinished in some respects, (b) may not satisfy the given specmcations, e.g., may contain bugs, (c) may have incomplete documentation, (d) may be written in non-standard ways, e.g.. may depend on user-defined data structures. The methodology involves (i) interactive application of a verification condition generator, an algebraic simplifier and a theorem-prcver; Uij techniques for describing data structures, type constraints, and properties of programs and subprograms (i.e. lower level procedures); [Hi the use of (abstract) data types in structuring programs and proofs. Within each unit (i.e. segment of a problem), the interactive use is aimea at reducing verification conditions to manageable proportions so that the non-trivial factors may be analysed. Analysis of verification conditions attempts to localize errors in the program logic, to extend assertions inside the program, to spotlight additional assumptions on program subfunctions (beyond those already specified oy the programmer), and to generate appropriate lemmas that allow a verification to be completed. Methods for structuring correctness proofs are discussed that are similar to those of "structured programming-, A detailed case study of a pattern matching algorithm illustrating the various aspects of the methodology (including the role played by the user) is given. ii UNCLASSIFIED SECURITY CLASSIFICATION OF THIS PAGEfirh»n Oaf« Km.r.dJ " wmm'*^^*'*
Automated verification of Prolog programs
The Journal of Logic Programming, 1999
Although Prolog is (still) the most widely vsed logic language, it suffers from a number of drawbacks which prevent it 1¥om being truely declarative. The nondeclarative features such a', the depth-first search rule are nevertheless necessary to make Prolog reasonably efficient. Several authors have proposed methodologies to reconcile declarative programming with the algorithmic features of Proiog. The idea is to unalyse the logic program with respect to a set of properties such as modes, types, sharing, termination, and the like in order to ensure that the operational behaviour of the Prolog program complies with its logic meaning. Such analyses are tedious to perform by hand and cap. t~e automated to sorte extent. This paper presents a state-of-the-art analyser which allows one to integrate many individual analyses previously proposed in the l,i;.erature as well as new ones. Conceptualiy, the analyser is based on the notion of abstract sequence which makes it possible to collect all kkn6s of desirable ~rffozl-aation, including relations between the input and output sizes of terms, multiplicity, an~ t,zrmination.
We present a tool, based on abstract interpretation, that checks the correctness of an annotated Prolog program with respect to formal specifications of its procedures. Specifications describe operational properties such as mode, type, sharing, linearity, and size of input/output terms, occur-check freeness, conditions for sure success and failure, number of solutions to a call, including determinacy analysis, and induction parameters for proving termination. Program annotations also include polymorphic type declarations and norm declarations for terms. Programs can be structured as separate modules, which are checked separately, using the specifications of external procedures only. The tool either proves the correctness of a procedure with respect to a specification or reports precise information about the failure of a proof attempt. Correct specifications can then be used to optimize the program by safe automatic introduction of cuts and other related source to source transformations. Finally, the tool can be used to support a programming methodology where the declarative and operational aspects of logic program construction are clearly separated.
Automatic program verification I: A logical basis and its implementation
Acta Informatica, 1975
Defining the semantics of programming languages by axioms and rules of inference yields a deduction system within which proofs may be given that programs satisfy specifications. The deduction system herein is shown to be consistent and also deduction complete with respect to Hoare's system. A subgoaler for the deduction system is described whose input is a significant subset of Pascal programs plus inductive assertions. The output is a set of verification conditions or lemmas to be proved. Several non-trivial arithmetic and sorting programs have been shown to satisfy specifications by using an interactive theorem prover to automatically generate proofs of the verification conditions. Additional components for a more powerful verification system are under construction.
Formal Specifications and Test: Correctness and Oracle
1995
This article presents a new formal approach to testing. In the field of dynamic testing, as soon as a program fails for a test set, it is flagged incorrect. The remaining question is: how far can a successful program be considered as correct? We give a definition of program correctness with respect to a specification which is adequate to dynamic testing. Similarly to the field of abstract implementation, the idea is that in order to declare a program as correct, it suffices that its behavior fulfills the specification requirements. An intermediate semantic level between the program and the specification, called the oracle framework, is introduced in order to interpret observable results obtained from dynamic experiments on the program. This allows to give algebraic semantics (i.e. a set of models) to the program, compatible with the program behavior. Program correctness is then defined by some adequacy criterion between the specification semantics and the program semantics. We point out that while for some specifications, there exist exhaustive test sets (the success of which means program correctness), for some other specifications, there only exist “complete” (but not exhaustive) test sets. Of course, all the programs rejected by a complete test set are incorrect but unfortunately, there still exist successful incorrect programs. We also explain how the test set selection can be formalized within our approach.