Chapter 18 - Program correctness. This chapter provides knowledge of axiomatic semantics. This chapter includes contents: Fundamental concepts, the assignment rule, rules of consequence, correctness of the max function, correctness of programs with loops. | Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming scientifically, it must be possible to specify the required properties of programs precisely. Formality is certainly not an end in itself. The importance of formal specifications must ultimately rest in their utility - in whether or not they are used to improve the quality of software or to reduce the cost of producing and maintaining software. J. Horning Contents Axiomatic Semantics Fundamental Concepts The Assignment Rule Rules of Consequence Correctness of the Max Function Correctness of Programs with Loops Formal Methods Tools: JML Correctness of Object-Oriented Programs Correctness of Functional Programs Motivation A correct program is one that does exactly what it is intended to do, no more and no less. A formally correct program is one whose correctness can be proved mathematically. This requires a language for specifying precisely what the program is intended to do. Specification languages are based in mathematical logic. Hoare invented “axiomatic semantics” in 1969 as a tool for specifying program behavior and proving correctness. Until recently, correctness has been an academic exercise. Now it is a key element of critical software systems. Correctness Tools Theorem provers PVS Modeling languages UML and OCL Specification languages JML Programming language support Eiffel Java Spark/Ada Specification Methodology Design by contract Axiomatic Semantics Axiomatic semantics is a language for specifying what a program is supposed to do. Based on the idea of an assertion: An assertion is a predicate that describes the state of a program at a point in its execution. A postcondition is an assertion that states the program’s result. A precondition is an assertion that states what must be true before the program begins running. A “Hoare Triple” has the form {P}s{Q} {true} int Max (int a, int b) { int m; . | Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming scientifically, it must be possible to specify the required properties of programs precisely. Formality is certainly not an end in itself. The importance of formal specifications must ultimately rest in their utility - in whether or not they are used to improve the quality of software or to reduce the cost of producing and maintaining software. J. Horning Contents Axiomatic Semantics Fundamental Concepts The Assignment Rule Rules of Consequence Correctness of the Max Function Correctness of Programs with Loops Formal Methods Tools: JML Correctness of Object-Oriented Programs Correctness of Functional Programs Motivation A correct program is one that does exactly what it is intended to do, no more and no less. A formally correct program is one whose correctness can be proved mathematically. This requires a language for specifying