An Axiomatic Basis for Computer ProgrammingRobert Stewart

•The most important property of a program is whether it accomplishes the intentions of its user.

•Current method of verification

•A better method is using an axiomatic basis for programs.

•Computer programming as an exact science

•Deductive reasoning

Outline

•Computer Arithmetic•Program Execution•General Reservations•Proofs of Program Correctness•Formal Language Definition

Computer Arithmetic

•The foundation upon which valid reasoning about a program can be developed.

•Uses a set of axioms▫Examples: x + y = y + x; x + 0 = x; x * y =

y * x•These axioms are true for both the infinite

set of integers in mathematics and the finite set of integers in computer programming▫They work independent of the size of the

set

Program Execution

•One of the most important properties of a program is if it carries out its intended function.

•The intended function can be specified by making assertions about the values of relevant variables after the program is finished.

•P{Q}R

Program Execution – Axioms + Rules

•Axiom of Assignment▫x := f

•Rule of Consequence▫If P{Q}R and R implies S, then P{Q}S

•Rule of Composition▫If P{Q1}R1 and R1 {Q2}R, then P{Q1 ; Q2}R

•Rule of Iteration

General Reservations

•Drawbacks to the axiomatic based approach▫The axioms assume the absence of side

effects▫They do not prove that a program

terminates

•Areas that present difficulty are labels, jumps, and pointers

Proofs of Program Correctness

•The most important property of a program is whether it accomplishes the intentions of its user.

•When the correctness of a program, its compiler, and the hardware have been established, one can place great reliance on the results of the program.

Proofs of Program Correctness

•Time spent on the current method of verifying correctness of a program is often more than half the time spent on the entire project

•The cost of removing errors during this phase is close to two thirds the cost of the project

•Removing errors discovered after a program is distributed often costs much more

Proofs of Program Correctness

•The practice of proving programs can alleviate other problems in the computing world▫Reliability▫Documentation▫Compatibility

•At present, however, program proving is a difficult endeavor, even for skilled programmers.

Formal Language Definition

•High level programming languages are usually intended to be implemented on a variety of computers

•The problem is defining those languages well enough to ensure compatibility across all computers.

Formal Language Definition

•One way to achieve compatibility of a language would be to insist that all implementations of said language satisfy the axioms and rules of inference underlying the properties of programs created with the language.

Formal Language Definition•An advantage to an axiomatic approach is that

axioms offer a simple and flexible technique for leaving certain aspects of a language undefined▫Range of integers▫Accuracy of floating point▫Choice of overflow technique

•This flexibility for uncertainty is necessary for the language to be able to be implemented on differing hardware designs

Formal Language Definition

•An objective of formal language definition is to assist in the design of better programming languages.

•The use of axioms can lead to an advantage in that area▫A language that can be described by a few

“self-evident” axioms is preferable to a language with many obscure axioms

Formal Language Definition

•Axioms allow the designer to express his or her intentions, without the mass of detail that comes with algorithmic descriptions.

Axioms are cool!