Investigating soundness and completeness of verification calculi for imperative programming languages is a challenging task. Many incorrect results have been published in the past. We take advantage of the computer-aided proof tool LEGO to interactively establish soundness and completeness of both Hoare Logic and the operation decomposition rules of the Vienna Development Method (VDM) with respect to operational semantics. We deal with parameterless recursive procedures and local variables in the context of total correctness. As a case study, we use LEGO to verify the correctness of Quicksort in Hoare Logic. As our main contribution, we illuminate the rle of auxiliary variables in Hoare Logic. They are required to relate the value of program variables in the final state with the value of program variables in the initial state. In our formalisation, we reflect their purpose by interpreting assertions as relations on states and a domain of auxiliary variables. Furthermore, we propose a new structural rule for adjusting auxiliary variables when strengthening preconditions and weakening postconditions. This rule is stronger than all previously suggested structural rules, including rules of adaptation. With the new treatment, we are able to show that, contrary to common belief, Hoare Logic subsumes VDM in that every derivation in VDM can be naturally embedded in Hoare Logic. Moreover, we establish completeness results uniformly as corollaries of Most General Formula theorems which remove the need to reason about arbitrary assertions.

Dedicated to the memory of Heinz-Peter Chladek Abstract. The formal description and development method known as VDM has been used extensively, its specification language is now an ISO standard, and it has influenced other specification languages. The origins of VDM are normally placed in language description or semantics but it is probably best known in the wider arena of formal methods for (general) program specification and design. This paper sets out a personal view of some of the key technical decisions which characterize the Vienna Development Method. VDM is generally believed to stand for Vienna Development Method. The programming language description aspects of VDM were forged in the heat of a compiler development

This paper offers an assessment of what has been achieved in three decades of work on the semantics of programming languages and pinpoints some practical problems in computing which might stimulate further research. The examples sketched in this paper come from the author's own research on concurrent object oriented languages, from database practice, and from more speculative research on Internet issues.