## A Purely Logical Approach to Imperative Program Verification (2010)

Citations: | 3 - 3 self |

### BibTeX

@TECHREPORT{Jebelean10apurely,

author = {Tudor Jebelean},

title = {A Purely Logical Approach to Imperative Program Verification},

institution = {},

year = {2010}

}

### OpenURL

### Abstract

We present a method for the generation of the verification conditions for the total correctness of imperative programs containing nested loops with abrupt termination statements, and we illustrate it on several examples. The conditions are (first-order) formulae obtained by certain transformations of the program text. The loops are treated similarly to calls of recursively defined functions. The program text is analyzed on all branches by forward symbolic execution using certain meta-level functions which define the syntax, the semantics, the verification conditions for the partial correctness, and the termination conditions. The termination conditions are expressed as induction principles, however still in first-order logic. Our approach is simpler than others because we use neither an additional model for program execution, nor a fixpoint theory for the definition of program semantics. Because the meta-level functions are fully formalized in predicate logic, it is possible to prove in a purely logical way and at object level that the verification conditions are necessary and sufficient for the existence and uniqueness of the function implemented by the program. 1

### Citations

527 |
Symbolic execution and program testing
- King
- 1976
(Show Context)
Citation Context ...ofs in the Theorema system [5] will be done in order to confirm or to extend this assumption as part of the future work. Related Work Our approach follows the principles of forward symbolic execution =-=[13]-=- and functional semantics [17], but additionally gives formal definitions in a meta-theory for the meta-level functions which define the syntax, the semantics, and the verification conditions. To our ... |

526 |
Interactive Theorem Proving and Program Development. Coq’Art: The Calculus of Inductive Constructions
- Bertot, Castéran
- 2004
(Show Context)
Citation Context ...well-founded relations [7]. They can be seen in the context of our work as methods for proving certain classes of inductive termination conditions that we generate. The interactive theorem prover Coq =-=[1]-=- mechanizes the most well-known semantics for imperative languages (operational, denotational and axiomatic). Our approach is in the spirit of the axiomatic semantics, if we think to the fact that we ... |

500 |
The Science of Programming
- Gries
- 1981
(Show Context)
Citation Context .... The most well-known techniques for proving that a loop terminates is to manually annotate it with 2A Purely Logical Approach to Imperative Program Verification Eras¸cu, Jebelean a termination term =-=[11]-=-, to synthesize the termination term based on the loop behavior [4, 19, 3] or to compute the closure of some well-founded relations [7]. They can be seen in the context of our work as methods for prov... |

285 |
ComputerAided Reasoning: An Approach
- Kaufmann, Manolios, et al.
- 2000
(Show Context)
Citation Context ...gic, no matter if the program is imperative or recursive. Most of the proof assistants provide infrastructure for proving/disproving the termination of classical examples with general recursion. ACL2 =-=[12]-=- handles total functions that must be proved total at the definition time; sometimes the system is able to infer this fact. Isabelle [18], HOL4 [10] and Coq [1] are basically using the recursion packa... |

191 | The size-change principle for program termination
- Lee, Jones, et al.
- 2001
(Show Context)
Citation Context ...nd not a competitor for practical work dealing with termination proofs, like e. g. termination of term rewriting systems http: // www. termination-portal. org/ , the size-change termination principle =-=[16]-=- or the approaches for proving the termination of industrial-size code (Microsoft Windows Operating System Drivers) [7]. 2 Logical Foundations of Imperative Loops Our approach is purely logic, meaning... |

148 | Termination Proofs for Systems Code
- Cook
- 2006
(Show Context)
Citation Context ...ative Program Verification Eras¸cu, Jebelean a termination term [11], to synthesize the termination term based on the loop behavior [4, 19, 3] or to compute the closure of some well-founded relations =-=[7]-=-. They can be seen in the context of our work as methods for proving certain classes of inductive termination conditions that we generate. The interactive theorem prover Coq [1] mechanizes the most we... |

127 |
Complete Method for the Synthesis of Linear Ranking Functions. VMCAI
- Podelski
- 2003
(Show Context)
Citation Context ...is to manually annotate it with 2A Purely Logical Approach to Imperative Program Verification Eras¸cu, Jebelean a termination term [11], to synthesize the termination term based on the loop behavior =-=[4, 19, 3]-=- or to compute the closure of some well-founded relations [7]. They can be seen in the context of our work as methods for proving certain classes of inductive termination conditions that we generate. ... |

62 |
Theorema: Towards Computer-Aided Mathematical Theory Exploration
- Buchberger, Craciun, et al.
(Show Context)
Citation Context ...tructs which represent the basic imperative statements (assignment, conditionals, loops, abrupt statements: break, return). The method is implemented in Mathematica [22] on top of the Theorema system =-=[5]-=-. Because the formalization of the functional meta-definitions are given in the ,,pattern matching” style, that is, it exhibits the behavior of the meta-function for various specific classes of argume... |

62 |
Melham, eds., Introduction to HOL: A Theorem Proving Environment for Higher Order Logic
- Gordon, F
- 1993
(Show Context)
Citation Context ... of classical examples with general recursion. ACL2 [12] handles total functions that must be proved total at the definition time; sometimes the system is able to infer this fact. Isabelle [18], HOL4 =-=[10]-=- and Coq [1] are basically using the recursion package TFL [21] and thus allow definitions of total recursive functions by using the fixed-point operators and well-founded relations supplied by the us... |

56 | Linear ranking with reachability
- Bradley, Manna, et al.
- 2005
(Show Context)
Citation Context ...is to manually annotate it with 2A Purely Logical Approach to Imperative Program Verification Eras¸cu, Jebelean a termination term [11], to synthesize the termination term based on the loop behavior =-=[4, 19, 3]-=- or to compute the closure of some well-founded relations [7]. They can be seen in the context of our work as methods for proving certain classes of inductive termination conditions that we generate. ... |

23 |
Isabelle: A Generic Theorem Prover (with a contribution by T
- Paulson
- 1994
(Show Context)
Citation Context ...termination of classical examples with general recursion. ACL2 [12] handles total functions that must be proved total at the definition time; sometimes the system is able to infer this fact. Isabelle =-=[18]-=-, HOL4 [10] and Coq [1] are basically using the recursion package TFL [21] and thus allow definitions of total recursive functions by using the fixed-point operators and well-founded relations supplie... |

18 |
A basis for a mathematical theory of computation, Computer programming and formal systems
- McCarthy
- 1963
(Show Context)
Citation Context ... will be done in order to confirm or to extend this assumption as part of the future work. Related Work Our approach follows the principles of forward symbolic execution [13] and functional semantics =-=[17]-=-, but additionally gives formal definitions in a meta-theory for the meta-level functions which define the syntax, the semantics, and the verification conditions. To our knowledge there is no other wo... |

16 |
An overview
- Burdy, Cheon, et al.
- 2003
(Show Context)
Citation Context ...nner, [20] presents the formal calculus for imperative languages containing complex structures. Specification languages used in the framework of verification tools use also this concept – see e.g JML =-=[6]-=-. The most well-known techniques for proving that a loop terminates is to manually annotate it with 2A Purely Logical Approach to Imperative Program Verification Eras¸cu, Jebelean a termination term ... |

11 |
Calculational Semantics: Deriving Programming Theories from Equations by Functional Predicate Calculus
- Boute
- 2006
(Show Context)
Citation Context ...he calculus are not completely new; [15] describes the behavior of concurrent systems as relation between the variables in the current state and in the poststate. A similar approach is encountered in =-=[2]-=-, where the program equations (involving relation between current and post-state) are used to express nondeterminacy and termination. In the same manner, [20] presents the formal calculus for imperati... |

9 |
The Mathematica Book. Version 5.0
- Wolfram
- 2003
(Show Context)
Citation Context ...rt construct, and the few meta-constructs which represent the basic imperative statements (assignment, conditionals, loops, abrupt statements: break, return). The method is implemented in Mathematica =-=[22]-=- on top of the Theorema system [5]. Because the formalization of the functional meta-definitions are given in the ,,pattern matching” style, that is, it exhibits the behavior of the meta-function for ... |

7 |
Automating Recursive Definitions and Termination
- Krauss
- 2009
(Show Context)
Citation Context ...ense that the termination condition is equivalent to the well-foundedness of the partial order defined by the transformation of the critical variables within the loop. The treatment of termination in =-=[14]-=- also uses inductive conditions extracted from the program recursions, but in the form of implicit definitions of domains (set theory is also needed). However, the existence of such inductively define... |

5 |
Specifying Systems: The TLA+ Language and
- Lamport
- 2002
(Show Context)
Citation Context ...ur knowledge there is no other work on symbolic execution approaching the verification problem in a fully formal way. However, the ideas from the formalization of the calculus are not completely new; =-=[15]-=- describes the behavior of concurrent systems as relation between the variables in the current state and in the poststate. A similar approach is encountered in [2], where the program equations (involv... |

5 |
2008): Understanding Programs
- Schreiner
(Show Context)
Citation Context ...tate. A similar approach is encountered in [2], where the program equations (involving relation between current and post-state) are used to express nondeterminacy and termination. In the same manner, =-=[20]-=- presents the formal calculus for imperative languages containing complex structures. Specification languages used in the framework of verification tools use also this concept – see e.g JML [6]. The m... |

4 | A Calculus for Imperative Programs: Formalization and Implementation
- Eras¸cu, Jebelean
- 2009
(Show Context)
Citation Context ...ecific classes of arguments, the differences between the meta-level definitions presented in the following sections and the real implementation are minor. This paper extends the calculus presented in =-=[8]-=- and details the approach for programs containing while loops. Emphasis is put on the termination of loops. We also present the proof of the fact that the termination condition insures the existence a... |

3 |
H.B.: Termination analysis of integer linear loops. In: CONCUR ’05
- Bradley, Manna, et al.
- 2005
(Show Context)
Citation Context ...is to manually annotate it with 2A Purely Logical Approach to Imperative Program Verification Eras¸cu, Jebelean a termination term [11], to synthesize the termination term based on the loop behavior =-=[4, 19, 3]-=- or to compute the closure of some well-founded relations [7]. They can be seen in the context of our work as methods for proving certain classes of inductive termination conditions that we generate. ... |

3 |
Function Definition in Higher-Order Logic, TPHOLs ’96
- Slind
- 1996
(Show Context)
Citation Context ...s total functions that must be proved total at the definition time; sometimes the system is able to infer this fact. Isabelle [18], HOL4 [10] and Coq [1] are basically using the recursion package TFL =-=[21]-=- and thus allow definitions of total recursive functions by using the fixed-point operators and well-founded relations supplied by the user. Proving termination reduces to show that the relation is we... |

1 | A Purely Logical Approach to Program Termination
- Eras¸cu, Jebelean
(Show Context)
Citation Context ...teration by the corresponding functional verification condition. Note that this proof is basically identical for tail recursive functions in general, and very similar to the single recursion programs =-=[9]-=-. 7 Conclusion The method presented in this paper combines forward symbolic execution and functional semantics for reasoning about [abrupt terminating] imperative non-recursive programs. A distinctive... |