Abstract

The Floyd-Hoare methodology completely dominates the field of Program'verification 'and has contribute much to our understanding of how programs might be analyzed. Useful but limited verifiers have been developed Using Floyd-Hoa.re techniques. However, it has long been known that 'it is difficult to handle side effects on shared data struc[ures within the Floyd-Hoare framework. Most examples of successful Floyd-Hoare verifications ' have avoided such situations. A recent thesis by Suzuki attempted to state the F!oyd-.Hoare ax.ioms fr assignment to complex-data structures, similar statements h'ave 'been used by London. This pape! demonstrates an error in ' these forrealizations aTd suggests a different style of verification. Recently.F!oyd-Hoare logic has been used as the'Philosophical underpinning for language. design efforts. Some designers suggest that one can measure a 'iangtiage's perspicuity by the simplicity of its F!oyd-Hoare axioms. Unfortunately, these researchers I are considering a very.narrow interpretation of the the F!oyd-Hoare methodology based on the philosophy that the effect of'a program.statement can be determined by local syntactic inspection,,We show that. there is a-trade-off between such ' syntactitc locality and abstraction, forcing language designers to chose between the narrow verification framework ' and the ability to capture abstraction in programming. languages. Language design efforts which emphasize.verifiability witht0 this'narrow framework are, therefore, forced to. pay to high a price. We argue in favor of maintaining abstraction capabilities and breaking from the microscopic analysis of current verifiers. This report

Citations