Section 1.6: Proof of Correctness

Abstract:

This is another example demonstrating the value of logic in computer programming. ``Proof of correctness'' is carried out by means of proofs of wffs, called Hoare triples.

Correctness

``Beware of bugs in the above code; I have only proved it correct, not tried it.'' Donald E. Knuth, author of The Art of Computer Programming.

Verification and Validation

``Correctness'' addresses the issue of verification - whether the program does what we intend it to do - rather than validation - what the client wants it to do.

``Testing can prove the presence of errors but never their absence.'' p. 69. And so we attempt to prove that errors do not exist, using logic.

``Proof of correctness generally is applied only to small and critical sections of code, rather than to the entire program.'' p. 69. I must admit that I've never done any of it in my own programming....

Assertions

Assertion: condition on the variables of a program that should be verified at some given step, if the program is running correctly.

x=sqrt(r); // r should be >= 0 !
x=a[i]; // i should be in the correct range

Many computer languages (e.g. C++) have standard commands for making assertions, and it is ``good form'' to use them. Our author makes the point that they ``...serve as valuable documentation after the program is complete.'' (For some of us, that may be all the documentation we leave behind!;)

The specification of a program can be formalized as follow:

P : program
X : input
P(X) : output
Q : precondition: predicate Q(X) on the input
R : postcondition: predicate R(X,P(X)) on the input and the output

Example: (top of p. 70)

P : y:=sqrt(x)
X : x
P(X) : y
Q : x > 0
R :

Now we'll agree that the program P is correct if

or, in this case,

The abbreviation we will use for (1) is (a so-called Hoare triple) (named after Tony Hoare , developer of the Quicksort algorithm), where Q is the precondition and R is the postcondition.