Abstract
An invariant based program is a state transition diagram consisting of nested situations (predicates over program variables) and transitions between situations (predicate transformers). Reasoning about correctness is performed in a local fashion by examining each situation at a time and proving that the situation is satisfied for all possible executions. Since the invariants are in place from the beginning and the verification conditions are easily extracted from the diagram there is no need for complicated proof rules, making invariant diagrams a suitable notation for introducing formal verification to students and programmers. Our preliminary experience from using invariant diagrams in the classroom has prompted the need for a tool to support the method: we introduce here SOCOS, an environment for invariant based programming. SOCOS generates correctness conditions based on weakest precondition semantics, and the user can attempt to automatically discharge these conditions using the Simplify theorem prover; conditions which were not automatically discharged can be proved interactively in the PVS theorem prover.
Highlights
In invariant based programming [1, 3] the programmer starts by formulating the specifications and the internal loop invariants before the program code itself
We have previously developed a static checker [5], which generates verification conditions for procedural invariant based programs and sends them to an external theorem prover
Invariant diagrams are superficially similar to state charts, but serve a different purpose: rather than modeling control flow, invariant diagrams describe the structure of invariants and can be used to prove the correctness of the program
Summary
In invariant based programming [1, 3] the programmer starts by formulating the specifications and the internal loop invariants before the program code itself. Invariants can be used to prove the correctness of the program To automate this step, we have previously developed a static checker [5], which generates verification conditions for procedural invariant based programs and sends them to an external theorem prover. Our preliminary experience indicates that the notation is intuitive and easy to pick up, even for subjects who have had little or no training in formal methods It is quite straightforward for them to extract the proof conditions from the diagram and prove these manually. SOCOS provides three main advantages over manual checking of invariant diagrams: firstly, it removes the tedium of checking trivial verification conditions; secondly, it automates the run-time checking of contracts and invariants; and thirdly, it provides an intuitive visual feedback when something goes wrong.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
