research-article

Free access

The modification index method of generating verification conditions

Author:

W. D. MaurerAuthors Info & Claims

ACMSE '77: Proceedings of the 15th annual ACM Southeast Regional Conference

Pages 426 - 440

https://doi.org/10.1145/1795396.1795456

Published: 18 April 1977 Publication History

PDF eReader

Abstract

Proving the correctness of a program involves generating mathematical formulae, known as verification conditions, and then proving that these hold. The two basic methods of generating verification conditions are known as forward accumulation and back substitution. This paper describes a new method, the modification index (MX) method, which has certain advantages over both forward accumulation and back substitution.

In the MX method, the variables of the program are no longer the verification variables (those occurring in verification conditions). Each verification variable consists of a program variable with a modification index appended. Thus if V is a program variable, then V0, V1, V2, and so on, may be the verification variables, where the small integer (0, 1, 2, and so on) is the modification index.

We analyze one path at a time. In a given path we have an initial assertion (associated with the start of the path), certain assignments, conditions, and restrictions, and a final assertion (associated with the end of the path). The initial value of V in this path may be denoted by V0; if V changes (by means of an assignment, subroutine call, side effect, etc.), the new values of V in this path are V1, V2, and so on.

We have described the MX method as a forward method, but in fact it is a directionless method; we could just as easily have numbered the modification indices in reverse order, with V0 corresponding to the final value of V instead of the initial value. If we do this, we get an immediate proof that the MX method is equivalent to back substitution; if we leave the indices in forward order, we get an immediate proof that the MX method is equivalent to forward accumulation. But the MX values could be chosen arbitrarily (without regard to order), without affecting the validity of the MX method.

The advantages of the MX method are as follows. First, no symbolic values are kept, and no symbolic algebraic manipulation is done; we need only keep a table of the MX of every variable. Second, the verification conditions of even a complex path can now be immediately read off "by hand" from the path, without computer aid. Third, in many cases the verification conditions produced by the MX method are less bulky than those produced by forward acccumulation or back substitution; in all cases, we can easily transform the verification conditions produced by the MX method into a form which is never bulkier than the result of applying the forward accumulation method.

References

[1]

Floyd, R. W., Assigning meanings to programs, Proc. Symp. Applied Math. 19 (Mathematical Aspects of Computer Science), American Mathematical Society, Providence, R. I., 1967, pp. 19--32.

Crossref

Google Scholar

[2]

Manna, Z., The correctness of programs, J. Computer and Systems Sci. 3, 2 (1969), pp. 119--127.

Digital Library

Google Scholar

[3]

Sites, R. L., Proving that computer programs terminate cleanly, Ph. D. Thesis, Department of Computer Science, Stanford University, May 1974.

Digital Library

Google Scholar

[4]

Manna, Z., Termination of programs represented as interpreted graphs, Proc. 1970 Spring Joint Computer Conf., pp. 83--89.

Google Scholar

[5]

King, J. C., A program verifier, Ph. D. Thesis, Department of Computer Science, Carnegie-Mellon University, 1969.

Digital Library

Google Scholar

[6]

Hoare, J. A. R., An axiomatic basis for computer programming, Communications of the ACM 12, 10 (1969), pp. 576--580, 583.

Digital Library

Google Scholar

[7]

Deutsch, L. P., An interactive program verifier, Ph. D. Thesis, Department of Computer Science, University of California, Berkeley, May 1973.

Google Scholar

Cited By

View all

Maurer W(2005)Relative precision in the inductive assertion methodNumerical Analysis and Its Applications10.1007/3-540-62598-4_109(319-326)Online publication date: 3-Jun-2005
https://doi.org/10.1007/3-540-62598-4_109
Maurer W(1997)ProveIt: a C program correctness proverReliability, Quality and Safety of Software-Intensive Systems10.1007/978-0-387-35097-4_2(22-31)Online publication date: 1997
https://doi.org/10.1007/978-0-387-35097-4_2

Index Terms

The modification index method of generating verification conditions

Recommendations

Difference Verification with Conditions
Software Engineering and Formal Methods
Abstract
Modern software-verification tools need to support development processes that involve frequent changes. Existing approaches for incremental verification hard-code specific verification techniques. Some of the approaches must be tightly intertwined ...
Verification conditions for source-level imperative programs

This paper is a systematic study of verification conditions and their use in the context of program verification. We take Hoare logic as a starting point and study in detail how a verification conditions generator can be obtained from it. The notion of ...
Formal verification of ASMs using MDGs

We present a framework for the formal verification of abstract state machine (ASM) designs using the multiway decision graphs (MDG) tool. ASM is a state based language for describing transition systems. MDG provides symbolic representation of transition ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

ACMSE '77: Proceedings of the 15th annual ACM Southeast Regional Conference

April 1977

547 pages

ISBN:9781450373029

DOI:10.1145/1795396

Conference Chair:
Danny R. Carter
University of Southern Mississippi

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 18 April 1977

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article

Funding Sources

Conference

ACMSE '77

Sponsor:

April 18 - 20, 1977

Acceptance Rates

ACMSE '77 Paper Acceptance Rate 22 of 88 submissions, 25%;

Overall Acceptance Rate 502 of 1,023 submissions, 49%

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
101
Total Downloads

Downloads (Last 12 months)28
Downloads (Last 6 weeks)6

Reflects downloads up to 07 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Maurer W(2005)Relative precision in the inductive assertion methodNumerical Analysis and Its Applications10.1007/3-540-62598-4_109(319-326)Online publication date: 3-Jun-2005
https://doi.org/10.1007/3-540-62598-4_109
Maurer W(1997)ProveIt: a C program correctness proverReliability, Quality and Safety of Software-Intensive Systems10.1007/978-0-387-35097-4_2(22-31)Online publication date: 1997
https://doi.org/10.1007/978-0-387-35097-4_2

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Difference Verification with Conditions

Verification conditions for source-level imperative programs

Formal verification of ASMs using MDGs