Software with partial functions: Automating correctness proofs via nonstrict explicit domains

摘要

As our society becomes technologically more complex, computers are being used in greater and greater numbers of high consequence systems. Giving a machine control over the lives of humans can be disturbing, especially if the software that is run on such a machine has bugs. Formal reasoning is one of the most powerful techniques available to demonstrate the correctness of a piece of software. When reasoning about software and its development, one frequently encounters expressions that contain partial functions. As might be expected, the presence of partial functions introduces an additional dimension of difficulty to the reasoning framework. This difficulty produces an especially strong impact in the case of high consequence systems. An ability to use formal methods for constructing software is essential if we want to obtain greater confidence in such systems through formal reasoning. This is only reasonable under automation of software development and verification. However, the ubiquitous presence of partial functions prevents a uniform application to software of any tools not specifically accounting for partial functions. In this paper we will describe a framework for reasoning about software, based on the nonstrict explicit domain approach, that is applicable to a large class of software/hardware systems. In this framework the Hoare triples containing partial functions can be reasoned about automatically in a well-defined and uniform manner.