Advertisement

Acta Informatica

, Volume 13, Issue 2, pp 169–188 | Cite as

Proving correctness of coroutines without history variables

  • Edmund Melson Clarke
Article

Abstract

We examine the question of whether history variables are necessary in formal proofs of correctness for coroutines. History variables are special variables, which are added to a program to facilitate its proof by recording the sequence of states reached by the program during a computation; after the proof has been completed the history variables may be deleted. The use of such variables in correctness proofs was first suggested by Clint [CL73] in a paper entitled “Program Proving: Coroutines;” subsequently, history variables have been used by Owicki [OW76a] and Howard [HO75] in verifying concurrent programs and by Apt [APT77] in verifying sequential programs. We argue that recording the entire history of a computation in a single set of variables can actually complicate a correctness proof and should be avoided if possible. We propose a modification of Clint's axiom system and a strategy for constructing proofs that eliminates the need for history variables in verifying simple coroutines. Examples (including Clint's program “Histo”) are given to illustrate this technique of verifying coroutines, and our axiom system is shown to be sound and relatively complete with respect to an operational semantics for coroutines. Finally, we discuss extensions of the coroutine concept for which history variables do appear to be needed; we also discuss the question of whether such variables are necessary in verifying concurrent programs.

Keywords

Information System Operating System Data Structure Communication Network Information Theory 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [APT77]
    Apt, K.R., Bergstra, J.A., Meertens, L.G.L.T.: Recursive assertions are not enough — or are they? Mathematical Centre IW 92, 1977Google Scholar
  2. [CK77a]
    Clarke, E.M.: Programming language constructs for which it is impossible to obtain good Hoare-like axiom systems. Proceedings of the 4th POPL, 1977Google Scholar
  3. [CK77b]
    Clarke, E.M.: Program invariants as fixed points. Proceedings of the 18th FOCS, 1977Google Scholar
  4. [CL73]
    Clint, M.: Program proving: Coroutines. Acta Informatica, 2, 50–63 (1973)CrossRefGoogle Scholar
  5. [CO75]
    Cook, S.A.: Axiomatic and interpretative semantics for an Algol fragment. Technical Report 79, Department of Computer Science, University of Toronto, 1975 (to be published in SCICOMP)Google Scholar
  6. [DE73]
    deBakker, J.W., Meertens, L.G.L.T.: On the completeness of the inductive assertion method. Mathematical Centre, December 1973Google Scholar
  7. [FL67]
    Floyd, R.W.: Assigning meaning to programs. In: Mathematical Aspects of Computer Science. Proc. Symposia in Applied Mathematics (J.T. Schwartz, ed.) Amer. Math. Soc., 19, 19–32 (1976)Google Scholar
  8. [GE76]
    Gerhart, S.L.: Proof techniques for transferral of program correctness. Technical Report CS-1976-13, Computer Science Department, Duke University, Durham, NCGoogle Scholar
  9. [GO75]
    Gorelick, G.: A complete axiomatic system for proving assertions about recursive and non-recursive programs. Technical Report No. 75, Department of Computer Science, University of Toronto, January 1975Google Scholar
  10. [HO69]
    Hoare, C.A.R.: An axiomatic approach to computer programming. CACM, 12, 322–329 (1969)CrossRefGoogle Scholar
  11. [HO74]
    Hoare, C.A.R., Lauer, P.E.: Consistent and complementary formal theories of the semantics of programming languages. Acta Informatica, 3, 135–154 (1974)MathSciNetzbMATHGoogle Scholar
  12. [HW76]
    Howard, J.H.: Proving monitors. COMM ACM, 19, 273–279 (1976)CrossRefGoogle Scholar
  13. [MA70]
    Manna, Z., Pneuli, A.: Formalization of properties of functional programs. JACM, 17, 555–569 (1970)MathSciNetCrossRefGoogle Scholar
  14. [OW76a]
    Owicki, S.: A consistent and complete deductive system for the verification of parallel programs. 8th Annual Symposium on Theory of Computing, 1976Google Scholar
  15. [OW76b]
    Owicki, S., Gries, D.: An axiomatic proof technique for parallel programs I. Acta Informatica 6, 319–339 (1976)MathSciNetCrossRefGoogle Scholar
  16. [WI76]
    Van Wijngaarden, A.: Recursive definition of syntax and semantics. In: Formal Language Description Languages for Computer Programming (T.B. Steel, Jr., ed.) Amsterdam: North Holland 1966Google Scholar

Copyright information

© Springer-Verlag 1980

Authors and Affiliations

  • Edmund Melson Clarke
    • 1
  1. 1.Center for Research in Computing Technology, Aiken Computation LaboratoryHarvard UniversityCambridgeUSA

Personalised recommendations