Generating Algebraic Laws from Imperative Programs

The use of veri ers for proving the correctness of concrete programs is well known and has been amply described in the literature Here we focus on further perhaps more general tasks such veri ers can perform Given a program that is assumed to be correct we derive a set of axioms for the data structures involved In the simplest case we study an abstract program interchanging the contents of two variables The veri cation conditions generated by our veri er NPPV are a set of equations specifying quasigroups Other examples reveal the notion of strategy from the veri cation of an abstract game playing program or show the correspondence between inductive proofs of numeric properties and veri cation of a program searching for a counterexample Finally we apply NPPV on Wand s example showing the incompleteness of Hoare s logic We also give a simpli ed proof of Wand s result Algorithm Data Structure Control According to standard de nitions an algorithm is a detailed and explicit instruction for the stepwise solution of a given problem This means that there must be given a repertoire of elementary or atomic steps which are to be com bined according to the instructions of the algorithm In a general sense it is of course allowed to think of atomic steps such as add a cup of our stir and of combinations of instructions such as add a cup of our then stir until smooth but we shall not deal with recipes rather with algorithms computing functions over sets of data Here an atomic step consists of calculating a data value according to a given set of operations and storing the result in a memory cell In describing how to combine such elementary steps a small set of instructions including composition conditional if then else and loops while or repeat is commonly used This way a separation of concerns is achieved A data structure de nes the admissible atomic steps and a control structure determines how these steps are to be combined to yield the desired algorithm This view is stated very succinctly in the well known slogan algorithm data structure control The border separating data structure and control may slide towards either side depending on the application As an example we may assume to have multiplica tion of natural numbers available as elementary arithmetical instruction yet we may also get by with the operators of Presburger arithmetic succ and construct an algorithm for multiplication All programming languages provide mechanisms to augment the data structure by such de ned functions The main purpose of this article is a demonstration together with a set of some succinct examples that show how Wirth s equation may be solved for an unknown data structure too That is given the speci cation of an algorithm and given a control structure automatically determine axioms for a data struc ture required to ful l the speci cation A vehicle for nding these examples is a program veri er NPPV that we have constructed for educational purposes and used in many courses on program veri cation With its help we can not only semi automatically verify concrete programs but also investigate abstract pro grams and reveal relationships between programs speci cations invariants and data structure requirements As a simple example for instance we shall show that a program to interchange the value of two variables works correctly pre cisely if the data structure contains a quasigroup operation or that the failure of a program to nd a counterexample to a conjecture leads to an induction axiom for the data type NPPV New Paltz Program Veri er has been implemented on an IBM com patible PC and has been developed for and successfully used in courses devoted to the mathematics of program veri cation and abstract data types The software is embedded in an integrated development environment with built in editor pull down menus and pop up windows It is freely available for demonstration and course use