Programming with Proofs: Language-Based Approaches to Totally Correct Software

Tremendous progress has been made in automated and semi-automated verification since the seminal works on program verification. Automated deductive techniques like model checking have been highly successful for many verification tasks (e.g., [17, 18, 13]). Impressive advances continue to be made in static analysis, type systems, and static bug finding (e.g., [21, 12]). These approaches aim to verify code or find bugs in existing systems as automatically as possible, with as little developer help as possible. This has been the aim of the research community for many years, possibly due in part to the bad reputation that continues to plague full program verification. Theorem proving approaches to program verification have continued to make advances, but indeed, they still are generally applied only to the most critical applications (e.g., [7, 5, 16, 11]). Despite the continuing advances in fully automated verification, it seems unlikely that essentially automatic techniques will ever be able to scale to full program verification. Given steadily increasing societal reliance on software systems, totally correct code remains a vitally important goal. In this position paper, I advocate an approach to full program verification in which programmers write imperative programs and their computational proofs together as single artifacts (Section 3). Despite the reliance on manual creation of proofs, the approach I advocate is quite different from existing theorem-proving approaches, which I argue are unlikely ever to be feasible for mainstream use (Section 2). In Section 4, I show how the approach I advocate solves critical problems with theorem proving, and I compare the approach to other verification approaches.