A Language for Building Verified Software Components

Safe and secure reuse demands construction and use of verified reusable software components. Such verified components need much more than typical code for components in popular languages, such as C++ or Java. The components need to have formal specifications of behavior against which their implementations are verified. To be trusted, such verification must go beyond extensive testing and arguments of correctness, and must come with mechanized proofs. This paper discusses a realization of key elements of the conceptual idea of formal reasoning about software component behavior outlined in [1] (2000 ICSR proceedings). In the process, it summarizes central features of a language for building verified components must possess and a system that implements such a language. It explains that the language must include specifications as an integral constituent and must have clean semantics, which preclude unexpected side-effects and aliasing. The language must include mechanisms for writing reusable components that are amenable to verification, and consequently must also include an open-ended mechanism for adding arbitrarily sophisticated mathematical theories in order to specify large software components concisely. Because current programming languages lack these essential characteristics, the goal of verified components will remain unrealized unless the focus shifts to the design and development of a suitable language within which full verification is possible.