Название: Program Proofs Автор: K. Rustan M. Leino
Издательство: The MIT Press
Год: 2023
Страниц: 496
Язык: английский
Формат: epub (true)
Размер: 10.1 MB
This comprehensive and highly readable textbook teaches how to formally reason about computer programs using an incremental approach and the verification-aware programming language Dafny.
Program Proofs shows students what it means to write specifications for programs, what it means for programs to satisfy those specifications, and how to write proofs that connect specifications and programs. Writing with clarity and humor, K. Rustan M. Leino first provides an overview of the basic theory behind reasoning about programs. He then gradually builds up to complex concepts and applications, until students are facing real programs using objects, data structures, and non-trivial recursion. To emphasize the practical nature of program proofs, all material and examples use the verification-aware programming language Dafny, but no previous knowledge of Dafny is assumed.
I've designed this book to teach a practical understanding of what it means to write specifications for code and what it means for code to satisfy the specifications. When I first learned about program verification, all program developments and proofs were done by hand. I loved it. But I think I was the only one in the class who did. Even if you do love it, it's not clear how to connect the activity you have mastered on paper with the activity of sitting in front of a computer trying to get a program to work. And if you didn't love the proofs in the first place and didn't get enough practice to master them, it's not clear you make any connection whatsoever between these two activities.
To bring the two activities closer together, you need to get experience in seeing the proofs at work in a programming language that the computer recognizes. And playing out the activity of writing specifications and proofs together with programs has the additional benefit that the computer can check the proofs for you. This way, you get instant feedback that helps you understand what the proofs are all about.
Trying to teach program-proof concepts in the setting of an actual programming language may seem like madness. Most languages were not designed for verification, and trying to bolt specification and proof-authoring features onto such a language is at best clumsy. Moreover, if you'd have to learn a separate notation for writing proofs or interacting with the automated verifier, the burden on the learner becomes even much greater. To really connect the program and proof activities, I argue you want to teach verification in terms of software-engineering concepts (like preconditions, invariants, and assertions), not in terms of induction schemas, semantics-mapping transforms, and prover directives.
Luckily, there are several programming languages designed to support specifications and proofs (so-called verification-aware languages), and there are integrated development environments (IDEs) that run the automated verifiers (sometimes known as auto-active verifiers: automated tooling that offers interaction via the program text). Among these are the functional languages WhyML and F*, the Ada-based SPARK language, the object-oriented language Eiffel, the imperative languages GRASShopper and Whiley, and—what I use in this book - Dafny. In a similar spirit, but with annotation languages that have been added to existing programming languages are ACL2 (for Applicative Common LISP), VeriFast (for C and Java), the KeY toolset (for Java), OpenJML (for Java with JML annotations), the Frama-C toolset (for C), Stainless (for Scala), Prusti (for Rust), Nagini (for Python), Gobra (for Go), and LiquidHaskell (for Haskell). In the notes at the end of chapters, I occasionally point out some alternative notation or other differences with these other tools, so as to make the concepts and experiences taught in this book readily applicable to those language settings as well.
Written in a highly readable and student-friendly style
Builds up to complex concepts in an incremental manner
Comprehensively covers how to write proofs and how to specify and verify both functional programs and imperative programs
Uses real program text from a real programming language, not psuedo code
Features engaging illustrations and hands-on learning exercises
Скачать Program Proofs (The MIT Press)