perm filename VERIFI.XGP[S78,JMC] blob
sn#355265 filedate 1978-05-14 generic text, type T, neo UTF8
/LMAR=0/XLINE=3/FONT#0=BAXL30/FONT#1=BAXM30/FONT#2=BAXB30/FONT#3=SUB/FONT#4=SUP/FONT#5=BASL35/FONT#6=NGR25/FONT#7=MATH30/FONT#8=FIX25/FONT#9=GRK30/FONT#10=ZERO30/FONT#11=BAXI30/FONT#12=MS25
�
␈↓ ↓H␈↓α␈↓ ↓aEXPANDING THE ROLE OF VERIFICATION IN COMPUTER SCIENCE EDUCATION
␈↓ ↓H␈↓␈↓ α_The␈α�fact␈α�that␈α�computer␈α�programs␈α�are␈α�still␈α�debugged␈α�is␈α�a␈α�continuing␈α�disgrace␈α�to␈α�anyone␈α�who
␈↓ ↓H␈↓thinks␈α�mathematically.␈α� The␈α�way␈α�of␈α�getting␈α�a␈α�program␈α�correct␈α�should␈α�be␈α�to␈α�prove␈α�that␈α�it␈α�meets␈α�its
␈↓ ↓H␈↓specifications␈α
and␈α∞check␈α
this␈α∞proof␈α
with␈α
a␈α∞computer.␈α
As␈α∞much␈α
as␈α
possible,␈α∞the␈α
proof␈α∞should␈α
be
␈↓ ↓H␈↓computer generated.
␈↓ ↓H␈↓␈↓ α_Of␈α
course,␈α
this␈α
has␈α�been␈α
the␈α
goal␈α
of␈α
program␈α�verification␈α
research␈α
for␈α
many␈α
years,␈α�and␈α
good
␈↓ ↓H␈↓progress␈α
has␈α�been␈α
made.␈α� In␈α
fact␈α�the␈α
progress␈α
has␈α�been␈α
good␈α�enough␈α
so␈α�that␈α
now␈α�computer␈α
science
␈↓ ↓H␈↓education lags behind the science. Correcting this lag requires the following at Stanford:
␈↓ ↓H␈↓␈↓ α_1.␈α∂Verification␈α∂should␈α∂be␈α∂separated␈α∂from␈α∂complexity␈α∂theory,␈α∂automata␈α∂theory␈α∂and␈α∞formal
␈↓ ↓H␈↓language␈α↔theory␈α⊗as␈α↔qualifying␈α↔exam␈α⊗area␈α↔and␈α⊗as␈α↔a␈α↔section␈α⊗of␈α↔the␈α↔comprehensive␈α⊗exam.
␈↓ ↓H␈↓Verification␈α≡should␈α≥include␈α≡Hoare-type␈α≥methods,␈α≡verification␈α≥condition␈α≡generation,␈α≥the
␈↓ ↓H␈↓Cartwright-McCarthy␈α�method␈α
of␈α�expressing␈α
LISP␈α�programs␈α�as␈α
first␈α�order␈α
sentences,␈α�and␈α�the␈α
Scott
␈↓ ↓H␈↓formalisms. A first step is the preparation of a qualifying exam syllabus.
␈↓ ↓H␈↓␈↓ α_2.␈α⊂A␈α∂subset␈α⊂of␈α⊂this␈α∂should␈α⊂be␈α⊂on␈α∂the␈α⊂comprehensive␈α⊂syllabus.␈α∂ This␈α⊂should␈α⊂include␈α∂and
␈↓ ↓H␈↓might␈α
be␈α
limited␈α
to␈α
the␈α
material␈α
on␈α
invariants␈α
in␈α
Manna's␈α
book␈α
and␈α
the␈α
material␈α
on␈α
first␈α
order
␈↓ ↓H␈↓representation␈α�in␈α�the␈α�McCarthy␈α�and␈α�Talcott␈α�book.␈α� The␈α�necessary␈α�background␈α�in␈α�first␈α�order␈α�logic
␈↓ ↓H␈↓might be included in this part of the syllabus, especially since it is in the Manna book.
␈↓ ↓H␈↓␈↓ α_3.␈α
The␈α∞programming␈α
problem␈α∞on␈α
the␈α
Comprehensive␈α∞should␈α
require␈α∞that␈α
the␈α∞program␈α
be
␈↓ ↓H␈↓verified.␈α� Given␈α�the␈α�present␈α�state␈α�of␈α
verification,␈α�this␈α�would␈α�probably␈α�require␈α�making␈α�it␈α
somewhat
␈↓ ↓H␈↓less␈α
ambitious␈α
as␈α�a␈α
programming␈α
problem,␈α�but␈α
this␈α
part␈α�of␈α
the␈α
exam␈α�has␈α
already␈α
received␈α�much
␈↓ ↓H␈↓criticism␈α�as␈α
not␈α�a␈α
scientific␈α�exercise.␈α� This␈α
cannot␈α�be␈α
done␈α�until␈α�the␈α
one␈α�or␈α
another␈α�of␈α�the␈α
machine
␈↓ ↓H␈↓verification systems has been made available for general use.
␈↓ ↓H␈↓␈↓ α_4.␈α
The␈α
LISP␈α
course,␈α
now␈α
206,␈α
and␈α
soon␈α
to␈α
be␈α
126,␈α
should␈α
require␈α
machine␈α
verification␈α�of
␈↓ ↓H␈↓some␈α∞of␈α∞its␈α
programs,␈α∞perhaps␈α∞all␈α∞pure␈α
LISP␈α∞programs.␈α∞ This␈α
requires␈α∞the␈α∞implementation␈α∞of␈α
a
␈↓ ↓H␈↓predicate␈α�calculus␈α
proof-checker␈α�as␈α�a␈α
feature␈α�of␈α�the␈α
student␈α�Maclisp␈α�system.␈α
Making␈α�such␈α�a␈α
systee
␈↓ ↓H␈↓will be a major task, and we should get NSF to support a project aimed at this goal.
␈↓ ↓H␈↓␈↓ α_5.␈α∃CS105␈α∃and␈α∃106␈α∃should␈α∃contain␈α∃some␈α∃verification.␈α∃ The␈α∃goal␈α∃of␈α⊗a␈α∃machine-aided
␈↓ ↓H␈↓verification␈α�system␈α
for␈α�these␈α
courses␈α�is␈α
vaguer␈α�in␈α�my␈α
mind,␈α�and␈α
therefore␈α�apparently␈α
further␈α�off.
␈↓ ↓H␈↓However,␈α⊂perhaps␈α⊂the␈α⊂PASCAL␈α⊂enthusiast␈α⊃would␈α⊂think␈α⊂otherwise␈α⊂and␈α⊂would␈α⊂be␈α⊃prepared␈α⊂to
␈↓ ↓H␈↓undertake␈α∞to␈α∞produce␈α∞a␈α∞PASCAL␈α∞verification␈α∞system␈α∞that␈α∞could␈α∞be␈α∞used␈α∞in␈α∂elementary␈α∞courses.
␈↓ ↓H␈↓Most likely this would also be a project that would require outside support.
␈↓ ↓H␈↓␈↓ α_6.␈α�It␈α�is␈α�possible␈α�that␈α�large␈α�amounts␈α�of␈α�student␈α�verification␈α�will␈α�increase␈α�our␈α�computer␈α�power
␈↓ ↓H␈↓requirements.
␈↓ ↓H␈↓␈↓ α_Stanford␈α
has␈α∞strong␈α
enough␈α∞faculty␈α
interests␈α∞in␈α
verification␈α∞including␈α
Floyd␈α∞(not␈α
presently
␈↓ ↓H␈↓active␈α⊂here),␈α⊂Luckham,␈α⊂Manna,␈α⊂McCarthy,␈α⊂and␈α⊂Owicki,␈α⊃so␈α⊂that␈α⊂we␈α⊂are␈α⊂in␈α⊂a␈α⊂good␈α⊃position␈α⊂to
␈↓ ↓H␈↓initiate the effort. Weyhrauch, Talcott and Karp strengthen this effort.
␈↓ ↓H␈↓␈↓ α_A␈α∞large␈α∞project␈α∂supported␈α∞by␈α∞the␈α∞education␈α∂part␈α∞of␈α∞NSF␈α∞aimed␈α∂at␈α∞making␈α∞it␈α∂practical␈α∞to
␈↓ ↓H␈↓include verification in programming courses might be a good form of organization.
�