1. Catalog
  2. Program Proofs

Program Proofs

by Leino

ISBN: 9780262375436 | Copyright 2023

Click here to preview

Instructor Requests

Digital Exam/Desk Copy Print Desk Copy Ancillaries
Tabs

This comprehensive and highly readable textbook teaches students how to formally reason about computer programs using an incremental approach and the verification-aware programming language Dafny.

Program Proofs shows students what it means to write specifications for programs, what it means for programs to satisfy those specifications, and how to write proofs that connect specifications and programs. Writing with clarity and humor, K. Rustan M. Leino first provides an overview of the basic theory behind reasoning about programs. He then gradually builds up to complex concepts and applications, until students are facing real programs using objects, data structures, and non-trivial recursion. To emphasize the practical nature of program proofs, all material and examples use the verification-aware programming language Dafny, but no previous knowledge of Dafny is assumed.

•Written in a highly readable and student-friendly style
•Builds up to complex concepts incrementally
•Comprehensively covers how to write proofs and how to specify and verify both functional programs and imperative programs
•Uses real program text from a real programming language, not pseudo code
•Features engaging illustrations and hands-on learning exercises

Expand/Collapse All
Contents (pg. v)
Preface (pg. ix)
Programs and Proofs (pg. ix)
Material (pg. x)
What the Book Is Not (pg. xi)
How to Read This Book (pg. xi)
Dafny (pg. xii)
Online Information (pg. xiii)
Acknowledgments (pg. xiii)
Notes for Teachers (pg. xv)
0. Introduction (pg. 1)
0.0. Prerequisites (pg. 2)
0.1. Outline of Topics (pg. 4)
0.2. Dafny (pg. 5)
0.3. Other Languages (pg. 6)
Notes (pg. 6)
Part 0. Learning the Ropes (pg. 7)
1. Basics (pg. 9)
1.0. Methods (pg. 9)
1.1. Assert Statements (pg. 10)
1.2. Working with the Verifier (pg. 11)
1.3. Control Paths (pg. 12)
1.4. Method Contracts (pg. 13)
1.5. Functions (pg. 17)
1.6. Compiled versus Ghost (pg. 19)
1.7. Summary (pg. 21)
Notes (pg. 22)
2. Making It Formal (pg. 25)
2.0. Program State (pg. 26)
2.1. Floyd Logic (pg. 28)
2.2. Hoare Triples (pg. 29)
2.3. Strongest Postconditions andWeakest Preconditions (pg. 32)
2.4. WP and SP (pg. 40)
2.5. Conditional Control Flow (pg. 41)
2.6. Sequential Composition (pg. 45)
2.7. Method Calls and Postconditions (pg. 46)
2.8. Assert Statements (pg. 50)
2.9. Weakest Liberal Preconditions (pg. 53)
2.10. Method Calls with Preconditions (pg. 55)
2.11. Function Calls (pg. 57)
2.12. Partial Expressions (pg. 58)
2.13. Method Correctness (pg. 60)
2.14. Summary (pg. 60)
Notes (pg. 61)
3. Recursion and Termination (pg. 63)
3.0. The Endless Problem (pg. 64)
3.1. Avoiding Infinite Recursion (pg. 66)
3.2. Well-Founded Relations (pg. 70)
3.3. Lexicographic Tuples (pg. 72)
3.4. Default decreases in Dafny (pg. 79)
3.5. Summary (pg. 80)
Notes (pg. 81)
4. Inductive Datatypes (pg. 83)
4.0. Blue-Yellow Trees (pg. 84)
4.1. Matching on Datatypes (pg. 85)
4.2. Discriminators and Destructors (pg. 86)
4.3. Structural Inclusion (pg. 88)
4.4. Enumerations (pg. 89)
4.5. Type Parameters (pg. 89)
4.6. Abstract Syntax Trees for Expressions (pg. 90)
4.7. Summary (pg. 93)
Notes (pg. 94)
5. Lemmas and Proofs (pg. 95)
5.0. Declaring a Lemma (pg. 96)
5.1. Using a Lemma (pg. 96)
5.2. Proving a Lemma (pg. 99)
5.3. Back to Basics (pg. 102)
5.4. Proof Calculations (pg. 106)
5.5. Example: Reduce (pg. 110)
5.6. Example: Commutativity of Multiplication (pg. 115)
5.7. Example: Mirroring a Tree (pg. 118)
5.8. Example: Working on Abstract Syntax Trees (pg. 122)
5.9. Summary (pg. 130)
Notes (pg. 131)
Part 1. Functional Programs (pg. 133)
6. Lists (pg. 137)
6.0. List Definition (pg. 137)
6.1. Length (pg. 138)
6.2. Intrinsic versus Extrinsic Specifications (pg. 139)
6.3. Take and Drop (pg. 142)
6.4. At (pg. 144)
6.5. Find (pg. 146)
6.6. List Reversal (pg. 147)
6.7. Lemmas in Expressions (pg. 151)
6.8. Eliding Type Arguments (pg. 157)
6.9. Summary (pg. 158)
Notes (pg. 159)
7. Unary Numbers (pg. 161)
7.0. Basic Definitions (pg. 162)
7.1. Comparisons (pg. 162)
7.2. Addition and Subtraction (pg. 165)
7.3. Multiplication (pg. 167)
7.4. Division and Modulus (pg. 167)
7.5. Summary (pg. 172)
Notes (pg. 173)
8. Sorting (pg. 175)
8.0. Specification (pg. 175)
8.1. Insertion Sort (pg. 179)
8.2. Merge Sort (pg. 181)
8.3. Summary (pg. 188)
Notes (pg. 188)
9. Abstraction (pg. 189)
9.0. Grouping Declarations into Modules (pg. 190)
9.1. Module Imports (pg. 190)
9.2. Export Sets (pg. 191)
9.3. Modular Specification of a Queue (pg. 194)
9.4. Equality-Supporting Types (pg. 201)
9.5. Summary (pg. 204)
Notes (pg. 204)
10. Data-Structure Invariants (pg. 207)
10.0. Priority-Queue Specification (pg. 208)
10.1. Designing the Data Structure (pg. 210)
10.2. Implementation (pg. 212)
10.3. Making Intrinsic from Extrinsic (pg. 224)
10.4. Summary (pg. 229)
Notes (pg. 230)
Part 2. Imperative Programs (pg. 231)
11. Loops (pg. 235)
11.0. Loop Specifications (pg. 235)
11.1. Loop Implementations (pg. 241)
11.2. Loop Termination (pg. 247)
11.3. Summarizing the Loop Rule (pg. 250)
11.4. Integer Square Root (pg. 252)
11.5. Summary (pg. 255)
Notes (pg. 255)
12. Recursive Specifications, Iterative Programs (pg. 257)
12.0. Iterative Fibonacci (pg. 257)
12.1. Fibonacci Squared (pg. 260)
12.2. Powers of 2 (pg. 264)
12.3. Sums (pg. 267)
12.4. Summary (pg. 272)
Notes (pg. 273)
13. Arrays and Searching (pg. 275)
13.0. About Arrays (pg. 275)
13.1. Linear Search (pg. 280)
13.2. Binary Search (pg. 288)
13.3. Minimum (pg. 292)
13.4. Coincidence Count (pg. 294)
13.5. Slope Search (pg. 301)
13.6. Canyon Search (pg. 304)
13.7. Majority Vote (pg. 309)
13.8. Summary (pg. 318)
Notes (pg. 319)
14. Modifying Arrays (pg. 321)
14.0. Simple Frames (pg. 321)
14.1. Basic Array Modification (pg. 326)
14.2. Summary (pg. 336)
Notes (pg. 336)
15. In-situ Sorting (pg. 337)
15.0. Dutch National Flag (pg. 337)
15.1. Selection Sort (pg. 341)
15.2. Quicksort (pg. 343)
15.3. Summary (pg. 347)
Notes (pg. 349)
16. Objects (pg. 351)
16.0. Checksums (pg. 352)
16.1. Tokenizer (pg. 359)
16.2. Simple Aggregate Objects (pg. 364)
16.3. Full Aggregate Objects (pg. 374)
16.4. Summary (pg. 382)
Notes (pg. 384)
17. Dynamic Heap Data Structures (pg. 387)
17.0. Lazily Initialized Arrays (pg. 387)
17.1. Extensible Array (pg. 396)
17.2. Binary Search Tree for a Map (pg. 403)
17.3. Iterator for the Map (pg. 413)
17.4. Summary (pg. 423)
Notes (pg. 423)
Reference Material (pg. 425)
Appendix A. Dafny Syntax Cheat Sheet (pg. 427)
A.0. Declarations (pg. 427)
A.1. Statements (pg. 429)
A.2. Expressions (pg. 430)
Appendix B. Boolean Algebra (pg. 433)
B.0. Boolean Values and Negation (pg. 433)
B.1. Conjunction (pg. 433)
B.2. Predicates andWell-Definedness (pg. 434)
B.3. Disjunction and Proof Format (pg. 435)
B.4. Implication (pg. 437)
B.5. Proving Implications (pg. 438)
B.6. Free Variables and Substitution (pg. 439)
B.7. Universal Quantification (pg. 441)
B.8. Existential Quantification (pg. 442)
Notes (pg. 444)
Appendix C. Answers to Select Exercises (pg. 445)
References (pg. 459)
Index (pg. 467)

K. Rustan M. Leino

K. Rustan M. Leino is a Senior Principal Applied Scientist in the Automated Reasoning Group at Amazon Web Services, an ACM and IRIP Fellow, and a recipient of the CAV Award.
Instructors Only
You must have an instructor account and submit a request to access instructor materials for this book.
Register / Log in
eTextbook
Go paperless today! Available online anytime, nothing to download or install.

Features

  • Bookmarking
  • Note taking
  • Highlighting
I have an access code.