Summary
We propose and compare two induction principles called “always” and “sometime” for proving inevitability properties of programs. They are respective formalizations and generalizations of Floyd invariant assertions and Burstall intermittent assertions methods for proving total correctness of sequential programs whose methodological advantages or disadvantages have been discussed in a number of previous papers. Both principles are formalized in the abstract setting of arbitrary nondeterministic transition systems and illustrated by appropriate examples. The “sometime” method is interpreted as a recursive application of the “always” method. Hence “always” can be considered as a special case of “sometime”. These proof methods are strongly equivalent in the sense that a proof by one induction principle can be rewritten into a proof by the other one. The first two theorems of the paper show that an invariant for the “always” method can be translated into an invariant for the “sometime” method even if every recursive application of the later is required to be of finite length. The third and main theorem of the paper shows how to translate an invariant for the “sometime” method into an invariant for the “always” method. It is emphasized that this translation technique follows the idea of transforming recursive programs into iterative ones. Of course, a general translation technique does not imply that the original “sometime” invariant and the resulting “always” invariant are equally understandable. This is illustrated by an example.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Back, R.J.: Semantics of unbounded nondeterminism, in Proc. 7th ICALP, LNCS 85, pp. 51–63. Berlin, Heidelberg, New York: Springer 1980
Burstall, R.M.: Program proving as hand simulation with a little induction. Information Processing 74, pp. 308–312. Amsterdam: North-Holland 1974
Cousot, P., Cousot, R.: Induction principles for proving invariance properties of programs. In: Tools and notions for program construction. (D. Neel, ed.), pp. 75–119. Cambridge: University Press 1982
Cousot, P., Cousot, R.: “A la Floyd” induction principles for proving inevitability properties of programs. In: Algebraic methods in semantics. (M. Nivat, J.C. Reynolds, eds.), pp. 277–312. Cambridge: University Press 1985
Cousot, P., Cousot, R.: “A la Burstall” induction principles for proving inevitability properties of programs, Research Report LRIM-83-08, Univ. of Metz, France, 1983
Dijkstra, E.W.: A sequel to EWD 592, EWD 600, Burroughs Corp., Nuemen, The Netherlands 1977
Floyd, R.: Assigning meaning to programs. In: Proc. Symp. Appl. Math., 19. (Schwartz J.T. (ed.)), Am. Math. Soc., pp. 19–32, Providence, 1967
Gries, D.: Is SOMETIME ever better than ALWAYS? ACM TOPLAS, 1, 258–265 (1979)
Keller, R.M.: Formal verification of parallel programs, 19, 371–384 (1976)
Lamport, L.: Proving the correctness of multiprocess programs, IEEE Trans. Soft. Eng., 3, 125–143 (1977)
Manna, Z., Pnueli, A.: How to cook a temporal proof system for your pet language, ACM POPL, 10, 141–154 (1983)
Manna, Z., Waldinger, R.: Is SOMETIME sometimes better than ALWAYS? Intermittent assertions in proving program correctness, 21, 159–172 (1978)
Monk, J.D.: Introduction to set theory, New York: McGraw-Hill 1969
Owicki, S., Lamport, L.: Proving liveness properties of concurrent programs. ACM TOPLAS 4, 455–495 (1982)
Author information
Authors and Affiliations
Rights and permissions
About this article
Cite this article
Cousot, P., Cousot, R. Sometime = always + recursion ≡ always on the equivalence of the intermittent and invariant assertions methods for proving inevitability properties of programs. Acta Informatica 24, 1–31 (1987). https://doi.org/10.1007/BF00290704
Received:
Issue Date:
DOI: https://doi.org/10.1007/BF00290704