Affiliation:
1. Univ. of Michigan, Ann Arbor
Abstract
Hoare logic is a widely recommended verification tool. There is, however, a problem of finding easily checkable loop invariants; it is known that decidable assertions do not suffice to verify while programs, even when the pre- and postconditions are decidable. We show here a stronger result: decidable invariants do not suffice to verify single-loop programs. We also show that this problem arises even in extremely simple contexts. Let
N
be the structure consisting of the set of natural numbers together with the functions
S(x)
=
x
+1,
D(x)
=2
(x)
=***
x
/2***. There is a single-loop program *** using only three variables
x,y,z
such that the asserted program
x
=
y
=
z
=0 *** false is partially correct on
N
but any loop invariant
I(x,y,z)
for this asserted program is undecidable.
Publisher
Association for Computing Machinery (ACM)
Subject
Computational Mathematics,Logic,General Computer Science,Theoretical Computer Science
Cited by
11 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献