Use of functional annotations in verifying imperative programs

Abstract

Functional programming languages [1-3] have been advocated as a means for writing more reliable programs, although imperative programming languages permit more efficient execution on conventional computer hardware. This paper advocates a means of using a functional notation to annotate imperative programs, and presents a method for verifying that the annotated sections of code achieve the results specified in the annotation. Examples are given to show how the method is used. These demonstrate that this approach to program correctness leads to verification conditions which are briefer, but more numerous, than those which result from verifying more conventionally annotated programs. One motivation for the work is pedagogical, in that it is hoped that the techniques described can be used, in the spirit of Backhouse [4], to make clearer to novice programmers the underlying functional purpose of sections of less transparent imperative code. A goal of the paper is to provide a technique to facilitate the activity of operational decomposition in a formal method (such as VDM [5], in which refinements of specifications to implementations are made.