Three-valued predicates for software specification and validation

Abstract

Partial functions, hence also partial predicates, cannot be avoided in algorithms. Although the former fact has been accepted in the theory of software very early, the latter is still not quite commonly recognized. In many programming- and software-specification languages the partiality of predicates (Boolean expressions) is treated only semiformally. On the other hand it is quite well known today that an explicit formal treatment of partial predicates substantially improves the discipline of software specification, programming and validation. Partial predicates are usually formalized as three-valued functions where the third value corresponds to an undefinedness. This leads, of course, to the necessity of developing a new calculus of predicates and new rules of proving facts expressed by three-valued predicates. One possible approach to the latter problem, which has been already explored by several authors, consists in developing a three-valued logic which is used later in proving properties of software. In this paper we are surveying and analyzing another approach. We show how to combine a calculus of three-valued predicates — to be used in the construction of algorithms — with a two-valued logic — to be used in proving facts about these algorithms. We briefly discuss the possible applications of this approach in the construction of software and of software-specification metalanguages. In the opinion of the author our approach has the advantage of using classical techniques of proofs which are better understood by the majority of users and which are supported by many existing software systems such as e.g. LCF or MIZAR.