Thesis for the Degree of Licentiate of Philosophy Induction Rules for Proving Correctness of Imperative Programs

This thesis is aimed at simplifying the user-interaction in semi-interactive theorem proving for imperative programs. More specifically, we describe the creation of customised induction rules that are tailor-made for the specific program to verify and thus make the resulting proof simpler. The concern is in user interaction, rather than in proof strength. To achieve this, two different verification techniques are used. In the first approach, we develop an idea where a software testing technique, partition analysis, is used to compute a partition of the domain of the induction variable, based on the branch predicates in the program we wish to prove correct. Based on this partition we derive mechanically a partitioned induction rule, which then inherits the divide-and-conquer style of partition analysis, and (hopefully) is easier to use than the standard (Peano) induction rule. The second part of the thesis continues with a more thorough development of the method. Here the connection to software testing is completely removed and the focus is on inductive theorem proving only. This time, we make use of failed proof attempts in a theorem prover to gain information about the problem structure and create the partition. Then, based on the partition we create an induction rule, in destructor style, that is customised to make the proving of the loop simpler. With the customised induction rules, in comparison to standard (Peano) induction or Noetherian induction, the required user interaction is moved to an earlier point in the proof which also becomes more modularised. Moreover, by using destructor style induction we circumvent the problem of creating inverses of functions. The soundness of the customised induction rules created by the method is shown. Furthermore, the machinery of the theorem prover (KeY) is used to make the method automatic. The induction rules are developed to prove the total correctness of loops in an object-oriented language and we concentrate on integers.