Flexible Correct-by-Construction Programming

TL;DR

This paper introduces flexible extensions to Correct-by-Construction (CbC) programming, namely CbC-Block and TraitCbC, which enhance flexibility while maintaining correctness guarantees, supported by formal proofs and comparative analysis.

Contribution

It presents CbC-Block and TraitCbC as novel, more flexible variants of CbC, with formal soundness proofs and practical guidelines for structured program development.

Findings

CbC-Block allows inserting any block of statements, increasing flexibility.

TraitCbC uses traits with specified methods for correctness-by-construction.

All approaches are compared in terms of constructs, tool support, and usability.

Abstract

Correctness-by-Construction (CbC) is an incremental program construction process to construct functionally correct programs. The programs are constructed stepwise along with a specification that is inherently guaranteed to be satisfied. CbC is complex to use without specialized tool support, since it needs a set of predefined refinement rules of fixed granularity which are additional rules on top of the programming language. Each refinement rule introduces a specific programming statement and developers cannot depart from these rules to construct programs. CbC allows to develop software in a structured and incremental way to ensure correctness, but the limited flexibility is a disadvantage of CbC. In this work, we compare classic CbC with CbC-Block and TraitCbC. Both approaches CbC-Block and TraitCbC, are related to CbC, but they have new language constructs that enable a more flexible software construction approach. We provide for both approaches a programming guideline, which similar to CbC, leads to well-structured programs. CbC-Block extends CbC by adding a refinement rule to insert any block of statements. Therefore, we introduce CbC-Block as an extension of CbC. TraitCbC implements correctness-by-construction on the basis of traits with specified methods. We formally introduce TraitCbC and prove soundness of the construction strategy. All three development approaches are qualitatively compared regarding their programming constructs, tool support, and usability to assess which is best suited for certain tasks and developers.