Studying program correctness in ProVIDE

Quantified Score

Visualization

Abstract

In an attempt to better integrate discrete mathematics into the introductory CS curriculum, we implemented ProVIDE, an enhanced integrated development environment (IDE) for Java that enables students to analyze their computer programs (in terms of their correctness) while they are creating them [1]. The primary goal of the construction of ProVIDE is the seamless integration of analysis with the creation of computer programs. Because the concept of program correctness is generally taught as an activity independent of the programming process, most introductory CS students preceive it is unnecessary and even irrelevant. The concept of contracts, on the other hand, is generally taught as an integral part of the programming process. As such, most introductory CS students have little difficulty understanding the need to establish contracts via preconditions and postconditions.The approach we have taken with ProVIDE is a modified version of the "design by contract" methodology. Rather than asking the student programmer for both a precondition and postcondition for each of his/her methods, ProVIDE asks the student to simply supply a postcondition. ProVIDE then helps the student construct the appropriate precondition by leading him/her through an axiomatic proof of the correctness of the method. Thus, the proof of correctness of the method is a side-effect of the student's need to construct an appropriate precondition.In this demonstration, we will show some examples of method precondition construction (including loop invariant construction) within ProVIDE, including the following squaring algorithms that uses only additions (which highlights the construction of a loop invariant for a single loop) and only increments and decrements (which highlights the construction of loop invariants for both sequential and nested loops), respectively.