theorems June 8, 1993 2:55 pm 1/6 D. L. Parnas Some Theorems We Should Prove David Lorge Parnas Telecommunications Research Institute of Ontario (TRIO) Communications Research Laboratory Department of Electrical and Computer Engineering McMaster University, Hamilton, Ontario, Canada L8S 4K1 ABSTRACT Mathematical techniques can be used to produce precise, provably complete documentation for computer systems. However, such documents are highly detailed and oversights and other errors are quite common. To detect the “early” errors in a document, one must attempt to prove certain simple theorems. This paper gives some examples of such theorems. 1 Introduction In [4], we have shown how the contents of key computer systems documents can be defined in terms of mathematical functions and relations. We also reminded our readers that (1) functions and relations can be viewed as sets of ordered pairs, (2) sets can be characterised by predicates and described by logical expressions, (3) predicates can be represented in a more readable way using multidimensional (tabular) expressions whose components are logical expressions and terms, and (4) the meaning of these tables can be defined by rules for translating those tables into more conventional expressions. A complete discussion of these tabular expressions can be found in [6]. The most recent illustration of their use can be found in [3]. Our efforts have very pragmatic goals. We are not trying to provide mathematical proofs of program correctness; our goals are much more mundane. We wish to use mathematical methods to improve the quality of documentation in software systems. We believe, and have demonstrated using both practical and “academic: examples. ([1, 7, 3]) that we can provide mathematically precise documents that can be read by both programmers and properly prepared users. Although we are not working on program verification per se, we believe that the ability to provide readable mathematical documentation is a prerequisite for regular practical use of mathematical methods in software development. It does no good to prove that a piece of software satisfies a specification, if that specification cannot be read, understood, and criticised by potential users or their representatives. Although we are not trying to prove programs correct, we do have a need for theorem provers. The formulae in our tabular expressions must satisfy certain mathematical conditions. When we have used these tables in practice (e.g. [7]), we have found that the documents submitted for review often fail to satisfy those conditions; as a result the reviewers spent much too much of their time and energy checking for simple, application-independent, properties. This distracted us from the more difficult, safety relevant, issues and we felt that the preliminary checking should be done by a computer. Tools that check these tables must prove theorems, but theorems that are different from those that arise in program verification. The purpose of this paper is to formulate, but not prove, examples of those theorems. We would like to know which theorem provers or theorem proving support systems, are best able to deal with this type of theorem.