Draft of 6 April 2003 © Bertrand Meyer, 2003 To be cited as: Bertrand Meyer, Towards practical proofs of class correctness, to appear in Proc. 3rd International B and Z Users Conference (ZB 2003), Turku (Finland), June 2003, ed. Didier Bert, Springer-Verlag, 2003. Towards practical proofs of class correctness Bertrand Meyer 1 SCOPE “Trusted Components” are reusable software elements with guaranteed quality properties. Establishing a base of trusted components is among the most promising approaches to improving the general state of software; the potential for widespread reuse justifies the effort necessary to get the components right [11]. The most ambitious guarantee of component properties is a mathematical proof. The present work is part of an effort to produce a library of object- oriented components, equipped with contracts in the Eiffel style, and accompanied with mathematical proofs — mechanically checked — that the implementations satisfy the contracts. We introduce a theory for correctness proofs of classes, and apply it to proofs for a class describing linked lists. Like any realistic example of object-oriented component, the linked list class produces run-time structures relying extensively on pointers. A related set of articles [13] propose a general proof framework for pointers. The present article uses their results, but can be read independently. For more details about pointer semantics please refer to the complete series. ABSTRACT Preliminary steps towards a theory, framework and process for proving that contract-equipped classes satisfy their contracts, including when the run-time structure involves pointers; and its application to correctness proofs of routines from a LINKED_LIST class, such as element removal and list reversal.