Some encounters on the productive use of a failed proof attempt or a counterexample Chapter in Scopus uri icon


  • In the formal methods approach to software verification, we use logical formulae to model both the program and its intended specification, and, then, we apply (automated) reasoning techniques to demonstrate that the formulae satisfy a verification conjecture. One may either apply proving techniques, to provide a formal verification argument, or disproving techniques to falsify the verification conjecture. However, programs often contain bugs or are flawed, and, so, the verification process breaks down. Interpreting the failed proof attempt or the counterexample, if any, is very valuable, since it potentially helps identifying the program bug or flaw. Lakatos, in his book Proofs and Refutations, argues that the analysis of a failed proof often holds the key for the development of a theory. Proof analysis enables the strengthening of naïve conjectures and concepts, without severely weakening its content. In this paper, we survey our encounters on the productive use of failure in the context of a few theories, natural numbers and (higher-order) lists, and in the context of security protocols. © 2010 Springer-Verlag.

Publication date

  • December 16, 2010