Modular Verification of Higher-Order Functional Programs

Conference paper
First Online:
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10201)

Abstract

Fully automated verification methods for higher-order functional programs have recently been proposed based on higher-order model checking and/or refinement type inference. Most of those methods are, however, whole program analyses, suffering from the scalability problem. To address the problem, we propose a modular method for fully automated verification of higher-order programs. Our method takes a program consisting of multiple top-level functions as an input, and repeatedly applies procedures for (i) guessing refinement intersection types of each function in a counterexample-guided manner, and (ii) checking that each function indeed has the guessed refinement intersection types, until the whole program is proved/disproved to be safe. To avoid the whole program analysis, we introduce the notion of modular counterexamples, and utilize them in (i), and employ Sato et al.’s technique of reducing refinement type checking to assertion checking in (ii). We have implemented the proposed method as an extension to MoCHi, and confirmed its effectiveness through experiments.

Keywords

Recursive Function Function Definition Execution Trace Verification Method Type Environment 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This is a preview of subscription content, log in to check access.

Notes

Acknowledgment

We would like to thank anonymous referees for useful comments. This work was supported by JSPS KAKENHI Grant Number JP15H05706.

Supplementary material

Open image in new window Open image in new window Open image in new window

References

  1. 1.
    Berezin, S., Campos, S., Clarke, E.M.: Compositional reasoning in model checking. In: Roever, W.-P., Langmaack, H., Pnueli, A. (eds.) COMPOS 1997. LNCS, vol. 1536, pp. 81–102. Springer, Heidelberg (1998). doi: 10.1007/3-540-49213-5_4 CrossRefGoogle Scholar
  2. 2.
    Burch, J., Clarke, E.M., Long, D.: Symbolic model checking with partitioned transition relations. In: Proceedings of the IFIP TC10/WG 10.5 International Conference on Very Large Scale Integration (VLSI 1991), pp. 49–58 (1991)Google Scholar
  3. 3.
    Campos, S.V.A.: A quantitative approach to the formal verification of real-time systems. Ph.D. thesis, Carnegie Mellon University (1996)Google Scholar
  4. 4.
    Chaki, S., Gurfinkel, A.: Automated assume-guarantee reasoning for omega-regular systems and specifications. Innov. Syst. Softw. Eng. 7(2), 131–139 (2011)CrossRefGoogle Scholar
  5. 5.
    Cobleigh, J.M., Giannakopoulou, D., PĂsĂreanu, C.S.: Learning assumptions for compositional verification. In: Garavel, H., Hatcliff, J. (eds.) TACAS 2003. LNCS, vol. 2619, pp. 331–346. Springer, Heidelberg (2003). doi: 10.1007/3-540-36577-X_24 CrossRefGoogle Scholar
  6. 6.
    Filliâtre, J.C., Paskevich, A.: Why3 - where programs meet provers. In: Proceedings of the 22nd European Conference on Programming Languages and Systems (ESOP 2013), pp. 125–128 (2013)Google Scholar
  7. 7.
    Gheorghiu Bobaru, M., Păsăreanu, C.S., Giannakopoulou, D.: Automated assume-guarantee reasoning by abstraction refinement. In: Gupta, A., Malik, S. (eds.) CAV 2008. LNCS, vol. 5123, pp. 135–148. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-70545-1_14 CrossRefGoogle Scholar
  8. 8.
    Grumberg, O., Long, D.E.: Model checking and modular verification. ACM Trans. Program. Lang. Syst. 16(3), 843–871 (1994)CrossRefGoogle Scholar
  9. 9.
    Kobayashi, N., Sato, R., Unno, H.: Predicate abstraction and CEGAR for higher-order model checking. In: Proceedings of the 32nd ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI 2011), pp. 222–233 (2011)Google Scholar
  10. 10.
    Kobayashi, N., Tabuchi, N., Unno, H.: Higher-order multi-parameter tree transducers and recursion schemes for program verification. In: Proceedings of the 37th ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages (POPL 2010), pp. 495–508 (2010)Google Scholar
  11. 11.
    Leino, K.R.M.: Dafny: an automatic program verifier for functional correctness. In: Clarke, E.M., Voronkov, A. (eds.) LPAR 2010. LNCS (LNAI), vol. 6355, pp. 348–370. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-17511-4_20 CrossRefGoogle Scholar
  12. 12.
    Matsumoto, Y., Kobayashi, N., Unno, H.: Automata-based abstraction for automated verification of higher-order tree-processing programs. In: Feng, X., Park, S. (eds.) APLAS 2015. LNCS, vol. 9458, pp. 295–312. Springer, Cham (2015). doi: 10.1007/978-3-319-26529-2_16 CrossRefGoogle Scholar
  13. 13.
    Nguyen, P.C., Horn, D.V.: Relatively complete counterexamples for higher-order programs. In: Proceedings of the 36th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI 2015), pp. 446–456. ACM (2015)Google Scholar
  14. 14.
    Nguyen, P.C., Tobin-Hochstadt, S., Horn, D.V.: Soft contract verification. In: Proceedings of the 19th ACM SIGPLAN International Conference on Functional Programming (ICFP 2014), pp. 139–152 (2014)Google Scholar
  15. 15.
    Ong, C.H.L., Ramsay, S.J.: Verifying higher-order functional programs with pattern-matching algebraic data types. In: Proceedings of the 38th annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL 2011), pp. 587–598 (2011)Google Scholar
  16. 16.
    Rondon, P.M., Kawaguchi, M., Jhala, R.: Liquid types. In: Proceedings of the 2008 ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI 2008), pp. 159–169 (2008)Google Scholar
  17. 17.
    Sato, R., Asada, K., Kobayashi, N.: Refinement type checking via assertion checking. J. Inf. Process. 23(6), 827–834 (2015)Google Scholar
  18. 18.
    Sato, R., Unno, H., Kobayashi, N.: Towards a scalable software model checker for higher-order programs. In: Proceedings of the ACM SIGPLAN 2013 Workshop on Partial Evaluation and Program Manipulation (PEPM 2013), pp. 53–62. ACM Press (2013)Google Scholar
  19. 19.
    Swamy, N., Kohlweiss, M., Zinzindohoue, J.K., Zanella-Béguelin, S., HriÅ£cu, C., Keller, C., Rastogi, A., Delignat-Lavaud, A., Forest, S., Bhargavan, K., Fournet, C., Strub, P.Y., Swamy, N., HriÅ£cu, C., Keller, C., Rastogi, A., Delignat-Lavaud, A., Forest, S., Bhargavan, K., Fournet, C., Strub, P.Y., Kohlweiss, M., Zinzindohoue, J.K., Zanella-Béguelin, S.: Dependent types and multi-monadic effects in F*. In: Proceedings of the 43rd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL 2016), pp. 256–270 (2016)Google Scholar
  20. 20.
    Terao, T., Tsukada, T., Kobayashi, N.: Higher-order model checking in direct style. In: Igarashi, A. (ed.) APLAS 2016. LNCS, vol. 10017, pp. 295–313. Springer, Cham (2016). doi: 10.1007/978-3-319-47958-3_16 CrossRefGoogle Scholar
  21. 21.
    Terauchi, T.: Dependent types from counterexamples. In: Proceedings of the 37th ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages (POPL 2010), pp. 119–130 (2010)Google Scholar
  22. 22.
    Touati, H., Savoj, H., Lin, B., Brayton, R., Sangiovanni-Vincentelli, A.: Implicit state enumeration of finite state machines using BDD’s. In: 1990 IEEE International Conference on Computer-Aided Design (ICCAD 1990), pp. 130–133 (1990)Google Scholar
  23. 23.
    Unno, H., Kobayashi, N.: Dependent type inference with interpolants. In: Proceedings of the 11th International ACM SIGPLAN Conference on Principles and Practice of Declarative Programming (PPDP 2009), pp. 277–288 (2009)Google Scholar
  24. 24.
    Unno, H., Terauchi, T., Kobayashi, N.: Automating relatively complete verification of higher-order functional programs. In: Proceedings of the 40th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL 2013), pp. 75–86 (2013)Google Scholar
  25. 25.
    Vazou, N., Seidel, E.L., Jhala, R., Vytiniotis, D., Jones, S.L.P.: Refinement types for haskell. In: Proceedings of the 19th ACM SIGPLAN International Conference on Functional Programming, pp. 269–282 (2014)Google Scholar
  26. 26.
    Voirol, N., Kneuss, E., Kuncak, V.: Counter-example complete verification for higher-order functions. In: Proceedings of the 6th ACM SIGPLAN Symposium on Scala (Scala 2015), pp. 18–29 (2015)Google Scholar
  27. 27.
    Weis, P.: Caml examples (2001). http://caml.inria.fr/pub/old_caml_site/Examples/
  28. 28.
    Xi, H., Pfenning, F.: Dependent types in practical programming. In: Proceedings of the 26th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL 1999), pp. 214–227 (1999)Google Scholar
  29. 29.
    Zhu, H., Jagannathan, S.: Compositional and lightweight dependent type inference for ML. In: Giacobazzi, R., Berdine, J., Mastroeni, I. (eds.) VMCAI 2013. LNCS, vol. 7737, pp. 295–314. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-35873-9_19 CrossRefGoogle Scholar
  30. 30.
    Zhu, H., Nori, A.V., Jagannathan, S.: Learning refinement types. In: Proceedings of the 20th ACM SIGPLAN International Conference on Functional Programming (ICFP 2015), pp. 400–411 (2015)Google Scholar
  31. 31.
    Zhu, H., Petri, G., Jagannathan, S.: Automatically learning shape specifications. In: Proceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and Implementation, (PLDI 2016), pp. 491–507 (2016)Google Scholar

Copyright information

© Springer-Verlag GmbH Germany 2017

Authors and Affiliations

  1. 1.The University of TokyoTokyoJapan

Personalised recommendations