750 research outputs found
Domains for Higher-Order Games
We study two-player inclusion games played over word-generating higher-order
recursion schemes. While inclusion checks are known to capture verification
problems, two-player games generalize this relationship to program synthesis.
In such games, non-terminals of the grammar are controlled by opposing players.
The goal of the existential player is to avoid producing a word that lies
outside of a regular language of safe words.
We contribute a new domain that provides a representation of the winning
region of such games. Our domain is based on (functions over) potentially
infinite Boolean formulas with words as atomic propositions. We develop an
abstract interpretation framework that we instantiate to abstract this domain
into a domain where the propositions are replaced by states of a finite
automaton. This second domain is therefore finite and we obtain, via standard
fixed-point techniques, a direct algorithm for the analysis of two-player
inclusion games. We show, via a second instantiation of the framework, that our
finite domain can be optimized, leading to a (k+1)EXP algorithm for order-k
recursion schemes. We give a matching lower bound, showing that our approach is
optimal. Since our approach is based on standard Kleene iteration, existing
techniques and tools for fixed-point computations can be applied.Comment: Conference version accepted for presentation and publication at the
42nd International Symposium on Mathematical Foundations of Computer Science
(MFCS 2017
Soft Contract Verification
Behavioral software contracts are a widely used mechanism for governing the
flow of values between components. However, run-time monitoring and enforcement
of contracts imposes significant overhead and delays discovery of faulty
components to run-time.
To overcome these issues, we present soft contract verification, which aims
to statically prove either complete or partial contract correctness of
components, written in an untyped, higher-order language with first-class
contracts. Our approach uses higher-order symbolic execution, leveraging
contracts as a source of symbolic values including unknown behavioral values,
and employs an updatable heap of contract invariants to reason about
flow-sensitive facts. We prove the symbolic execution soundly approximates the
dynamic semantics and that verified programs can't be blamed.
The approach is able to analyze first-class contracts, recursive data
structures, unknown functions, and control-flow-sensitive refinements of
values, which are all idiomatic in dynamic languages. It makes effective use of
an off-the-shelf solver to decide problems without heavy encodings. The
approach is competitive with a wide range of existing tools---including type
systems, flow analyzers, and model checkers---on their own benchmarks.Comment: ICFP '14, September 1-6, 2014, Gothenburg, Swede
Set-Theoretic Types for Polymorphic Variants
Polymorphic variants are a useful feature of the OCaml language whose current
definition and implementation rely on kinding constraints to simulate a
subtyping relation via unification. This yields an awkward formalization and
results in a type system whose behaviour is in some cases unintuitive and/or
unduly restrictive. In this work, we present an alternative formalization of
poly-morphic variants, based on set-theoretic types and subtyping, that yields
a cleaner and more streamlined system. Our formalization is more expressive
than the current one (it types more programs while preserving type safety), it
can internalize some meta-theoretic properties, and it removes some
pathological cases of the current implementation resulting in a more intuitive
and, thus, predictable type system. More generally, this work shows how to add
full-fledged union types to functional languages of the ML family that usually
rely on the Hindley-Milner type system. As an aside, our system also improves
the theory of semantic subtyping, notably by proving completeness for the type
reconstruction algorithm.Comment: ACM SIGPLAN International Conference on Functional Programming, Sep
2016, Nara, Japan. ICFP 16, 21st ACM SIGPLAN International Conference on
Functional Programming, 201
Intersection types and (positive) almost-sure termination
Randomized higher-order computation can be seen as being captured by a λ-calculus endowed with a single algebraic operation, namely a construct for binary probabilistic choice. What matters about such computations is the probability of obtaining any given result, rather than the possibility or the necessity of obtaining it, like in (non)deterministic computation. Termination, arguably the simplest kind of reachability problem, can be spelled out in at least two ways, depending on whether it talks about the probability of convergence or about the expected evaluation time, the second one providing a stronger guarantee. In this paper, we show that intersection types are capable of precisely characterizing both notions of termination inside a single system of types: the probability of convergence of any λ-term can be underapproximated by its type, while the underlying derivation's weight gives a lower bound to the term's expected number of steps to normal form. Noticeably, both approximations are tight-not only soundness but also completeness holds. The crucial ingredient is non-idempotency, without which it would be impossible to reason on the expected number of reduction steps which are necessary to completely evaluate any term. Besides, the kind of approximation we obtain is proved to be optimal recursion theoretically: no recursively enumerable formal system can do better than that
Intersection Types and (Positive) Almost-Sure Termination
Randomized higher-order computation can be seen as being captured by a lambda
calculus endowed with a single algebraic operation, namely a construct for
binary probabilistic choice. What matters about such computations is the
probability of obtaining any given result, rather than the possibility or the
necessity of obtaining it, like in (non)deterministic computation. Termination,
arguably the simplest kind of reachability problem, can be spelled out in at
least two ways, depending on whether it talks about the probability of
convergence or about the expected evaluation time, the second one providing a
stronger guarantee. In this paper, we show that intersection types are capable
of precisely characterizing both notions of termination inside a single system
of types: the probability of convergence of any lambda-term can be
underapproximated by its type, while the underlying derivation's weight gives a
lower bound to the term's expected number of steps to normal form. Noticeably,
both approximations are tight -- not only soundness but also completeness
holds. The crucial ingredient is non-idempotency, without which it would be
impossible to reason on the expected number of reduction steps which are
necessary to completely evaluate any term. Besides, the kind of approximation
we obtain is proved to be optimal recursion theoretically: no recursively
enumerable formal system can do better than that
- …