297 research outputs found
Featherweight VeriFast
VeriFast is a leading research prototype tool for the sound modular
verification of safety and correctness properties of single-threaded and
multithreaded C and Java programs. It has been used as a vehicle for
exploration and validation of novel program verification techniques and for
industrial case studies; it has served well at a number of program verification
competitions; and it has been used for teaching by multiple teachers
independent of the authors. However, until now, while VeriFast's operation has
been described informally in a number of publications, and specific
verification techniques have been formalized, a clear and precise exposition of
how VeriFast works has not yet appeared. In this article we present for the
first time a formal definition and soundness proof of a core subset of the
VeriFast program verification approach. The exposition aims to be both
accessible and rigorous: the text is based on lecture notes for a graduate
course on program verification, and it is backed by an executable
machine-readable definition and machine-checked soundness proof in Coq
Proving Nontermination via safety
We show how the problem of nontermination proving can be reduced to a question of underapproximation search guided by a safety prover. This reduction leads to new nontermination proving implementation strategies based on existing tools for safety proving. Our preliminary implementation beats existing tools. Furthermore, our approach leads to easy support for programs with unbounded nondeterminism
Methods for Proving Termination of Rewriting-based Programming Languages by Transformation
AbstractDespite the remarkable development of the theory of termination of rewriting, its application to high-level (rewriting-based) programming languages is far from being optimal. This is due to the need for features such as conditional equations and rules, types and subtypes, (possibly programmable) strategies for controlling the execution, matching modulo axioms, and so on, that are used in many programs and tend to place such programs outside the scope of current termination tools. The operational meaning of such features is often formalized in a proof theoretic manner by means of an inference system rather than just by a rewriting relation. The corresponding termination notions can also differ from the standard ones. During the last years we have introduced and implemented different notions and transformation techniques which have been proved useful for proving and disproving termination of such programs by using existing tools for proving termination of (variants of) rewriting. In this paper we provide an overview of our main contributions
Certification of nontermination proofs using strategies and nonlooping derivations
© 2014 Springer International Publishing Switzerland. The development of sophisticated termination criteria for term rewrite systems has led to powerful and complex tools that produce (non)termination proofs automatically. While many techniques to establish termination have already been formalizedâthereby allowing to certify such proofsâthis is not the case for nontermination. In particular, the proof checker CeTA was so far limited to (innermost) loops. In this paper we present an Isabelle/HOL formalization of an extended repertoire of nontermination techniques. First, we formalized techniques for nonlooping nontermination. Second, the available strategies include (an extended version of) forbidden patterns, which cover in particular outermost and context-sensitive rewriting. Finally, a mechanism to support partial nontermination proofs further extends the applicability of our proof checker
Resumptions, Weak Bisimilarity and Big-Step Semantics for While with Interactive I/O: An Exercise in Mixed Induction-Coinduction
We look at the operational semantics of languages with interactive I/O
through the glasses of constructive type theory. Following on from our earlier
work on coinductive trace-based semantics for While, we define several big-step
semantics for While with interactive I/O, based on resumptions and
termination-sensitive weak bisimilarity. These require nesting inductive
definitions in coinductive definitions, which is interesting both
mathematically and from the point-of-view of implementation in a proof
assistant.
After first defining a basic semantics of statements in terms of resumptions
with explicit internal actions (delays), we introduce a semantics in terms of
delay-free resumptions that essentially removes finite sequences of delays on
the fly from those resumptions that are responsive. Finally, we also look at a
semantics in terms of delay-free resumptions supplemented with a silent
divergence option. This semantics hinges on decisions between convergence and
divergence and is only equivalent to the basic one classically.
We have fully formalized our development in Coq.Comment: In Proceedings SOS 2010, arXiv:1008.190
A Specification for Dependent Types in Haskell
We propose a core semantics for Dependent Haskell, an extension of Haskell with full-spectrum dependent types. Our semantics consists of two related languages. The first is a Curry-style dependently-typed language with nontermination, irrelevant arguments, and equality abstraction. The second, inspired by the Glasgow Haskell Compilerâs core language FC, is its explicitly-typed analogue, suitable for implementation in GHC. All of our results -- chiefly, type safety, along with theorems that relate these two languages -- have been formalized using the Coq proof assistant. Because our work is backwards compatible with Haskell, our type safety proof holds in the presence of nonterminating computation. However, unlike other full-spectrum dependently-typed languages, such as Coq, Agda or Idris, because of this nontermination, Haskellâs term language does not correspond to a consistent logic
A Dependently Typed Language with Nontermination
We propose a full-spectrum dependently typed programming language, Zombie, which supports general recursion natively. The Zombie implementation is an elaborating typechecker. We prove type saftey for a large subset of the Zombie core language, including features such as computational irrelevance, CBV-reduction, and propositional equality with a heterogeneous, completely erased elimination form. Zombie does not automatically beta-reduce expressions, but instead uses congruence closure for proof and type inference. We give a specification of a subset of the surface language via a bidirectional type system, which works up-to-congruence, and an algorithm for elaborating expressions in this language to an explicitly typed core language. We prove that our elaboration algorithm is complete with respect to the source type system. Zombie also features an optional termination-checker, allowing nonterminating programs returning proofs as well as external proofs about programs
- âŠ