16 research outputs found
Higher-Order Nonemptiness Step by Step
We show a new simple algorithm that checks whether a given higher-order grammar generates a nonempty language of trees. The algorithm amounts to a procedure that transforms a grammar of order n to a grammar of order n-1, preserving nonemptiness, and increasing the size only exponentially. After repeating the procedure n times, we obtain a grammar of order 0, whose nonemptiness can be easily checked. Since the size grows exponentially at each step, the overall complexity is n-EXPTIME, which is known to be optimal. More precisely, the transformation (and hence the whole algorithm) is linear in the size of the grammar, assuming that the arity of employed nonterminals is bounded by a constant. The same algorithm allows to check whether an infinite tree generated by a higher-order recursion scheme is accepted by an alternating safety (or reachability) automaton, because this question can be reduced to the nonemptiness problem by taking a product of the recursion scheme with the automaton.
A proof of correctness of the algorithm is formalised in the proof assistant Coq. Our transformation is motivated by a similar transformation of Asada and Kobayashi (2020) changing a word grammar of order n to a tree grammar of order n-1. The step-by-step approach can be opposed to previous algorithms solving the nonemptiness problem "in one step", being compulsorily more complicated
Normalization by evaluation for call-by-push-value and polarized lambda calculus
We observe that normalization by evaluation for simply-typed lambda-calculus with weak coproducts can be carried out in a weak bi-cartesian closed category of presheaves equipped with a monad that allows us to perform case distinction on neutral terms of sum type. The placement of the monad influences the normal forms we obtain: for instance, placing the monad on coproducts gives us eta-long beta-pi normal forms where pi refers to permutation of case distinctions out of elimination positions. We further observe that placing the monad on every coproduct is rather wasteful, and an optimal placement of the monad can be determined by considering polarized simple types inspired by focalization. Polarization classifies types into positive and negative, and it is sufficient to place the monad at the embedding of positive types into negative ones. We consider two calculi based on polarized types: pure call-by-push-value (CBPV) and polarized lambda-calculus, the natural deduction calculus corresponding to focalized sequent calculus. For these two calculi, we present algorithms for normalization by evaluation. We further discuss different implementations of the monad and their relation to existing normalization proofs for lambda-calculus with sums. Our developments have been partially formalized in the Agda proof assistant
General Decidability Results for Asynchronous Shared-Memory Programs: Higher-Order and Beyond
The model of asynchronous programming arises in many contexts, from low-level
systems software to high-level web programming. We take a language-theoretic
perspective and show general decidability and undecidability results for
asynchronous programs that capture all known results as well as show
decidability of new and important classes. As a main consequence, we show
decidability of safety, termination and boundedness verification for
higher-order asynchronous programs -- such as OCaml programs using Lwt -- and
undecidability of liveness verification already for order-2 asynchronous
programs. We show that under mild assumptions, surprisingly, safety and
termination verification of asynchronous programs with handlers from a language
class are decidable iff emptiness is decidable for the underlying language
class. Moreover, we show that configuration reachability and liveness (fair
termination) verification are equivalent, and decidability of these problems
implies decidability of the well-known "equal-letters" problem on languages.
Our results close the decidability frontier for asynchronous programs
Proving expected sensitivity of probabilistic programs with randomized variable-dependent termination time
The notion of program sensitivity (aka Lipschitz continuity) specifies that changes in the program input result in proportional changes to the program output. For probabilistic programs the notion is naturally extended to expected sensitivity. A previous approach develops a relational program logic framework for proving expected sensitivity of probabilistic while loops, where the number of iterations is fixed and bounded. In this work, we consider probabilistic while loops where the number of iterations is not fixed, but randomized and depends on the initial input values. We present a sound approach for proving expected sensitivity of such programs. Our sound approach is martingale-based and can be automated through existing martingale-synthesis algorithms. Furthermore, our approach is compositional for sequential composition of while loops under a mild side condition. We demonstrate the effectiveness of our approach on several classical examples from Gambler's Ruin, stochastic hybrid systems and stochastic gradient descent. We also present experimental results showing that our automated approach can handle various probabilistic programs in the literature
Featherweight VeriFast
VeriFast is a leading research prototype tool for the sound modular
verification of safety and correctness properties of single-threaded and
multithreaded C and Java programs. It has been used as a vehicle for
exploration and validation of novel program verification techniques and for
industrial case studies; it has served well at a number of program verification
competitions; and it has been used for teaching by multiple teachers
independent of the authors. However, until now, while VeriFast's operation has
been described informally in a number of publications, and specific
verification techniques have been formalized, a clear and precise exposition of
how VeriFast works has not yet appeared. In this article we present for the
first time a formal definition and soundness proof of a core subset of the
VeriFast program verification approach. The exposition aims to be both
accessible and rigorous: the text is based on lecture notes for a graduate
course on program verification, and it is backed by an executable
machine-readable definition and machine-checked soundness proof in Coq
Intersection Types and (Positive) Almost-Sure Termination
Randomized higher-order computation can be seen as being captured by a lambda
calculus endowed with a single algebraic operation, namely a construct for
binary probabilistic choice. What matters about such computations is the
probability of obtaining any given result, rather than the possibility or the
necessity of obtaining it, like in (non)deterministic computation. Termination,
arguably the simplest kind of reachability problem, can be spelled out in at
least two ways, depending on whether it talks about the probability of
convergence or about the expected evaluation time, the second one providing a
stronger guarantee. In this paper, we show that intersection types are capable
of precisely characterizing both notions of termination inside a single system
of types: the probability of convergence of any lambda-term can be
underapproximated by its type, while the underlying derivation's weight gives a
lower bound to the term's expected number of steps to normal form. Noticeably,
both approximations are tight -- not only soundness but also completeness
holds. The crucial ingredient is non-idempotency, without which it would be
impossible to reason on the expected number of reduction steps which are
necessary to completely evaluate any term. Besides, the kind of approximation
we obtain is proved to be optimal recursion theoretically: no recursively
enumerable formal system can do better than that
Proving Expected Sensitivity of Probabilistic Programs with Randomized Variable-Dependent Termination Time
The notion of program sensitivity (aka Lipschitz continuity) specifies that
changes in the program input result in proportional changes to the program
output. For probabilistic programs the notion is naturally extended to expected
sensitivity. A previous approach develops a relational program logic framework
for proving expected sensitivity of probabilistic while loops, where the number
of iterations is fixed and bounded. In this work, we consider probabilistic
while loops where the number of iterations is not fixed, but randomized and
depends on the initial input values. We present a sound approach for proving
expected sensitivity of such programs. Our sound approach is martingale-based
and can be automated through existing martingale-synthesis algorithms.
Furthermore, our approach is compositional for sequential composition of while
loops under a mild side condition. We demonstrate the effectiveness of our
approach on several classical examples from Gambler's Ruin, stochastic hybrid
systems and stochastic gradient descent. We also present experimental results
showing that our automated approach can handle various probabilistic programs
in the literature