47 research outputs found
Semantics-based program verification
We present language-independent formal methods that are parameterized by the operational semantics of languages. We provide the theory, implementation, and extensive evaluation of the language-parametric formal methods. Specifically, we consider two formal analyses: program verification and program equivalence.
First, we propose a novel notion of bisimulation, which we call cut-bisimulation, allowing the two programs to semantically synchronize at relevant "cut" points, but to evolve independently otherwise. Employing the cut-bisimulation, we develop a language-independent equivalence checking algorithm, parameterized by the input and output language semantics, to prove equivalence of programs written in possibly different languages. We implement the algorithm in the K framework, yielding the first language-parametric program equivalence checker.
To demonstrate the practical feasibility of the language-parametric formal methods, we instantiate a language-independent deductive program verifier by plugging-in four real-world language semantics, C, Java, JavaScript, and Ethereum Virtual Machine (EVM), and use them to verify full functional correctness of challenging heap-manipulating programs and high-profile commercial smart contracts. In particular, to the best of our knowledge, the JavaScript and EVM verifiers are the first deductive program verifier for these languages
Tools and Algorithms for the Construction and Analysis of Systems
This open access two-volume set constitutes the proceedings of the 26th International Conference on Tools and Algorithms for the Construction and Analysis of Systems, TACAS 2020, which took place in Dublin, Ireland, in April 2020, and was held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2020. The total of 60 regular papers presented in these volumes was carefully reviewed and selected from 155 submissions. The papers are organized in topical sections as follows: Part I: Program verification; SAT and SMT; Timed and Dynamical Systems; Verifying Concurrent Systems; Probabilistic Systems; Model Checking and Reachability; and Timed and Probabilistic Systems. Part II: Bisimulation; Verification and Efficiency; Logic and Proof; Tools and Case Studies; Games and Automata; and SV-COMP 2020
Interacting Hopf Algebras: the theory of linear systems
Scientists in diverse fields use diagrammatic formalisms to reason about various kinds
of networks, or compound systems. Examples include electrical circuits, signal flow graphs,
Penrose and Feynman diagrams, Bayesian networks, Petri nets, Kahn process networks, proof
nets, UML specifications, amongst many others. Graphical languages provide a convenient
abstraction of some underlying mathematical formalism, which gives meaning to diagrams.
For instance, signal flow graphs, foundational structures in control theory, are traditionally
translated into systems of linear equations. This is typical: diagrammatic languages are used
as an interface for more traditional mathematics, but rarely studied per se.
Recent trends in computer science analyse diagrams as first-class objects using formal
methods from programming language semantics. In many such approaches, diagrams are generated
as the arrows of a PROP — a special kind of monoidal category — by a two-dimensional
syntax and equations. The domain of interpretation of diagrams is also formalised as a PROP
and the (compositional) semantics is expressed as a functor preserving the PROP structure.
The first main contribution of this thesis is the characterisation of SVk, the PROP of
linear subspaces over a field k. This is an important domain of interpretation for diagrams
appearing in diverse research areas, like the signal flow graphs mentioned above. We present by
generators and equations the PROP IH of string diagrams whose free model is SVk. The name
IH stands for interacting Hopf algebras: indeed, the equations of IH arise by distributive laws
between Hopf algebras, which we obtain using Lack’s technique for composing PROPs. The
significance of the result is two-fold. On the one hand, it offers a canonical string diagrammatic
syntax for linear algebra: linear maps, kernels, subspaces and the standard linear algebraic
transformations are all faithfully represented in the graphical language. On the other hand,
the equations of IH describe familiar algebraic structures — Hopf algebras and Frobenius
algebras — which are at the heart of graphical formalisms as seemingly diverse as quantum
circuits, signal flow graphs, simple electrical circuits and Petri nets. Our characterisation
enlightens the provenance of these axioms and reveals their linear algebraic nature.
Our second main contribution is an application of IH to the semantics of signal processing
circuits. We develop a formal theory of signal flow graphs, featuring a string diagrammatic
syntax for circuits, a structural operational semantics and a denotational semantics. We
prove soundness and completeness of the equations of IH for denotational equivalence. Also,
we study the full abstraction question: it turns out that the purely operational picture is
too concrete — two graphs that are denotationally equal may exhibit different operational
behaviour. We classify the ways in which this can occur and show that any graph can be
realised — rewritten, using the equations of IH, into an executable form where the operational
behaviour and the denotation coincide. This realisability theorem — which is the culmination
of our developments — suggests a reflection about the role of causality in the semantics of
signal flow graphs and, more generally, of computing devices
Interaction Trees: Representing Recursive and Impure Programs in Coq
"Interaction trees" (ITrees) are a general-purpose data structure for
representing the behaviors of recursive programs that interact with their
environments. A coinductive variant of "free monads," ITrees are built out of
uninterpreted events and their continuations. They support compositional
construction of interpreters from "event handlers", which give meaning to
events by defining their semantics as monadic actions. ITrees are expressive
enough to represent impure and potentially nonterminating, mutually recursive
computations, while admitting a rich equational theory of equivalence up to
weak bisimulation. In contrast to other approaches such as relationally
specified operational semantics, ITrees are executable via code extraction,
making them suitable for debugging, testing, and implementing software
artifacts that are amenable to formal verification.
We have implemented ITrees and their associated theory as a Coq library,
mechanizing classic domain- and category-theoretic results about program
semantics, iteration, monadic structures, and equational reasoning. Although
the internals of the library rely heavily on coinductive proofs, the interface
hides these details so that clients can use and reason about ITrees without
explicit use of Coq's coinduction tactics.
To showcase the utility of our theory, we prove the termination-sensitive
correctness of a compiler from a simple imperative source language to an
assembly-like target whose meanings are given in an ITree-based denotational
semantics. Unlike previous results using operational techniques, our
bisimulation proof follows straightforwardly by structural induction and
elementary rewriting via an equational theory of combinators for control-flow
graphs.Comment: 28 pages, 4 pages references, published at POPL 202
Processes with Multiple Entries and Exits Modulo Isomorphism and Modulo Bisimulation
This paper is an attempt to integrate the algebra of communicating processes (ACP) and the algebra of flownomials (AF). Basically, this means to combine axiomatized parallel and looping operators. To this end we introduce a model of process graphs with multiple entries and exits. In this model the usual operations of both algebras are defined, e.g. alternative composition (this covers both the sum of ACP and the disjoint sum of AF), sequential composition, feedback, parallel composition, left merge, communication merge, encapsulation, etc. 1 The main results consist of correct and complete axiomatisations of process graphs modulo isomorphism and modulo bisimulation. Key words & Phrases: process algebra, feedback, flowchart theories. 1 Introduction This paper is an attempt to integrate the algebra of communicating processes (ACP) and the algebra of flownomials (AF). Basically, this means to combine axiomatized parallel and looping operators. There are three axiomatized looping opera..
Tools and Algorithms for the Construction and Analysis of Systems
This open access book constitutes the proceedings of the 28th International Conference on Tools and Algorithms for the Construction and Analysis of Systems, TACAS 2022, which was held during April 2-7, 2022, in Munich, Germany, as part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2022. The 46 full papers and 4 short papers presented in this volume were carefully reviewed and selected from 159 submissions. The proceedings also contain 16 tool papers of the affiliated competition SV-Comp and 1 paper consisting of the competition report. TACAS is a forum for researchers, developers, and users interested in rigorously based tools and algorithms for the construction and analysis of systems. The conference aims to bridge the gaps between different communities with this common interest and to support them in their quest to improve the utility, reliability, exibility, and efficiency of tools and algorithms for building computer-controlled systems
Executable Denotational Semantics With Interaction Trees
Interaction trees are a representation of effectful and reactive systemsdesigned to be implemented in a proof assistant such as Coq. They are equipped with a rich algebra of combinators to construct recursive and effectful computations and to reason about them equationally. Interaction trees are also an executable structure, notably via extraction, which enables testing and directly developing executable programs in Coq. To demonstrate the usefulness of interaction trees, two applications are presented. First, I develop a novel approach to verify a compiler from a simple imperative language to assembly, by proving a semantic preservation theorem which is termination-sensitive, using an equational proof. Second, I present a framework of concurrent objects, inheriting the modularity, compositionality, and executability of interaction trees. Leveraging that framework, I formally prove the correctness of a transactionally predicated map, using a novel approach to reason about objects combining the notions of linearizability and strict serializability, two well-known correctness conditions for concurrent objects