82 research outputs found
Meta-F*: Proof Automation with SMT, Tactics, and Metaprograms
We introduce Meta-F*, a tactics and metaprogramming framework for the F*
program verifier. The main novelty of Meta-F* is allowing the use of tactics
and metaprogramming to discharge assertions not solvable by SMT, or to just
simplify them into well-behaved SMT fragments. Plus, Meta-F* can be used to
generate verified code automatically.
Meta-F* is implemented as an F* effect, which, given the powerful effect
system of F*, heavily increases code reuse and even enables the lightweight
verification of metaprograms. Metaprograms can be either interpreted, or
compiled to efficient native code that can be dynamically loaded into the F*
type-checker and can interoperate with interpreted code. Evaluation on
realistic case studies shows that Meta-F* provides substantial gains in proof
development, efficiency, and robustness.Comment: Full version of ESOP'19 pape
Deriving divide-and-conquer dynamic programming algorithms using solver-aided transformations
We introduce a framework allowing domain experts to manipulate computational terms in the interest of deriving better, more efficient implementations.It employs deductive reasoning to generate provably correct efficient implementations from a very high-level specification of an algorithm, and inductive constraint-based synthesis to improve automation. Semantic information is encoded into program terms through the use of refinement types.
In this paper, we develop the technique in the context of a system called Bellmania that uses solver-aided tactics to derive parallel divide-and-conquer implementations of dynamic programming algorithms that have better locality and are significantly more efficient than traditional loop-based implementations. Bellmania includes a high-level language for specifying dynamic programming algorithms and a calculus that facilitates gradual transformation of these specifications into efficient implementations. These transformations formalize the divide-and conquer technique; a visualization interface helps users to interactively guide the process, while an SMT-based back-end verifies each step and takes care of low-level reasoning required for parallelism.
We have used the system to generate provably correct implementations of several algorithms, including some important algorithms from computational biology, and show that the performance is comparable to that of the best manually optimized code.National Science Foundation (U.S.) (CCF-1139056)National Science Foundation (U.S.) (CCF- 1439084)National Science Foundation (U.S.) (CNS-1553510
Covering All the Bases: Type-Based Verification of Test Input Generators
Test input generators are an important part of property-based testing (PBT)
frameworks. Because PBT is intended to test deep semantic and structural
properties of a program, the outputs produced by these generators can be
complex data structures, constrained to satisfy properties the developer
believes is most relevant to testing the function of interest. An important
feature expected of these generators is that they be capable of producing all
acceptable elements that satisfy the function's input type and
generator-provided constraints. However, it is not readily apparent how we
might validate whether a particular generator's output satisfies this coverage
requirement. Typically, developers must rely on manual inspection and
post-mortem analysis of test runs to determine if the generator is providing
sufficient coverage; these approaches are error-prone and difficult to scale as
generators become more complex. To address this important concern, we present a
new refinement type-based verification procedure for validating the coverage
provided by input test generators, based on a novel interpretation of types
that embeds ``must-style'' underapproximate reasoning principles as a
fundamental part of the type system. The types associated with expressions now
capture the set of values guaranteed to be produced by the expression, rather
than the typical formulation that uses types to represent the set of values an
expression may produce. Beyond formalizing the notion of coverage types in the
context of a rich core language with higher-order procedures and inductive
datatypes, we also present a detailed evaluation study to justify the utility
of our ideas
Refinement kinds: type-safe programming with practical type-level computation
UID/CEC/04516/2019 PTDC/EEICTP/4293/2014This work introduces the novel concept of kind refinement, which we develop in the context of an explicitly polymorphic ML-like language with type-level computation. Just as type refinements embed rich specifications by means of comprehension principles expressed by predicates over values in the type domain, kind refinements provide rich kind specifications by means of predicates over types in the kind domain. By leveraging our powerful refinement kind discipline, types in our language are not just used to statically classify program expressions and values, but also conveniently manipulated as tree-like data structures, with their kinds refined by logical constraints on such structures. Remarkably, the resulting typing and kinding disciplines allow for powerful forms of type reflection, ad-hoc polymorphism and type-directed meta-programming, which are often found in modern software development, but not typically expressible in a type-safe manner in general purpose languages. We validate our approach both formally and pragmatically by establishing the standard meta-theoretical results of type safety and via a prototype implementation of a kind checker, type checker and interpreter for our language.publishersversionpublishe
Dafny with traits: verifying object oriented programs
Dafny is a programming language supporting verified high level programming. It has many features that a modern programming language has, like classes, generic classes, functions, and, methods. However, some aspects of object oriented programming do not exist in Dafny. For instance, it is not possible to write programs with classes and subclasses and then verify the subclasses. In order to enrich the language with the mentioned feature, this thesis introduces traits to Dafny. A trait in Dafny may introduce states, methods and functions with or without bodies. A class, then, inherits from a trait and may override the body-less methods and functions. There are also specifications for methods and functions in a trait that specify the intention of a particular method or function. In terms of the specifications, the class must provide the specifications, for annotating the functions and methods, possibly stronger. This has the drawback of repeating the specifications but it also increases readability as one can look at the class and immediately figure out what specifications govern the behavior of a method or a function.
The new feature, traits, provides polymorphism, information hiding, and reusability. Dynamic dispatch is now also available with the help of the introduced traits
Dafny with traits: verifying object oriented programs
Dafny is a programming language supporting verified high level programming. It has many features that a modern programming language has, like classes, generic classes, functions, and, methods. However, some aspects of object oriented programming do not exist in Dafny. For instance, it is not possible to write programs with classes and subclasses and then verify the subclasses. In order to enrich the language with the mentioned feature, this thesis introduces traits to Dafny. A trait in Dafny may introduce states, methods and functions with or without bodies. A class, then, inherits from a trait and may override the body-less methods and functions. There are also specifications for methods and functions in a trait that specify the intention of a particular method or function. In terms of the specifications, the class must provide the specifications, for annotating the functions and methods, possibly stronger. This has the drawback of repeating the specifications but it also increases readability as one can look at the class and immediately figure out what specifications govern the behavior of a method or a function.
The new feature, traits, provides polymorphism, information hiding, and reusability. Dynamic dispatch is now also available with the help of the introduced traits
Proceedings of the 21st Conference on Formal Methods in Computer-Aided Design – FMCAD 2021
The Conference on Formal Methods in Computer-Aided Design (FMCAD) is an annual conference on the theory and applications of formal methods in hardware and system verification. FMCAD provides a leading forum to researchers in academia and industry for presenting and discussing groundbreaking methods, technologies, theoretical results, and tools for reasoning formally about computing systems. FMCAD covers formal aspects of computer-aided system design including verification, specification, synthesis, and testing
Disco: A Functional Programming Language for Discrete Mathematics
Disco is a pure, strict, statically typed functional programming language
designed to be used in the setting of a discrete mathematics course. The goals
of the language are to introduce students to functional programming concepts
early, and to enhance their learning of mathematics by providing a
computational platform for them to play with. It features
mathematically-inspired notation, property-based testing, equirecursive
algebraic types, subtyping, built-in list, bag, and finite set types, a REPL,
and student-focused documentation. Disco is implemented in Haskell, with source
code available on GitHub [https://github.com/disco-lang/disco], and interactive
web-based REPL available through replit
[https://replit.com/@BrentYorgey/Disco#README.md].Comment: In Proceedings TFPIE 2023, arXiv:2308.0611
Statically verified refinements for multiparty protocols
© 2020 Copyright held by the owner/author(s). With distributed computing becoming ubiquitous in the modern era, safe distributed programming is an open challenge. To address this, multiparty session types (MPST) provide a typing discipline for message-passing concurrency, guaranteeing communication safety properties such as deadlock freedom.
While originally MPST focus on the communication aspects, and employ a simple typing system for communication payloads, communication protocols in the real world usually contain constraints on the payload. We introduce refined multiparty session types (RMPST), an extension of MPST, that express data dependent protocols via refinement types on the data types.
We provide an implementation of RMPST, in a toolchain called Session*, using Scribble, a toolchain for multiparty protocols, and targeting F*, a verification-oriented functional programming language. Users can describe a protocol in Scribble and implement the endpoints in F* using refinement-typed APIs generated from the protocol. The F* compiler can then statically verify the refinements. Moreover, we use a novel approach of callback-styled API generation, providing static linearity guarantees with the inversion of control. We evaluate our approach with real world examples and show that it has little overhead compared to a naive implementation, while guaranteeing safety properties from the underlying theory.EPSRC EP/T006544/1, EP/K011715/1, EP/K034413/1, EP/L00058X/1, EP/N027833/1, EP/N028201/1, EP/T006544/1, EP/T014709/1 and EP/V000462/1, and NCSS/EPSRC VeTS
- …