Results 1  10
of
81
Types and HigherOrder Recursion Schemes for Verification of HigherOrder Programs
, 2009
"... We propose a new verification method for temporal properties of higherorder functional programs, which takes advantage of Ong’s recent result on the decidability of the modelchecking problem for higherorder recursion schemes (HORS’s). A program is transformed to an HORS that generates a tree repr ..."
Abstract

Cited by 63 (15 self)
 Add to MetaCart
We propose a new verification method for temporal properties of higherorder functional programs, which takes advantage of Ong’s recent result on the decidability of the modelchecking problem for higherorder recursion schemes (HORS’s). A program is transformed to an HORS that generates a tree representing all the possible event sequences of the program, and then the HORS is modelchecked. Unlike most of the previous methods for verification of higherorder programs, our verification method is sound and complete. Moreover, this new verification framework allows a smooth integration of abstract model checking techniques into verification of higherorder programs. We also present a typebased verification algorithm for HORS’s. The algorithm can deal with only a fragment of the properties expressed by modal μcalculus, but the algorithm and its correctness proof are (arguably) much simpler than those of Ong’s gamesemanticsbased algorithm. Moreover, while the HORS model checking problem is nEXPTIME in general, our algorithm is linear in the size of HORS, under the assumption that the sizes of types and specifications are bounded by a constant.
Collapsible Pushdown Automata and Recursion Schemes
 23RD ANNUAL IEEE SYMPOSIUM ON LOGIC IN COMPUTER SCIENCE
, 2008
"... Collapsible pushdown automata (CPDA) are a new kind of higherorder pushdown automata in which every symbol in the stack has a link to a stack situated somewhere below it. In addition to the higherorder stack operations push i and pop i, CPDA have an important operation called collapse, whose effec ..."
Abstract

Cited by 52 (16 self)
 Add to MetaCart
Collapsible pushdown automata (CPDA) are a new kind of higherorder pushdown automata in which every symbol in the stack has a link to a stack situated somewhere below it. In addition to the higherorder stack operations push i and pop i, CPDA have an important operation called collapse, whose effect is to “collapse ” a stack s to the prefix as indicated by the link from the topmost symbol of s. Our first result is that CPDA are equiexpressive with recursion schemes as generators of (possibly infinite) ranked trees. In one direction, we give a simple algorithm that transforms an ordern CPDA to an ordern recursion scheme that generates the same tree, uniformly for all n ≥ 0. In the other direction, using ideas from game semantics, we give an effective transformation of ordern recursion schemes (not assumed
A type system equivalent to the modal mucalculus model checking of higherorder recursion schemes
 IN: PROCEEDINGS OF LICS
, 2009
"... The model checking of higherorder recursion schemes has important applications in the verification of higherorder programs. Ong has previously shown that the modal mucalculus model checking of trees generated by ordern recursion scheme is nEXPTIME complete, but his algorithm and its correctness ..."
Abstract

Cited by 40 (13 self)
 Add to MetaCart
The model checking of higherorder recursion schemes has important applications in the verification of higherorder programs. Ong has previously shown that the modal mucalculus model checking of trees generated by ordern recursion scheme is nEXPTIME complete, but his algorithm and its correctness proof were rather complex. We give an alternative, typebased verification method: Given a modal mucalculus formula, we can construct a type system in which a recursion scheme is typable if, and only if, the (possibly infinite, ranked) tree generated by the scheme satisfies the formula. The model checking problem is thus reduced to a type checking problem. Our typebased approach yields a simple verification algorithm, and its correctness proof (constructed without recourse to game semantics) is comparatively easy to understand. Furthermore, the algorithm is polynomialtime in the size of the recursion scheme, assuming that the formula and the largest order and arity of nonterminals of the recursion scheme are fixed.
ModelChecking HigherOrder Functions
, 2009
"... We propose a novel typebased model checking algorithm for higherorder recursion schemes. As shown by Kobayashi, verification problems of higherorder functional programs can easily be translated into model checking problems of recursion schemes. Thus, the model checking algorithm serves as a basis ..."
Abstract

Cited by 30 (14 self)
 Add to MetaCart
We propose a novel typebased model checking algorithm for higherorder recursion schemes. As shown by Kobayashi, verification problems of higherorder functional programs can easily be translated into model checking problems of recursion schemes. Thus, the model checking algorithm serves as a basis for verification of higherorder functional programs. To our knowledge, this is the first practical algorithm for model checking recursion schemes: all the previous algorithms always suffer from the nEXPTIME bottleneck, not only in the worst case, and there was no implementation of the algorithms. We have implemented a model checker for recursion schemes based on the proposed algorithm, and applied it to verification of functional programs, including reachability, flow analysis and resource usage verification problems. According to our experiments, the model checker is surprisingly fast: it could automatically verify a number of small but tricky higherorder functional programs in less than a second.
HigherOrder MultiParameter Tree Transducers . . .
, 2010
"... We introduce higherorder, multiparameter, tree transducers (HMTTs, for short), which are kinds of higherorder tree transducers that take input trees and output a (possibly infinite) tree. We study the problem of checking whether the tree generated by a given HMTT conforms to a given output specif ..."
Abstract

Cited by 28 (11 self)
 Add to MetaCart
We introduce higherorder, multiparameter, tree transducers (HMTTs, for short), which are kinds of higherorder tree transducers that take input trees and output a (possibly infinite) tree. We study the problem of checking whether the tree generated by a given HMTT conforms to a given output specification, provided that the input trees conform to input specifications (where both input/output specifications are regular tree languages). HMTTs subsume higherorder recursion schemes and ordinary tree transducers, so that their verification has a number of potential applications to verification of functional programs using recursive data structures, including resource usage verification, string analysis, and exact typechecking of XMLprocessing programs. We propose a sound but incomplete verification algorithm for the HMTT verification problem: the algorithm reduces the verification problem to a modelchecking problem for higherorder recursion schemes extended with finite data domains, and then uses (an extension of) Kobayashi’s algorithm for modelchecking recursion schemes. While the algorithm is incomplete (indeed, as we show in the paper, the verification problem is undecidable in general), it is sound and complete for a subclass of HMTTs called linear HMTTs. We have applied our HMTT verification algorithm to various program verification problems and obtained promising results.
Introspective Pushdown Analysis of HigherOrder Programs
"... In the static analysis of functional programs, pushdown flow analysis and abstract garbage collection skirt just inside the boundaries of soundness and decidability. Alone, each method reduces analysis times and boosts precision by orders of magnitude. This work illuminates and conquers the theoreti ..."
Abstract

Cited by 21 (13 self)
 Add to MetaCart
(Show Context)
In the static analysis of functional programs, pushdown flow analysis and abstract garbage collection skirt just inside the boundaries of soundness and decidability. Alone, each method reduces analysis times and boosts precision by orders of magnitude. This work illuminates and conquers the theoretical challenges that stand in the way of combining the power of these techniques. The challenge in marrying these techniques is not subtle: computing the reachable control states of a pushdown system relies on limiting access during transition to the top of the stack; abstract garbage collection, on the other hand, needs full access to the entire stack to compute a root set, just as concrete collection does. Introspective pushdown systems resolve this conflict. Introspective pushdown systems provide enough access to the stack to allow abstract garbage collection, but they remain restricted enough to compute controlstate reachability, thereby enabling the sound and precise product of pushdown analysis and abstract garbage collection. Experiments reveal synergistic interplay between the techniques, and the fusion demonstrates “betterthanbothworlds ” precision.
Dependent Types from Counterexamples
, 2010
"... Motivated by recent research in abstract model checking, we present a new approach to inferring dependent types. Unlike many of the existing approaches, our approach does not rely on programmers to supply the candidate (or the correct) types for the recursive functions and instead does counterexampl ..."
Abstract

Cited by 19 (4 self)
 Add to MetaCart
(Show Context)
Motivated by recent research in abstract model checking, we present a new approach to inferring dependent types. Unlike many of the existing approaches, our approach does not rely on programmers to supply the candidate (or the correct) types for the recursive functions and instead does counterexampleguided refinement to automatically generate the set of candidate dependent types. The main idea is to extend the classical fixedpoint type inference routine to return a counterexample if the program is found untypable with the current set of candidate types. Then, an interpolating theorem prover is used to validate the counterexample as a real type error or generate additional candidate dependent types to refute the spurious counterexample. The process is repeated until either a real type error is found or sufficient candidates are generated to prove the program typable. Our system makes nontrivial use of “linear” intersection types in the refinement phase. The paper presents the type inference system and reports on the experience with a prototype implementation that infers dependent types for a subset of the Ocaml language. The implementation infers dependent types containing predicates from the quantifierfree theory of linear arithmetic and equality with uninterpreted function symbols.
A finite semantics of simplytyped lambda terms for infinite runs of automata
 Procedings of the 20th international Workshop on Computer Science Logic (CSL ’06), volume 4207 of Lecture Notes in Computer Science
, 2006
"... Vol. 3 (3:1) 2007, pp. 1–23 ..."
(Show Context)
Symbolic backwardsreachability analysis for higherorder pushdown systems
 IN FOSSACS
, 2007
"... Higherorder pushdown systems (PDSs) generalise pushdown systems through the use of higherorder stacks; that is, a nested “stack of stacks ” structure. These systems may be used to model higherorder programs and are closely related to the Caucal hierarchy of infinite graphs and safe higherorder ..."
Abstract

Cited by 16 (5 self)
 Add to MetaCart
(Show Context)
Higherorder pushdown systems (PDSs) generalise pushdown systems through the use of higherorder stacks; that is, a nested “stack of stacks ” structure. These systems may be used to model higherorder programs and are closely related to the Caucal hierarchy of infinite graphs and safe higherorder recursion schemes. We generalise higherorder PDSs to higherorder Alternating PDSs (APDSs) and consider the backwardsreachability problem over these systems. This builds on and extends previous work into pushdown systems and contextfree higherorder processes in a nontrivial manner. In particular, we show that the set of configurations from which a regular set of higherorder APDS configurations is reachable is regular and computable in nEXPTIME. In fact, the problem is nEXPTIMEcomplete. We show that this work has several applications in the verification of higherorder PDSs, such as lineartime modelchecking, alternationfree µcalculus modelchecking and the computation of winning regions of reachability games.