combining static and dynamic contract checking for curry
play

Combining Static and Dynamic Contract Checking for Curry Michael - PowerPoint PPT Presentation

Feb 14, 2023 •252 likes •463 views

Combining Static and Dynamic Contract Checking for Curry Michael Hanus University of Kiel Programming Languages and Compiler Construction LOPSTR 2017 Michael Hanus (CAU Kiel) Combining Static and Dynamic Contract Checking for Curry LOPSTR

  1. Combining Static and Dynamic Contract Checking for Curry Michael Hanus University of Kiel Programming Languages and Compiler Construction LOPSTR 2017 Michael Hanus (CAU Kiel) Combining Static and Dynamic Contract Checking for Curry LOPSTR 2017 1

  2. Developing Reliable Software Systems Program verification . . . perfect but not practical: difficult proofs, no fully automatic tools exact proof obligations / specifications Declarative programming . . . good but not perfect: run-time errors exist objective: avoid possible run-time errors Pragmatic approach: combine static and dynamic checks strong typing � static detection of some run-time errors more complex conditions � dynamic assertions Our approach: Move boundaries by static verification of dynamic assertions Michael Hanus (CAU Kiel) Combining Static and Dynamic Contract Checking for Curry LOPSTR 2017 2

  3. Combining Static and Dynamic Checking Advantages fully automatic approach more efficient reliable software → Int fac :: Int fac n = if n==0 then 1 else n * fac (n-1) fac "Hello" : statically rejected fac (2-5) : still possible � infinite loop Add contracts (pre/postconditions) [PADL ’12]: fac’pre n = n >= 0 fac’post n f = f > 0 fac (x-2-x) : rejected at run time Michael Hanus (CAU Kiel) Combining Static and Dynamic Contract Checking for Curry LOPSTR 2017 3

  4. Contract Verification Dynamic contract checking requires additional execution time often turned off in production systems Our approach try to verify contracts at compile time if successful: remove dynamic contract checks otherwise: leave dynamic checks Advantages reliable program execution more efficient (if successful) practical (if fully automatic) Michael Hanus (CAU Kiel) Combining Static and Dynamic Contract Checking for Curry LOPSTR 2017 4

  5. Proof of Concept Programming language: Curry declarative (functional logic) language results applicable to functional as well as logic languages Verification: SMT solver fully automatic prover quite powerful for integers and algebraic types Michael Hanus (CAU Kiel) Combining Static and Dynamic Contract Checking for Curry LOPSTR 2017 5

  6. Functional Logic Programming with Curry Curry: Haskell syntax, logic features (non-determinism) Functions: concatenating lists [] ++ ys = ys (x:xs) ++ ys = x : (xs ++ ys) Non-determinism: list insertion + permutation ins x ys = x : ys ins x (y:ys) = y : ins x ys > ins 0 [1,2] � [0,1,2] ? [1,0,2] ? [1,2,0] perm [] = [] perm (x:xs) = ins x (perm xs) Michael Hanus (CAU Kiel) Combining Static and Dynamic Contract Checking for Curry LOPSTR 2017 6

  7. Contracts for Curry [PADL ’12] Given: f :: τ → τ ′ Contract for f : pre- and postcondition Precondition: f ’pre :: → Bool τ Postcondition: f ’post :: → τ ′ → Bool τ Dynamic contract checking Curry preprocessor transforms contracts into dynamic checks: precondition � check arguments before each call postcondition � check arguments/result after evaluation Michael Hanus (CAU Kiel) Combining Static and Dynamic Contract Checking for Curry LOPSTR 2017 7

  8. Contract Verification: Motivation Factorial operation with contract: → Int fac :: Int fac n = if n==0 then 1 else n * fac (n-1) fac’pre n = n >= 0 fac’post n f = f > 0 Consider evaluation of f n : without contract checking: n calls with contract checking: n calls + 2 ∗ n contract calls Michael Hanus (CAU Kiel) Combining Static and Dynamic Contract Checking for Curry LOPSTR 2017 8

  9. Contract Verification Verifying precondition fac n = if n==0 then 1 else n * fac (n-1) fac’pre n = n >= 0 Consider recursive fac call: n>=0 (by precondition) ¬ (n==0) (since else branch is chosen) n>=0 ∧ ¬ (n==0) = ⇒ (n-1)>=0 (by SMT solver) � precondition of recursive call always satisfied, omit at run-time Michael Hanus (CAU Kiel) Combining Static and Dynamic Contract Checking for Curry LOPSTR 2017 9

  10. Contract Verification Verifying postcondition fac n = if n==0 then 1 else n * fac (n-1) fac’post n f = f > 0 Consider value of right-hand side: then branch: 1 > 0 � postcondition satisfied 1 else branch: 2 n>=0 (by precondition) ¬ (n==0) (since else branch is chosen) fac(n-1)>0 (by postcondition) n>=0 ∧ ¬ (n==0) ∧ fac(n-1)>0 = ⇒ n*fac(n-1)>0 (by SMT) � postcondition satisfied Altogether: postcondition always satisfied, omit at run-time Michael Hanus (CAU Kiel) Combining Static and Dynamic Contract Checking for Curry LOPSTR 2017 10

  11. Contract Verification Combining pre- and postcondition verification → Int fac :: Int fac n = if n==0 then 1 else n * fac (n-1) fac’pre n = n >= 0 fac’post n f = f > 0 g n = fac (fac n) Consider outermost call to fac in g : (fac n)>0 (by postcondition) (fac n)>0 = ⇒ (fac n)>=0 (by SMT) � omit precondition check for this call Michael Hanus (CAU Kiel) Combining Static and Dynamic Contract Checking for Curry LOPSTR 2017 11

  12. Formalization For simplicity: use normalized FlatCurry representation fac(n) = let x = 0 y = n==x → 1 in case y of True → let n1 = n - 1 False f = fac n1 in n * f � natural semantics for Curry [Albert et al. JSC’05] � paper: include contract checking Abstract assertion-collecting semantics compute with symbolic values instead of concrete ones 1 collect properties that are known to be valid 2 do not evaluate functions (termination!) 3 but collect their pre- and postconditions Michael Hanus (CAU Kiel) Combining Static and Dynamic Contract Checking for Curry LOPSTR 2017 12

  13. Abstract Assertion-Collecting Semantics where v constructor-rooted or Val Γ : C | z ← v ⇓ C ∧ z = v v variable not bound in Γ Γ : C | z ← e ⇓ D VarExp Γ[ x �→ e ] : C | z ← x ⇓ D Fun Γ : C | z ← f ( x n ) ⇓ C ∧ f ’pre ( x n ) ∧ f ’post ( x n , z ) Γ[ y k �→ ρ ( e k )] : C | z ← ρ ( e ) ⇓ D where ρ = { x k �→ y k } Let and y k fresh Γ : C | z ← let { x k = e k } in e ⇓ D Γ : C | z ← e 1 ⇓ D 1 Γ : C | z ← e 2 ⇓ D 2 Or Γ : C | z ← e 1 or e 2 ⇓ D 1 ∨ D 2 Γ : C | x ← x ⇓ D Γ : D 1 | z ← e 1 ⇓ E 1 . . . Γ : D k | z ← e k ⇓ E k Select Γ : C | z ← case x of { p k → e k } ⇓ E 1 ∨ . . . ∨ E k where D i = D ∧ x = p i ( i = 1 , . . . , k ) Michael Hanus (CAU Kiel) Combining Static and Dynamic Contract Checking for Curry LOPSTR 2017 13

  14. Assertion-Collecting Semantics: Example fac(n) = let x = 0 y = n==x → 1 in case y of True → let n1 = n - 1 False f = fac n1 in n * f Collected assertions for right-hand side: n>=0 ∧ x=0 ∧ y=(n=x) ∧ ((y=True ∧ z=1) ∨ (y=False ∧ n1=n-1 ∧ f>0 ∧ z=n*f)) = ⇒ z>0 (by SMT solver) � postcondition verified Michael Hanus (CAU Kiel) Combining Static and Dynamic Contract Checking for Curry LOPSTR 2017 14

  15. Assertion-Collecting Semantics: Main Result The correctness of our approach is justified by Theorem (Correctness of abstract assertion collection) Let e be an expression. If e evaluates to v and the abstract semantics collects, for z = e, the assertion C, then z = v ⇒ C. Michael Hanus (CAU Kiel) Combining Static and Dynamic Contract Checking for Curry LOPSTR 2017 15

  16. More Examples last [x] = x last (_:x:xs) = last (x:xs) last’pre xs = not (null xs) Omit precondition of recursive call if not ( null xs ) ∧ xs = ( y : ys ) ∧ ys = ( z : zs ) = ⇒ not ( null ( z : zs )) � by evaluating right-hand side to true Michael Hanus (CAU Kiel) Combining Static and Dynamic Contract Checking for Curry LOPSTR 2017 16

  17. More Examples Select n th element of a list nth (x:xs) n | n==0 = x | n>0 = nth xs (n-1) nth’pre xs n = n>=0 && length (take (n+1) xs) == n+1 Omit precondition of recursive call if n ≥ 0 ∧ length ( take ( n + 1 ) xs ) = n + 1 ∧ xs = ( y : ys ) ∧ n � = 0 ∧ n > 0 implies ( n − 1 ) ≥ 0 ∧ length ( take (( n − 1 ) + 1 ) ys ) = ( n − 1 ) + 1 (by SMT solver with axiomatization of operations length and take ) Michael Hanus (CAU Kiel) Combining Static and Dynamic Contract Checking for Curry LOPSTR 2017 17

  18. Implementation Contract verification tool Curry preprocessor performs source-level transformation: 1 add contracts as run-time checks Preprocessed program transformed into FlatCurry program 2 For each contract: extract proof obligation 3 For each proof obligation: 4 translate into SMT-LIB format and send to SMT solver (here: Z3) If SMT solver proves validity: remove check from FlatCurry program 5 Michael Hanus (CAU Kiel) Combining Static and Dynamic Contract Checking for Curry LOPSTR 2017 18

  19. Benchmarks Run time in seconds (0.00 ≈ < 10 ms ) Expression dynamic static+dynamic speedup 0.00 0.00 n.a. fac 20 0.84 0.22 3.88 sum 1000000 1.95 0.60 3.23 fib 35 0.63 0.35 1.78 last [1..20000000] 0.31 0.19 1.68 take 200000 [1..] 26.33 0.01 2633 nth [1..] 50000 0.27 0.19 1.40 allNats 200000 2.78 0.00 > 277 init [1..10000] 4.21 0.00 > 420 [1..20000] ++ [1..1000] 3.50 0.00 > 349 nrev [1..1000] 1.88 0.00 > 188 rev [1..10000] init , (++) , nrev , rev : postcondition on length of lists Michael Hanus (CAU Kiel) Combining Static and Dynamic Contract Checking for Curry LOPSTR 2017 19

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Software Model Checking Software Model Checking via Static and Dynamic via Static and Dynamic

Software Model Checking Software Model Checking via Static and Dynamic via Static and Dynamic

Software Model Checking Software Model Checking via Static and Dynamic via Static and Dynamic Program Analysis Program Analysis Patrice Godefroid Godefroid Patrice Bell Laboratories, Lucent Technologies Bell Laboratories, Lucent

1.05k views • 56 slides
1 Static Equilibrium From Static Eq. to Dynamic Eq. System of mass points Static

1 Static Equilibrium From Static Eq. to Dynamic Eq. System of mass points Static

Static/ Dynamic Deformation I ntroduction to Static deformation Dynamic deformation Static/ Dynamic Deformation with Mass-Spring Systems undeformed shape f internal + = f inertia = 0 f external Min Gyu Choi deformed

426 views • 4 slides
Static Contract Checking for Haskell Dana N. Xu INRIA France Work done at University of

Static Contract Checking for Haskell Dana N. Xu INRIA France Work done at University of

Static Contract Checking for Haskell Dana N. Xu INRIA France Work done at University of Cambridge Joint work with Simon Peyton Jones Koen Claessen Microsoft Research Cambridge Chalmers University of Technology 1 Program Errors Give

1.11k views • 54 slides
Extended Static Checking Extended Static Checking Greg Nelson MJ 6 James B. Saxe MJ 6

Extended Static Checking Extended Static Checking Greg Nelson MJ 6 James B. Saxe MJ 6

Authors Authors Author Defn. Num.* K. Rustan M. Leino MJS 13 Extended Static Checking Extended Static Checking Greg Nelson MJ 6 James B. Saxe MJ 6 Wolfram Schulte S 3 David Detlefs M 2 Raymie Stata J 2 Mike Barnett S 2

239 views • 5 slides
Static and dynamic verification Static and dynamic V&amp;V Software inspections Concerned

Static and dynamic verification Static and dynamic V&amp;V Software inspections Concerned

1 2 Static and dynamic verification Static and dynamic V&amp;V Software inspections Concerned with analysis of the static system Static representation to discover problems (static verification verification) May be supplement by

107 views • 6 slides
Type Systems: Big Idea Static vs. Dynamic Typing Expressiveness (+ Dynamic) Dont have

Type Systems: Big Idea Static vs. Dynamic Typing Expressiveness (+ Dynamic) Dont have

Type Systems: Big Idea Static vs. Dynamic Typing Expressiveness (+ Dynamic) Dont have to worry about types (+ Dynamic) Dependent on input (- Dynamic) Runtime overhead (- Dynamic) Serve as documentation (+ Static)

572 views • 24 slides
Static code checking In the Linux kernel Presented by Arnd Bergmann Date April 6, 2016 Event

Static code checking In the Linux kernel Presented by Arnd Bergmann Date April 6, 2016 Event

Static code checking In the Linux kernel Presented by Arnd Bergmann Date April 6, 2016 Event Embedded Linux Conference Static code checking in the Linux kernel 1. Overview 2. Randconfig issues 3. Checking tools 4. Automated checking

586 views • 48 slides
Static and dynamic verification Software inspections Concerned with analysis of the static

Static and dynamic verification Software inspections Concerned with analysis of the static

1 Static and dynamic verification Software inspections Concerned with analysis of the static system representation to discover problems (static verification) May be supplement by tool-based document and code analysis Software

430 views • 12 slides
Static vs. Dynamic Analysis Static analysis: analyze source code or byte code Imprecise

Static vs. Dynamic Analysis Static analysis: analyze source code or byte code Imprecise

I NTELLI D ROID A Targeted Input Generator for the Dynamic Analysis of Android Malware Michelle Y. Wong and David Lie University of Toronto Department of Electrical and Computer Engineering NDSS Symposium 2016 ! ! ! B ACKGROUND Static vs.

1.02k views • 32 slides
Dynamic programming 1 Dynamic programming also solve a problem by combining the solutions to

Dynamic programming 1 Dynamic programming also solve a problem by combining the solutions to

Chapter 3 Dynamic programming 1 Dynamic programming also solve a problem by combining the solutions to subproblems. But dynamic programming considers the situation that some subproblems will be called repeatedly an thus need to avoid

1.54k views • 77 slides
Static and dynamic verification Software inspections Concerned with analysis of the

Static and dynamic verification Software inspections Concerned with analysis of the

1 Static and dynamic verification Software inspections Concerned with analysis of the static system representation to discover problems (static verification) May be supplement by tool-based document and code analysis

310 views • 12 slides
Static verification framework for Go Overview 2 Model checking Behavioural mCRL2 model checker

Static verification framework for Go Overview 2 Model checking Behavioural mCRL2 model checker

Concurrency in Go Behavioural type inference Model checking behavioural types Termination checking Summary Static verification framework for Go Overview 2 Model checking Behavioural mCRL2 model checker Types Transform Check safety and

681 views • 67 slides
Exercises -&gt; (map ((curry +) 3) (1 2 3 4 5)) ??? -&gt; (exists? ((curry =) 3) (1 2 3 4

Exercises -&gt; (map ((curry +) 3) (1 2 3 4 5)) ??? -&gt; (exists? ((curry =) 3) (1 2 3 4

Exercises -&gt; (map ((curry +) 3) (1 2 3 4 5)) ??? -&gt; (exists? ((curry =) 3) (1 2 3 4 5)) ??? -&gt; (filter ((curry &gt;) 3) (1 2 3 4 5)) ??? ; tricky Answers -&gt; (map ((curry +) 3) (1 2 3 4 5)) (4 5 6 7 8) -&gt;

276 views • 23 slides
Type Checking General properties of type systems Types in programming languages

Type Checking General properties of type systems Types in programming languages

Outline Type Checking General properties of type systems Types in programming languages Notation for type rules Logical rules of inference Common type rules 2 Static Checking Static Checking (Cont.) Refers to

896 views • 10 slides
How tests and proofs impede one another: The need for always-on static and dynamic feedback

How tests and proofs impede one another: The need for always-on static and dynamic feedback

How tests and proofs impede one another: The need for always-on static and dynamic feedback static and dynamic feedback Michael Ernst joint work with Michael Bayne University of Washington 3 rd Intl Conference on Tests And Proofs July 1,

790 views • 65 slides
Combining Model Checking and Testing in a Continuous HW/SW Co-Verification Process Paula Herber,

Combining Model Checking and Testing in a Continuous HW/SW Co-Verification Process Paula Herber,

Combining Model Checking and Testing in a Continuous HW/SW Co-Verification Process Paula Herber, Florian Friedemann, and Sabine Glesner Berlin Institute of Technology Software Engineering for Embedded Systems Group TAP - Tests and Proofs

748 views • 23 slides
CSE 341 Lecture 8 curried functions Ullman 5.5 slides created by Marty Stepp

CSE 341 Lecture 8 curried functions Ullman 5.5 slides created by Marty Stepp

CSE 341 Lecture 8 curried functions Ullman 5.5 slides created by Marty Stepp http://www.cs.washington.edu/341/ Recall: helper ML files We are starting to accumulate lots of helper code map , filter , reduce , -- , etc. Let's put

417 views • 16 slides
Curried functions Currying and partial application and other tasty

Curried functions Currying and partial application and other tasty

10/8/15 More idioms for closures Function composition Curried functions Currying and partial application and other tasty closure recipes Callbacks (e.g., in reactive

672 views • 6 slides
CS480/680 Machine Learning Lecture 1: May 6 th , 2019 Course Introduction Pascal Poupart

CS480/680 Machine Learning Lecture 1: May 6 th , 2019 Course Introduction Pascal Poupart

CS480/680 Machine Learning Lecture 1: May 6 th , 2019 Course Introduction Pascal Poupart University of Waterloo CS480/680 Spring 2019 Pascal Poupart 1 Outline Introduction to Machine Learning Course website and logistics University of

527 views • 24 slides
JOHNSON GARDEN Native Plant List June 2008 Native plants in Jeff and Julie Johnson's garden,

JOHNSON GARDEN Native Plant List June 2008 Native plants in Jeff and Julie Johnson's garden,

JOHNSON GARDEN Native Plant List June 2008 Native plants in Jeff and Julie Johnson's garden, Castro Valley SCIENTIFIC NAME COMMON NAME LOCATION Achillia millefolium Yarrow Dry Creek bed Actaea rubra Baneberry Under Orange tree Adiantum

46 views • 3 slides
61A Lecture 6 Work in a group on a problem until everyone in the group understands the solution

61A Lecture 6 Work in a group on a problem until everyone in the group understands the solution

Announcements Homework 2 due Tuesday 9/17 @ 11:59pm Project 2 due Thursday 9/19 @ 11:59pm Optional Guerrilla section next Monday for students to master higher-order functions Organized by Andrew Huang and the readers 61A Lecture 6

578 views • 3 slides
An Institutional View on the Curry-Howard-Tait-Isomorphism Till Mossakowski and Joseph Goguen

An Institutional View on the Curry-Howard-Tait-Isomorphism Till Mossakowski and Joseph Goguen

An Institutional View on the Curry-Howard-Tait-Isomorphism Till Mossakowski and Joseph Goguen 4th FLIRTS, October 2005 2 The Curry-Howard-Tait isomorphism . . . establishes a correspondence between propositions and types proofs and

550 views • 22 slides
Reflection Consider the member? function, which has the following algebraic laws: (member? m

Reflection Consider the member? function, which has the following algebraic laws: (member? m

Reflection Consider the member? function, which has the following algebraic laws: (member? m ()) == #f (member? m (cons m ks)) == #t (member? m (cons k ks)) == (member? m ks), m != k This algorithm searches for an element in a list. List

514 views • 32 slides
Predefined list algorithms Some classics: exists? (Example: Is there a number?) all?

Predefined list algorithms Some classics: exists? (Example: Is there a number?) all?

Predefined list algorithms Some classics: exists? (Example: Is there a number?) all? (Example: Is everything a number?) filter (Example: Select only the numbers) map (Example: Add 1 to every element) foldr ( Visit every

691 views • 19 slides

More recommend