Guarded Kleene Algebra with Tests Verification of Uninterpreted - - PowerPoint PPT Presentation
Guarded Kleene Algebra with Tests Verification of Uninterpreted Programs in Nearly Linear Time Steffen Smolka 1 Nate Foster 1 Justin Hsu 2 e 3 Dexter Kozen 1 Alexandra Silva 3 Tobias Kapp 1 Cornell University 2 University of Wisconsin-Madison 3
Verification of Uninterpreted Programs in Nearly Linear Time Steffen Smolka1 Nate Foster1 Justin Hsu2 Tobias Kapp´ e3 Dexter Kozen1 Alexandra Silva3
1Cornell University 2University of Wisconsin-Madison 3University College London
POPL 2020
while a and b do
e;
end while a do
f;
while a and b do
e;
end end
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 1 19
while a and b do
e;
end while a do
f;
while a and b do
e;
end end while a do if b then
e;
else
f;
end end
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 1 19
while a and b do
e;
end while a do
f;
while a and b do
e;
end end while a do if b then
e;
else
f;
end end
?
≡
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 1 19
KAT Composition choice, iteration [Kozen 1996] Complexity PSPACE-hard [Kozen and Smith 1996] Axiomatization Quasi-equational [Kozen and Smith 1996] Automata Automata on guarded strings [Kozen 2003; Kozen and Tseng 2008]
See also Ashcroft and Manna 1972; B¨
1973; Ramshaw 1988; Williams and Ossher 1978; Hendren et al. 1992; Morris et al. 1997
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 2 19
KAT
⊇
GKAT Composition choice, iteration
if-then-else, while-do
[Kozen 1996] Complexity PSPACE-hard Nearly linear [Kozen and Smith 1996] Axiomatization Quasi-equational Quasi-equational† [Kozen and Smith 1996] Automata Automata on guarded strings Well-nested fragment [Kozen 2003; Kozen and Tseng 2008]
See also Ashcroft and Manna 1972; B¨
1973; Ramshaw 1988; Williams and Ossher 1978; Hendren et al. 1992; Morris et al. 1997
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 2 19
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 3 19
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 3 19
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 3 19
a, b ::= t ∈ T | a + b | ab | a | 0 | 1 e, f ::= a | p ∈ Σ | ef | e +a f | e(a)
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 4 19
a, b ::= t ∈ T | a + b a or b
| ab | a | 0 | 1
e, f ::= a | p ∈ Σ | ef | e +a f | e(a)
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 4 19
a, b ::= t ∈ T | a + b | ab a and b
| a | 0 | 1
e, f ::= a | p ∈ Σ | ef | e +a f | e(a)
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 4 19
a, b ::= t ∈ T | a + b | ab | a
not a | 0 | 1
e, f ::= a | p ∈ Σ | ef | e +a f | e(a)
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 4 19
a, b ::= t ∈ T | a + b | ab | a | 0
false | 1
e, f ::= a | p ∈ Σ | ef | e +a f | e(a)
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 4 19
a, b ::= t ∈ T | a + b | ab | a | 0 | 1
true
e, f ::= a | p ∈ Σ | ef | e +a f | e(a)
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 4 19
a, b ::= t ∈ T | a + b | ab | a | 0 | 1 e, f ::= a
assert a | p ∈ Σ | ef | e +a f | e(a)
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 4 19
a, b ::= t ∈ T | a + b | ab | a | 0 | 1 e, f ::= a | p ∈ Σ | ef e; f
| e +a f | e(a)
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 4 19
a, b ::= t ∈ T | a + b | ab | a | 0 | 1 e, f ::= a | p ∈ Σ | ef | e +a f
if a then e else f | e(a)
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 4 19
a, b ::= t ∈ T | a + b | ab | a | 0 | 1 e, f ::= a | p ∈ Σ | ef | e +a f | e(a)
while a do e
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 4 19
while a do if b then
e;
else
f;
end end
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 5 19
while a do if b then
e;
else
f;
end end
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 5 19
while a and b do
e;
end while a do
f;
while a and b do
e;
end end
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 5 19
while a and b do
e;
end while a do
f;
while a and b do
e;
end end
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 5 19
i =
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 6 19
i =
e
Rie
t ∈ T
{(s, s) : s ∈ sat(t)}
a + b
Ria ∪ Rib
ab
Ria ∩ Rib
a
{(s, s) : s ∈ States} \ Ria
p ∈ Σ eval(p) e +a f
Ria ◦ Rie ∪ Ria ◦ Rif
ef
Rie ◦ Rif
e(a)
(Ria ◦ Rie)∗ ◦ Ria
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 6 19
Atoms = 2T
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 7 19
Atoms = 2T
α0p0α1p1 · · · αn−1pn−1αn αi ∈ Atoms
pi ∈ Σ
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 7 19
Atoms = 2T
α0p0α1p1 · · · αn−1pn−1αn αi ∈ Atoms
pi ∈ Σ L ⋄ K = {wαx : wα ∈ L, αx ∈ K} L(n) = L ⋄ · · · ⋄ L
L(∗) =
L(n)
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 7 19
e
e
t ∈ T
{α ∈ Atoms : t ∈ α}
a + b
a ∪ b
ab
a ∩ b
a Atoms \ a p ∈ Σ
{αpβ : α, β ∈ Atoms}
e +a f
a ⋄ e ∪ a ⋄ f
ef
e ⋄ f
e(a)
(a ⋄ e)(∗) ⋄ a
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 8 19
Theorem e = f ⇐ ⇒ ∀i. Rie = Rif
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 9 19
Theorem e = f ⇐ ⇒ ∀i. Rie = Rif
How to check e = f:
1 Create automata that accept e and f
[Thompson 1968]
2 Check automata for bisimilarity
[Hopcroft and Karp 1971; Tarjan 1975]
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 9 19
Theorem e = f ⇐ ⇒ ∀i. Rie = Rif
How to check e = f:
1 Create automata that accept e and f
[Thompson 1968]
2 Check automata for bisimilarity
[Hopcroft and Karp 1971; Tarjan 1975]
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 9 19
e +a e ≡ e e +a f ≡ f +a e e +a f ≡ ae +a f aa ≡ 0 0e ≡ 0
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 10 19
e +a e ≡ e e +a f ≡ f +a e e +a f ≡ ae +a f aa ≡ 0 0e ≡ 0
Example if a then e else assert false = e +a 0
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 10 19
e +a e ≡ e e +a f ≡ f +a e e +a f ≡ ae +a f aa ≡ 0 0e ≡ 0
Example if a then e else assert false = e +a 0 ≡ ae +a 0
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 10 19
e +a e ≡ e e +a f ≡ f +a e e +a f ≡ ae +a f aa ≡ 0 0e ≡ 0
Example if a then e else assert false = e +a 0 ≡ ae +a 0 ≡ 0 +a ae
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 10 19
e +a e ≡ e e +a f ≡ f +a e e +a f ≡ ae +a f aa ≡ 0 0e ≡ 0
Example if a then e else assert false = e +a 0 ≡ ae +a 0 ≡ 0 +a ae ≡ 0e +a ae
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 10 19
e +a e ≡ e e +a f ≡ f +a e e +a f ≡ ae +a f aa ≡ 0 0e ≡ 0
Example if a then e else assert false = e +a 0 ≡ ae +a 0 ≡ 0 +a ae ≡ 0e +a ae ≡ aae +a ae
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 10 19
e +a e ≡ e e +a f ≡ f +a e e +a f ≡ ae +a f aa ≡ 0 0e ≡ 0
Example if a then e else assert false = e +a 0 ≡ ae +a 0 ≡ 0 +a ae ≡ 0e +a ae ≡ aae +a ae ≡ ae +a ae
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 10 19
e +a e ≡ e e +a f ≡ f +a e e +a f ≡ ae +a f aa ≡ 0 0e ≡ 0
Example if a then e else assert false = e +a 0 ≡ ae +a 0 ≡ 0 +a ae ≡ 0e +a ae ≡ aae +a ae ≡ ae +a ae ≡ ae
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 10 19
e +a e ≡ e e +a f ≡ f +a e e +a f ≡ ae +a f aa ≡ 0 0e ≡ 0
Example if a then e else assert false = e +a 0 ≡ ae +a 0 ≡ 0 +a ae ≡ 0e +a ae ≡ aae +a ae ≡ ae +a ae ≡ ae = assert a; e
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 10 19
e ≡ fe +a g e ≡ f(a)g
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 11 19
e ≡ fe +a g e ≡ f(a)g Allows to derive 1 ≡ 1(1), i.e.,
while true do assert true ≡ assert true
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 11 19
e ≡ fe +a g f is productive e ≡ f(a)g
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 12 19
e ≡ fe +a g f is productive Salomaa 1966 e ≡ f(a)g
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 12 19
e ≡ fe +a g f is productive e ≡ f(a)g e(a) ≡ eea +a 1
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 12 19
e ≡ fe +a g f is productive e ≡ f(a)g e(a) ≡ eea +a 1
(e +a 1)(b) ≡ (ae)(b)
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 12 19
e ≡ fe +a g f is productive e ≡ f(a)g e(a) ≡ eea +a 1
(e +a 1)(b) ≡ (ae)(b) Lemma
For every e, there exists a productive ˆ e such that e(b) ≡ ˆ e(b).
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 12 19
e ≡ fe +a g f is productive e ≡ f(a)g e(a) ≡ eea +a 1
(e +a 1)(b) ≡ (ae)(b) Lemma
For every e, there exists a productive ˆ e such that e(b) ≡ ˆ e(b).
Lemma
e(a) ≡ e(a)a e(a) ≡ (ae)(a) e(ab)e(b) ≡ e(b)
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 12 19
Theorem (Soundness)
If e ≡ f, then e = f.
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 13 19
Theorem (Soundness)
If e ≡ f, then e = f. How about the converse?
1 A → S(A) with e ≡ S(Ae). 2 If A ∼ A′, then S(A) ≡ S(A′).
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 13 19
Theorem (Soundness)
If e ≡ f, then e = f. How about the converse?
1 A → S(A) with e ≡ S(Ae). 2 If A ∼ A′, then S(A) ≡ S(A′).
e = f = ⇒ L(Ae) = L(Af) = ⇒ Ae ∼ Af = ⇒ S(Ae) ≡ S(Af) = ⇒ e ≡ f
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 13 19
Theorem (Soundness)
If e ≡ f, then e = f.
Theorem (Completeness)
If e = f, then e ≡ f. How about the converse?
1 A → S(A) with e ≡ S(Ae). 2 If A ∼ A′, then S(A) ≡ S(A′).
e = f = ⇒ L(Ae) = L(Af) = ⇒ Ae ∼ Af = ⇒ S(Ae) ≡ S(Af) = ⇒ e ≡ f
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 13 19
Theorem (Soundness)
If e ≡ f, then e = f.
Theorem (Completeness)
If e = f, then e ≡ f.
How about the converse?
1 A → S(A) with e ≡ S(Ae). 2 If A ∼ A′, then S(A) ≡ S(A′).
e = f = ⇒ L(Ae) = L(Af) = ⇒ Ae ∼ Af = ⇒ S(Ae) ≡ S(Af) = ⇒ e ≡ f
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 13 19
s1 s2 α β/p γ/q
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 14 19
s1 s2 α β/p γ/q
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 14 19
s1 s2 α β/p γ/q
βp
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 14 19
s1 s2 α β/p γ/q
βpγq
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 14 19
s1 s2 α β/p γ/q
βpγqα ∈ L(s1)
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 14 19
s1 s2 α β/p γ/q
βpγqα ∈ L(s1) (X, δ : X → (2 + Σ × X)Atoms)
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 14 19
Xf Xg
ιf
α / p β/q γ β
ιg
α/r β/s η α
e = f +a g
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 15 19
Xf Xg
ιf
α / p β/q γ β
ιg
α/r β/s η α
ιe
α/p β/s γ, η
e = f +a g
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 15 19
Xf Xg
ιf
α / p β/q γ β
ιg
α/r β/s η α
ιe
α/p β/s γ, η
e = f +a g
Xf Xg
ιf
α/p γ, η β
ιg
β/r γ/s η α
e = fg
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 15 19
Xf Xg
ιf
α / p β/q γ β
ιg
α/r β/s η α
ιe
α/p β/s γ, η
e = f +a g
Xf Xg
ιf
α/p γ, η β
ιg
β/r γ/s η α
ιe
α/p γ/s η β /r
e = fg
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 15 19
Xf Xg
ιf
α / p β/q γ β
ιg
α/r β/s η α
ιe
α/p β/s γ, η
e = f +a g
Xf Xg
ιf
α/p γ, η β
ιg
β/r γ/s η α
ιe
α/p γ/s η β /r
e = fg
Xf
ιf
β/p γ β α/q
e = f(a)
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 15 19
Xf Xg
ιf
α / p β/q γ β
ιg
α/r β/s η α
ιe
α/p β/s γ, η
e = f +a g
Xf Xg
ιf
α/p γ, η β
ιg
β/r γ/s η α
ιe
α/p γ/s η β /r
e = fg
Xf
ιf
β/p γ β α/q
ιe
β /p α β/p
e = f(a)
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 15 19
From [Kozen and Tseng 2008]: α0 + α3 α1 + α3 α2 + α3 α1/p01 α
2
/p
2
α0/p10 α2 / p12 α
1
/p
2 1
α0 / p20
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 16 19
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 17 19
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 17 19
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 17 19
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 17 19
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 17 19
Theorem
Let L be a language of guarded strings. The following are equivalent:
1 L = e for some e. 2 L is accepted by a well-nested and finite automaton A.
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 18 19
Theorem
Let L be a language of guarded strings. The following are equivalent:
1 L = e for some e. 2 L is accepted by a well-nested and finite automaton A.
Both conversions are constructive. Automata are linear in size of expression. Side-conditions for completeness also hold.
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 18 19
Theorem
Let L be a language of guarded strings. The following are equivalent:
1 L = e for some e. 2 L is accepted by a well-nested and finite automaton A.
Both conversions are constructive. Automata are linear in size of expression. Side-conditions for completeness also hold.
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 18 19
Coalgebraic perspective, coequations Instantiation framework; hypotheses Fully algebraic axiomatization
e, D. Kozen, A. Silva Guarded Kleene Algebra with Tests POPL 2020 19 19
Laurie J. Hendren (1958–2019)
https://kap.pe/slides https://arxiv.org/abs/1907.05920