proving equivalence of imperative programs via
play

Proving Equivalence of Imperative Programs via Constrained - PowerPoint PPT Presentation

Jul 29, 2023 •120 likes •2.1k views

Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs Birkbeck, University of London joint work with Cynthia Kop (U Copenhagen) and Naoki Nishida (U Nagoya) Workshop on Program Equivalence, London, UK 11

  1. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Summing up Natural Numbers Numbers: 0 , s ( 0 ) , s ( s ( 0 )) , . . . Rules: → sum ( 0 ) 0 sum ( s ( x )) → plus ( s ( x ) , sum ( x )) → plus ( 0 , y ) y plus ( s ( x ) , y ) → s ( plus ( x, y )) Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 14 / 48

  2. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Summing up Natural Numbers Numbers: 0 , s ( 0 ) , s ( s ( 0 )) , . . . Rules: → sum ( 0 ) 0 sum ( s ( x )) → plus ( s ( x ) , sum ( x )) → plus ( 0 , y ) y plus ( s ( x ) , y ) → s ( plus ( x, y )) Then e.g. we can compute 1 + 1 = 2 as plus ( s ( 0 ) , s ( 0 )) → R s ( plus ( 0 , s ( 0 ))) → R s ( s ( 0 )) Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 14 / 48

  3. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Summing up Natural Numbers Numbers: 0 , s ( 0 ) , s ( s ( 0 )) , . . . Rules: → sum ( 0 ) 0 sum ( s ( x )) → plus ( s ( x ) , sum ( x )) → plus ( 0 , y ) y plus ( s ( x ) , y ) → s ( plus ( x, y )) Then e.g. we can compute 1 + 1 = 2 as plus ( s ( 0 ) , s ( 0 )) → R s ( plus ( 0 , s ( 0 ))) → R s ( s ( 0 )) Integer arithmetic possible with more complex recursive rules. Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 14 / 48

  4. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Summing up Natural Numbers Numbers: 0 , s ( 0 ) , s ( s ( 0 )) , . . . Rules: → sum ( 0 ) 0 sum ( s ( x )) → plus ( s ( x ) , sum ( x )) → plus ( 0 , y ) y plus ( s ( x ) , y ) → s ( plus ( x, y )) Then e.g. we can compute 1 + 1 = 2 as plus ( s ( 0 ) , s ( 0 )) → R s ( plus ( 0 , s ( 0 ))) → R s ( s ( 0 )) Integer arithmetic possible with more complex recursive rules. But: Want to do program analysis . Really throw away domain knowledge about built-in data structures?! Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 14 / 48

  5. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions What’s Constrained Term Rewriting? Term rewriting “with batteries included” • first-order • no fixed evaluation strategy • no fixed order of rules to apply Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 15 / 48

  6. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions What’s Constrained Term Rewriting? Term rewriting “with batteries included” • first-order • no fixed evaluation strategy • no fixed order of rules to apply • typed Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 15 / 48

  7. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions What’s Constrained Term Rewriting? Term rewriting “with batteries included” • first-order • no fixed evaluation strategy • no fixed order of rules to apply • typed • with pre-defined data structures (integers, arrays, bitvectors, ...), usually from SMT-LIB theories (SMT: SAT Modulo Theories) Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 15 / 48

  8. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions What’s Constrained Term Rewriting? Term rewriting “with batteries included” • first-order • no fixed evaluation strategy • no fixed order of rules to apply • typed • with pre-defined data structures (integers, arrays, bitvectors, ...), usually from SMT-LIB theories (SMT: SAT Modulo Theories) • rewrite rules with SMT constraints Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 15 / 48

  9. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions What’s Constrained Term Rewriting? Term rewriting “with batteries included” • first-order • no fixed evaluation strategy • no fixed order of rules to apply • typed • with pre-defined data structures (integers, arrays, bitvectors, ...), usually from SMT-LIB theories (SMT: SAT Modulo Theories) • rewrite rules with SMT constraints ⇒ Term rewriting + SMT solving for automated reasoning Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 15 / 48

  10. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Examples Integer Summation → [ x ≤ 0] sum ( x ) 0 sum ( x ) → x + sum ( x − 1) [ x > 0] Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 16 / 48

  11. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Examples Integer Summation → [ x ≤ 0] sum ( x ) 0 sum ( x ) → x + sum ( x − 1) [ x > 0] sum (2) Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 16 / 48

  12. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Examples Integer Summation → [ x ≤ 0] sum ( x ) 0 sum ( x ) → x + sum ( x − 1) [ x > 0] sum (2) → 2 + sum (2 − 1) Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 16 / 48

  13. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Examples Integer Summation → [ x ≤ 0] sum ( x ) 0 sum ( x ) → x + sum ( x − 1) [ x > 0] sum (2) → 2 + sum (2 − 1) → 2 + sum (1) Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 16 / 48

  14. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Examples Integer Summation → [ x ≤ 0] sum ( x ) 0 sum ( x ) → x + sum ( x − 1) [ x > 0] sum (2) → 2 + sum (2 − 1) → 2 + sum (1) → 2 + (1 + sum (1 − 1)) Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 16 / 48

  15. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Examples Integer Summation → [ x ≤ 0] sum ( x ) 0 sum ( x ) → x + sum ( x − 1) [ x > 0] sum (2) → 2 + sum (2 − 1) → 2 + sum (1) → 2 + (1 + sum (1 − 1)) → 2 + (1 + sum (0)) Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 16 / 48

  16. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Examples Integer Summation → [ x ≤ 0] sum ( x ) 0 sum ( x ) → x + sum ( x − 1) [ x > 0] sum (2) → 2 + sum (2 − 1) → 2 + sum (1) → 2 + (1 + sum (1 − 1)) → 2 + (1 + sum (0)) → 2 + (1 + 0) Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 16 / 48

  17. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Examples Integer Summation → [ x ≤ 0] sum ( x ) 0 sum ( x ) → x + sum ( x − 1) [ x > 0] sum (2) → 2 + sum (2 − 1) → 2 + sum (1) → 2 + (1 + sum (1 − 1)) → 2 + (1 + sum (0)) → 2 + (1 + 0) → 2 + 1 Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 16 / 48

  18. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Examples Integer Summation → [ x ≤ 0] sum ( x ) 0 sum ( x ) → x + sum ( x − 1) [ x > 0] sum (2) → 2 + sum (2 − 1) → 2 + sum (1) → 2 + (1 + sum (1 − 1)) → 2 + (1 + sum (0)) → 2 + (1 + 0) → 2 + 1 → 3 Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 16 / 48

  19. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Examples Integer Summation → [ x ≤ 0 ] sum ( x ) 0 sum ( x ) → x + sum ( x − 1 ) [ x > 0 ] • F terms = { sum } ∪ { n | n ∈ Z } • F theory = { + , − , ≥ , >, ∧ , true , false } ∪ { n | n ∈ Z } • Values: true , false , 0 , 1 , 2 , 3 , . . . , − 1 , − 2 , . . . • Interpretation: addition, minus, etc. Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 17 / 48

  20. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Examples Bitvector Summation → [ x ≤ 0 ] sum ( x ) 0 sum ( x ) → x + sum ( x − 1 ) [ x > 0 ] • F terms = { sum } ∪ { n | n ∈ Z ∧ 0 ≤ n < 256 } • F theory = { + , − , ≥ , >, ∧ , true , false } ∪ { n | n ∈ Z ∧ 0 ≤ n < 256 } • Values: true , false , 0 , 1 , 2 , 3 , . . . , 255 • Interpretation: addition, minus, etc. modulo 256 Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 18 / 48

  21. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Examples Array Summation sum ( a, x ) → 0 [ x < 0 ] → select ( a, x ) + sum ( a, x − 1 ) [ x ≥ 0 ] sum ( a, x ) • F terms = { sum } ∪ { n : int | n ∈ Z } ∪ { a : iarr | n ∈ Z ∗ } • F theory = { + , − , ≥ , >, ∧ , select , true , false } ∪ { n | n ∈ Z } ∪ { a : iarr | a ∈ Z ∗ } • Values: true , false , 0 , 1 , − 1 , 2 , − 2 , . . . , () , ( 0 ) , ( 1 ) , . . . , ( 0 , 0 ) , . . . Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 19 / 48

  22. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Summary Logically Constrained Term Rewriting Systems [Kop and Nishida, 2013] Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 20 / 48

  23. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Summary Logically Constrained Term Rewriting Systems [Kop and Nishida, 2013] • work much like normal term rewrite systems Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 20 / 48

  24. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Summary Logically Constrained Term Rewriting Systems [Kop and Nishida, 2013] • work much like normal term rewrite systems • can handle integers, arrays, bitvectors, ... Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 20 / 48

  25. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Summary Logically Constrained Term Rewriting Systems [Kop and Nishida, 2013] • work much like normal term rewrite systems • can handle integers, arrays, bitvectors, ... • are flexible enough to faithfully model (many) real-world programs Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 20 / 48

  26. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Overview 1 Motivation 2 Constrained Term Rewriting 3 Transforming C Programs 4 Rewriting Induction 5 Lemma Generation 6 Conclusions Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 21 / 48

  27. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Simple Integer Functions Factorial int fact(int x) { int z = 1; for (int i = 1; i <= x; i++) z *= i; return z; } Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 22 / 48

  28. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Simple Integer Functions Factorial int fact(int x) { int z = 1; for (int i = 1; i <= x; i++) z *= i; return z; } fact ( x ) → u 1 ( x ) u 1 ( x ) → u 2 ( x, 1 , 1 ) u 2 ( x, z, i ) → u 3 ( x, z, i ) [ i ≤ x ] u 2 ( x, z, i ) → u 4 ( x, z, i ) [ ¬ ( i ≤ x )] u 3 ( x, z, i ) → u 2 ( x, z ∗ i, i + 1 ) u 4 ( x, z, i ) → z Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 22 / 48

  29. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Simple Integer Functions Factorial int fact(int x) { int z = 1; for (int i = 1; i <= x; i++) z *= i; return z; } fact ( x ) → u 2 ( x, 1 , 1 ) u 2 ( x, z, i ) → u 2 ( x, z ∗ i, i + 1 ) [ i ≤ x ] u 2 ( x, z, i ) → z [ ¬ ( i ≤ x )] Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 22 / 48

  30. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Simple Integer Functions Factorial int fact(int x) { int z = 1; for (int i = 1; i <= x; i++) z *= i; return z; } fact ( x ) → u 2 ( x, 1 , 1 ) u 2 ( x, z, i ) → u 2 ( x, z ∗ i, i + 1 ) [ i ≤ x ] u 2 ( x, z, i ) → return ( z ) [ ¬ ( i ≤ x )] Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 22 / 48

  31. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Error Checking Division by Zero boolean divides(int x, int y) { return x % y == 0; } Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 23 / 48

  32. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Error Checking Division by Zero boolean divides(int x, int y) { return x % y == 0; } divides ( x, y ) → return ( x mod y = 0 ) Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 23 / 48

  33. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Error Checking Division by Zero boolean divides(int x, int y) { return x % y == 0; } divides ( x, y ) → return ( x mod y = 0 ) [ y � = 0 ] → divides ( x, y ) error [ y = 0 ] Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 23 / 48

  34. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Error Checking Division by Zero boolean divides(int x, int y) { return x % y == 0; } divides ( x, y ) → return ( x mod y = 0 ) [ y � = 0 ] → divides ( x, y ) error [ y = 0 ] (defining x mod 0 = 0) Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 23 / 48

  35. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Error Checking Integer Overflow int fact(int x) { int z = 1; for (int i = 1; i <= x; i++) z *= i; return z; } fact ( x ) → u 2 ( x, 1 , 1 ) u 2 ( x, z, i ) → u 2 ( x, z ∗ i, i + 1 )[ i ≤ x ] u 2 ( x, z, i ) → return ( z ) [ ¬ ( i ≤ x )] Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 24 / 48

  36. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Error Checking Integer Overflow int fact(int x) { int z = 1; for (int i = 1; i <= x; i++) z *= i; return z; } fact ( x ) → u 2 ( x, 1 , 1 ) u 2 ( x, z, i ) → u 2 ( x, z ∗ i, i + 1 )[ i ≤ x ∧ z ∗ i < 256 ∧ i + 1 < 256 ] u 2 ( x, z, i ) → error [ i ≤ x ∧ ( z ∗ i ≥ 256 ∨ i + 1 ≥ 256 )] u 2 ( x, z, i ) → return ( z ) [ ¬ ( i ≤ x )] Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 24 / 48

  37. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Further Extensions Further Extensions Can also handle • Recursion • Global variables • Mutable arrays (with built-in size function) → can represent memory safety violation Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 25 / 48

  38. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Overview 1 Motivation 2 Constrained Term Rewriting 3 Transforming C Programs 4 Rewriting Induction 5 Lemma Generation 6 Conclusions Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 26 / 48

  39. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Goal What is Equivalence for LCTRSs? Teacher’s code: → [ x ≤ 0] sum 1 ( x ) 0 sum 1 ( x ) → x + sum 1 ( x − 1) [ x > 0] Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 27 / 48

  40. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Goal What is Equivalence for LCTRSs? Teacher’s code: → [ x ≤ 0] sum 1 ( x ) 0 sum 1 ( x ) → x + sum 1 ( x − 1) [ x > 0] Student’s code: sum 2 ( x ) → u ( x, 0 , 0) u ( x, i, z ) → u ( x, i + 1 , z + i ) [ i ≤ x ] u ( x, i, z ) → [ ¬ ( i ≤ x )] z Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 27 / 48

  41. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Goal What is Equivalence for LCTRSs? Teacher’s code: → [ x ≤ 0] sum 1 ( x ) 0 sum 1 ( x ) → x + sum 1 ( x − 1) [ x > 0] Student’s code: sum 2 ( x ) → u ( x, 0 , 0) u ( x, i, z ) → u ( x, i + 1 , z + i ) [ i ≤ x ] u ( x, i, z ) → [ ¬ ( i ≤ x )] z Query: sum 1 ( x ) ↔ ∗ sum 2 ( x ) for all x ? Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 27 / 48

  42. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Goal Rewriting Induction Given: • set E of equations s 1 ≈ t 1 [ ϕ 1 ] , . . . , s n ≈ t n [ ϕ n ] Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 28 / 48

  43. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Goal Rewriting Induction Given: • set E of equations s 1 ≈ t 1 [ ϕ 1 ] , . . . , s n ≈ t n [ ϕ n ] • set of rewrite rules R Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 28 / 48

  44. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Goal Rewriting Induction Given: • set E of equations s 1 ≈ t 1 [ ϕ 1 ] , . . . , s n ≈ t n [ ϕ n ] • set of rewrite rules R Want to prove: for all constructor ground substitutions γ 1 , . . . , γ n compatible with ϕ 1 , . . . , ϕ n : each s i γ i ↔ ∗ R t i γ i . Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 28 / 48

  45. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Goal Rewriting Induction Given: • set E of equations s 1 ≈ t 1 [ ϕ 1 ] , . . . , s n ≈ t n [ ϕ n ] • set of rewrite rules R Want to prove: for all constructor ground substitutions γ 1 , . . . , γ n compatible with ϕ 1 , . . . , ϕ n : each s i γ i ↔ ∗ R t i γ i . Requirements: • termination of → R (to perform induction) Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 28 / 48

  46. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Goal Rewriting Induction Given: • set E of equations s 1 ≈ t 1 [ ϕ 1 ] , . . . , s n ≈ t n [ ϕ n ] • set of rewrite rules R Want to prove: for all constructor ground substitutions γ 1 , . . . , γ n compatible with ϕ 1 , . . . , ϕ n : each s i γ i ↔ ∗ R t i γ i . Requirements: • termination of → R (to perform induction) • sufficient completeness of → R : evaluation “cannot get stuck” (for case analysis over variables by constructor terms) Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 28 / 48

  47. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Goal Rewriting Induction Given: • set E of equations s 1 ≈ t 1 [ ϕ 1 ] , . . . , s n ≈ t n [ ϕ n ] • set of rewrite rules R Want to prove: for all constructor ground substitutions γ 1 , . . . , γ n compatible with ϕ 1 , . . . , ϕ n : each s i γ i ↔ ∗ R t i γ i . Requirements: • termination of → R (to perform induction) • sufficient completeness of → R : evaluation “cannot get stuck” (for case analysis over variables by constructor terms) • if we want s i γ i ↔ ∗ t i γ i for all results: confluence of → R Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 28 / 48

  48. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Approach Rewriting Induction Three sets: • E (equations, “the queries”) • R (rules, “the program”) • H (rules, “induction hypotheses”) Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 29 / 48

  49. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Approach Rewriting Induction Three sets: • E (equations, “the queries”) • R (rules, “the program”) • H (rules, “induction hypotheses”) Initially: E given, R given, H empty Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 29 / 48

  50. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Approach Rewriting Induction Three sets: • E (equations, “the queries”) • R (rules, “the program”) • H (rules, “induction hypotheses”) Initially: E given, R given, H empty Proof steps: pairs ( E , H ) ⊢ ( E ′ , H ′ ) by several inference rules for ⊢ Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 29 / 48

  51. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Approach Rewriting Induction Three sets: • E (equations, “the queries”) • R (rules, “the program”) • H (rules, “induction hypotheses”) Initially: E given, R given, H empty Proof steps: pairs ( E , H ) ⊢ ( E ′ , H ′ ) by several inference rules for ⊢ Invariant: → R∪H terminating Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 29 / 48

  52. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Approach Rewriting Induction Three sets: • E (equations, “the queries”) • R (rules, “the program”) • H (rules, “induction hypotheses”) Initially: E given, R given, H empty Proof steps: pairs ( E , H ) ⊢ ( E ′ , H ′ ) by several inference rules for ⊢ Invariant: → R∪H terminating Goal: find derivation ( E , ∅ ) ⊢ ∗ ( ∅ , H ) Then also ↔ ∗ E ⊆ ↔ ∗ R∪H ⊆ ↔ ∗ R on ground terms: Equations E are inductive theorems for R Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 29 / 48

  53. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Induction Rules Simplification: definition ( E ⊎ { s ≃ t [ ϕ ] } , H ) ( E ∪ { s ′ ≈ t [ ψ ] } , H ) s ′ ≈ t [ ψ ] if s ≃ t [ ϕ ] → R∪H Idea : Use the program or an induction hypothesis to simplify the query. Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 30 / 48

  54. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Induction Rules Simplification: example  → [ x ≤ 0]  sum 1 ( x ) 0     sum 1 ( x ) → x + sum 1 ( x − 1) [ x > 0]       → R = sum 2 ( x ) u ( x, 0 , 0) u ( x, i, z ) → u ( x, i + 1 , z + i ) [ i ≤ x ]         u ( x, i, z ) → z [ ¬ ( i ≤ x )]   ( E ⊎ { u ( x, y, z ) ≈ x + u ( x ′ , y, z ) [ x ≥ y ∧ x = x ′ + 1] } , H ) Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 31 / 48

  55. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Induction Rules Simplification: example  → [ x ≤ 0]  sum 1 ( x ) 0     sum 1 ( x ) → x + sum 1 ( x − 1) [ x > 0]       → R = sum 2 ( x ) u ( x, 0 , 0) u ( x, i, z ) → u ( x, i + 1 , z + i ) [ i ≤ x ]         u ( x, i, z ) → z [ ¬ ( i ≤ x )]   ( E ⊎ { u ( x, y, z ) ≈ x + u ( x ′ , y, z ) [ x ≥ y ∧ x = x ′ + 1] } , H ) Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 31 / 48

  56. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Induction Rules Simplification: example  sum 1 ( x ) → 0 [ x ≤ 0]      sum 1 ( x ) → x + sum 1 ( x − 1) [ x > 0]       R = → sum 2 ( x ) u ( x, 0 , 0) u ( x, i, z ) → u ( x, i + 1 , z + i ) [ i ≤ x ]         → [ ¬ ( i ≤ x )] u ( x, i, z ) z   ( E ⊎ { u ( x, y + 1 , z + y ) ≈ x + u ( x ′ , y, z ) [ x ≥ y ∧ x = x ′ + 1] } , H ) Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 31 / 48

  57. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Induction Rules Simplification: example  sum 1 ( x ) → 0 [ x ≤ 0]      sum 1 ( x ) → x + sum 1 ( x − 1) [ x > 0]       R = → sum 2 ( x ) u ( x, 0 , 0) u ( x, i, z ) → u ( x, i + 1 , z + i ) [ i ≤ x ]         → [ ¬ ( i ≤ x )] u ( x, i, z ) z   ( E ⊎ { u ( x, y + 1 , z + y ) ≈ x + u ( x ′ , y, z ) [ x ≥ y ∧ x = x ′ + 1] } , H ) Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 31 / 48

  58. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Induction Rules Simplification: example  sum 1 ( x ) → 0 [ x ≤ 0]      sum 1 ( x ) → x + sum 1 ( x − 1) [ x > 0]       R = → sum 2 ( x ) u ( x, 0 , 0) u ( x, i, z ) → u ( x, i + 1 , z + i ) [ i ≤ x ]         → [ ¬ ( i ≤ x )] u ( x, i, z ) z   ( E ⊎ { u ( x, y ′ , z + y ) ≈ x + u ( x ′ , y, z ) [ x ≥ y ∧ x = x ′ + 1 ∧ y ′ = y + 1] } , H ) Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 31 / 48

  59. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Induction Rules Simplification: example  sum 1 ( x ) → 0 [ x ≤ 0]      sum 1 ( x ) → x + sum 1 ( x − 1) [ x > 0]       R = → sum 2 ( x ) u ( x, 0 , 0) u ( x, i, z ) → u ( x, i + 1 , z + i ) [ i ≤ x ]         → [ ¬ ( i ≤ x )] u ( x, i, z ) z   ( E ⊎ { u ( x, y ′ , z + y ) ≈ x + u ( x ′ , y, z ) [ x ≥ y ∧ x = x ′ + 1 ∧ y ′ = y + 1] } , H ) Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 31 / 48

  60. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Induction Rules Simplification: example  → [ x ≤ 0]  sum 1 ( x ) 0     sum 1 ( x ) → x + sum 1 ( x − 1) [ x > 0]       → R = sum 2 ( x ) u ( x, 0 , 0) u ( x, i, z ) → u ( x, i + 1 , z + i ) [ i ≤ x ]         u ( x, i, z ) → z [ ¬ ( i ≤ x )]   ( E ⊎ { u ( x, y ′ , z ′ ) ≈ x + u ( x ′ , y, z ) [ x ≥ y ∧ x = x ′ + 1 ∧ y ′ = y + 1 ∧ z ′ = z + y ] } , H ) Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 31 / 48

  61. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Induction Rules Expansion: definition ( E ⊎ { s ≃ t [ ϕ ] } , H ) ( E ∪ Expd ( s, t, ϕ, p ) , H ∪ { s → t [ ϕ ] } ) if for every γ compatible with ϕ , s | p reduces and R ∪ H ∪ { s → t [ ϕ ] } is terminating Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 32 / 48

  62. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Induction Rules Expansion: definition ( E ⊎ { s ≃ t [ ϕ ] } , H ) ( E ∪ Expd ( s, t, ϕ, p ) , H ∪ { s → t [ ϕ ] } ) if for every γ compatible with ϕ , s | p reduces and R ∪ H ∪ { s → t [ ϕ ] } is terminating Expd ( C [ l ′ ] p , t, ϕ, p ) contains equations C [ rγ ] p ≃ tγ [ ϕγ ∧ ψγ ] for all l → r [ ψ ] in R where l and l ′ unify with most general unifier γ Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 32 / 48

  63. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Induction Rules Expansion: definition ( E ⊎ { s ≃ t [ ϕ ] } , H ) ( E ∪ Expd ( s, t, ϕ, p ) , H ∪ { s → t [ ϕ ] } ) if for every γ compatible with ϕ , s | p reduces and R ∪ H ∪ { s → t [ ϕ ] } is terminating Expd ( C [ l ′ ] p , t, ϕ, p ) contains equations C [ rγ ] p ≃ tγ [ ϕγ ∧ ψγ ] for all l → r [ ψ ] in R where l and l ′ unify with most general unifier γ Idea : Exhaustive case analysis, generate induction hypothesis. (Closely related: narrowing.) Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 32 / 48

  64. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Induction Rules Expansion: example  → [ x ≤ 0]  sum 1 ( x ) 0     sum 1 ( x ) → x + sum 1 ( x − 1) [ x > 0]       R = → sum 2 ( x ) u ( x, 0 , 0) u ( x, i, z ) → u ( x, i + 1 , z + i ) [ i ≤ x ]         → [ ¬ ( i ≤ x )] u ( x, i, z ) z   ( E ⊎ { u ( x, y ′ , z ′ ) ≈ x + u ( x ′ , y, z ) [ x ≥ y ∧ x = x ′ + 1 ∧ y ′ = y + 1 ∧ z ′ = z + y ] } , H ) Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 33 / 48

  65. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Induction Rules Expansion: example  → [ x ≤ 0]  sum 1 ( x ) 0     sum 1 ( x ) → x + sum 1 ( x − 1) [ x > 0]       R = → sum 2 ( x ) u ( x, 0 , 0) u ( x, i, z ) → u ( x, i + 1 , z + i ) [ i ≤ x ]         → [ ¬ ( i ≤ x )] u ( x, i, z ) z   ( E ⊎ { u ( x, y ′ , z ′ ) ≈ x + u ( x ′ , y, z ) [ x ≥ y ∧ x = x ′ + 1 ∧ y ′ = y + 1 ∧ z ′ = z + y ] } , H ) Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 33 / 48

  66. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Induction Rules Expansion: example  sum 1 ( x ) → 0 [ x ≤ 0]     sum 1 ( x ) → x + sum 1 ( x − 1) [ x > 0]        R = sum 2 ( x ) → u ( x, 0 , 0) u ( x, i, z ) → u ( x, i + 1 , z + i ) [ i ≤ x ]         u ( x, i, z ) → z [ ¬ ( i ≤ x )]   ( E ∪ { u ( x, y ′ + 1 , z ′ + y ′ ) ≈ x + u ( x ′ , y, z ) [ x ≥ y ∧ x = x ′ + 1 ∧ y ′ = y + 1 ∧ z ′ = z + y ∧ y ′ ≤ x ] } ∪ { z ′ ≈ x + u ( x ′ , y, z ) [ x ≥ y ∧ x = x ′ + 1 ∧ y ′ = y + 1 ∧ z ′ = z + y ∧ ¬ ( y ′ ≤ x )] } , H ∪ { u ( x, y ′ , z ′ ) → x + u ( x ′ , y, z ) [ x ≥ y ∧ x = x ′ + 1 ∧ y ′ = y + 1 ∧ z ′ = z + y ] } ) Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 33 / 48

  67. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Induction Rules Expansion: example  sum 1 ( x ) → 0 [ x ≤ 0]     sum 1 ( x ) → x + sum 1 ( x − 1) [ x > 0]        R = sum 2 ( x ) → u ( x, 0 , 0) u ( x, i, z ) → u ( x, i + 1 , z + i ) [ i ≤ x ]         u ( x, i, z ) → z [ ¬ ( i ≤ x )]   ( E ∪ { u ( x, y ′ + 1 , z ′ + y ′ ) ≈ x + u ( x ′ , y, z ) [ x ≥ y ∧ x = x ′ + 1 ∧ y ′ = y + 1 ∧ z ′ = z + y ∧ y ′ ≤ x ] } ∪ { z ′ ≈ x + u ( x ′ , y, z ) [ x ≥ y ∧ x = x ′ + 1 ∧ y ′ = y + 1 ∧ z ′ = z + y ∧ ¬ ( y ′ ≤ x )] } , H ∪ { u ( x, y ′ , z ′ ) → x + u ( x ′ , y, z ) [ x ≥ y ∧ x = x ′ + 1 ∧ y ′ = y + 1 ∧ z ′ = z + y ] } ) Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 33 / 48

  68. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Induction Rules Expansion: example  sum 1 ( x ) → 0 [ x ≤ 0]     sum 1 ( x ) → x + sum 1 ( x − 1) [ x > 0]        R = sum 2 ( x ) → u ( x, 0 , 0) u ( x, i, z ) → u ( x, i + 1 , z + i ) [ i ≤ x ]         u ( x, i, z ) → z [ ¬ ( i ≤ x )]   ( E ∪ { u ( x, y ′ + 1 , z ′ + y ′ ) ≈ x + u ( x ′ , y, z ) [ x ≥ y ∧ x = x ′ + 1 ∧ y ′ = y + 1 ∧ z ′ = z + y ∧ y ′ ≤ x ] } ∪ { z ′ ≈ x + u ( x ′ , y, z ) [ x ≥ y ∧ x = x ′ + 1 ∧ y ′ = y + 1 ∧ z ′ = z + y ∧ ¬ ( y ′ ≤ x )] } , H ∪ { u ( x, y ′ , z ′ ) → x + u ( x ′ , y, z ) [ x ≥ y ∧ x = x ′ + 1 ∧ y ′ = y + 1 ∧ z ′ = z + y ] } ) Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 33 / 48

  69. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Induction Rules Expansion: example  sum 1 ( x ) → 0 [ x ≤ 0]     sum 1 ( x ) → x + sum 1 ( x − 1) [ x > 0]        R = sum 2 ( x ) → u ( x, 0 , 0) u ( x, i, z ) → u ( x, i + 1 , z + i ) [ i ≤ x ]         u ( x, i, z ) → z [ ¬ ( i ≤ x )]   ( E ∪ { u ( x, y ′ + 1 , z ′ + y ′ ) ≈ x + u ( x ′ , y, z ) [ x ≥ y ∧ x = x ′ + 1 ∧ y ′ = y + 1 ∧ z ′ = z + y ∧ y ′ ≤ x ] } ∪ { z ′ ≈ x + u ( x ′ , y, z ) [ x ≥ y ∧ x = x ′ + 1 ∧ y ′ = y + 1 ∧ z ′ = z + y ∧ ¬ ( y ′ ≤ x )] } , H ∪ { u ( x, y ′ , z ′ ) → x + u ( x ′ , y, z ) [ x ≥ y ∧ x = x ′ + 1 ∧ y ′ = y + 1 ∧ z ′ = z + y ] } ) Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 33 / 48

  70. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Induction Rules Expansion: example  sum 1 ( x ) → 0 [ x ≤ 0]     sum 1 ( x ) → x + sum 1 ( x − 1) [ x > 0]        R = sum 2 ( x ) → u ( x, 0 , 0) u ( x, i, z ) → u ( x, i + 1 , z + i ) [ i ≤ x ]         u ( x, i, z ) → z [ ¬ ( i ≤ x )]   ( E ∪ { u ( x, y ′ + 1 , z ′ + y ′ ) ≈ x + u ( x ′ , y, z ) [ x ≥ y ∧ x = x ′ + 1 ∧ y ′ = y + 1 ∧ z ′ = z + y ∧ y ′ ≤ x ] } ∪ { z ′ ≈ x + z [ x ≥ y ∧ x = x ′ + 1 ∧ y ′ = y + 1 ∧ z ′ = z + y ∧ ¬ ( y ′ ≤ x )] } , H ∪ { u ( x, y ′ , z ′ ) → x + u ( x ′ , y, z ) [ x ≥ y ∧ x = x ′ + 1 ∧ y ′ = y + 1 ∧ z ′ = z + y ] } ) Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 33 / 48

  71. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Induction Rules Expansion: example  sum 1 ( x ) → 0 [ x ≤ 0]     sum 1 ( x ) → x + sum 1 ( x − 1) [ x > 0]        R = sum 2 ( x ) → u ( x, 0 , 0) u ( x, i, z ) → u ( x, i + 1 , z + i ) [ i ≤ x ]         u ( x, i, z ) → z [ ¬ ( i ≤ x )]   ( E ∪ { u ( x, y ′ + 1 , z ′ + y ′ ) ≈ x + u ( x ′ , y, z ) [ x ≥ y ∧ x = x ′ + 1 ∧ y ′ = y + 1 ∧ z ′ = z + y ∧ y ′ ≤ x ] } ∪ { z ′ ≈ x + z [ x ≥ y ∧ x = x ′ + 1 ∧ y ′ = y + 1 ∧ z ′ = z + y ∧ ¬ ( y ′ ≤ x )] } , H ∪ { u ( x, y ′ , z ′ ) → x + u ( x ′ , y, z ) [ x ≥ y ∧ x = x ′ + 1 ∧ y ′ = y + 1 ∧ z ′ = z + y ] } ) Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 33 / 48

  72. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Induction Rules Expansion: example  sum 1 ( x ) → 0 [ x ≤ 0]     sum 1 ( x ) → x + sum 1 ( x − 1) [ x > 0]        R = sum 2 ( x ) → u ( x, 0 , 0) u ( x, i, z ) → u ( x, i + 1 , z + i ) [ i ≤ x ]         u ( x, i, z ) → z [ ¬ ( i ≤ x )]   ( E ∪ { u ( x, y ′′ , z ′′ ) ≈ x + u ( x ′ , y, z ) [ x ≥ y ∧ x = x ′ + 1 ∧ y ′ = y + 1 ∧ z ′ = z + y ∧ y ′ ≤ x ∧ y ′′ = y ′ + 1 ∧ z ′′ = z ′ + y ′ ] } ∪ { z ′ ≈ x + z [ x ≥ y ∧ x = x ′ + 1 ∧ y ′ = y + 1 ∧ z ′ = z + y ∧ ¬ ( y ′ ≤ x )] } , H ∪ { u ( x, y ′ , z ′ ) → x + u ( x ′ , y, z ) [ x ≥ y ∧ x = x ′ + 1 ∧ y ′ = y + 1 ∧ z ′ = z + y ] } ) Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 33 / 48

  73. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Induction Rules Expansion: example  sum 1 ( x ) → 0 [ x ≤ 0]     sum 1 ( x ) → x + sum 1 ( x − 1) [ x > 0]        R = sum 2 ( x ) → u ( x, 0 , 0) u ( x, i, z ) → u ( x, i + 1 , z + i ) [ i ≤ x ]         u ( x, i, z ) → z [ ¬ ( i ≤ x )]   ( E ∪ { u ( x, y ′′ , z ′′ ) ≈ x + u ( x ′ , y, z ) [ x ≥ y ∧ x = x ′ + 1 ∧ y ′ = y + 1 ∧ z ′ = z + y ∧ y ′ ≤ x ∧ y ′′ = y ′ + 1 ∧ z ′′ = z ′ + y ′ ] } ∪ { z ′ ≈ x + z [ x ≥ y ∧ x = x ′ + 1 ∧ y ′ = y + 1 ∧ z ′ = z + y ∧ ¬ ( y ′ ≤ x )] } , H ∪ { u ( x, y ′ , z ′ ) → x + u ( x ′ , y, z ) [ x ≥ y ∧ x = x ′ + 1 ∧ y ′ = y + 1 ∧ z ′ = z + y ] } ) Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 33 / 48

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Proving Equivalence Between Imperative and MapReduce Implementations Using Program

Proving Equivalence Between Imperative and MapReduce Implementations Using Program

Proving Equivalence Between Imperative and MapReduce Implementations Using Program Transformations VPT 2018 Thessaloniki 20 April 2018 Bernhard Beckert, Timo Bingman, Moritz Kiefer, Peter Sanders, Mattias Ulbrich , Alexander Weigl www.kit.edu

968 views • 60 slides
Proving the Equivalence of Higher-Order Terms by Means of Supercompilation Ilya Klyuchnikov and

Proving the Equivalence of Higher-Order Terms by Means of Supercompilation Ilya Klyuchnikov and

Introduction Proving properties of programs Proving equality and equivalence Applications Summary Proving the Equivalence of Higher-Order Terms by Means of Supercompilation Ilya Klyuchnikov and Sergei Romanenko Keldysh Institute of Applied

588 views • 31 slides
Customised Induction Rules for Proving Correctness of Imperative Programs Angela Wallenburg

Customised Induction Rules for Proving Correctness of Imperative Programs Angela Wallenburg

Customised Induction Rules for Proving Correctness of Imperative Programs Angela Wallenburg angelaw@cs.chalmers.se 4th International Symposium June 9, 2005, L okeberg Outline 1. Problem: Induction and Loops 2. First approach: Use idea

821 views • 34 slides
Proving Termination of Imperative Programs using Max-SMT Daniel Larraz, Albert Oliveras, Enric

Proving Termination of Imperative Programs using Max-SMT Daniel Larraz, Albert Oliveras, Enric

Introduction SMT/Max-SMT solving Invariant generation Termination analysis Further work Proving Termination of Imperative Programs using Max-SMT Daniel Larraz, Albert Oliveras, Enric Rodr guez-Carbonell and Albert Rubio Universitat

1.18k views • 73 slides
FITR304 - Software Validation Deductive methods for proving imperative programs Christophe Garion

FITR304 - Software Validation Deductive methods for proving imperative programs Christophe Garion

Institut Suprieur de lAronautique et de lEspace FITR304 - Software Validation Deductive methods for proving imperative programs Christophe Garion DMIA ISAE Christophe Garion IN324 Software Validation deductive methods 1/

2.2k views • 174 slides
Logic Programming 1 Logic Programming Instead of using functions as in imperative and

Logic Programming 1 Logic Programming Instead of using functions as in imperative and

Logic Programming 1 Logic Programming Instead of using functions as in imperative and functional programs We use predicates, as in predicate calculus Interpretation = proving theorems 2 Prolog Developed at Univ. of

663 views • 7 slides
Verification of Imperative Programs through Transformation of Constraint Logic Programs Emanuele

Verification of Imperative Programs through Transformation of Constraint Logic Programs Emanuele

Verification of Imperative Programs through Transformation of Constraint Logic Programs Emanuele De Angelis 1 , Fabio Fioravanti 1 , Alberto Pettorossi 2 , and Maurizio Proietti 3 1 University of Chieti-Pescara G. dAnnunzio, Italy 2

671 views • 52 slides
Regression Verification: Proving Partial Equivalence Talk by Dennis Felsing Seminar within the

Regression Verification: Proving Partial Equivalence Talk by Dennis Felsing Seminar within the

Regression Verification: Proving Partial Equivalence Talk by Dennis Felsing Seminar within the Projektgruppe Formale Methoden der Softwareentwicklung WS 2012/2013 1 / 24 Introduction Formal Verification Formally prove correctness of

457 views • 41 slides
Exploiting symmetries when proving equivalence properties for security protocols Vincent Cheval,

Exploiting symmetries when proving equivalence properties for security protocols Vincent Cheval,

Exploiting symmetries when proving equivalence properties for security protocols Vincent Cheval, Steve Kremer, Itsaka Rakotonirina Inria Nancy Grand-Est Security protocols TLS Wifi @ PASS E-voting E-passport 2 24 Security protocols

830 views • 69 slides
Bound Analysis of Imperative Programs with the Size change Abstraction Florian Zuleger, TU

Bound Analysis of Imperative Programs with the Size change Abstraction Florian Zuleger, TU

Bound Analysis of Imperative Programs with the Size change Abstraction Florian Zuleger, TU Vienna SAS, Venice, 16.09.2011 Joint work with Sumit Gulwani, Microsoft Research Moritz Sinn, Helmut Veith, TU Vienna Resource Bounds Programs consume a

1.05k views • 48 slides
Difference Constraints: An adequate Abstraction for Complexity Analysis of Imperative Programs

Difference Constraints: An adequate Abstraction for Complexity Analysis of Imperative Programs

Difference Constraints: An adequate Abstraction for Complexity Analysis of Imperative Programs Florian Zuleger Technische Universitt Wien FMCAD, 28.09.2015 Joint work with Moritz Sinn, Helmut Veith Bounds and Complexity foo(uint n) Local

437 views • 26 slides
Direct Manipulation For Imperative Programs Hu 1 , Roopsha Samanta 2 , Rishabh Singh 3 , Loris

Direct Manipulation For Imperative Programs Hu 1 , Roopsha Samanta 2 , Rishabh Singh 3 , Loris

Direct Manipulation For Imperative Programs Hu 1 , Roopsha Samanta 2 , Rishabh Singh 3 , Loris DAntoni 1 Qin Qinhepin ing Hu 1 Universitve of Wisconsin-Madison 2 Purdue University 3 Google 5 Variable values Call stack code 6 Python

1.04k views • 90 slides
A Logical Study of Program Equivalence Guilhem Jaber Ecole des Mines de Nantes LINA - Ascola

A Logical Study of Program Equivalence Guilhem Jaber Ecole des Mines de Nantes LINA - Ascola

A Logical Study of Program Equivalence Guilhem Jaber Ecole des Mines de Nantes LINA - Ascola PhD Defense Institut Henri Poincar e (Paris) July 11th 2014 1 / 38 Why study the Equivalence of Programs ? Specification of programs

1.09k views • 93 slides
Imperative vs. object- oriented paradigms 1 11/14/17 Imperative vs. object-oriented u

Imperative vs. object- oriented paradigms 1 11/14/17 Imperative vs. object-oriented u

11/14/17 CSCI-2320 Object-Oriented Paradigm: Ruby Mohammad T . Irfan Imperative vs. object- oriented paradigms 1 11/14/17 Imperative vs. object-oriented u Imperative u Procedural decomposition u Procedures are all powerful u Data is

582 views • 45 slides
An Application of Ramseys Theorem to Proving Programs Terminate: An Exposition William

An Application of Ramseys Theorem to Proving Programs Terminate: An Exposition William

An Application of Ramseys Theorem to Proving Programs Terminate: An Exposition William Gasarch-U of MD Who is Who 1. Work by 1.1 Floyd, 1.2 Byron Cook, Andreas Podelski, Andrey Rybalchenko, 1.3 Lee, Jones, Ben-Amram 1.4 Others 2.

779 views • 38 slides
From Traces To Proofs: Proving Concurrent Programs Safe S. Arun-Kumar (Joint work with Chinmay

From Traces To Proofs: Proving Concurrent Programs Safe S. Arun-Kumar (Joint work with Chinmay

From Traces To Proofs: Proving Concurrent Programs Safe S. Arun-Kumar (Joint work with Chinmay Narayan, Subodh Sharma, and Shibashis Guha) Indian Institute of Technology Delhi TASE-2016 S. Arun-Kumar From Traces To Proofs: Proving Concurrent

671 views • 44 slides
Deciding Indistinguishability: A Decision Result for a Set of Cryptographic Game Transformations

Deciding Indistinguishability: A Decision Result for a Set of Cryptographic Game Transformations

Deciding Indistinguishability: A Decision Result for a Set of Cryptographic Game Transformations Adrien Koutsos March 13, 2018 Adrien Koutsos Deciding Indistinguishability March 13, 2018 1 / 37 Introduction 1 The Model 2 Game

746 views • 73 slides
Modular Implementation of Programming Languages and a Partial Order Approach to Infinitary

Modular Implementation of Programming Languages and a Partial Order Approach to Infinitary

Modular Implementation of Programming Languages and a Partial Order Approach to Infinitary Rewriting Patrick Bahr paba@diku.dk University of Copenhagen Department of Computer Science PhD Defence 30 November 2012 two The Big Pictures

785 views • 33 slides
The Dependency Pair Technique Proving Termination of Term Rewrite Systems Hannes Saffrich

The Dependency Pair Technique Proving Termination of Term Rewrite Systems Hannes Saffrich

Program Analysis Seminar The Dependency Pair Technique Proving Termination of Term Rewrite Systems Hannes Saffrich University of Freiburg Department of Computer Science June 30, 2015 Hannes Saffrich The Dependency Pair Technique Program

441 views • 23 slides
Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and

Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and

Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and Burkhart Wolff April 2005 http://www.infsec.ethz.ch/education/permanent/csmr/ Isabelle: Term Rewriting Burkhart Wolff Isabelle: Term Rewriting 555

762 views • 43 slides
Confluence Another important property for dont care non-deterministic rule based definitions

Confluence Another important property for dont care non-deterministic rule based definitions

Confluence Another important property for dont care non-deterministic rule based definitions of algorithms is confluence. It means that whenever several sequences of rules are applicable to a given states, the respective results can be

329 views • 14 slides
Big Picture TRS yes implement no Literature CSI maybe automated confluence of

Big Picture TRS yes implement no Literature CSI maybe automated confluence of

Layer Systems for Confluence Formalized 1 Bertram Felgenhauer , Franziska Rapp University of Innsbruck, Allgemeines Rechenzentrum Innsbruck ICTAC, Stellenbosch 2018-10-16 1 supported by FWF project P27528 Motivation Big Picture TRS yes

711 views • 55 slides
Complexity Analysis of Precedence Terminating Infinite Graph Rewrite Systems Naohi Eguchi Chiba

Complexity Analysis of Precedence Terminating Infinite Graph Rewrite Systems Naohi Eguchi Chiba

Complexity Analysis of Precedence Terminating Infinite Graph Rewrite Systems Naohi Eguchi Chiba University, Japan University of Innsbruck, Austria September 27, 2014 41st TRS meeting, Jozankei, Sapporo, Japan Introduction Complexity

392 views • 16 slides
Transforming Cycle Rewriting into String Rewriting David Sabel 1 and Hans Zantema 2 , 3 1 Goethe

Transforming Cycle Rewriting into String Rewriting David Sabel 1 and Hans Zantema 2 , 3 1 Goethe

Transforming Cycle Rewriting into String Rewriting David Sabel 1 and Hans Zantema 2 , 3 1 Goethe University Frankfurt, Germany 2 TU Eindhoven, The Netherlands 3 Radboud University Nijmegen, The Netherlands RTA 2015, Warsaw, Poland 1 Cycle

722 views • 46 slides

More recommend