Reducing Total Correctness to Partial Correctness by a - - PowerPoint PPT Presentation

reducing total correctness to partial correctness by a
SMART_READER_LITE
LIVE PREVIEW

Reducing Total Correctness to Partial Correctness by a - - PowerPoint PPT Presentation

Feb 15, 2023 217 likes •437 views

Reducing Total Correctness to Partial Correctness by a Transformation of the Language Semantics a 1 a 2 Sebastian Buruian S , tefan Ciob ac 1 Alexandru Ioan Cuza University Bitedefender 2 Alexandru Ioan Cuza University WPTE 2018

slide-1
SLIDE 1

Reducing Total Correctness to Partial Correctness by a Transformation of the Language Semantics

Sebastian Buruian˘ a1 S

, tefan Ciobˆ

ac˘ a2

1Alexandru Ioan Cuza University

Bitedefender

2Alexandru Ioan Cuza University

WPTE 2018

Buruian˘ a,Ciobˆ ac˘ a (UAIC) Reducing TC to PC WPTE 2018 1 / 13

slide-2
SLIDE 2

Overview

1

Context and Introduction

2

Formalism for Language Semantics

3

Total Correctness

4

Conclusion and Future Work

5

Questions

Buruian˘ a,Ciobˆ ac˘ a (UAIC) Reducing TC to PC WPTE 2018 2 / 13

slide-3
SLIDE 3

Program Verifiers

Programming languages should have formal semantics; Verifiers should be sound w.r.t. said semantics; Typical workflow today:

1

Develop formal semantics of language;

2

Develop verification method;

3

Prove that verification method is sound.

Problem: work has to be redone with every change in the language (new features, new versions etc).

Buruian˘ a,Ciobˆ ac˘ a (UAIC) Reducing TC to PC WPTE 2018 3 / 13

slide-4
SLIDE 4

Solution: Semantics-Parametric Verifiers

A verifier V should take as input a program P and the semantics S; V (P, S) should be yes, no, unknown, timeout (depending on what property of P is checked by V ); Prove V sound; If semantics changes to S′, run V (P, S′) (no reed to redo soundness proof of V ).

Buruian˘ a,Ciobˆ ac˘ a (UAIC) Reducing TC to PC WPTE 2018 4 / 13

slide-5
SLIDE 5

Today’s Talk : Semantics-Parametric reduction of Total Correctness to Partial Correctness

Assume we have a verifier V 1 s.t. V (P, S) checks whether the program P is partially correct when interpreted w.r.t. the semantics S; Apply some transformations to P and S and obtain θ(P) and θ(S); V (θ(P), θ(S)) guarantees Total Correctness of program P when interpreted w.r.t. the semantics S.

1Andrei S

¸tef˘ anescu et al. “All-Path Reachability Logic”. In: RTA-TLCA. 2014,

  • pp. 425–440. doi: http://dx.doi.org/10.1007/978-3-319-08918-8_29.

Buruian˘ a,Ciobˆ ac˘ a (UAIC) Reducing TC to PC WPTE 2018 5 / 13

slide-6
SLIDE 6

Example : IMP language

Syntax of IMP

Id ::= x | y | z | . . . Int ::= 0, 1, −1, . . . Bool ::= True | False AE ::= Int | Id | AE + AE | . . . BE ::= Bool | AE = AE | AE < AE | not BE | . . . Stmt ::= skip | Stmt; Stmt | Id := AE | while BE do Stmt | if BE then Stmt else Stmt

Buruian˘ a,Ciobˆ ac˘ a (UAIC) Reducing TC to PC WPTE 2018 6 / 13

slide-7
SLIDE 7

Example : IMP language

Configurations in IMP

Code ::= AE | BE | Stmt Cfg ::= List {Code} × Map {Id} {Int} c1 c2 ... cn ǫ | env

Language semantics

(v := i) l | env ⇒ l | update(v, i, env) (if b then s1 else s2) l | env ⇒ s1 l | env if b = True (while b s) l | env ⇒ (if b then (s; while b s) else skip) l | env

Buruian˘ a,Ciobˆ ac˘ a (UAIC) Reducing TC to PC WPTE 2018 7 / 13

slide-8
SLIDE 8

Example : IMP language

Program execution

x := x + 2 ǫ | x → 12 →

Buruian˘ a,Ciobˆ ac˘ a (UAIC) Reducing TC to PC WPTE 2018 8 / 13

slide-9
SLIDE 9

Example : IMP language

Program execution

x := x + 2 ǫ | x → 12 → x + 2 x := ǫ | x → 12 →

Buruian˘ a,Ciobˆ ac˘ a (UAIC) Reducing TC to PC WPTE 2018 8 / 13

slide-10
SLIDE 10

Example : IMP language

Program execution

x := x + 2 ǫ | x → 12 → x + 2 x := ǫ | x → 12 → x + 2 x := ǫ | x → 12 →

Buruian˘ a,Ciobˆ ac˘ a (UAIC) Reducing TC to PC WPTE 2018 8 / 13

slide-11
SLIDE 11

Example : IMP language

Program execution

x := x + 2 ǫ | x → 12 → x + 2 x := ǫ | x → 12 → x + 2 x := ǫ | x → 12 → 12 + 2 x := ǫ | x → 12 →

Buruian˘ a,Ciobˆ ac˘ a (UAIC) Reducing TC to PC WPTE 2018 8 / 13

slide-12
SLIDE 12

Example : IMP language

Program execution

x := x + 2 ǫ | x → 12 → x + 2 x := ǫ | x → 12 → x + 2 x := ǫ | x → 12 → 12 + 2 x := ǫ | x → 12 → 12 + 2 x := ǫ | x → 12 →

Buruian˘ a,Ciobˆ ac˘ a (UAIC) Reducing TC to PC WPTE 2018 8 / 13

slide-13
SLIDE 13

Example : IMP language

Program execution

x := x + 2 ǫ | x → 12 → x + 2 x := ǫ | x → 12 → x + 2 x := ǫ | x → 12 → 12 + 2 x := ǫ | x → 12 → 12 + 2 x := ǫ | x → 12 → 14 x := ǫ | x → 12 →

Buruian˘ a,Ciobˆ ac˘ a (UAIC) Reducing TC to PC WPTE 2018 8 / 13

slide-14
SLIDE 14

Example : IMP language

Program execution

x := x + 2 ǫ | x → 12 → x + 2 x := ǫ | x → 12 → x + 2 x := ǫ | x → 12 → 12 + 2 x := ǫ | x → 12 → 12 + 2 x := ǫ | x → 12 → 14 x := ǫ | x → 12 → x := 14 ǫ | x → 12 →

Buruian˘ a,Ciobˆ ac˘ a (UAIC) Reducing TC to PC WPTE 2018 8 / 13

slide-15
SLIDE 15

Example : IMP language

Program execution

x := x + 2 ǫ | x → 12 → x + 2 x := ǫ | x → 12 → x + 2 x := ǫ | x → 12 → 12 + 2 x := ǫ | x → 12 → 12 + 2 x := ǫ | x → 12 → 14 x := ǫ | x → 12 → x := 14 ǫ | x → 12 → ǫ | x → 14

Buruian˘ a,Ciobˆ ac˘ a (UAIC) Reducing TC to PC WPTE 2018 8 / 13

slide-16
SLIDE 16

Example : IMP language

Partial Correctness

An all-path reachability rule is a pair ϕ ⇒∀ ϕ′. We say that ϕ ⇒∀ ϕ′ is satisfied by S, denoted by S | = ϕ ⇒∀ ϕ′, iff for all complete paths τ starting with γ and for all valuations ρ such that (γ, ρ) | = ϕ, there exists some γ′ ∈ τ such that (γ′, ρ) | = ϕ′.

SUM Program in IMP

s := 0 while not (m = 0) do s := s + m; m := m - 1

Partial Correctness Sequent

S ⊢ SUM | env1 ∧ lookup(m, env1) = n ∧ n ≥ 0 ⇒∀ ∃env2.(skip | env2 ∧ lookup(senv2) = n(n + 1)/2),

Buruian˘ a,Ciobˆ ac˘ a (UAIC) Reducing TC to PC WPTE 2018 9 / 13

slide-17
SLIDE 17

Reducing Total Correctness to Partial Correctness

Total Correctness

We say that an all-path reachability rule ϕ ⇒∀ ϕ′ is totally satisfied by S, denoted by S | =t ϕ ⇒∀ ϕ′, iff for all complete or diverging executions τ starting with γ and for all valuations ρ such that (γ, ρ) | = ϕ, there exists some γ′ ∈ τ such that (γ′, ρ) | = ϕ′

Buruian˘ a,Ciobˆ ac˘ a (UAIC) Reducing TC to PC WPTE 2018 10 / 13

slide-18
SLIDE 18

Reducing Total Correctness to Partial Correctness

Total Correctness

We say that an all-path reachability rule ϕ ⇒∀ ϕ′ is totally satisfied by S, denoted by S | =t ϕ ⇒∀ ϕ′, iff for all complete or diverging executions τ starting with γ and for all valuations ρ such that (γ, ρ) | = ϕ, there exists some γ′ ∈ τ such that (γ′, ρ) | = ϕ′

Semantics transformation

((v := i) l | env, n) ⇒ (l | update(v, i, env), n − 1)

This sequent guarantees total correctness

θ(S) ⊢ (SUM | env1, 200|n| + 200) ∧ lookup(m, env1) = n ∧ n ≥ 0 ⇒∀ ∃g, env2.((skip | env2, g) ∧ lookup(s, env2) = n(n + 1)/2),

Buruian˘ a,Ciobˆ ac˘ a (UAIC) Reducing TC to PC WPTE 2018 10 / 13

slide-19
SLIDE 19

Total Correctness Theorem

Theorem

If there exists some term s ∈ TermΣ,Nat(Var) of sort Nat such that θ(S) | = θ(ϕ, s) ⇒∀ ∃M.θ(ϕ′, M), where M ∈ VarNat, then S | =t ϕ ⇒∀ ϕ′.

Corollary

If there exists s ∈ TermΣ,Nat(Var) of sort Nat such that θ(S) | = θ(ϕ, s) ⇒∀ ∃M.θ(ϕ′, M), where M ∈ VarNat, then: S | = ϕ ⇒∀ ϕ′; If ϕ′ terminates in S, then ϕ also terminates in S.

Buruian˘ a,Ciobˆ ac˘ a (UAIC) Reducing TC to PC WPTE 2018 11 / 13

slide-20
SLIDE 20

Conclusion and Future Work

Language semantics transformation that can be used to prove total correctness of programs; Working proof-of-concept implementation. http://github.com/ciobaca/rmt More modular alternative to program variants? Can our method be combined with existing state of the art automated termination provers?

Buruian˘ a,Ciobˆ ac˘ a (UAIC) Reducing TC to PC WPTE 2018 12 / 13

slide-21
SLIDE 21

Thank you Questions? References

Ciobˆ ac˘ a, S ¸tefan and Dorel Lucanu. “A Coinductive Approach to Proving Reachability Properties in Logically Constrained Term Rewriting Sys- tems”. In: IJCAR 2018. (to appear). S ¸tef˘ anescu, Andrei et al. “All-Path Reachability Logic”. In: RTA-TLCA. 2014, pp. 425–440. doi: http://dx.doi.org/10.1007/978- 3- 319-08918-8_29.

Buruian˘ a,Ciobˆ ac˘ a (UAIC) Reducing TC to PC WPTE 2018 13 / 13