towards a software model checker for ml naoki kobayashi
play

Towards a Software Model Checker for ML Naoki Kobayashi Tohoku - PowerPoint PPT Presentation

Apr 07, 2024 •119 likes •786 views

Towards a Software Model Checker for ML Naoki Kobayashi Tohoku University Joint work with: Ryosuke Sato and Hiroshi Unno (Tohoku University) in collaboration with Luke Ong (Oxford), Naoshi Tabuchi and Takeshi Tsukada (Tohoku) This Talk

  1. Towards a Software Model Checker for ML Naoki Kobayashi Tohoku University Joint work with: Ryosuke Sato and Hiroshi Unno (Tohoku University) in collaboration with Luke Ong (Oxford), Naoshi Tabuchi and Takeshi Tsukada (Tohoku)

  2. This Talk � Overview of our project to construct: Software Model Checker for ML, based on higher-order model checking (or, model checking of higher-order recursion schemes)

  3. Outline � Introduction to higher-order model checking – What are higher-order recursion schemes? – What are model checking problems? � Applications to program verification – Verification of higher-order boolean programs – Dealing with infinite data domains (integers, lists,...) � Towards a full-scale model checker for ML � Conclusion

  4. Higher-Order Recursion Scheme � Grammar for generating an infinite tree Order-0 scheme S → a (regular tree grammar) c B S → a c B B → b a B → b S S c b → ... → → a → a → a S a c B c b c b c b S a a c B c b

  5. Higher-Order Recursion Scheme � Grammar for generating an infinite tree Tree whose paths are labeled by Order-1 scheme a m+1 b m c S → A c a A x → a x (A (b x)) c a S: o, A: o → o a b → a ... → → A c → a → a S b c b c a ... c A(b c) b b b A(b(b c)) c b c c

  6. Higher-Order Recursion Scheme � Grammar for generating an infinite tree Order-1 scheme S → A c A x → a x (A (b x)) S: o, A: o → o Higher-order recursion schemes ≈ Call-by-name simply-typed λ -calculus + recursion, tree constructors

  7. Model Checking Recursion Schemes Given G: higher-order recursion scheme A: alternating parity tree automaton (APT) (a formula of modal μ -calculus or MSO), does A accept Tree(G)? e.g. - Does every finite path end with “c”? - Does “a” occur below “b”?

  8. Higher-Order Recursion Scheme � Grammar for generating an infinite tree Order-1 scheme S → A c a A x → a x (A (b x)) c a S: o, A: o → o a b a b c Q1. Does every finite path end with “c”? b ... b YES! b Q2. Does “a” occur below “b”? c NO! b c

  9. Model Checking Recursion Schemes Given G: higher-order recursion scheme A: alternating parity tree automaton (APT) (a formula of modal μ -calculus or MSO), does A accept Tree(G)? e.g. - Does every finite path end with “c”? - Does “a” occur eventually whenever “b” occurs? p(x) k-EXPTIME-complete [Ong, LICS06] 2 .. (for order-k recursion scheme) 2 2

  10. TRecS [K., PPDP09] http://www.kb.ecei.tohoku.ac.jp/~koba/trecs/ - First model checker for recursion schemes, restricted to safety property checking - Based on reduction from higher-order model checking to type checking - Uses a practical algorithm that does not always suffer from k-EXPTIME bottleneck

  11. (Non-exhaustive) History � 70s: (1 st -order) Recursive program schemes [Nivat;Coucelle-Nivat;...] � 70-80s: Studies of high-level grammars [Damm; Engelfriet;..] � 2002: Model checking of higher-order recursion schemes [Knapik-Niwinski-Urzyczyn02FoSSaCS] Decidability for “safe” recursion schemes � 2006: Decidability for arbitrary recursion schemes [Ong06LICS] � 2009: Model checker for higher-order recursion schemes [K09PPDP] Applications to program verification [K09POPL]

  12. Outline � Introduction to higher-order model checking – What are higher-order recursion schemes? – What are model checking problems? � Applications to program verification – Verification of higher-order boolean programs • Rechability • Temporal properties – Dealing with infinite data domains (integers, lists,...) � Towards a full-scale model checker for ML

  13. Reachability verification for higher-order boolean programs Theorem: Given a closed term M of (call-by-name or call-by-value) simply-typed λ -calculus with: – recursion – finite base types (including booleans and special constant “fail”) – non-determinism, it is decidable whether M → * fail Proof: Translate M into a recursion scheme G s.t. M → * fail if and only if Tree(G) contains “fail”.

  14. Example fun repeatEven f x = if ∗ then x else f (repeatOdd f x) fun repeatOdd f x = f (repeatEven f x) fun main( ) = if (repeatEven not true) then ( ) else fail Higher-order recursion scheme that generates the tree containing all the possible outputs: + + end + end ... end

  15. Example fun repeatEven f x = if ∗ then x else f (repeatOdd f x) fun repeatOdd f x = f (repeatEven f x) fun main( ) = if (repeatEven not true) then ( ) else fail call-by-value CPS + encoding of booleans RepeatEven k f x → If TF (k x) (RepeatOdd (f k) f x) RepeatOdd k f x → RepeatEven (f k) f x Main → RepeatEven C Not True Generated tree C b → If b end fail + Not k b → If b (k False) (k True) + If b x y → b x y end encoding of booleans True x y → x False x y → y + end bool = o->o->o TF x y → + x y ... end

  16. Outline � Introduction to higher-order model checking – What are higher-order recursion schemes? – What are model checking problems? � Applications to program verification – Verification of higher-order boolean programs • Rechability • Temporal properties – Dealing with infinite data domains (integers, lists,...) � Current status and remaining challenges

  17. Verification of temporal properties by higher-order model checking [K. POPL 2009] Rec. scheme Higher-order (describing all program event sequences) Model Program + + Checking Transformation specification Tree automaton, recognizing valid event sequences

  18. From Program Verification to Model Checking: Example F x k → + (c k) (r(F x k)) let f(x) = S → F d � if ∗ then close(x) + else read(x); f(x) c r in + let y = open “foo” � in r c f (y) + � r c ... Is the file “foo” � accessed according Is each path of the tree to read* close? labeled by r*c?

  19. From Program Verification to Model Checking: continuation parameter, expressing how “foo” is accessed Example after the call returns F x k → + (c k) (r(F x k)) let f(x) = S → F d � if ∗ then close(x) + else read(x); f(x) CPS c r in Transformation! + let y = open “foo” � in r c f (y) + � r c ... Is the file “foo” � accessed according Is each path of the tree to read* close? labeled by r*c?

  20. From Program Verification to Model Checking: Example F x k → + (c k) (r(F x k)) let f(x) = S → F d � if ∗ then close(x) + else read(x); f(x) c r in + let y = open “foo” � in r c f (y) + � r c ... Is the file “foo” � accessed according Is each path of the tree to read* close? labeled by r*c?

  21. From Program Verification to Model Checking: Example F x k → + (c k) (r(F x k)) let f(x) = S → F d � if ∗ then close(x) + else read(x); f(x) c r in + let y = open “foo” � in r c f (y) + � r c ... Is the file “foo” � accessed according Is each path of the tree to read* close? labeled by r*c?

  22. From Program Verification to Model Checking: Example F x k → + (c k) (r(F x k)) let f(x) = S → F d � if ∗ then close(x) + else read(x); f(x) c r in + let y = open “foo” � in r c f (y) + � r c ... Is the file “foo” � accessed according Is each path of the tree to read* close? labeled by r*c?

  23. Program Verification by Higher-order Model Checking Rec. scheme Higher-order (describing all program event sequences) Model Program + + Checking Transformation specification automaton for infinite trees Sound, complete, and automatic for: - A large class of higher-order programs: finitary PCF (simply-typed λ -calculus + recursion + finite base types) - A large class of verification problems: resource usage verification (or typestate checking) , reachability, flow analysis,...

  24. Comparison with Other Model Checking Program Classes Verification Methods Programs with Finite state model checking while-loops infinite Programs with Pushdown model checking state 1 st -order recursion model Higher-order functional Higher-order model checking programs with arbitrary checking recursion

  25. Outline � Introduction to higher-order model checking – What are higher-order recursion schemes? – What are model checking problems? � Applications to program verification – Verification of higher-order boolean programs – Dealing with infinite data domains (integers, lists,...) � Current status and remaining challenges

  26. Dealing with Infinite Data Domains � Abstractions of data structures by tree automata [K.,Tabuchi&Unno, POPL 2010] � Predicate abstraction and CEGAR [K-Sato-Unno, PLDI 2011] (c.f. BLAST, SLAM, …)

  27. Predicate Abstraction and CEGAR for Higher-Order Model Checking f(g,x)=g(x+1) Program is unsafe! Higher-order yes functional program Real error New path? Predicate λ x.x>0 predicates abstraction Error path Higher-order property not satisfied boolean program F(g, b)= Higher-order model checking if b then g(true) else g( ∗ ) property satisfied Program is safe!

  28. What are challenges? � Predicate abstraction – How to consistently abstract a program, so that the resulting HOBP is a safe abstraction? let sum n k = if n ≤ 0 then k 0 else sum (n-1) ( λ x.k(x+n)) in sum m ( λ x.assert(x ≥ m)) � CEGAR (counterexample-guided abstraction refinement) – How to find new predicates to abstract each term to guarantee progress (i.e. any spurious counterexample is eliminated)?

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Higher-Order Model Checking and Program Verification Naoki Kobayashi University of Tokyo

Higher-Order Model Checking and Program Verification Naoki Kobayashi University of Tokyo

Higher-Order Model Checking and Program Verification Naoki Kobayashi University of Tokyo Whats This Talk About? Introduction to higher-order model checking (model checking of higher- order recursion schemes) and its applications to

641 views • 40 slides
The Software Model Checker BLAST: Applications to Software Engineering Dirk Beyer, Thomas A.

The Software Model Checker BLAST: Applications to Software Engineering Dirk Beyer, Thomas A.

The Software Model Checker BLAST: Applications to Software Engineering Dirk Beyer, Thomas A. Henzinger, Ranjit Jhala, Rupak Majumdar Int. Journal on Software Tools for Technology Transfer, 2007 Stefan Buchholz March 17, 2009 1 Model

456 views • 12 slides
On Higher-Order Program Verification and Two Notions of Higher-Order Model Checking Naoki

On Higher-Order Program Verification and Two Notions of Higher-Order Model Checking Naoki

On Higher-Order Program Verification and Two Notions of Higher-Order Model Checking Naoki Kobayashi University of Tokyo Summaries of papers from POPL09, POPL17 (joint work with Etienne Lozes, Florian Bruse), and more recent work (joint work

963 views • 65 slides
The UPPAAL Model Checker The UPPAAL Model Checker Julin Proenza Systems, Robotics and Vision

The UPPAAL Model Checker The UPPAAL Model Checker Julin Proenza Systems, Robotics and Vision

The UPPAAL Model Checker The UPPAAL Model Checker Julin Proenza Systems, Robotics and Vision Group. UIB. SPAIN Julin Proenza. UIB. Oct 2008 The aim of this presentation Introduce the basic concepts of model checking from a practical

804 views • 68 slides
Lecture 3: Model-checker NuSMV B. Srivathsan Chennai Mathematical Institute NPTEL-course July -

Lecture 3: Model-checker NuSMV B. Srivathsan Chennai Mathematical Institute NPTEL-course July -

Lecture 3: Model-checker NuSMV B. Srivathsan Chennai Mathematical Institute NPTEL-course July - November 2015 1 / 31 Model-checker Specify the model of the system Specify the requirements Model-checker will automatically check if system

1.72k views • 112 slides
Formalization and Verification of a Mail Server in Coq Reynald Aeldt a and Naoki Kobayashi b a

Formalization and Verification of a Mail Server in Coq Reynald Aeldt a and Naoki Kobayashi b a

Formalization and Verification of a Mail Server in Coq Reynald Aeldt a and Naoki Kobayashi b a Department of Computer Science, University of Tokyo b Department of Computer Science, Tokyo Institute of Technology 1 Verification of System

578 views • 28 slides
McErlang a Model Checker for Erlang Programs Lars- Ake Fredlund, Clara Benac Earle

McErlang a Model Checker for Erlang Programs Lars- Ake Fredlund, Clara Benac Earle

McErlang a Model Checker for Erlang Programs Lars- Ake Fredlund, Clara Benac Earle Universidad Polit ecnica de Madrid McErlang basics McErlang is useful for checking concurrent software , not for checking sequential software

957 views • 78 slides
A Recommendation System for Software Function Discovery Naoki Ohsugi Software Engineering

A Recommendation System for Software Function Discovery Naoki Ohsugi Software Engineering

A Recommendation System for Software Function Discovery Naoki Ohsugi Software Engineering Laboratory, Graduate School of Information Science, Nara Institute of Science and Technology Tuesday 16 December, 2003. International Workshop on

145 views • 14 slides
Implementation of a Coalgebraic Model Checker Aaron Strahlberger 16.07.2019 Parity Game based

Implementation of a Coalgebraic Model Checker Aaron Strahlberger 16.07.2019 Parity Game based

Implementation of a Coalgebraic Model Checker Aaron Strahlberger 16.07.2019 Parity Game based Model Checker Game-Based Local Model Checking for the Coalgebraic -Calculus by Daniel Hausmann and Lutz Schrder [1] (CONCUR 2019)

474 views • 31 slides
Verification of a Dynamic Channel Model using the SPIN Model Checker Rune M. Friborg and Brian

Verification of a Dynamic Channel Model using the SPIN Model Checker Rune M. Friborg and Brian

Verification of a Dynamic Channel Model using the SPIN Model Checker Rune M. Friborg and Brian Vinter eScience center, University of Copenhagen Dias 1 Introduction to PyCSP 2007 - PyCSP is presented. The synchronization model for channel

574 views • 20 slides
A Model Checker Collection for the Model Checking Contest @ Petri Nets Didier Buchs Stefan

A Model Checker Collection for the Model Checking Contest @ Petri Nets Didier Buchs Stefan

A Model Checker Collection for the Model Checking Contest @ Petri Nets Didier Buchs Stefan Klikovits Alban Linard Romain Mencattini Dimitri Racordon 28 June 2018 1/11 1/11 Examination Result GreatSPN ITSTools LoLA LTSMin Marcie

613 views • 20 slides
Cost Padding, Monitoring, and Regulation Shinji Kobayashi and Shigemi Ohba Shinji Kobayashi and

Cost Padding, Monitoring, and Regulation Shinji Kobayashi and Shigemi Ohba Shinji Kobayashi and

Cost Padding, Monitoring, and Regulation Shinji Kobayashi and Shigemi Ohba Shinji Kobayashi and Shigemi Ohba Graduate School of Economics Nihon University October 2008 Objectives We analyze the model of a governments procurement of

295 views • 26 slides
Schedulability Analysis of Timed CSP Models Using the PAT Model Checker O uzcan O UZ Jan

Schedulability Analysis of Timed CSP Models Using the PAT Model Checker O uzcan O UZ Jan

Schedulability Analysis of Timed CSP Models Using the PAT Model Checker O uzcan O UZ Jan F. BROENINK Angelika MADER Robotics and Mechatronics, University of Twente, The Netherlands Contents Problem Statement & Approach

516 views • 24 slides
The Low-Level Bounded Model Checker LLBMC A Precise Memory Model for LLBMC Florian Merz | October

The Low-Level Bounded Model Checker LLBMC A Precise Memory Model for LLBMC Florian Merz | October

The Low-Level Bounded Model Checker LLBMC A Precise Memory Model for LLBMC Florian Merz | October 7, 2010 Carsten Sinz Stephan Falke V ERIFICATION MEETS A LGORITHM E NGINEERING www.kit.edu KIT University of the State of Baden-Wuerttemberg

415 views • 19 slides
Can a Model Checker Generate Tests for Non-Deterministic Systems? Sergiy Boroday, Alexandre

Can a Model Checker Generate Tests for Non-Deterministic Systems? Sergiy Boroday, Alexandre

Can a Model Checker Generate Tests for Non-Deterministic Systems? Sergiy Boroday, Alexandre Petrenko CRIM, Montreal, Canada Roland Groz INPG, France MBT 2007 Outline Motivation Weak and Strong Tests Test Generation Model

802 views • 22 slides
Towards a model-checker for counter systems S. Demri 1 A. Finkel 1 V. Goranko 2 G. van Drimmelen 2

Towards a model-checker for counter systems S. Demri 1 A. Finkel 1 V. Goranko 2 G. van Drimmelen 2

Towards a model-checker for counter systems S. Demri 1 A. Finkel 1 V. Goranko 2 G. van Drimmelen 2 1 LSV, CNRS & ENS Cachan & INRIA Futurs 2 University of Witwatersrand, Johannesburg ATVA, October 2006, Beijing Motivations Presburger

679 views • 37 slides
SCTP TML update Forwarding and Control Element Separation WG Kentaro Ogawa

SCTP TML update Forwarding and Control Element Separation WG Kentaro Ogawa

SCTP TML update Forwarding and Control Element Separation WG Kentaro Ogawa <ogawa.kentaro@lab.ntt.co.jp> Jamal Hadi Salim <hadi@mojatatu.com> March 2009 IETF ForCES WG 1 General status Version 2 of draft released January 2009

506 views • 6 slides
Linfoma di Hodgkin: Nuovi Approcci Terapeu7ci con Immunomodulatori

Linfoma di Hodgkin: Nuovi Approcci Terapeu7ci con Immunomodulatori

Linfoma di Hodgkin: Nuovi Approcci Terapeu7ci con Immunomodulatori Carmelo Carlo-Stella Dipar7mento di Scienze Biomediche, Universit Humanitas, Rozzano Dipar7mento di

514 views • 22 slides
RENOVATION, MODERNIZATION AND UPRATING OF SMALL HYDRO-POWER STATIONS Dr. H. K. Verma

RENOVATION, MODERNIZATION AND UPRATING OF SMALL HYDRO-POWER STATIONS Dr. H. K. Verma

RENOVATION, MODERNIZATION AND UPRATING OF SMALL HYDRO-POWER STATIONS Dr. H. K. Verma Distinguished Professor (EEE) SHARDA UNIVERSITY Greater Noida, India (Former Professor and Dy. Director Indian Institute of Technology Roorkee) Website:

645 views • 40 slides
The optimality of IPG methods for odd degrees of polynomial approximation Oto Havle Vt

The optimality of IPG methods for odd degrees of polynomial approximation Oto Havle Vt

The optimality of IPG methods for odd degrees of polynomial approximation Oto Havle Vt Dolej Charles University Prague Workshop Dresden-Prague on Numerical Analysis 2010 1 / 21 Contents Introduction 1 Main result and numerical

307 views • 27 slides
Hyperproperties Hypersafety Hyperliveness Presenter: Priyanka Mondal October 7, 2017

Hyperproperties Hypersafety Hyperliveness Presenter: Priyanka Mondal October 7, 2017

Hyperproperties Presenter: Priyanka Mondal Correctness Trace property Hyperproperty Hyperproperties Hypersafety Hyperliveness Presenter: Priyanka Mondal October 7, 2017 Hyperproperties Correctness Presenter: Priyanka Mondal

439 views • 15 slides
Code Based Cryptography Colloquium at Eastern Kentucky University E. Mart nez-Moro i

Code Based Cryptography Colloquium at Eastern Kentucky University E. Mart nez-Moro i

Code Based Cryptography Colloquium at Eastern Kentucky University E. Mart nez-Moro i Acknowledgements Full papers: Two in Designs, Codes and Cryptography (also as preprints OWP 2012-01 at MFO) and one in Journal of Symbolic Computation.

1.14k views • 67 slides
The Particle as a Statistical Ensemble of Events in Stueckelberg-Horwitz-Piron Electrodynamics 3

The Particle as a Statistical Ensemble of Events in Stueckelberg-Horwitz-Piron Electrodynamics 3

The Particle as a Statistical Ensemble of Events in Stueckelberg-Horwitz-Piron Electrodynamics 3 rd International Electronic and Flipped Conference on Entropy and its Applications Martin Land Hadassah College Jerusalem

469 views • 18 slides
Efficient Set Sharing using ZBDDs endez-Lojo 1 Mario M ak 2 Ond rej Lhot Manuel

Efficient Set Sharing using ZBDDs endez-Lojo 1 Mario M ak 2 Ond rej Lhot Manuel

Efficient Set Sharing using ZBDDs endez-Lojo 1 Mario M ak 2 Ond rej Lhot Manuel Hermenegildo 1 , 3 1 University of New Mexico (USA) 2 University of Waterloo (Canada) 3 IMDEA-Software and Technical University of Madrid (Spain) July 31, 2008

592 views • 16 slides

More recommend