proving equivalence of imperative programs via
play

Proving Equivalence of Imperative Programs via Constrained - PowerPoint PPT Presentation

Jul 29, 2023 •120 likes •2.1k views

Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs Birkbeck, University of London joint work with Cynthia Kop (U Copenhagen) and Naoki Nishida (U Nagoya) Workshop on Program Equivalence, London, UK 11

  1. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Summing up Natural Numbers Numbers: 0 , s ( 0 ) , s ( s ( 0 )) , . . . Rules: → sum ( 0 ) 0 sum ( s ( x )) → plus ( s ( x ) , sum ( x )) → plus ( 0 , y ) y plus ( s ( x ) , y ) → s ( plus ( x, y )) Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 14 / 48

  2. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Summing up Natural Numbers Numbers: 0 , s ( 0 ) , s ( s ( 0 )) , . . . Rules: → sum ( 0 ) 0 sum ( s ( x )) → plus ( s ( x ) , sum ( x )) → plus ( 0 , y ) y plus ( s ( x ) , y ) → s ( plus ( x, y )) Then e.g. we can compute 1 + 1 = 2 as plus ( s ( 0 ) , s ( 0 )) → R s ( plus ( 0 , s ( 0 ))) → R s ( s ( 0 )) Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 14 / 48

  3. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Summing up Natural Numbers Numbers: 0 , s ( 0 ) , s ( s ( 0 )) , . . . Rules: → sum ( 0 ) 0 sum ( s ( x )) → plus ( s ( x ) , sum ( x )) → plus ( 0 , y ) y plus ( s ( x ) , y ) → s ( plus ( x, y )) Then e.g. we can compute 1 + 1 = 2 as plus ( s ( 0 ) , s ( 0 )) → R s ( plus ( 0 , s ( 0 ))) → R s ( s ( 0 )) Integer arithmetic possible with more complex recursive rules. Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 14 / 48

  4. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Summing up Natural Numbers Numbers: 0 , s ( 0 ) , s ( s ( 0 )) , . . . Rules: → sum ( 0 ) 0 sum ( s ( x )) → plus ( s ( x ) , sum ( x )) → plus ( 0 , y ) y plus ( s ( x ) , y ) → s ( plus ( x, y )) Then e.g. we can compute 1 + 1 = 2 as plus ( s ( 0 ) , s ( 0 )) → R s ( plus ( 0 , s ( 0 ))) → R s ( s ( 0 )) Integer arithmetic possible with more complex recursive rules. But: Want to do program analysis . Really throw away domain knowledge about built-in data structures?! Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 14 / 48

  5. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions What’s Constrained Term Rewriting? Term rewriting “with batteries included” • first-order • no fixed evaluation strategy • no fixed order of rules to apply Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 15 / 48

  6. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions What’s Constrained Term Rewriting? Term rewriting “with batteries included” • first-order • no fixed evaluation strategy • no fixed order of rules to apply • typed Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 15 / 48

  7. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions What’s Constrained Term Rewriting? Term rewriting “with batteries included” • first-order • no fixed evaluation strategy • no fixed order of rules to apply • typed • with pre-defined data structures (integers, arrays, bitvectors, ...), usually from SMT-LIB theories (SMT: SAT Modulo Theories) Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 15 / 48

  8. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions What’s Constrained Term Rewriting? Term rewriting “with batteries included” • first-order • no fixed evaluation strategy • no fixed order of rules to apply • typed • with pre-defined data structures (integers, arrays, bitvectors, ...), usually from SMT-LIB theories (SMT: SAT Modulo Theories) • rewrite rules with SMT constraints Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 15 / 48

  9. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions What’s Constrained Term Rewriting? Term rewriting “with batteries included” • first-order • no fixed evaluation strategy • no fixed order of rules to apply • typed • with pre-defined data structures (integers, arrays, bitvectors, ...), usually from SMT-LIB theories (SMT: SAT Modulo Theories) • rewrite rules with SMT constraints ⇒ Term rewriting + SMT solving for automated reasoning Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 15 / 48

  10. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Examples Integer Summation → [ x ≤ 0] sum ( x ) 0 sum ( x ) → x + sum ( x − 1) [ x > 0] Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 16 / 48

  11. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Examples Integer Summation → [ x ≤ 0] sum ( x ) 0 sum ( x ) → x + sum ( x − 1) [ x > 0] sum (2) Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 16 / 48

  12. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Examples Integer Summation → [ x ≤ 0] sum ( x ) 0 sum ( x ) → x + sum ( x − 1) [ x > 0] sum (2) → 2 + sum (2 − 1) Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 16 / 48

  13. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Examples Integer Summation → [ x ≤ 0] sum ( x ) 0 sum ( x ) → x + sum ( x − 1) [ x > 0] sum (2) → 2 + sum (2 − 1) → 2 + sum (1) Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 16 / 48

  14. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Examples Integer Summation → [ x ≤ 0] sum ( x ) 0 sum ( x ) → x + sum ( x − 1) [ x > 0] sum (2) → 2 + sum (2 − 1) → 2 + sum (1) → 2 + (1 + sum (1 − 1)) Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 16 / 48

  15. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Examples Integer Summation → [ x ≤ 0] sum ( x ) 0 sum ( x ) → x + sum ( x − 1) [ x > 0] sum (2) → 2 + sum (2 − 1) → 2 + sum (1) → 2 + (1 + sum (1 − 1)) → 2 + (1 + sum (0)) Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 16 / 48

  16. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Examples Integer Summation → [ x ≤ 0] sum ( x ) 0 sum ( x ) → x + sum ( x − 1) [ x > 0] sum (2) → 2 + sum (2 − 1) → 2 + sum (1) → 2 + (1 + sum (1 − 1)) → 2 + (1 + sum (0)) → 2 + (1 + 0) Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 16 / 48

  17. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Examples Integer Summation → [ x ≤ 0] sum ( x ) 0 sum ( x ) → x + sum ( x − 1) [ x > 0] sum (2) → 2 + sum (2 − 1) → 2 + sum (1) → 2 + (1 + sum (1 − 1)) → 2 + (1 + sum (0)) → 2 + (1 + 0) → 2 + 1 Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 16 / 48

  18. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Examples Integer Summation → [ x ≤ 0] sum ( x ) 0 sum ( x ) → x + sum ( x − 1) [ x > 0] sum (2) → 2 + sum (2 − 1) → 2 + sum (1) → 2 + (1 + sum (1 − 1)) → 2 + (1 + sum (0)) → 2 + (1 + 0) → 2 + 1 → 3 Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 16 / 48

  19. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Examples Integer Summation → [ x ≤ 0 ] sum ( x ) 0 sum ( x ) → x + sum ( x − 1 ) [ x > 0 ] • F terms = { sum } ∪ { n | n ∈ Z } • F theory = { + , − , ≥ , >, ∧ , true , false } ∪ { n | n ∈ Z } • Values: true , false , 0 , 1 , 2 , 3 , . . . , − 1 , − 2 , . . . • Interpretation: addition, minus, etc. Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 17 / 48

  20. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Examples Bitvector Summation → [ x ≤ 0 ] sum ( x ) 0 sum ( x ) → x + sum ( x − 1 ) [ x > 0 ] • F terms = { sum } ∪ { n | n ∈ Z ∧ 0 ≤ n < 256 } • F theory = { + , − , ≥ , >, ∧ , true , false } ∪ { n | n ∈ Z ∧ 0 ≤ n < 256 } • Values: true , false , 0 , 1 , 2 , 3 , . . . , 255 • Interpretation: addition, minus, etc. modulo 256 Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 18 / 48

  21. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Examples Array Summation sum ( a, x ) → 0 [ x < 0 ] → select ( a, x ) + sum ( a, x − 1 ) [ x ≥ 0 ] sum ( a, x ) • F terms = { sum } ∪ { n : int | n ∈ Z } ∪ { a : iarr | n ∈ Z ∗ } • F theory = { + , − , ≥ , >, ∧ , select , true , false } ∪ { n | n ∈ Z } ∪ { a : iarr | a ∈ Z ∗ } • Values: true , false , 0 , 1 , − 1 , 2 , − 2 , . . . , () , ( 0 ) , ( 1 ) , . . . , ( 0 , 0 ) , . . . Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 19 / 48

  22. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Summary Logically Constrained Term Rewriting Systems [Kop and Nishida, 2013] Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 20 / 48

  23. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Summary Logically Constrained Term Rewriting Systems [Kop and Nishida, 2013] • work much like normal term rewrite systems Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 20 / 48

  24. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Summary Logically Constrained Term Rewriting Systems [Kop and Nishida, 2013] • work much like normal term rewrite systems • can handle integers, arrays, bitvectors, ... Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 20 / 48

  25. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Summary Logically Constrained Term Rewriting Systems [Kop and Nishida, 2013] • work much like normal term rewrite systems • can handle integers, arrays, bitvectors, ... • are flexible enough to faithfully model (many) real-world programs Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 20 / 48

  26. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Overview 1 Motivation 2 Constrained Term Rewriting 3 Transforming C Programs 4 Rewriting Induction 5 Lemma Generation 6 Conclusions Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 21 / 48

  27. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Simple Integer Functions Factorial int fact(int x) { int z = 1; for (int i = 1; i <= x; i++) z *= i; return z; } Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 22 / 48

  28. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Simple Integer Functions Factorial int fact(int x) { int z = 1; for (int i = 1; i <= x; i++) z *= i; return z; } fact ( x ) → u 1 ( x ) u 1 ( x ) → u 2 ( x, 1 , 1 ) u 2 ( x, z, i ) → u 3 ( x, z, i ) [ i ≤ x ] u 2 ( x, z, i ) → u 4 ( x, z, i ) [ ¬ ( i ≤ x )] u 3 ( x, z, i ) → u 2 ( x, z ∗ i, i + 1 ) u 4 ( x, z, i ) → z Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 22 / 48

  29. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Simple Integer Functions Factorial int fact(int x) { int z = 1; for (int i = 1; i <= x; i++) z *= i; return z; } fact ( x ) → u 2 ( x, 1 , 1 ) u 2 ( x, z, i ) → u 2 ( x, z ∗ i, i + 1 ) [ i ≤ x ] u 2 ( x, z, i ) → z [ ¬ ( i ≤ x )] Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 22 / 48

  30. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Simple Integer Functions Factorial int fact(int x) { int z = 1; for (int i = 1; i <= x; i++) z *= i; return z; } fact ( x ) → u 2 ( x, 1 , 1 ) u 2 ( x, z, i ) → u 2 ( x, z ∗ i, i + 1 ) [ i ≤ x ] u 2 ( x, z, i ) → return ( z ) [ ¬ ( i ≤ x )] Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 22 / 48

  31. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Error Checking Division by Zero boolean divides(int x, int y) { return x % y == 0; } Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 23 / 48

  32. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Error Checking Division by Zero boolean divides(int x, int y) { return x % y == 0; } divides ( x, y ) → return ( x mod y = 0 ) Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 23 / 48

  33. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Error Checking Division by Zero boolean divides(int x, int y) { return x % y == 0; } divides ( x, y ) → return ( x mod y = 0 ) [ y � = 0 ] → divides ( x, y ) error [ y = 0 ] Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 23 / 48

  34. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Error Checking Division by Zero boolean divides(int x, int y) { return x % y == 0; } divides ( x, y ) → return ( x mod y = 0 ) [ y � = 0 ] → divides ( x, y ) error [ y = 0 ] (defining x mod 0 = 0) Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 23 / 48

  35. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Error Checking Integer Overflow int fact(int x) { int z = 1; for (int i = 1; i <= x; i++) z *= i; return z; } fact ( x ) → u 2 ( x, 1 , 1 ) u 2 ( x, z, i ) → u 2 ( x, z ∗ i, i + 1 )[ i ≤ x ] u 2 ( x, z, i ) → return ( z ) [ ¬ ( i ≤ x )] Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 24 / 48

  36. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Error Checking Integer Overflow int fact(int x) { int z = 1; for (int i = 1; i <= x; i++) z *= i; return z; } fact ( x ) → u 2 ( x, 1 , 1 ) u 2 ( x, z, i ) → u 2 ( x, z ∗ i, i + 1 )[ i ≤ x ∧ z ∗ i < 256 ∧ i + 1 < 256 ] u 2 ( x, z, i ) → error [ i ≤ x ∧ ( z ∗ i ≥ 256 ∨ i + 1 ≥ 256 )] u 2 ( x, z, i ) → return ( z ) [ ¬ ( i ≤ x )] Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 24 / 48

  37. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Further Extensions Further Extensions Can also handle • Recursion • Global variables • Mutable arrays (with built-in size function) → can represent memory safety violation Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 25 / 48

  38. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Overview 1 Motivation 2 Constrained Term Rewriting 3 Transforming C Programs 4 Rewriting Induction 5 Lemma Generation 6 Conclusions Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 26 / 48

  39. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Goal What is Equivalence for LCTRSs? Teacher’s code: → [ x ≤ 0] sum 1 ( x ) 0 sum 1 ( x ) → x + sum 1 ( x − 1) [ x > 0] Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 27 / 48

  40. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Goal What is Equivalence for LCTRSs? Teacher’s code: → [ x ≤ 0] sum 1 ( x ) 0 sum 1 ( x ) → x + sum 1 ( x − 1) [ x > 0] Student’s code: sum 2 ( x ) → u ( x, 0 , 0) u ( x, i, z ) → u ( x, i + 1 , z + i ) [ i ≤ x ] u ( x, i, z ) → [ ¬ ( i ≤ x )] z Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 27 / 48

  41. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Goal What is Equivalence for LCTRSs? Teacher’s code: → [ x ≤ 0] sum 1 ( x ) 0 sum 1 ( x ) → x + sum 1 ( x − 1) [ x > 0] Student’s code: sum 2 ( x ) → u ( x, 0 , 0) u ( x, i, z ) → u ( x, i + 1 , z + i ) [ i ≤ x ] u ( x, i, z ) → [ ¬ ( i ≤ x )] z Query: sum 1 ( x ) ↔ ∗ sum 2 ( x ) for all x ? Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 27 / 48

  42. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Goal Rewriting Induction Given: • set E of equations s 1 ≈ t 1 [ ϕ 1 ] , . . . , s n ≈ t n [ ϕ n ] Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 28 / 48

  43. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Goal Rewriting Induction Given: • set E of equations s 1 ≈ t 1 [ ϕ 1 ] , . . . , s n ≈ t n [ ϕ n ] • set of rewrite rules R Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 28 / 48

  44. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Goal Rewriting Induction Given: • set E of equations s 1 ≈ t 1 [ ϕ 1 ] , . . . , s n ≈ t n [ ϕ n ] • set of rewrite rules R Want to prove: for all constructor ground substitutions γ 1 , . . . , γ n compatible with ϕ 1 , . . . , ϕ n : each s i γ i ↔ ∗ R t i γ i . Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 28 / 48

  45. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Goal Rewriting Induction Given: • set E of equations s 1 ≈ t 1 [ ϕ 1 ] , . . . , s n ≈ t n [ ϕ n ] • set of rewrite rules R Want to prove: for all constructor ground substitutions γ 1 , . . . , γ n compatible with ϕ 1 , . . . , ϕ n : each s i γ i ↔ ∗ R t i γ i . Requirements: • termination of → R (to perform induction) Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 28 / 48

  46. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Goal Rewriting Induction Given: • set E of equations s 1 ≈ t 1 [ ϕ 1 ] , . . . , s n ≈ t n [ ϕ n ] • set of rewrite rules R Want to prove: for all constructor ground substitutions γ 1 , . . . , γ n compatible with ϕ 1 , . . . , ϕ n : each s i γ i ↔ ∗ R t i γ i . Requirements: • termination of → R (to perform induction) • sufficient completeness of → R : evaluation “cannot get stuck” (for case analysis over variables by constructor terms) Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 28 / 48

  47. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Goal Rewriting Induction Given: • set E of equations s 1 ≈ t 1 [ ϕ 1 ] , . . . , s n ≈ t n [ ϕ n ] • set of rewrite rules R Want to prove: for all constructor ground substitutions γ 1 , . . . , γ n compatible with ϕ 1 , . . . , ϕ n : each s i γ i ↔ ∗ R t i γ i . Requirements: • termination of → R (to perform induction) • sufficient completeness of → R : evaluation “cannot get stuck” (for case analysis over variables by constructor terms) • if we want s i γ i ↔ ∗ t i γ i for all results: confluence of → R Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 28 / 48

  48. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Approach Rewriting Induction Three sets: • E (equations, “the queries”) • R (rules, “the program”) • H (rules, “induction hypotheses”) Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 29 / 48

  49. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Approach Rewriting Induction Three sets: • E (equations, “the queries”) • R (rules, “the program”) • H (rules, “induction hypotheses”) Initially: E given, R given, H empty Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 29 / 48

  50. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Approach Rewriting Induction Three sets: • E (equations, “the queries”) • R (rules, “the program”) • H (rules, “induction hypotheses”) Initially: E given, R given, H empty Proof steps: pairs ( E , H ) ⊢ ( E ′ , H ′ ) by several inference rules for ⊢ Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 29 / 48

  51. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Approach Rewriting Induction Three sets: • E (equations, “the queries”) • R (rules, “the program”) • H (rules, “induction hypotheses”) Initially: E given, R given, H empty Proof steps: pairs ( E , H ) ⊢ ( E ′ , H ′ ) by several inference rules for ⊢ Invariant: → R∪H terminating Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 29 / 48

  52. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Approach Rewriting Induction Three sets: • E (equations, “the queries”) • R (rules, “the program”) • H (rules, “induction hypotheses”) Initially: E given, R given, H empty Proof steps: pairs ( E , H ) ⊢ ( E ′ , H ′ ) by several inference rules for ⊢ Invariant: → R∪H terminating Goal: find derivation ( E , ∅ ) ⊢ ∗ ( ∅ , H ) Then also ↔ ∗ E ⊆ ↔ ∗ R∪H ⊆ ↔ ∗ R on ground terms: Equations E are inductive theorems for R Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 29 / 48

  53. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Induction Rules Simplification: definition ( E ⊎ { s ≃ t [ ϕ ] } , H ) ( E ∪ { s ′ ≈ t [ ψ ] } , H ) s ′ ≈ t [ ψ ] if s ≃ t [ ϕ ] → R∪H Idea : Use the program or an induction hypothesis to simplify the query. Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 30 / 48

  54. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Induction Rules Simplification: example  → [ x ≤ 0]  sum 1 ( x ) 0     sum 1 ( x ) → x + sum 1 ( x − 1) [ x > 0]       → R = sum 2 ( x ) u ( x, 0 , 0) u ( x, i, z ) → u ( x, i + 1 , z + i ) [ i ≤ x ]         u ( x, i, z ) → z [ ¬ ( i ≤ x )]   ( E ⊎ { u ( x, y, z ) ≈ x + u ( x ′ , y, z ) [ x ≥ y ∧ x = x ′ + 1] } , H ) Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 31 / 48

  55. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Induction Rules Simplification: example  → [ x ≤ 0]  sum 1 ( x ) 0     sum 1 ( x ) → x + sum 1 ( x − 1) [ x > 0]       → R = sum 2 ( x ) u ( x, 0 , 0) u ( x, i, z ) → u ( x, i + 1 , z + i ) [ i ≤ x ]         u ( x, i, z ) → z [ ¬ ( i ≤ x )]   ( E ⊎ { u ( x, y, z ) ≈ x + u ( x ′ , y, z ) [ x ≥ y ∧ x = x ′ + 1] } , H ) Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 31 / 48

  56. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Induction Rules Simplification: example  sum 1 ( x ) → 0 [ x ≤ 0]      sum 1 ( x ) → x + sum 1 ( x − 1) [ x > 0]       R = → sum 2 ( x ) u ( x, 0 , 0) u ( x, i, z ) → u ( x, i + 1 , z + i ) [ i ≤ x ]         → [ ¬ ( i ≤ x )] u ( x, i, z ) z   ( E ⊎ { u ( x, y + 1 , z + y ) ≈ x + u ( x ′ , y, z ) [ x ≥ y ∧ x = x ′ + 1] } , H ) Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 31 / 48

  57. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Induction Rules Simplification: example  sum 1 ( x ) → 0 [ x ≤ 0]      sum 1 ( x ) → x + sum 1 ( x − 1) [ x > 0]       R = → sum 2 ( x ) u ( x, 0 , 0) u ( x, i, z ) → u ( x, i + 1 , z + i ) [ i ≤ x ]         → [ ¬ ( i ≤ x )] u ( x, i, z ) z   ( E ⊎ { u ( x, y + 1 , z + y ) ≈ x + u ( x ′ , y, z ) [ x ≥ y ∧ x = x ′ + 1] } , H ) Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 31 / 48

  58. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Induction Rules Simplification: example  sum 1 ( x ) → 0 [ x ≤ 0]      sum 1 ( x ) → x + sum 1 ( x − 1) [ x > 0]       R = → sum 2 ( x ) u ( x, 0 , 0) u ( x, i, z ) → u ( x, i + 1 , z + i ) [ i ≤ x ]         → [ ¬ ( i ≤ x )] u ( x, i, z ) z   ( E ⊎ { u ( x, y ′ , z + y ) ≈ x + u ( x ′ , y, z ) [ x ≥ y ∧ x = x ′ + 1 ∧ y ′ = y + 1] } , H ) Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 31 / 48

  59. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Induction Rules Simplification: example  sum 1 ( x ) → 0 [ x ≤ 0]      sum 1 ( x ) → x + sum 1 ( x − 1) [ x > 0]       R = → sum 2 ( x ) u ( x, 0 , 0) u ( x, i, z ) → u ( x, i + 1 , z + i ) [ i ≤ x ]         → [ ¬ ( i ≤ x )] u ( x, i, z ) z   ( E ⊎ { u ( x, y ′ , z + y ) ≈ x + u ( x ′ , y, z ) [ x ≥ y ∧ x = x ′ + 1 ∧ y ′ = y + 1] } , H ) Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 31 / 48

  60. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Induction Rules Simplification: example  → [ x ≤ 0]  sum 1 ( x ) 0     sum 1 ( x ) → x + sum 1 ( x − 1) [ x > 0]       → R = sum 2 ( x ) u ( x, 0 , 0) u ( x, i, z ) → u ( x, i + 1 , z + i ) [ i ≤ x ]         u ( x, i, z ) → z [ ¬ ( i ≤ x )]   ( E ⊎ { u ( x, y ′ , z ′ ) ≈ x + u ( x ′ , y, z ) [ x ≥ y ∧ x = x ′ + 1 ∧ y ′ = y + 1 ∧ z ′ = z + y ] } , H ) Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 31 / 48

  61. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Induction Rules Expansion: definition ( E ⊎ { s ≃ t [ ϕ ] } , H ) ( E ∪ Expd ( s, t, ϕ, p ) , H ∪ { s → t [ ϕ ] } ) if for every γ compatible with ϕ , s | p reduces and R ∪ H ∪ { s → t [ ϕ ] } is terminating Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 32 / 48

  62. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Induction Rules Expansion: definition ( E ⊎ { s ≃ t [ ϕ ] } , H ) ( E ∪ Expd ( s, t, ϕ, p ) , H ∪ { s → t [ ϕ ] } ) if for every γ compatible with ϕ , s | p reduces and R ∪ H ∪ { s → t [ ϕ ] } is terminating Expd ( C [ l ′ ] p , t, ϕ, p ) contains equations C [ rγ ] p ≃ tγ [ ϕγ ∧ ψγ ] for all l → r [ ψ ] in R where l and l ′ unify with most general unifier γ Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 32 / 48

  63. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Induction Rules Expansion: definition ( E ⊎ { s ≃ t [ ϕ ] } , H ) ( E ∪ Expd ( s, t, ϕ, p ) , H ∪ { s → t [ ϕ ] } ) if for every γ compatible with ϕ , s | p reduces and R ∪ H ∪ { s → t [ ϕ ] } is terminating Expd ( C [ l ′ ] p , t, ϕ, p ) contains equations C [ rγ ] p ≃ tγ [ ϕγ ∧ ψγ ] for all l → r [ ψ ] in R where l and l ′ unify with most general unifier γ Idea : Exhaustive case analysis, generate induction hypothesis. (Closely related: narrowing.) Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 32 / 48

  64. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Induction Rules Expansion: example  → [ x ≤ 0]  sum 1 ( x ) 0     sum 1 ( x ) → x + sum 1 ( x − 1) [ x > 0]       R = → sum 2 ( x ) u ( x, 0 , 0) u ( x, i, z ) → u ( x, i + 1 , z + i ) [ i ≤ x ]         → [ ¬ ( i ≤ x )] u ( x, i, z ) z   ( E ⊎ { u ( x, y ′ , z ′ ) ≈ x + u ( x ′ , y, z ) [ x ≥ y ∧ x = x ′ + 1 ∧ y ′ = y + 1 ∧ z ′ = z + y ] } , H ) Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 33 / 48

  65. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Induction Rules Expansion: example  → [ x ≤ 0]  sum 1 ( x ) 0     sum 1 ( x ) → x + sum 1 ( x − 1) [ x > 0]       R = → sum 2 ( x ) u ( x, 0 , 0) u ( x, i, z ) → u ( x, i + 1 , z + i ) [ i ≤ x ]         → [ ¬ ( i ≤ x )] u ( x, i, z ) z   ( E ⊎ { u ( x, y ′ , z ′ ) ≈ x + u ( x ′ , y, z ) [ x ≥ y ∧ x = x ′ + 1 ∧ y ′ = y + 1 ∧ z ′ = z + y ] } , H ) Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 33 / 48

  66. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Induction Rules Expansion: example  sum 1 ( x ) → 0 [ x ≤ 0]     sum 1 ( x ) → x + sum 1 ( x − 1) [ x > 0]        R = sum 2 ( x ) → u ( x, 0 , 0) u ( x, i, z ) → u ( x, i + 1 , z + i ) [ i ≤ x ]         u ( x, i, z ) → z [ ¬ ( i ≤ x )]   ( E ∪ { u ( x, y ′ + 1 , z ′ + y ′ ) ≈ x + u ( x ′ , y, z ) [ x ≥ y ∧ x = x ′ + 1 ∧ y ′ = y + 1 ∧ z ′ = z + y ∧ y ′ ≤ x ] } ∪ { z ′ ≈ x + u ( x ′ , y, z ) [ x ≥ y ∧ x = x ′ + 1 ∧ y ′ = y + 1 ∧ z ′ = z + y ∧ ¬ ( y ′ ≤ x )] } , H ∪ { u ( x, y ′ , z ′ ) → x + u ( x ′ , y, z ) [ x ≥ y ∧ x = x ′ + 1 ∧ y ′ = y + 1 ∧ z ′ = z + y ] } ) Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 33 / 48

  67. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Induction Rules Expansion: example  sum 1 ( x ) → 0 [ x ≤ 0]     sum 1 ( x ) → x + sum 1 ( x − 1) [ x > 0]        R = sum 2 ( x ) → u ( x, 0 , 0) u ( x, i, z ) → u ( x, i + 1 , z + i ) [ i ≤ x ]         u ( x, i, z ) → z [ ¬ ( i ≤ x )]   ( E ∪ { u ( x, y ′ + 1 , z ′ + y ′ ) ≈ x + u ( x ′ , y, z ) [ x ≥ y ∧ x = x ′ + 1 ∧ y ′ = y + 1 ∧ z ′ = z + y ∧ y ′ ≤ x ] } ∪ { z ′ ≈ x + u ( x ′ , y, z ) [ x ≥ y ∧ x = x ′ + 1 ∧ y ′ = y + 1 ∧ z ′ = z + y ∧ ¬ ( y ′ ≤ x )] } , H ∪ { u ( x, y ′ , z ′ ) → x + u ( x ′ , y, z ) [ x ≥ y ∧ x = x ′ + 1 ∧ y ′ = y + 1 ∧ z ′ = z + y ] } ) Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 33 / 48

  68. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Induction Rules Expansion: example  sum 1 ( x ) → 0 [ x ≤ 0]     sum 1 ( x ) → x + sum 1 ( x − 1) [ x > 0]        R = sum 2 ( x ) → u ( x, 0 , 0) u ( x, i, z ) → u ( x, i + 1 , z + i ) [ i ≤ x ]         u ( x, i, z ) → z [ ¬ ( i ≤ x )]   ( E ∪ { u ( x, y ′ + 1 , z ′ + y ′ ) ≈ x + u ( x ′ , y, z ) [ x ≥ y ∧ x = x ′ + 1 ∧ y ′ = y + 1 ∧ z ′ = z + y ∧ y ′ ≤ x ] } ∪ { z ′ ≈ x + u ( x ′ , y, z ) [ x ≥ y ∧ x = x ′ + 1 ∧ y ′ = y + 1 ∧ z ′ = z + y ∧ ¬ ( y ′ ≤ x )] } , H ∪ { u ( x, y ′ , z ′ ) → x + u ( x ′ , y, z ) [ x ≥ y ∧ x = x ′ + 1 ∧ y ′ = y + 1 ∧ z ′ = z + y ] } ) Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 33 / 48

  69. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Induction Rules Expansion: example  sum 1 ( x ) → 0 [ x ≤ 0]     sum 1 ( x ) → x + sum 1 ( x − 1) [ x > 0]        R = sum 2 ( x ) → u ( x, 0 , 0) u ( x, i, z ) → u ( x, i + 1 , z + i ) [ i ≤ x ]         u ( x, i, z ) → z [ ¬ ( i ≤ x )]   ( E ∪ { u ( x, y ′ + 1 , z ′ + y ′ ) ≈ x + u ( x ′ , y, z ) [ x ≥ y ∧ x = x ′ + 1 ∧ y ′ = y + 1 ∧ z ′ = z + y ∧ y ′ ≤ x ] } ∪ { z ′ ≈ x + u ( x ′ , y, z ) [ x ≥ y ∧ x = x ′ + 1 ∧ y ′ = y + 1 ∧ z ′ = z + y ∧ ¬ ( y ′ ≤ x )] } , H ∪ { u ( x, y ′ , z ′ ) → x + u ( x ′ , y, z ) [ x ≥ y ∧ x = x ′ + 1 ∧ y ′ = y + 1 ∧ z ′ = z + y ] } ) Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 33 / 48

  70. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Induction Rules Expansion: example  sum 1 ( x ) → 0 [ x ≤ 0]     sum 1 ( x ) → x + sum 1 ( x − 1) [ x > 0]        R = sum 2 ( x ) → u ( x, 0 , 0) u ( x, i, z ) → u ( x, i + 1 , z + i ) [ i ≤ x ]         u ( x, i, z ) → z [ ¬ ( i ≤ x )]   ( E ∪ { u ( x, y ′ + 1 , z ′ + y ′ ) ≈ x + u ( x ′ , y, z ) [ x ≥ y ∧ x = x ′ + 1 ∧ y ′ = y + 1 ∧ z ′ = z + y ∧ y ′ ≤ x ] } ∪ { z ′ ≈ x + z [ x ≥ y ∧ x = x ′ + 1 ∧ y ′ = y + 1 ∧ z ′ = z + y ∧ ¬ ( y ′ ≤ x )] } , H ∪ { u ( x, y ′ , z ′ ) → x + u ( x ′ , y, z ) [ x ≥ y ∧ x = x ′ + 1 ∧ y ′ = y + 1 ∧ z ′ = z + y ] } ) Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 33 / 48

  71. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Induction Rules Expansion: example  sum 1 ( x ) → 0 [ x ≤ 0]     sum 1 ( x ) → x + sum 1 ( x − 1) [ x > 0]        R = sum 2 ( x ) → u ( x, 0 , 0) u ( x, i, z ) → u ( x, i + 1 , z + i ) [ i ≤ x ]         u ( x, i, z ) → z [ ¬ ( i ≤ x )]   ( E ∪ { u ( x, y ′ + 1 , z ′ + y ′ ) ≈ x + u ( x ′ , y, z ) [ x ≥ y ∧ x = x ′ + 1 ∧ y ′ = y + 1 ∧ z ′ = z + y ∧ y ′ ≤ x ] } ∪ { z ′ ≈ x + z [ x ≥ y ∧ x = x ′ + 1 ∧ y ′ = y + 1 ∧ z ′ = z + y ∧ ¬ ( y ′ ≤ x )] } , H ∪ { u ( x, y ′ , z ′ ) → x + u ( x ′ , y, z ) [ x ≥ y ∧ x = x ′ + 1 ∧ y ′ = y + 1 ∧ z ′ = z + y ] } ) Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 33 / 48

  72. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Induction Rules Expansion: example  sum 1 ( x ) → 0 [ x ≤ 0]     sum 1 ( x ) → x + sum 1 ( x − 1) [ x > 0]        R = sum 2 ( x ) → u ( x, 0 , 0) u ( x, i, z ) → u ( x, i + 1 , z + i ) [ i ≤ x ]         u ( x, i, z ) → z [ ¬ ( i ≤ x )]   ( E ∪ { u ( x, y ′′ , z ′′ ) ≈ x + u ( x ′ , y, z ) [ x ≥ y ∧ x = x ′ + 1 ∧ y ′ = y + 1 ∧ z ′ = z + y ∧ y ′ ≤ x ∧ y ′′ = y ′ + 1 ∧ z ′′ = z ′ + y ′ ] } ∪ { z ′ ≈ x + z [ x ≥ y ∧ x = x ′ + 1 ∧ y ′ = y + 1 ∧ z ′ = z + y ∧ ¬ ( y ′ ≤ x )] } , H ∪ { u ( x, y ′ , z ′ ) → x + u ( x ′ , y, z ) [ x ≥ y ∧ x = x ′ + 1 ∧ y ′ = y + 1 ∧ z ′ = z + y ] } ) Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 33 / 48

  73. Motivation Constrained Term Rewriting Transforming C Programs Rewriting Induction Lemma Generation Conclusions Induction Rules Expansion: example  sum 1 ( x ) → 0 [ x ≤ 0]     sum 1 ( x ) → x + sum 1 ( x − 1) [ x > 0]        R = sum 2 ( x ) → u ( x, 0 , 0) u ( x, i, z ) → u ( x, i + 1 , z + i ) [ i ≤ x ]         u ( x, i, z ) → z [ ¬ ( i ≤ x )]   ( E ∪ { u ( x, y ′′ , z ′′ ) ≈ x + u ( x ′ , y, z ) [ x ≥ y ∧ x = x ′ + 1 ∧ y ′ = y + 1 ∧ z ′ = z + y ∧ y ′ ≤ x ∧ y ′′ = y ′ + 1 ∧ z ′′ = z ′ + y ′ ] } ∪ { z ′ ≈ x + z [ x ≥ y ∧ x = x ′ + 1 ∧ y ′ = y + 1 ∧ z ′ = z + y ∧ ¬ ( y ′ ≤ x )] } , H ∪ { u ( x, y ′ , z ′ ) → x + u ( x ′ , y, z ) [ x ≥ y ∧ x = x ′ + 1 ∧ y ′ = y + 1 ∧ z ′ = z + y ] } ) Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs 33 / 48

Recommend

Proving Equivalence Between Imperative and MapReduce Implementations Using Program

Proving Equivalence Between Imperative and MapReduce Implementations Using Program

Proving Equivalence Between Imperative and MapReduce Implementations Using Program Transformations VPT 2018 Thessaloniki 20 April 2018 Bernhard Beckert, Timo Bingman, Moritz Kiefer, Peter Sanders, Mattias Ulbrich , Alexander Weigl www.kit.edu

968 views • 60 slides
Proving the Equivalence of Higher-Order Terms by Means of Supercompilation Ilya Klyuchnikov and

Proving the Equivalence of Higher-Order Terms by Means of Supercompilation Ilya Klyuchnikov and

Introduction Proving properties of programs Proving equality and equivalence Applications Summary Proving the Equivalence of Higher-Order Terms by Means of Supercompilation Ilya Klyuchnikov and Sergei Romanenko Keldysh Institute of Applied

588 views • 31 slides
Customised Induction Rules for Proving Correctness of Imperative Programs Angela Wallenburg

Customised Induction Rules for Proving Correctness of Imperative Programs Angela Wallenburg

Customised Induction Rules for Proving Correctness of Imperative Programs Angela Wallenburg angelaw@cs.chalmers.se 4th International Symposium June 9, 2005, L okeberg Outline 1. Problem: Induction and Loops 2. First approach: Use idea

821 views • 34 slides
Proving Termination of Imperative Programs using Max-SMT Daniel Larraz, Albert Oliveras, Enric

Proving Termination of Imperative Programs using Max-SMT Daniel Larraz, Albert Oliveras, Enric

Introduction SMT/Max-SMT solving Invariant generation Termination analysis Further work Proving Termination of Imperative Programs using Max-SMT Daniel Larraz, Albert Oliveras, Enric Rodr guez-Carbonell and Albert Rubio Universitat

1.18k views • 73 slides
FITR304 - Software Validation Deductive methods for proving imperative programs Christophe Garion

FITR304 - Software Validation Deductive methods for proving imperative programs Christophe Garion

Institut Suprieur de lAronautique et de lEspace FITR304 - Software Validation Deductive methods for proving imperative programs Christophe Garion DMIA ISAE Christophe Garion IN324 Software Validation deductive methods 1/

2.2k views • 174 slides
Logic Programming 1 Logic Programming Instead of using functions as in imperative and

Logic Programming 1 Logic Programming Instead of using functions as in imperative and

Logic Programming 1 Logic Programming Instead of using functions as in imperative and functional programs We use predicates, as in predicate calculus Interpretation = proving theorems 2 Prolog Developed at Univ. of

663 views • 7 slides
Verification of Imperative Programs through Transformation of Constraint Logic Programs Emanuele

Verification of Imperative Programs through Transformation of Constraint Logic Programs Emanuele

Verification of Imperative Programs through Transformation of Constraint Logic Programs Emanuele De Angelis 1 , Fabio Fioravanti 1 , Alberto Pettorossi 2 , and Maurizio Proietti 3 1 University of Chieti-Pescara G. dAnnunzio, Italy 2

671 views • 52 slides
Regression Verification: Proving Partial Equivalence Talk by Dennis Felsing Seminar within the

Regression Verification: Proving Partial Equivalence Talk by Dennis Felsing Seminar within the

Regression Verification: Proving Partial Equivalence Talk by Dennis Felsing Seminar within the Projektgruppe Formale Methoden der Softwareentwicklung WS 2012/2013 1 / 24 Introduction Formal Verification Formally prove correctness of

457 views • 41 slides
Exploiting symmetries when proving equivalence properties for security protocols Vincent Cheval,

Exploiting symmetries when proving equivalence properties for security protocols Vincent Cheval,

Exploiting symmetries when proving equivalence properties for security protocols Vincent Cheval, Steve Kremer, Itsaka Rakotonirina Inria Nancy Grand-Est Security protocols TLS Wifi @ PASS E-voting E-passport 2 24 Security protocols

830 views • 69 slides
Bound Analysis of Imperative Programs with the Size change Abstraction Florian Zuleger, TU

Bound Analysis of Imperative Programs with the Size change Abstraction Florian Zuleger, TU

Bound Analysis of Imperative Programs with the Size change Abstraction Florian Zuleger, TU Vienna SAS, Venice, 16.09.2011 Joint work with Sumit Gulwani, Microsoft Research Moritz Sinn, Helmut Veith, TU Vienna Resource Bounds Programs consume a

1.05k views • 48 slides
Difference Constraints: An adequate Abstraction for Complexity Analysis of Imperative Programs

Difference Constraints: An adequate Abstraction for Complexity Analysis of Imperative Programs

Difference Constraints: An adequate Abstraction for Complexity Analysis of Imperative Programs Florian Zuleger Technische Universitt Wien FMCAD, 28.09.2015 Joint work with Moritz Sinn, Helmut Veith Bounds and Complexity foo(uint n) Local

437 views • 26 slides
Direct Manipulation For Imperative Programs Hu 1 , Roopsha Samanta 2 , Rishabh Singh 3 , Loris

Direct Manipulation For Imperative Programs Hu 1 , Roopsha Samanta 2 , Rishabh Singh 3 , Loris

Direct Manipulation For Imperative Programs Hu 1 , Roopsha Samanta 2 , Rishabh Singh 3 , Loris DAntoni 1 Qin Qinhepin ing Hu 1 Universitve of Wisconsin-Madison 2 Purdue University 3 Google 5 Variable values Call stack code 6 Python

1.04k views • 90 slides
A Logical Study of Program Equivalence Guilhem Jaber Ecole des Mines de Nantes LINA - Ascola

A Logical Study of Program Equivalence Guilhem Jaber Ecole des Mines de Nantes LINA - Ascola

A Logical Study of Program Equivalence Guilhem Jaber Ecole des Mines de Nantes LINA - Ascola PhD Defense Institut Henri Poincar e (Paris) July 11th 2014 1 / 38 Why study the Equivalence of Programs ? Specification of programs

1.09k views • 93 slides
Imperative vs. object- oriented paradigms 1 11/14/17 Imperative vs. object-oriented u

Imperative vs. object- oriented paradigms 1 11/14/17 Imperative vs. object-oriented u

11/14/17 CSCI-2320 Object-Oriented Paradigm: Ruby Mohammad T . Irfan Imperative vs. object- oriented paradigms 1 11/14/17 Imperative vs. object-oriented u Imperative u Procedural decomposition u Procedures are all powerful u Data is

582 views • 45 slides
An Application of Ramseys Theorem to Proving Programs Terminate: An Exposition William

An Application of Ramseys Theorem to Proving Programs Terminate: An Exposition William

An Application of Ramseys Theorem to Proving Programs Terminate: An Exposition William Gasarch-U of MD Who is Who 1. Work by 1.1 Floyd, 1.2 Byron Cook, Andreas Podelski, Andrey Rybalchenko, 1.3 Lee, Jones, Ben-Amram 1.4 Others 2.

780 views • 38 slides
From Traces To Proofs: Proving Concurrent Programs Safe S. Arun-Kumar (Joint work with Chinmay

From Traces To Proofs: Proving Concurrent Programs Safe S. Arun-Kumar (Joint work with Chinmay

From Traces To Proofs: Proving Concurrent Programs Safe S. Arun-Kumar (Joint work with Chinmay Narayan, Subodh Sharma, and Shibashis Guha) Indian Institute of Technology Delhi TASE-2016 S. Arun-Kumar From Traces To Proofs: Proving Concurrent

671 views • 44 slides
Imperative vs. object- oriented paradigms 1 11/11/14 Imperative vs. object-oriented

Imperative vs. object- oriented paradigms 1 11/11/14 Imperative vs. object-oriented

11/11/14 CSCI-2325 Object-Oriented Paradigm: Ruby Mohammad T . Irfan Imperative vs. object- oriented paradigms 1 11/11/14 Imperative vs. object-oriented u Imperative u Procedural decomposition u Procedures are all

578 views • 31 slides
Imperative vs. object- oriented paradigms 1 11/17/14 Imperative vs. object-oriented

Imperative vs. object- oriented paradigms 1 11/17/14 Imperative vs. object-oriented

11/17/14 CSCI-2325 Object-Oriented Paradigm: Ruby Mohammad T . Irfan Imperative vs. object- oriented paradigms 1 11/17/14 Imperative vs. object-oriented u Imperative u Procedural decomposition u Procedures are all

867 views • 33 slides
Lecture 8/9 : Separation Logic Can handle reasoning of imperative programs well. Overview

Lecture 8/9 : Separation Logic Can handle reasoning of imperative programs well. Overview

CS6202: Advanced Topics in Programming Hoare Logic Hoare Logic Languages and Systems Lecture 8/9 : Separation Logic Can handle reasoning of imperative programs well. Overview Notation : {P} code {Q} Assertion Logic {P}

557 views • 19 slides
On CCZ-Equivalence, Extended-Affine Equivalence and Function Twisting Anne Canteaut, L eo

On CCZ-Equivalence, Extended-Affine Equivalence and Function Twisting Anne Canteaut, L eo

On CCZ-Equivalence, Extended-Affine Equivalence and Function Twisting Anne Canteaut, L eo Perrin June 3, 2019 Fq14, Vancouver Setting up the background Cryptographic properties Equivalence classes CCZ-equivalence Cryptographic

885 views • 63 slides
On Congruence Property of Scope Equivalence for Concurrent Programs with Higher-Order

On Congruence Property of Scope Equivalence for Concurrent Programs with Higher-Order

On Congruence Property of Scope Equivalence for Concurrent Programs with Higher-Order Communication Masaki Murakami Okayama University JAPAN A Formal Model of Concurrent Systems the model presented here is a translation of asynchronous

847 views • 31 slides
Proving Correctness of Graph Programs Relative to Recursively Nested Conditions Nils Erik Flick

Proving Correctness of Graph Programs Relative to Recursively Nested Conditions Nils Erik Flick

Proving Correctness of Graph Programs Relative to Recursively Nested Conditions Nils Erik Flick Universitt Oldenburg February 2017 Intro Correctness Results Rel. Work Conclusion Extras Outline Correctness and Graph Programs 1

354 views • 24 slides
Lecture 31: Declarative Programming Imperative vs. Declarative So far, our programs are

Lecture 31: Declarative Programming Imperative vs. Declarative So far, our programs are

Lecture 31: Declarative Programming Imperative vs. Declarative So far, our programs are explicit directions for solving a problem; the problem itself is implicit in the program. Declarative programming turns this around: A program

249 views • 3 slides
Hoare Logic: Proving Programs Correct 17-654/17-765 Analysis of Software Artifacts Jonathan

Hoare Logic: Proving Programs Correct 17-654/17-765 Analysis of Software Artifacts Jonathan

Hoare Logic: Proving Programs Correct 17-654/17-765 Analysis of Software Artifacts Jonathan Aldrich Reading: C.A.R. Hoare, An Axiomatic Basis for Computer Programming Some presentation ideas from a lecture by K. Rustan M. Leino Testing and

392 views • 23 slides

More recommend