Reducing Total Correctness to Partial Correctness by a - PowerPoint PPT Presentation

Reducing Total Correctness to Partial Correctness by a Transformation of the Language Semantics a 1 a 2 Sebastian Buruian˘ S , tefan Ciobˆ ac˘ 1 Alexandru Ioan Cuza University Bitedefender 2 Alexandru Ioan Cuza University WPTE 2018 Buruian˘ a,Ciobˆ ac˘ a (UAIC) Reducing TC to PC WPTE 2018 1 / 13

Overview Context and Introduction 1 Formalism for Language Semantics 2 Total Correctness 3 Conclusion and Future Work 4 Questions 5 Buruian˘ a,Ciobˆ ac˘ a (UAIC) Reducing TC to PC WPTE 2018 2 / 13

Program Verifiers Programming languages should have formal semantics; Verifiers should be sound w.r.t. said semantics; Typical workflow today: Develop formal semantics of language; 1 Develop verification method; 2 Prove that verification method is sound. 3 Problem: work has to be redone with every change in the language (new features, new versions etc). Buruian˘ a,Ciobˆ ac˘ a (UAIC) Reducing TC to PC WPTE 2018 3 / 13

Solution: Semantics-Parametric Verifiers A verifier V should take as input a program P and the semantics S ; V ( P , S ) should be yes, no, unknown, timeout (depending on what property of P is checked by V ); Prove V sound; If semantics changes to S ′ , run V ( P , S ′ ) (no reed to redo soundness proof of V ). Buruian˘ a,Ciobˆ ac˘ a (UAIC) Reducing TC to PC WPTE 2018 4 / 13

Today’s Talk : Semantics-Parametric reduction of Total Correctness to Partial Correctness Assume we have a verifier V 1 s.t. V ( P , S ) checks whether the program P is partially correct when interpreted w.r.t. the semantics S ; Apply some transformations to P and S and obtain θ ( P ) and θ ( S ); V ( θ ( P ) , θ ( S )) guarantees Total Correctness of program P when interpreted w.r.t. the semantics S . 1 Andrei S ¸tef˘ anescu et al. “All-Path Reachability Logic”. In: RTA-TLCA . 2014, pp. 425–440. doi : http://dx.doi.org/10.1007/978-3-319-08918-8_29 . Buruian˘ a,Ciobˆ ac˘ a (UAIC) Reducing TC to PC WPTE 2018 5 / 13

Example : IMP language Syntax of IMP Id ::= x | y | z | . . . Int ::= 0 , 1 , − 1 , . . . Bool ::= True | False AE ::= Int | Id | AE + AE | . . . BE ::= Bool | AE = AE | AE < AE | not BE | . . . Stmt ::= skip | Stmt ; Stmt | Id := AE | while BE do Stmt | if BE then Stmt else Stmt Buruian˘ a,Ciobˆ ac˘ a (UAIC) Reducing TC to PC WPTE 2018 6 / 13

Example : IMP language Configurations in IMP Code ::= AE | BE | Stmt Cfg ::= List { Code } × Map { Id } { Int } � c 1 � c 2 � ... � c n � ǫ | env � Language semantics � ( v := i ) � l | env � ⇒ � l | update ( v , i , env ) � � (if b then s 1 else s 2 ) � l | env � ⇒ � s 1 � l | env � if b = True � (while b s ) � l | env � ⇒ � (if b then ( s ; while b s ) else skip ) � l | env � Buruian˘ a,Ciobˆ ac˘ a (UAIC) Reducing TC to PC WPTE 2018 7 / 13

Example : IMP language Program execution � x := x + 2 � ǫ | x �→ 12 � → Buruian˘ a,Ciobˆ ac˘ a (UAIC) Reducing TC to PC WPTE 2018 8 / 13

Example : IMP language Program execution � x := x + 2 � ǫ | x �→ 12 � → � x + 2 � x := � � ǫ | x �→ 12 � → Buruian˘ a,Ciobˆ ac˘ a (UAIC) Reducing TC to PC WPTE 2018 8 / 13

Example : IMP language Program execution � x := x + 2 � ǫ | x �→ 12 � → � x + 2 � x := � � ǫ | x �→ 12 � → � x � � + 2 � x := � � ǫ | x �→ 12 � → Buruian˘ a,Ciobˆ ac˘ a (UAIC) Reducing TC to PC WPTE 2018 8 / 13

Example : IMP language Program execution � x := x + 2 � ǫ | x �→ 12 � → � x + 2 � x := � � ǫ | x �→ 12 � → � x � � + 2 � x := � � ǫ | x �→ 12 � → � 12 � � + 2 � x := � � ǫ | x �→ 12 � → Buruian˘ a,Ciobˆ ac˘ a (UAIC) Reducing TC to PC WPTE 2018 8 / 13

Example : IMP language Program execution � x := x + 2 � ǫ | x �→ 12 � → � x + 2 � x := � � ǫ | x �→ 12 � → � x � � + 2 � x := � � ǫ | x �→ 12 � → � 12 � � + 2 � x := � � ǫ | x �→ 12 � → � 12 + 2 � x := � � ǫ | x �→ 12 � → Buruian˘ a,Ciobˆ ac˘ a (UAIC) Reducing TC to PC WPTE 2018 8 / 13

Example : IMP language Program execution � x := x + 2 � ǫ | x �→ 12 � → � x + 2 � x := � � ǫ | x �→ 12 � → � x � � + 2 � x := � � ǫ | x �→ 12 � → � 12 � � + 2 � x := � � ǫ | x �→ 12 � → � 12 + 2 � x := � � ǫ | x �→ 12 � → � 14 � x := � � ǫ | x �→ 12 � → Buruian˘ a,Ciobˆ ac˘ a (UAIC) Reducing TC to PC WPTE 2018 8 / 13

Example : IMP language Program execution � x := x + 2 � ǫ | x �→ 12 � → � x + 2 � x := � � ǫ | x �→ 12 � → � x � � + 2 � x := � � ǫ | x �→ 12 � → � 12 � � + 2 � x := � � ǫ | x �→ 12 � → � 12 + 2 � x := � � ǫ | x �→ 12 � → � 14 � x := � � ǫ | x �→ 12 � → � x := 14 � ǫ | x �→ 12 � → Buruian˘ a,Ciobˆ ac˘ a (UAIC) Reducing TC to PC WPTE 2018 8 / 13

Example : IMP language Program execution � x := x + 2 � ǫ | x �→ 12 � → � x + 2 � x := � � ǫ | x �→ 12 � → � x � � + 2 � x := � � ǫ | x �→ 12 � → � 12 � � + 2 � x := � � ǫ | x �→ 12 � → � 12 + 2 � x := � � ǫ | x �→ 12 � → � 14 � x := � � ǫ | x �→ 12 � → � x := 14 � ǫ | x �→ 12 � → � ǫ | x �→ 14 � Buruian˘ a,Ciobˆ ac˘ a (UAIC) Reducing TC to PC WPTE 2018 8 / 13

Example : IMP language Partial Correctness An all-path reachability rule is a pair ϕ ⇒ ∀ ϕ ′ . We say that ϕ ⇒ ∀ ϕ ′ is = ϕ ⇒ ∀ ϕ ′ , iff for all complete paths τ satisfied by S , denoted by S | starting with γ and for all valuations ρ such that ( γ, ρ ) | = ϕ , there exists some γ ′ ∈ τ such that ( γ ′ , ρ ) | = ϕ ′ . SUM Program in IMP s := 0 while not (m = 0) do s := s + m; m := m - 1 Partial Correctness Sequent S ⊢ � SUM | env 1 � ∧ lookup ( m , env 1 ) = n ∧ n ≥ 0 ⇒ ∀ ∃ env 2 . ( � skip | env 2 � ∧ lookup ( s env 2 ) = n ( n + 1) / 2) , Buruian˘ a,Ciobˆ ac˘ a (UAIC) Reducing TC to PC WPTE 2018 9 / 13

Reducing Total Correctness to Partial Correctness Total Correctness We say that an all-path reachability rule ϕ ⇒ ∀ ϕ ′ is totally satisfied by S , = t ϕ ⇒ ∀ ϕ ′ , iff for all complete or diverging executions τ denoted by S | starting with γ and for all valuations ρ such that ( γ, ρ ) | = ϕ , there exists some γ ′ ∈ τ such that ( γ ′ , ρ ) | = ϕ ′ Buruian˘ a,Ciobˆ ac˘ a (UAIC) Reducing TC to PC WPTE 2018 10 / 13

Reducing Total Correctness to Partial Correctness Total Correctness We say that an all-path reachability rule ϕ ⇒ ∀ ϕ ′ is totally satisfied by S , = t ϕ ⇒ ∀ ϕ ′ , iff for all complete or diverging executions τ denoted by S | starting with γ and for all valuations ρ such that ( γ, ρ ) | = ϕ , there exists some γ ′ ∈ τ such that ( γ ′ , ρ ) | = ϕ ′ Semantics transformation ( � ( v := i ) � l | env � , n ) ⇒ ( � l | update ( v , i , env ) � , n − 1) This sequent guarantees total correctness θ ( S ) ⊢ ( � SUM | env 1 � , 200 | n | + 200) ∧ lookup ( m , env 1 ) = n ∧ n ≥ 0 ⇒ ∀ ∃ g , env 2 . (( � skip | env 2 � , g ) ∧ lookup ( s , env 2 ) = n ( n + 1) / 2) , Buruian˘ a,Ciobˆ ac˘ a (UAIC) Reducing TC to PC WPTE 2018 10 / 13

Total Correctness Theorem Theorem If there exists some term s ∈ Term Σ , Nat ( Var ) of sort Nat such that = θ ( ϕ, s ) ⇒ ∀ ∃ M .θ ( ϕ ′ , M ) , θ ( S ) | = t ϕ ⇒ ∀ ϕ ′ . where M ∈ Var Nat , then S | Corollary If there exists s ∈ Term Σ , Nat ( Var ) of sort Nat such that = θ ( ϕ, s ) ⇒ ∀ ∃ M .θ ( ϕ ′ , M ), where M ∈ Var Nat , then: θ ( S ) | = ϕ ⇒ ∀ ϕ ′ ; S | If ϕ ′ terminates in S , then ϕ also terminates in S . Buruian˘ a,Ciobˆ ac˘ a (UAIC) Reducing TC to PC WPTE 2018 11 / 13

Conclusion and Future Work Language semantics transformation that can be used to prove total correctness of programs; Working proof-of-concept implementation. http://github.com/ciobaca/rmt More modular alternative to program variants? Can our method be combined with existing state of the art automated termination provers? Buruian˘ a,Ciobˆ ac˘ a (UAIC) Reducing TC to PC WPTE 2018 12 / 13

Thank you Questions? References Ciobˆ ac˘ a, S ¸tefan and Dorel Lucanu. “A Coinductive Approach to Proving Reachability Properties in Logically Constrained Term Rewriting Sys- tems”. In: IJCAR 2018 . (to appear). S ¸tef˘ anescu, Andrei et al. “All-Path Reachability Logic”. In: RTA-TLCA . 2014, pp. 425–440. doi : http://dx.doi.org/10.1007/978- 3- 319-08918-8_29 . Buruian˘ a,Ciobˆ ac˘ a (UAIC) Reducing TC to PC WPTE 2018 13 / 13