System FR: formalized foundations for the stainless verifier

We present the design, implementation, and foundation of a verifier for higher-order functional programs with generics and recursive data types. Our system supports proving safety and termination using preconditions, postconditions and assertions. It supports writing proof hints using assertions and recursive calls. To formalize the soundness of the system we introduce System FR, a calculus supporting System F polymorphism, dependent refinement types, and recursive types (including recursion through contravariant positions of function types). Through the use of sized types, System FR supports reasoning about termination of lazy data structures such as streams. We formalize a reducibility argument using the Coq proof assistant and prove the soundness of a type-checker with respect to call-by-value semantics, ensuring type safety and normalization for typeable programs. Our program verifier is implemented as an alternative verification-condition generator for the Stainless tool, which relies on the Inox SMT-based solver backend for automation. We demonstrate the efficiency of our approach by verifying a collection of higher-order functional programs comprising around 14000 lines of polymorphic higher-order Scala code, including graph search algorithms, basic number theory, monad laws, functional data structures, and assignments from popular Functional Programming MOOCs.

[1]  Rance Cleaveland,et al.  Implementing mathematics with the Nuprl proof development system , 1986 .

[2]  Bruno Barras,et al.  Sets in Coq, Coq in Sets , 2010, J. Formaliz. Reason..

[3]  John Harrison,et al.  Handbook of Practical Logic and Automated Reasoning , 2009 .

[4]  Alexandre Miquel The Implicit Calculus of Constructions , 2001, TLCA.

[5]  Yves Bertot,et al.  Interactive Theorem Proving and Program Development: Coq'Art The Calculus of Inductive Constructions , 2010 .

[6]  Nikhil Swamy,et al.  Dijkstra monads for free , 2016, POPL.

[7]  Abhishek Anand,et al.  Towards a Formally Verified Proof Assistant , 2014, ITP.

[8]  Viktor Kuncak,et al.  Satisfiability Modulo Recursive Programs , 2011, SAS.

[9]  Sam Tobin-Hochstadt,et al.  Higher order symbolic execution for contract verification and refutation , 2017, J. Funct. Program..

[10]  J. Girard Une Extension De ĽInterpretation De Gödel a ĽAnalyse, Et Son Application a ĽElimination Des Coupures Dans ĽAnalyse Et La Theorie Des Types , 1971 .

[11]  Matthieu Sozeau Equations: A Dependent Pattern-Matching Compiler , 2010, ITP.

[12]  Lars Hupel,et al.  Translating Scala Programs to Isabelle/HOL - System Description , 2016, IJCAR.

[13]  Chris Okasaki,et al.  Purely functional data structures , 1998 .

[14]  J. Girard,et al.  Proofs and types , 1989 .

[15]  Brigitte Pientka,et al.  Wellfounded recursion with copatterns: a unified approach to termination and productivity , 2013, ICFP.

[16]  Martin Odersky,et al.  Programming in Scala: A Comprehensive Step-by-Step Guide, 2nd Edition , 2010 .

[17]  Ranjit Jhala,et al.  Refinement types for Haskell , 2014, ICFP.

[18]  M. Gordon,et al.  Introduction to HOL: a theorem proving environment for higher order logic , 1993 .

[19]  Viktor Kuncak,et al.  System FR as Foundations for Stainless , 2019, ArXiv.

[20]  Viktor Kuncak,et al.  Sound reasoning about integral data types with a reusable SMT solver interface , 2015, Scala@PLDI.

[21]  Martin Odersky,et al.  Conc-Trees for Functional and Parallel Programming , 2015, LCPC.

[22]  Andreas Abel,et al.  MiniAgda: Integrating Sized and Dependent Types , 2010, PAR@ITP.

[23]  Jürgen Giesl,et al.  Automated Termination Analysis for Haskell: From Term Rewriting to Programming Languages , 2006, RTA.

[24]  Leonardo de Moura Formalizing Mathematics using the Lean Theorem Prover , 2016, ISAIM.

[25]  Stephanie Weirich,et al.  Combining proofs and programs in a dependently typed language , 2014, POPL.

[26]  U. Norell,et al.  Towards a practical programming language based on dependent type theory , 2007 .

[27]  Juan Chen,et al.  Verifying higher-order programs with the dijkstra monad , 2013, PLDI.

[28]  K. Rustan M. Leino,et al.  The Spec# Programming System: An Overview , 2004, CASSIS.

[29]  Simon Boulier,et al.  The MetaCoq Project , 2020, Journal of Automated Reasoning.

[30]  Luís Pinto,et al.  Type-based termination of recursive definitions , 2004, Mathematical Structures in Computer Science.

[31]  Lawrence Charles Paulson,et al.  Isabelle/HOL: A Proof Assistant for Higher-Order Logic , 2002 .

[32]  Jürgen Giesl,et al.  Automated Termination Proofs with AProVE , 2004, RTA.

[33]  Marino Miculan,et al.  A Unifying Approach to Recursive and Co-recursive Definitions , 2002, TYPES.

[34]  Ruzica Piskac,et al.  Lazy counterfactual symbolic execution , 2019, PLDI.

[35]  Pierre-Yves Strub,et al.  Dependent types and multi-monadic effects in F* , 2016, POPL.

[36]  Andrei Popescu,et al.  Friends with Benefits - Implementing Corecursion in Foundational Proof Assistants , 2016, ESOP.

[37]  William W. Tait,et al.  Intensional interpretations of functionals of finite type I , 1967, Journal of Symbolic Logic.

[38]  Rodolphe Lepigre Semantics and Implementation of an Extension of ML for Proving Programs. (Sémantique et Implantation d'une Extension de ML pour la Preuve de Programmes) , 2017 .

[39]  Amal Ahmed,et al.  Step-Indexed Syntactic Logical Relations for Recursive and Quantified Types , 2006, ESOP.

[40]  Viktor Kuncak,et al.  Counter-example complete verification for higher-order functions , 2015, Scala@PLDI.

[41]  Andreas Abel,et al.  Type-based termination: a polymorphic lambda-calculus with sized higher-order types , 2006 .

[42]  K. Rustan M. Leino,et al.  Extended static checking , 1998, PROCOMET.

[43]  Philip Wadler,et al.  Refinement reflection: complete verification with SMT , 2017, Proc. ACM Program. Lang..

[44]  Andreas Abel Type-Based Termination, Inflationary Fixed-Points, and Mixed Inductive-Coinductive Types , 2012, FICS.

[45]  Andreas Abel Termination checking with types , 2004, RAIRO Theor. Informatics Appl..

[46]  K. Rustan M. Leino,et al.  Dafny: An Automatic Program Verifier for Functional Correctness , 2010, LPAR.

[47]  Andreas Abel Semi-Continuous Sized Types and Termination , 2008, Log. Methods Comput. Sci..

[48]  John Harrison,et al.  HOL Light Tutorial , 2015 .

[49]  Jürgen Giesl,et al.  Automated termination proofs for haskell by term rewriting , 2011, TOPL.

[50]  Brigitte Pientka,et al.  Index-Stratified Types , 2018, FSCD.

[51]  Martin Odersky,et al.  Simplicitly: foundations and applications of implicit function types , 2017, Proc. ACM Program. Lang..

[52]  Nada Amin,et al.  Dependent Object Types , 2016 .

[53]  Viktor Kuncak,et al.  SMT-based checking of predicate-qualified types for Scala , 2016, SCALA@SPLASH.

[54]  Ranjit Jhala,et al.  Abstract Refinement Types , 2013, ESOP.

[55]  Arthur Charguéraud,et al.  The Locally Nameless Representation , 2012, Journal of Automated Reasoning.

[56]  Jorge Luis Sacchini,et al.  Type-Based Productivity of Stream Definitions in the Calculus of Constructions , 2013, 2013 28th Annual ACM/IEEE Symposium on Logic in Computer Science.

[57]  Edwin Brady Idris: general purpose programming with dependent types , 2013, PLPV '13.

[58]  Robert Harper,et al.  Practical Foundations for Programming Languages , 2012 .

[59]  Hongwei Xi Dependent Types for Program Termination Verification , 2002, High. Order Symb. Comput..

[60]  Benjamin Grégoire,et al.  A Tutorial on Type-Based Termination , 2009, LerNet ALFA Summer School.