Relatively complete counterexamples for higher-order programs

In this paper, we study the problem of generating inputs to a higher-order program causing it to error. We first approach the problem in the setting of PCF, a typed, core functional language and contribute the first relatively complete method for constructing counterexamples for PCF programs. The method is relatively complete with respect to a first-order solver over the base types of PCF. In practice, this means an SMT solver can be used for the effective, automated generation of higher-order counterexamples for a large class of programs. We achieve this result by employing a novel form of symbolic execution for higher-order programs. The remarkable aspect of this symbolic execution is that even though symbolic higher-order inputs and values are considered, the path condition remains a first-order formula. Our handling of symbolic function application enables the reconstruction of higher-order counterexamples from this first-order formula. After establishing our main theoretical results, we sketch how to apply the approach to untyped, higher-order, stateful languages with first-class contracts and show how counterexample generation can be used to detect contract violations in this setting. To validate our approach, we implement a tool generating counterexamples for erroneous modules written in Racket.

[1]  Sam Tobin-Hochstadt,et al.  Soft contract verification , 2014, ICFP.

[2]  Matthew Might,et al.  Abstracting abstract machines , 2010, ICFP '10.

[3]  Dawson R. Engler,et al.  KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs , 2008, OSDI.

[4]  Suresh Jagannathan,et al.  Compositional and Lightweight Dependent Type Inference for ML , 2013, VMCAI.

[5]  Junfeng Yang,et al.  Using model checking to find serious file system errors , 2004, TOCS.

[6]  Alexander Aiken,et al.  Flow-sensitive type qualifiers , 2002, PLDI '02.

[7]  Naoki Kobayashi,et al.  Model Checking Higher-Order Programs , 2013, JACM.

[8]  Patrick Maxim Rondon,et al.  Liquid types , 2008, PLDI '08.

[9]  Na Xu Static contract checking for Haskell , 2009, POPL '09.

[10]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[11]  Matthias Felleisen,et al.  Contracts for higher-order functions , 2002, ICFP '02.

[12]  Peter Thiemann,et al.  Contract-Driven Testing of JavaScript Code , 2010, TOOLS.

[13]  Ralf Hinze,et al.  Typed Contracts for Functional Programming , 2006, FLOPS.

[14]  C NguyễnPhúc,et al.  Relatively complete counterexamples for higher-order programs , 2015 .

[15]  C. R. Ramakrishnan,et al.  Proceedings of the Theory and practice of software, 14th international conference on Tools and algorithms for the construction and analysis of systems , 2008 .

[16]  Benjamin C. Pierce,et al.  Contracts made manifest , 2010, POPL '10.

[17]  Robert Bruce Findler,et al.  Random testing for higher-order, stateful programs , 2010, OOPSLA.

[18]  Koen Claessen,et al.  QuickCheck: a lightweight tool for random testing of Haskell programs , 2000, ICFP.

[19]  Simon L. Peyton Jones,et al.  HALO: haskell to logic through denotational semantics , 2013, POPL.

[20]  Sam Tobin-Hochstadt,et al.  Logical types for untyped languages , 2010, ICFP '10.

[21]  Cormac Flanagan,et al.  Hybrid type checking , 2006, POPL '06.

[22]  Dana S. Scott,et al.  A Type-Theoretical Alternative to ISWIM, CUCH, OWHY , 1993, Theor. Comput. Sci..

[23]  Sam Tobin-Hochstadt,et al.  Complete Monitors for Behavioral Contracts , 2012, ESOP.

[24]  Sam Tobin-Hochstadt,et al.  Typing the Numeric Tower , 2012, PADL.

[25]  Stephen A. Cook,et al.  Soundness and Completeness of an Axiom System for Program Verification , 1978, SIAM J. Comput..

[26]  Ranjit Jhala,et al.  Dsolve: Safety Verification via Liquid Types , 2010, CAV.

[27]  Koushik Sen,et al.  DART: directed automated random testing , 2005, PLDI '05.

[28]  Tachio Terauchi Dependent types from counterexamples , 2010, POPL '10.

[29]  Ranjit Jhala,et al.  Type Targeted Testing , 2014, ESOP.

[30]  Dana N. Xu Hybrid contract checking via symbolic simplification , 2012, PEPM '12.

[31]  Dawson R. Engler,et al.  EXE: automatically generating inputs of death , 2006, CCS '06.

[32]  Matthias Felleisen,et al.  Correct blame for contracts: no more scapegoating , 2011, POPL '11.

[33]  Naoki Kobayashi,et al.  Predicate abstraction and CEGAR for higher-order model checking , 2011, PLDI '11.

[34]  Alexander Aiken,et al.  Scalable error detection using boolean satisfiability , 2005, POPL '05.

[35]  Sam Tobin-Hochstadt,et al.  Higher-order symbolic execution via contracts , 2012, OOPSLA '12.