System FR as Foundations for Stainless

We present the design, implementation, and foundation of a verifier for higher-order functional programs with generics and recursive data types. Our system supports proving safety and termination using preconditions, postconditions and assertions. It supports writing proof hints using assertions and recursive calls. To formalize the soundness of the system we introduce System FR, a calculus supporting System F polymorphism, dependent refinement types, and recursive types (including recursion through contravariant positions of function types). Through the use of sized types, System FR supports reasoning about termination of lazy data structures such as streams. We formalize a reducibility argument using the Coq proof assistant and prove the soundness of a type-checker with respect to call-by-value semantics, ensuring type safety and normalization for typeable programs. Our program verifier is implemented as an alternative verificationcondition generator for the Stainless tool, which relies on existing SMT-based solver backend for automation. We demonstrate the efficiency of our approach by verifying a collection of higher-order functional programs comprising around 14000 lines of polymorphic higher-order Scala code, including graph search algorithms, basic number theory, monad laws, functional data structures, and assignments from popular Functional Programming MOOCs.

[1]  Lars Hupel,et al.  Translating Scala Programs to Isabelle/HOL - System Description , 2016, IJCAR.

[2]  Lawrence Charles Paulson,et al.  Isabelle/HOL: A Proof Assistant for Higher-Order Logic , 2002 .

[3]  Viktor Kuncak,et al.  Satisfiability Modulo Recursive Programs , 2011, SAS.

[4]  J. Girard Une Extension De ĽInterpretation De Gödel a ĽAnalyse, Et Son Application a ĽElimination Des Coupures Dans ĽAnalyse Et La Theorie Des Types , 1971 .

[5]  U. Norell,et al.  Towards a practical programming language based on dependent type theory , 2007 .

[6]  Matthieu Sozeau Equations: A Dependent Pattern-Matching Compiler , 2010, ITP.

[7]  Juan Chen,et al.  Verifying higher-order programs with the dijkstra monad , 2013, PLDI.

[8]  Rodolphe Lepigre Semantics and Implementation of an Extension of ML for Proving Programs. (Sémantique et Implantation d'une Extension de ML pour la Preuve de Programmes) , 2017 .

[9]  Alexandre Miquel The Implicit Calculus of Constructions , 2001, TLCA.

[10]  Yves Bertot,et al.  Interactive Theorem Proving and Program Development: Coq'Art The Calculus of Inductive Constructions , 2010 .

[11]  Nikhil Swamy,et al.  Dijkstra monads for free , 2016, POPL.

[12]  Abhishek Anand,et al.  Towards a Formally Verified Proof Assistant , 2014, ITP.

[13]  Andreas Abel,et al.  Type-based termination: a polymorphic lambda-calculus with sized higher-order types , 2006 .

[14]  K. Rustan M. Leino,et al.  Extended static checking , 1998, PROCOMET.

[15]  Arthur Charguéraud,et al.  The Locally Nameless Representation , 2012, Journal of Automated Reasoning.

[16]  Jorge Luis Sacchini,et al.  Type-Based Productivity of Stream Definitions in the Calculus of Constructions , 2013, 2013 28th Annual ACM/IEEE Symposium on Logic in Computer Science.

[17]  Edwin Brady Idris: general purpose programming with dependent types , 2013, PLPV '13.

[18]  Ranjit Jhala,et al.  Abstract Refinement Types , 2013, ESOP.

[19]  Bruno Barras,et al.  Sets in Coq, Coq in Sets , 2010, J. Formaliz. Reason..

[20]  Marino Miculan,et al.  A Unifying Approach to Recursive and Co-recursive Definitions , 2002, TYPES.

[21]  J. Girard,et al.  Proofs and types , 1989 .

[22]  Brigitte Pientka,et al.  Wellfounded recursion with copatterns: a unified approach to termination and productivity , 2013, ICFP.

[23]  Viktor Kuncak,et al.  Counter-example complete verification for higher-order functions , 2015, Scala@PLDI.

[24]  Rance Cleaveland,et al.  Implementing mathematics with the Nuprl proof development system , 1986 .

[25]  William W. Tait,et al.  Intensional interpretations of functionals of finite type I , 1967, Journal of Symbolic Logic.

[26]  Stephanie Weirich,et al.  Combining proofs and programs in a dependently typed language , 2014, POPL.

[27]  Martin Odersky,et al.  Programming in Scala: A Comprehensive Step-by-Step Guide, 2nd Edition , 2010 .

[28]  Andreas Abel,et al.  MiniAgda: Integrating Sized and Dependent Types , 2010, PAR@ITP.

[29]  Andreas Abel Termination checking with types , 2004, RAIRO Theor. Informatics Appl..

[30]  Robert Harper,et al.  Practical Foundations for Programming Languages , 2012 .

[31]  K. Rustan M. Leino,et al.  Dafny: An Automatic Program Verifier for Functional Correctness , 2010, LPAR.

[32]  Andreas Abel Semi-Continuous Sized Types and Termination , 2008, Log. Methods Comput. Sci..

[33]  Andrei Popescu,et al.  Friends with Benefits - Implementing Corecursion in Foundational Proof Assistants , 2016, ESOP.

[34]  Leonardo de Moura Formalizing Mathematics using the Lean Theorem Prover , 2016, ISAIM.

[35]  Pierre-Yves Strub,et al.  Dependent types and multi-monadic effects in F* , 2016, POPL.

[36]  K. Rustan M. Leino,et al.  The Spec# Programming System: An Overview , 2004, CASSIS.

[37]  Amal Ahmed,et al.  Step-Indexed Syntactic Logical Relations for Recursive and Quantified Types , 2006, ESOP.

[38]  Brigitte Pientka,et al.  Index-Stratified Types , 2018, FSCD.

[39]  Benjamin Grégoire,et al.  A Tutorial on Type-Based Termination , 2009, LerNet ALFA Summer School.

[40]  Philip Wadler,et al.  Refinement reflection: complete verification with SMT , 2017, Proc. ACM Program. Lang..

[41]  Andreas Abel Type-Based Termination, Inflationary Fixed-Points, and Mixed Inductive-Coinductive Types , 2012, FICS.

[42]  Ranjit Jhala,et al.  Refinement types for Haskell , 2014, ICFP.

[43]  Stephan Merz,et al.  Interactive Theorem Proving , 2016, Lecture Notes in Computer Science.

[44]  Luís Pinto,et al.  Type-based termination of recursive definitions , 2004, Mathematical Structures in Computer Science.