Towards Static Analysis of Functional Programs using Tree Automata Completion

This paper presents the first step of a wider research effort to apply tree automata completion to the static analysis of functional programs. Tree Automata Completion is a family of techniques for computing or approximating the set of terms reachable by a rewriting relation. The completion algorithm we focus on is parameterized by a set \(E\) of equations controlling the precision of the approximation and influencing its termination. For completion to be used as a static analysis, the first step is to guarantee its termination. In this work, we thus give a sufficient condition on \(E\) and \(\mathcal{T(F)}\) for completion algorithm to always terminate. In the particular setting of functional programs, this condition can be relaxed into a condition on \(E\) and \(\mathcal{T(C)}\) (terms built on the set of constructors) that is closer to what is done in the field of static analysis, where abstractions are performed on data.

[1]  Vlad Rusu,et al.  Equational approximations for tree automata completion , 2010, J. Symb. Comput..

[2]  Neil D. Jones,et al.  Flow analysis of lazy higher-order functional programs , 2007, Theor. Comput. Sci..

[3]  Valérie Viet Triem Tong,et al.  Reachability Analysis over Term Rewriting Systems , 2004, Journal of Automated Reasoning.

[4]  Toshinori Takai,et al.  A Verification Technique Using Term Rewriting Systems and Abstract Interpretation , 2004, RTA.

[5]  Thomas Genet,et al.  Rewriting for Cryptographic Protocol Verification , 2000, CADE.

[6]  C.-H. Luke Ong,et al.  Improved Functional Flow and Reachability Analyses Using Indexed Linear Tree Grammars , 2011, RTA.

[7]  Axel Legay,et al.  A Completion Algorithm for Lattice Tree Automata , 2013, CIAA.

[8]  Florent Jacquemard,et al.  Decidable Approximations of Term Rewriting Systems , 1996, RTA.

[9]  Hiroyuki Seki,et al.  Right-Linear Finite Path Overlapping Term Rewriting Systems Effectively Preserve Recognizability , 2000, RTA.

[10]  Thomas Genet,et al.  Reachability analysis of rewriting for software verification , 2009 .

[11]  Yohan Boichut,et al.  Rewriting Approximations for Fast Prototyping of Static Analyzers , 2007, RTA.

[12]  Hubert Comon,et al.  Tree automata techniques and applications , 1997 .

[13]  Alexei Lisitsa Finite Models vs Tree Automata in Safety Verification , 2012, RTA.

[14]  Sebastian Mödersheim,et al.  The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications , 2005, CAV.

[15]  T. Genet,et al.  Proving Reachability Properties on Term Rewriting Systems with Strategies , 2012 .

[16]  David Sinclair,et al.  Automatic Approximation for the Verification of Cryptographic Protocols , 2002, FASec.

[17]  Tobias Nipkow,et al.  Term rewriting and all that , 1998 .

[18]  Thomas Genet,et al.  Tree Automata Completion for Static Analysis of Functional Programs , 2013 .

[19]  Narciso Martí-Oliet,et al.  All About Maude - A High-Performance Logical Framework, How to Specify, Program and Verify Systems in Rewriting Logic , 2007, All About Maude.

[20]  Olga Kouchnarenko,et al.  Handling Non Left-Linear Rules when Completing Tree Automata , 2009, Int. J. Found. Comput. Sci..

[21]  Hans Zantema,et al.  On tree automata that certify termination of left-linear term rewriting systems , 2005, Inf. Comput..

[22]  Thomas Genet,et al.  Decidable Approximations of Sets of Descendants and Sets of Normal Forms , 1998, RTA.

[23]  Aart Middeldorp,et al.  Approximations for Strategies and Termination , 2002, WRS.

[24]  Axel Legay,et al.  Equational Abstraction Refinement for Certified Tree Regular Model Checking , 2012, ICFEM.

[25]  Naoki Kobayashi,et al.  Model Checking Higher-Order Programs , 2013, JACM.

[26]  Benoît Boyer,et al.  Certifying a Tree Automata Completion Checker , 2008, IJCAR.

[27]  C.-H. Luke Ong,et al.  Verifying higher-order functional programs with pattern-matching algebraic data types , 2011, POPL '11.