Verifying Haskell programs by combining testing, model checking and interactive theorem proving

We propose a program verification method that combines random testing, model checking and interactive theorem proving. Testing and model checking are used for debugging programs and specifications before a costly interactive proof attempt. During proof development, testing and model checking quickly eliminate false conjectures and generate counterexamples which help to correct them. With an interactive theorem prover we also ensure the correctness of the reduction of a top level problem to subproblems that can be tested or proved. We demonstrate the method using our random testing tool and binary decision diagrams-based (BDDs) tautology checker, which are added to the Agda/Alfa interactive proof assistant for dependent type theory. In particular we apply our techniques to the verification of Haskell programs. The first example verifies the BDD checker itself by testing its components. The second uses the tautology checker to verify bitonic sort together with a proof that the reduction of the problem to the checked form is correct.

[1]  Thierry Coquand,et al.  A Logical Framework with Dependently Typed Records , 2003, Fundam. Informaticae.

[2]  Koen Claessen,et al.  QuickCheck: a lightweight tool for random testing of Haskell programs , 2000, ICFP.

[3]  Matthew M. Geller Test data as an aid in proving program correctness , 1978, CACM.

[4]  Susumu Hayashi,et al.  Towards the animation of proofs - testing proofs by examples , 2002, Theor. Comput. Sci..

[5]  Lennart Augustsson,et al.  Cayenne—a language with dependent types , 1998, ICFP '98.

[6]  John C. Reynolds,et al.  Types, Abstraction and Parametric Polymorphism , 1983, IFIP Congress.

[7]  John Matthews,et al.  Verifying BDD Algorithms through Monadic Interpretation , 2002, VMCAI.

[8]  Randal E. Bryant,et al.  Symbolic Boolean manipulation with ordered binary-decision diagrams , 1992, CSUR.

[9]  Peter Dybjer,et al.  Inductive families , 2005, Formal Aspects of Computing.

[10]  Tsong Yueh Chen,et al.  Semi-proving: an integrated method based on global symbolic evaluation and metamorphic testing , 2002, ISSTA '02.

[11]  Joyce L. Vedral,et al.  Functional Programming Languages and Computer Architecture , 1989, Lecture Notes in Computer Science.

[12]  Mark P. Jones Integrating Programming, Properties, and Validation , 2000, MPC.

[13]  Peter Hancock,et al.  Interactive Programs in Dependent Type Theory , 2000, CSL.

[14]  John Hughes,et al.  Why Functional Programming Matters , 1989, Comput. J..

[15]  Bengt Nordström,et al.  Programming in Martin-Lo¨f's type theory: an introduction , 1990 .

[16]  Peter Dybjer,et al.  Verifying Haskell programs by combining testing and proving , 2003, Third International Conference on Quality Software, 2003. Proceedings..

[17]  Peter Dybjer,et al.  Combining Testing and Proving in Dependent Type Theory , 2003, TPHOLs.

[18]  Jean Goubault-Larrecq,et al.  Reflecting BDDs in Coq , 2000, ASIAN.

[19]  Ana Bove,et al.  General Recursion in Type Theory , 2002, TYPES.

[20]  Peter Dybjer,et al.  A Finite Axiomatization of Inductive-Recursive Definitions , 1999, TLCA.

[21]  Peter Dybjer,et al.  Indexed induction-recursion , 2001, J. Log. Algebraic Methods Program..