HMC: Verifying Functional Programs Using Abstract Interpreters

We present Hindley-Milner-Cousots (HMC), an algorithm that reduces verification of safety properties of typed higher-order functional programs to interprocedural analysis for first-order imperative programs. HMC works as follows. First, it uses the type structure of the functional program to generate a set of logical refinement constraints whose satisfaction implies the safety of the source program. Next, it transforms the logical refinement constraints into a simple first-order imperative program and an invariant that holds iff the constraints are satisfiable. Finally, it uses an invariant generator for first-order imperative programs to discharge the invariant. We have implemented HMC and describe preliminary experimental results using two imperative checkers - ARMC and INTERPROC - to verify OCAML programs. By composing type-based reasoning grounded in program syntax and state-based reasoning grounded in abstract interpretation, HMC enables the fully automatic verification of programs written in modern programming languages.

[1]  Ranjit Jhala,et al.  Type-based data structure verification , 2009, PLDI '09.

[2]  C.-H. Luke Ong,et al.  On Model-Checking Trees Generated by Higher-Order Recursion Schemes , 2006, 21st Annual IEEE Symposium on Logic in Computer Science (LICS'06).

[3]  Andrew D. Gordon,et al.  Refinement Types for Secure Implementations , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[4]  Cormac Flanagan,et al.  Hybrid type checking , 2006, POPL '06.

[5]  Hongwei Xi,et al.  ATS: A Language That Combines Programming with Theorem Proving , 2005, FroCoS.

[6]  Henny B. Sipma,et al.  Linear Invariant Generation Using Non-linear Constraint Solving , 2003, CAV.

[7]  Patrick Maxim Rondon,et al.  Liquid types , 2008, PLDI '08.

[8]  David Walker,et al.  Dynamic Typing with Dependent Types , 2004, IFIP TCS.

[9]  Benjamin C. Pierce,et al.  Local type inference , 1998, POPL '98.

[10]  Kenneth L. McMillan,et al.  Lazy Abstraction with Interpolants , 2006, CAV.

[11]  Nicolas Halbwachs,et al.  Automatic discovery of linear restraints among variables of a program , 1978, POPL.

[12]  Thomas A. Henzinger,et al.  Lazy abstraction , 2002, POPL '02.

[13]  Frank Pfenning,et al.  Refinement types for ML , 1991, PLDI '91.

[14]  Sriram K. Rajamani,et al.  The SLAM project: debugging system software via static analysis , 2002, POPL '02.

[15]  Thomas A. Henzinger,et al.  Invariant Synthesis for Combined Theories , 2007, VMCAI.

[16]  Andrew D. Gordon,et al.  Refinement Types for Secure Implementations , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[17]  Ashutosh Gupta,et al.  InvGen: An Efficient Invariant Generator , 2009, CAV.

[18]  Ranjit Jhala,et al.  Low-level liquid types , 2010, POPL '10.

[19]  Aarti Gupta,et al.  Localization and Register Sharing for Predicate Abstraction , 2005, TACAS.

[20]  Andreas Podelski,et al.  ARMC: The Logical Choice for Software Model Checking with Abstraction Refinement , 2007, PADL.

[21]  Jens Palsberg,et al.  A type system equivalent to a model checker , 2008, TOPL.

[22]  Bertrand Jeannet,et al.  Apron: A Library of Numerical Abstract Domains for Static Analysis , 2009, CAV.

[23]  Patrick Cousot,et al.  Comparing the Galois Connection and Widening/Narrowing Approaches to Abstract Interpretation , 1992, PLILP.

[24]  Naoki Kobayashi,et al.  Dependent type inference with interpolants , 2009, PPDP '09.

[25]  C.-H. Luke Ong,et al.  A Type System Equivalent to the Modal Mu-Calculus Model Checking of Higher-Order Recursion Schemes , 2009, 2009 24th Annual IEEE Symposium on Logic In Computer Science.

[26]  Chao Wang,et al.  Using Statically Computed Invariants Inside the Predicate Abstraction and Refinement Loop , 2006, CAV.

[27]  Frank Pfenning,et al.  Dependent types in practical programming , 1999, POPL '99.

[28]  Patrick Cousot,et al.  A static analyzer for large safety-critical software , 2003, PLDI.

[29]  Robin Milner,et al.  Principal type-schemes for functional programs , 1982, POPL '82.

[30]  Joshua Dunfield,et al.  A unified system of type refinements , 2007 .

[31]  Benjamin C. Pierce,et al.  Types and programming languages: the next generation , 2003, 18th Annual IEEE Symposium of Logic in Computer Science, 2003. Proceedings..

[32]  Naoki Kobayashi Types and higher-order recursion schemes for verification of higher-order programs , 2009, POPL '09.

[33]  Kenneth Knowles,et al.  Type Reconstruction for General Refinement Types , 2007, ESOP.

[34]  Martín Abadi,et al.  Explicit substitutions , 1989, POPL '90.

[35]  Tachio Terauchi Dependent types from counterexamples , 2010, POPL '10.

[36]  Henny B. Sipma,et al.  Scalable Analysis of Linear Systems Using Mathematical Programming , 2005, VMCAI.

[37]  Antoine Miné,et al.  The octagon abstract domain , 2001, High. Order Symb. Comput..

[38]  Thomas A. Henzinger,et al.  Abstractions from proofs , 2004, POPL.