Analysis and Transformation of Constrained Horn Clauses for Program Verification

Angelis, Emanuele De; Fioravanti, Fabio; Gallagher, John P.; Hermenegildo, Manuel V.; Pettorossi, Alberto; Proietti, Maurizio

doi:10.1017/s1471068421000211

“…The CHC translation of a contract verification problem for a functional or an imperative program (Grebenshchikov et al 2012;De Angelis et al 2021) produces three sets of clauses, as shown in Figure 1, where we refer to a program that reverses a list of integers (we omit the source functional program for lack of space). The first set (clauses [1][2][3][4] is the translation of the operational semantics of the program.…”

Section: A Motivating Examplementioning

confidence: 99%

“…The use of CHCs for program verification has become very popular and many techniques and tools for translating program verification problems into satisfiability problems for CHCs have been proposed (see, for instance, the surveys by Bjørner et al 2015 andby De Angelis et al 2021). However, as also shown in this paper, in the case of clauses with ADT terms, state-of-the-art CHC solvers have some severe limitations due to the fact that they do not include any proof technique for inductive reasoning on the ADT structures.…”

Section: Related Work and Conclusionmentioning

confidence: 99%

“…An alternative approach is based on translating the contract verification problem into an equivalent satisfiability problem for constrained Horn clauses 1 (CHCs), that is, Horn clauses extended with logical theories that axiomatize data types like the ones mentioned above (Jaffar and Maher 1994;Grebenshchikov et al 2012;Bjørner et al 2015;De Angelis et al 2021). For clauses extended with theories on basic sorts, such as the theories of boolean values and linear integer arithmetic, various state-of-the-art CHC solvers are available.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Verifying Catamorphism-Based Contracts using Constrained Horn Clauses

Angelis¹,

Pettorossi²,

Proietti³

2022

Theory and Practice of Logic Programming

Self Cite

View full text Add to dashboard Cite

We address the problem of verifying that the functions of a program meet their contracts, specified by pre/postconditions. We follow an approach based on constrained Horn clauses (CHCs) by which the verification problem is reduced to the problem of checking satisfiability of a set of clauses derived from the given program and contracts. We consider programs that manipulate algebraic data types (ADTs) and a class of contracts specified by catamorphisms, that is, functions defined by simple recursion schemata on the given ADTs. We show by several examples that state-of-the-art CHC satisfiability tools are not effective at solving the satisfiability problems obtained by direct translation of the contracts into CHCs. To overcome this difficulty, we propose a transformation technique that removes the ADT terms from CHCs and derives new sets of clauses that work on basic sorts only, such as integers and booleans. Thus, when using the derived CHCs there is no need for induction rules on ADTs. We prove that the transformation is sound, that is, if the derived set of CHCs is satisfiable, then so is the original set. We also prove that the transformation always terminates for the class of contracts specified by catamorphisms. Finally, we present the experimental results obtained by an implementation of our technique when verifying many non-trivial contracts for ADT manipulating programs.

show abstract

“…The CHC translation of a contract verification problem for a functional or an imperative program (Grebenshchikov et al 2012;De Angelis et al 2021) produces three sets of clauses, as shown in Figure 1, where we refer to a program that reverses a list of integers (we omit the source functional program for lack of space). The first set (clauses 1-4) is the translation of the operational semantics of the program.…”

Section: A Motivating Examplementioning

confidence: 99%

Verifying Catamorphism-Based Contracts using Constrained Horn Clauses

De Angelis,

Fioravanti,

Pettorossi

et al. 2022

Preprint

Self Cite

View full text Add to dashboard Cite

We address the problem of verifying that the functions of a program meet their contracts, specified by pre/postconditions. We follow an approach based on constrained Horn clauses (CHCs) by which the verification problem is reduced to the problem of checking satisfiability of a set of clauses derived from the given program and contracts. We consider programs that manipulate algebraic data types (ADTs) and a class of contracts specified by catamorphisms, that is, functions defined by simple recursion schemata on the given ADTs. We show by several examples that state-of-the-art CHC satisfiability tools are not effective at solving the satisfiability problems obtained by direct translation of the contracts into CHCs. To overcome this difficulty, we propose a transformation technique that removes the ADT terms from CHCs and derives new sets of clauses that work on basic sorts only, such as integers and booleans. Thus, when using the derived CHCs there is no need for induction rules on ADTs. We prove that the transformation is sound, that is, if the derived set of CHCs is satisfiable, then so is the original set. We also prove that the transformation always terminates for the class of contracts specified by catamorphisms. Finally, we present the experimental results obtained by an implementation of our technique when verifying many non-trivial contracts for ADT manipulating programs.

show abstract

“…The front end is also in charge of these translations, as well as of translating the analysis and verification results back to the source language. Techniques such as partial evaluation and program specialization offer powerful methods to obtain such translations with provable correctness-see(De Angelis et al 2021) for a recent survey. 2 https://github.com/ciao-lang/devenv…”

mentioning

confidence: 99%

VeriFly: On-the-fly Assertion Checking via Incrementality

Sanchez-Ordaz¹,

Garcia-Contreras²,

Perez-Carrasco³

et al. 2021

Preprint

Self Cite

0

View full text Add to dashboard Cite

Assertion checking is an invaluable programmer's tool for finding many classes of errors or verifying their absence in dynamic languages such as Prolog. For Prolog programmers this means being able to have relevant properties such as modes, types, determinacy, non-failure, sharing, constraints, cost, etc., checked and errors flagged without having to actually run the program. Such global static analysis tools are arguably most useful the earlier they are used in the software development cycle, and fast response times are essential for interactive use. Triggering a full and precise semantic analysis of a software project every time a change is made can be prohibitively expensive. This is specially the case when complex properties need to be inferred for large, realistic code bases. In our static analysis and verification framework this challenge is addressed through a combination of modular and incremental (context-and path-sensitive) analysis that is responsive to program edits, at different levels of granularity. In this tool paper we present how the combination of this framework within an integrated development environment (IDE) takes advantage of such incrementality to achieve a high level of reactivity when reflecting analysis and verification results back as colorings and tooltips directly on the program text-the tool's VeriFly mode. The concrete implementation that we describe is Emacs-based and reuses in part off-the-shelf "on-the-fly" syntax checking facilities (flycheck). We believe that similar extensions are also reproducible with low effort in other mature development environments. Our initial experience with the tool shows quite promising results, with low latency times that provide early, continuous, and precise assertion checking and other semantic feedback to programmers during the development process. The tool supports Prolog natively, as well as other languages by semantic transformation into Horn clauses.

show abstract

Analysis and Transformation of Constrained Horn Clauses for Program Verification

Cited by 25 publications

References 236 publications

Verifying Catamorphism-Based Contracts using Constrained Horn Clauses

Verifying Catamorphism-Based Contracts using Constrained Horn Clauses

Verifying Catamorphism-Based Contracts using Constrained Horn Clauses

VeriFly: On-the-fly Assertion Checking via Incrementality

Contact Info

Product

Resources

About