We propose a novel verification method for higherorder functional programs based on higherorder model checking, or more precisely, model checking of higherorder recursion schemes recursion schemes, for short. In the functional api, given some input tensors and output tensors, you can instantiate a model via. We have implemented a model checker for recursion schemes based on the proposed algorithm, and applied it to verification of functional programs, including. A function model, similar with the activity model or process model, is a graphical representation of an enterprises function within a defined scope. Boolean and cartesian abstraction for model checking c. Program model checking evolved into an active research area at the end of the 1990s.
We study a model for recursive functional programs called higher order recursion schemes hors. This is the second version of the functional mockup interface standard fmi. Finally section 6 draws some preliminary conclusions about the use of the tool and its future. Model checking c programs using fsoft virginia tech. One way to do this consists of adapting model checking into a form of systematic testing that is applicable to. Model checking is a computerassisted method for the analysis of dynamical systems that can be modeled by statetransition systems. Combining model checking and testing microsoft research. Software model checking the development of techniques notably model checking for the computeraided veri. So, we first start by explaining what models are, and will make clear that socalled labeled transition systems, a model that is akin to automata, are suitable for modeling sequential, as well as multithreading programs. The purpose of this memorandum is to announce the release of the first version of the model functional requirements for state school meal programs information systems and model functional requirements for local school meal programs information systems tools. Higherorder program verification via hfl model checking. Iarcs annual conference on foundations of software technology and theoretical computer science, dec 20, guwahati, india.
Model checking check whether the system satisfies a temporallogic formula. The model checking of recursion schemes has recently turned out to be a good basis for verification of higherorder functional programs, just as finite state model checking for programs with while. Model checking higherorder programs, journal of the acm. Principles of model checking offers a comprehensive introduction to model checking that is not only a text suitable for classroom use but also a valuable reference for researchers and practitioners in the field. This dissertation describes our work building a tool to verify temporal logic speci. Accepted paper to fsttcswe study a model for recursive functional programs called, higher order recursion schemes hors.
The most distinguishing feature of our verification method for higherorder programs is that it. Drawing from research traditions in mathematical logic, programming languages, hardware design, and theoretical computer science, model checking is now widely used for the verification of hardware and software in industry. So a model checker should be able to produce more precise answers. Whilst the former has been applied to automated verification of higherorder functional programs, applications of the latter have not been well. Erlang is a functional and concurrent programming language. If model checking can be executed via command line, then it can be executed by other programs.
Model checking model checking systematic statespace exploration exhaustive testing. Jpf, which integrates model checking, program analysis. In contrast to testing, it exercises the model to be verified in an exhaustive fashion. Maybe, uml is not the best choice for functional languages then. In fact, one area where we believe it can have an immediate impact. Comparing model checking and static program analysis. Model checking higherorder programs journal of the acm. An interesting question is does the accuracy of the results from model checking justify the extra resources it consumes. Michael hanus, frank steiner, typebased nondeterminism checking in functional logic programs, proceedings of the 2nd acm sigplan international conference on principles and practice of declarative programming, p. In comparison with the etomcrl tool set, mcerlang differs mainly in that it is implemented in erlang. Functional programmers generally dont have a lot of use for diagrams. The book begins with the basic principles for modeling concurrent and communicating systems, introduces different classes of properties.
Since 2011, the model checking contest mcc compare performances of model checking tools designed to analyze highly concurrent systems. Clearly, software update is not as advanced or helpful as some of the updaters at the start of this list that can download and update programs for you, but its still a functional program thats really lightweight and can run all the time without affecting performance. As shown by kobayashi, veri cation problems of higherorder functional programs can easily be translated into model checking problems of recursion schemes. This article lists model checking tools and gives a synthetic overview their functionalities. We hope to contribute to software quality through such research, developing further the methodologies and tools reported in this article.
Over the last two decades, significant progress has been made on how to broaden the scope of model checking from finitestate abstractions to actual software implementations. In computer science, functional programming is a programming paradigma style of building the structure and elements of computer programsthat treats computation as the evaluation of mathematical functions and avoids changingstate and mutable data. Ic3 software model checking on control flow automata. Modelchecking higherorder functions tohoku university. Model checking for a functional hardware description. The erlang route was rejected because the authors thought that it would be more ef. This paper provides a brief tutorial on model checking of c programs. More recently, software model checking has been in.
We present the new model checker mcerlang for verifying erlang programs. Some people suggest using statemachine, activity or sequence for functional languages, but they only describe behaviour, not structure. The aim of this paper is to investigate basic properties of the erlang concurrency model, which is based on asynchronous communication. Formal language, grammar and setconstraintbased program analysis by. The purposes of the function model are to describe the functions and processes, assist with discovery of information needs, help identify opportunities, and establish a basis for determining product and service costs. Modeling languages programming languages model checking systematic testing verisoft.
Citeseerx document details isaac councill, lee giles, pradeep teregowda. Boolean and cartesian abstraction for model checking c programs. Execution model here we describe the execution model of erlang programs running. Simple yet effective technique for finding bugs in highlevel hardware and software. We present gmc2, a software model checker for gcc, the opensource. Model checking functional and performability properties of. Verifying haskell programs by combining testing, model.
Proceedings of the international workshop, katata, japan, aug 2126, 1981 and international conference kyoto lecture. Model checking and functional program transformations. Model checking and functional program transformations core. Whilst the former has been applied to automated verification of higherorder functional programs, applications of the latter have not been well studied. The previous proofs are based on the equivalence between hors and collapsible pushdown automata and they lose the structure of the. Model checking higherorder programs naoki kobayashi, the university of tokyo we propose a novel verification method for higherorder functional programs based on higherorder model checking, or more precisely, model checking of higherorder recursion schemes recursion schemes, for short.
Model checking and functional program transformations axel haddad to cite this version. Model checking has abysmal complexity in worst case as a function of word size. How can we model the structure of programs written in functional style. This program has the unique feature of checking for and updating programs automatically, but its not very userfriendly. You are right that model checking is most often used for hardware verification and imperative often concurrent programs, since its origin is also in this area. The program is quick to find an entire list of old programs and gives you download links to open in your web browser. We show how to attack the problem of model checking a c program with recursive procedures using an abstraction that we formally define as the composition of the boolean and the cartesian abstractions. After nearly a decade of investigations and case studies, best practices for applying program model checking are now emerging from various methods for capturing properties, building specialpurpose test drivers, and modifying and abstracting application code. Applying model checking to industrialsized plc programs cern. To handle the function callreturn mechanisms inherent in procedural languages such. There are two kinds of higherorder extensions of model checking. You can update your models and test them automatically the same way you might do.
Although each of testing, model checking, and interactive theorem proving is a highly developed research area, the combination of the three will expose many more exciting research topics of their own right. It is a declarative programming paradigm in that programming is done with expressions or declarations instead of statements. We give new proofs of two verification related problems. Jpf is an explicit state software model checker for java bytecode jpf is a java virtual machine that executes your program not just once like a normal vm, but theoretically in all possible ways, checking for property violations like deadlocks or unhandled exceptions along all potential execution paths. This should display a help page explaining all available command line options. Model checking java programs it is well known that concurrent programs are nontrivial to construct, and with java essentially giving the capability for anyone to write concurrent programs, we believe, a model checker for java might have a bright future.
Many functional programmers but not all find that writing down types is a good way to encapsulate the design relationships that oo programmers put into uml diagrams because mutable state is rare in functional programs, there are no mutable objects, so it is not usually useful or necessary to diagram relationships. It traces its roots to logic and theorem proving, both to. It is implemented through a sourcetosource transformation into a boolean c program. Relevance of model checking in strongly typed functional. Also with respect to software model checking, a number of adaptations of. Since the above jar file contains all dependencies, it is safe to rename it and move the file to a more convenient directory. Engler and musuvanthi 15, 14 demonstrate results that dispel some of these common beliefs related to model.
Boolean and cartesian abstractions for model checking c programs. Practical application of model checking in software. Model checking has increasingly gained acceptance within hardware 5, 16, 2, 1 and protocol verification 14 as an additional means to discovering bugs. Modeling data with functional programming, part i rbloggers. The implementation language offers several advantages. The superior modularity of functional programs isolates data management from model development, which keeps the model clean and reduces development overhead. Software model checking smc is a wellknown automatic program verification technique and frequently adopted for checking safetycritical software. This paper introduced pmrs as a model of such functional programs and reduced a certain verification problem concerning them to the model checking problem of their weak cousin, wpmrs recall the variants discussed at the end of section 2. Pdf principles of model checking download full pdf. Software model checking is the algorithmic analysis of programs to prove prop. The constructions presen ted here are based on shape preserving transformations, and can be applied on actual programs without losing.