Results 1  10
of
30
A type system equivalent to the modal mucalculus model checking of higherorder recursion schemes
 IN: PROCEEDINGS OF LICS
, 2009
"... The model checking of higherorder recursion schemes has important applications in the verification of higherorder programs. Ong has previously shown that the modal mucalculus model checking of trees generated by ordern recursion scheme is nEXPTIME complete, but his algorithm and its correctness ..."
Abstract

Cited by 40 (13 self)
 Add to MetaCart
The model checking of higherorder recursion schemes has important applications in the verification of higherorder programs. Ong has previously shown that the modal mucalculus model checking of trees generated by ordern recursion scheme is nEXPTIME complete, but his algorithm and its correctness proof were rather complex. We give an alternative, typebased verification method: Given a modal mucalculus formula, we can construct a type system in which a recursion scheme is typable if, and only if, the (possibly infinite, ranked) tree generated by the scheme satisfies the formula. The model checking problem is thus reduced to a type checking problem. Our typebased approach yields a simple verification algorithm, and its correctness proof (constructed without recourse to game semantics) is comparatively easy to understand. Furthermore, the algorithm is polynomialtime in the size of the recursion scheme, assuming that the formula and the largest order and arity of nonterminals of the recursion scheme are fixed.
HigherOrder MultiParameter Tree Transducers . . .
, 2010
"... We introduce higherorder, multiparameter, tree transducers (HMTTs, for short), which are kinds of higherorder tree transducers that take input trees and output a (possibly infinite) tree. We study the problem of checking whether the tree generated by a given HMTT conforms to a given output specif ..."
Abstract

Cited by 28 (11 self)
 Add to MetaCart
We introduce higherorder, multiparameter, tree transducers (HMTTs, for short), which are kinds of higherorder tree transducers that take input trees and output a (possibly infinite) tree. We study the problem of checking whether the tree generated by a given HMTT conforms to a given output specification, provided that the input trees conform to input specifications (where both input/output specifications are regular tree languages). HMTTs subsume higherorder recursion schemes and ordinary tree transducers, so that their verification has a number of potential applications to verification of functional programs using recursive data structures, including resource usage verification, string analysis, and exact typechecking of XMLprocessing programs. We propose a sound but incomplete verification algorithm for the HMTT verification problem: the algorithm reduces the verification problem to a modelchecking problem for higherorder recursion schemes extended with finite data domains, and then uses (an extension of) Kobayashi’s algorithm for modelchecking recursion schemes. While the algorithm is incomplete (indeed, as we show in the paper, the verification problem is undecidable in general), it is sound and complete for a subclass of HMTTs called linear HMTTs. We have applied our HMTT verification algorithm to various program verification problems and obtained promising results.
A Practical Linear Time Algorithm for Trivial Automata Model Checking of HigherOrder Recursion Schemes
"... The model checking of higherorder recursion schemes has been actively studied and is now becoming a basis of higherorder program verification. We propose a new algorithm for trivial automata model checking of higherorder recursion schemes. To our knowledge, this is the first practical model che ..."
Abstract

Cited by 13 (5 self)
 Add to MetaCart
The model checking of higherorder recursion schemes has been actively studied and is now becoming a basis of higherorder program verification. We propose a new algorithm for trivial automata model checking of higherorder recursion schemes. To our knowledge, this is the first practical model checking algorithm for recursion schemes that runs in time linear in the size of the higherorder recursion scheme, under the assumption that the size of trivial automata and the largest order and arity of functions are fixed. The previous linear time algorithm was impractical due to a huge constant factor, and the only practical previous algorithm suffers from the hyperexponential worstcase time complexity, under the same assumption. The new algorithm is remarkably simple, consisting of just two fixedpoint computations. We have implemented the algorithm and confirmed that it outperforms Kobayashi’s previous algorithm in a certain case.
SaturationBased Model Checking of HigherOrder Recursion Schemes
"... Model checking of higherorder recursion schemes (HORS) has recently been studied extensively and applied to higherorder program verification. Despite recent efforts, obtaining a scalable model checker for HORS remains a big challenge. We propose a new model checking algorithm for HORS, which combi ..."
Abstract

Cited by 8 (2 self)
 Add to MetaCart
Model checking of higherorder recursion schemes (HORS) has recently been studied extensively and applied to higherorder program verification. Despite recent efforts, obtaining a scalable model checker for HORS remains a big challenge. We propose a new model checking algorithm for HORS, which combines two previous, independent approaches to higherorder model checking. Like previous typebased algorithms for HORS, it directly analyzes HORS and outputs intersection types as a certificate, but like Broadbent et al.’s saturation algorithm for collapsible pushdown systems (CPDS), it propagates information backward, in the sense that it starts with target configurations and iteratively computes their preimages. We have implemented the new algorithm and confirmed that the prototype often outperforms TRecS and CSHORe, the stateoftheart model checkers for HORS.
Modelchecking higherorder programs with recursive types. An extended version available from http://wwwkb.is.s.utokyo.ac. jp/~koba/fjmc
, 2012
"... Abstract. Model checking of higherorder recursion schemes (HORS, for short) has been recently studied as a new promising technique for automated verification of higherorder programs. The previous HORS model checking could however deal with only simplytyped programs, so that its application was li ..."
Abstract

Cited by 6 (1 self)
 Add to MetaCart
(Show Context)
Abstract. Model checking of higherorder recursion schemes (HORS, for short) has been recently studied as a new promising technique for automated verification of higherorder programs. The previous HORS model checking could however deal with only simplytyped programs, so that its application was limited to functional programs. To deal with a broader range of programs such as objectoriented programs and multithreaded programs, we extend HORS model checking to check properties of programs with recursive types. Although the extended model checking problem is undecidable, we develop a sound modelchecking algorithm that is relatively complete with respect to a recursive intersection type system and prove its correctness. Preliminary results on the implementation and applications to verification of objectoriented programs and multithreaded programs are also reported. 1
CSHORe: A collapsible approach to verifying higherorder programs
, 2013
"... Higherorder recursion schemes (HORS) have recently received much attention as a useful abstraction of higherorder functional programs with a number of new verification techniques employing HORS modelchecking as their centrepiece. This paper contributes to the ongoing quest for a truly scalable ..."
Abstract

Cited by 3 (2 self)
 Add to MetaCart
(Show Context)
Higherorder recursion schemes (HORS) have recently received much attention as a useful abstraction of higherorder functional programs with a number of new verification techniques employing HORS modelchecking as their centrepiece. This paper contributes to the ongoing quest for a truly scalable modelchecker for HORS by offering a different, automata theoretic perspective. We introduce the first practical modelchecking algorithm that acts on a generalisation of pushdown automata equiexpressive with HORS called collapsible pushdown systems (CPDS). At its core is a substantial modification of a recently studied saturation algorithm for CPDS. In particular it is able to use information gathered from an approximate forward reachability analysis to guide its backward search. Moreover, we introduce an algorithm that prunes the CPDS prior to modelchecking and a method for extracting counterexamples in negative instances. We compare our tool with the stateoftheart verification tools for HORS and obtain encouraging results. In contrast to some of the main competition tackling the same problem, our algorithm is fixedparameter tractable, and we also offer significantly improved performance over the only previously published tool of which we are aware that also enjoys this property. The tool and additional material are available from
Exact flow analysis by higherorder model checking
 In FLOPS, volume 7294 of LNCS
, 2012
"... Abstract. We propose a novel control flow analysis for higherorder functional programs, based on a reduction to higherorder model checking. The distinguished features of our control flow analysis are that, unlike most of the control flow analyses like kCFA, it is exact for simplytyped λcalcul ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
(Show Context)
Abstract. We propose a novel control flow analysis for higherorder functional programs, based on a reduction to higherorder model checking. The distinguished features of our control flow analysis are that, unlike most of the control flow analyses like kCFA, it is exact for simplytyped λcalculus with recursion and finite base types, and that, unlike Mossin’s exact flow analysis, it is indeed runnable in practice, at least for small programs. Furthermore, under certain (arguably strong) assumptions, our control flow analysis runs in time cubic in the size of a program. We formalize the reduction of control flow analysis to higherorder model checking, prove the correctness, and report preliminary experiments. 1
Untyped recursion schemes and infinite intersection types
 In Proceedings of FOSSACS 2010, volume 6014 of LNCS
, 2010
"... Abstract. A new framework for higherorder program verification has been recently proposed, in which higherorder functional programs are modelled as higherorder recursion schemes and then modelchecked. As recursion schemes are essentially terms of the simplytyped lambdacalculus with recursion a ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
(Show Context)
Abstract. A new framework for higherorder program verification has been recently proposed, in which higherorder functional programs are modelled as higherorder recursion schemes and then modelchecked. As recursion schemes are essentially terms of the simplytyped lambdacalculus with recursion and tree constructors, however, it was not clear how the new framework applies to programs written in languages with more advanced type systems. To circumvent the limitation, this paper introduces an untyped version of recursion schemes and develops an infinite intersection type system that is equivalent to the model checking of untyped recursion schemes, so that the model checking can be reduced to type checking as in recent work by Kobayashi and Ong for typed recursion schemes. The type system is undecidable but we can obtain decidable subsets of the type system by restricting the shapes of intersection types, yielding a sound (but incomplete in general) model checking algorithm. 1
Using models to modelcheck recursive schemes
, 2012
"... We propose a modelbased approach to the model checking problem for recursive schemes. Since simply typed lambda calculus with the fixpoint operator, λYcalculus, is equivalent to schemes, we propose to use a model of λY to discriminate the terms that satisfy a given property. If a model is finite i ..."
Abstract

Cited by 3 (2 self)
 Add to MetaCart
We propose a modelbased approach to the model checking problem for recursive schemes. Since simply typed lambda calculus with the fixpoint operator, λYcalculus, is equivalent to schemes, we propose to use a model of λY to discriminate the terms that satisfy a given property. If a model is finite in every type, this gives a decision procedure. We provide a construction of such a model for every property expressed by automata with trivial acceptance conditions and divergence testing. We argue that having a model capable of recognizing terms satisfying a given property has other benefits than just providing decidability of the modelchecking problem. We show a very simple construction transforming a scheme to a scheme reflecting a given property. 1