Verified Functional Programming

Voirol, Nicolas

doi:10.5075/epfl-thesis-9479

Cited by 4 publications

(2 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This is safe, since we will only verify well-typed Scala programs, so any such cast will be correct by construction. In a later type-encoding phase [40] Stainless translates type tests such as line 8 to conditions in the theory of inductive data types. On line 11 we apply the function f to the old value of data and construct a Cell Data value reflecting the new state of data.…”

Section: Encoding Tmapmentioning

confidence: 99%

“…For values, i.e., the state of individual objects, we pick the top type Any as the trivial solution which subsumes the representations of all heap types. While SMT solvers do not directly support subtyping, this is convenient in Stainless, as we can leverage its existing support for subtyping and Any [40]. Our design differs from that supported by the Boogie verifier, whose type system provides higher-rank map types [24] in which the heap map may be typed as ∀T.…”

Section: Translation Rulesmentioning

confidence: 99%

See 1 more Smart Citation

Generalized Arrays for Stainless Frames

Schmid

Kunčak

2022

Lecture Notes in Computer Science

View full text Add to dashboard Cite

We present an approach for verification of programs with shared mutable references against specifications such as assertions, preconditions, postconditions, and read/write effects. We implement our tool in the Stainless verification system for Scala. A novelty of our approach is to translate imperative function contracts (including frame conditions) using quantifier-free formulas in first-order logic, instead of quantifiers or separation logic. Our quantifier-free encoding enables SMT solvers to both prove safety and to report counterexamples relative to the semantics of procedure contracts. Our encoding is possible thanks to the expressive power of the extended array theory of de Moura and Bjørner, implemented in the SMT solver Z3, whose map operators allow us to project heaps before and after the call onto the declared reads and modifies clauses. To support inductive proofs about the preservation of invariants, our approach permits capturing a projection of heap state as a history variable and evaluating imperative ghost code in the specified captured heap. We also retain the efficiency of reasoning about purely functional layers of data structures, which need not be represented using heap references but often map directly to SMT-LIB algebraic data types and arrays. We thus obtain a combination of expressiveness for shared mutable data where needed, while retaining automation for purely functional program aspects. We illustrate our approach by proving detailed correctness properties of examples manipulating mutable linked structures.

show abstract

Section: Encoding Tmapmentioning

confidence: 99%

Section: Translation Rulesmentioning

confidence: 99%

Generalized Arrays for Stainless Frames

Schmid

Kunčak

2022

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

Verifying a Realistic Mutable Hash Table

Chassot,

Kunčak

2024

Lecture Notes in Computer Science

View full text Add to dashboard Cite

In this work, we verify, using the Stainless program verifier, the mutable from the Scala standard library, a hash table using open addressing within a single array. As an executable specification, we write an immutable map based on a list of tuples and verify it against the mathematical definition of a map. We then show that ’s operations correspond to operations of this association list. To express the resizing of the hash table array, we introduce a new reference-swapping construct in Stainless. This allows us to apply the decorator design pattern without introducing aliasing. Our verification effort led us to find and fix a bug in the original implementation that manifests for large hash tables. Our performance analysis shows the verified version to be within a 1.5 factor of the original data structure.

show abstract

Proving and Disproving Equivalence of Functional Programming Assignments

Milovančević,

Kunčak

2023

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

We present an automated approach to verify the correctness of programming assignments, such as the ones that arise in a functional programming course. Our approach takes as input student submissions and reference solutions, and uses equivalence checking to automatically prove or disprove correctness of each submission. To be effective in the context of a real-world programming course, an automated grading system must be both robust, to support programs written in a variety of style, and scalable, to treat hundreds of submissions at once. We achieve robustness by handling recursion using functional induction and by handling auxiliary functions using function call matching. We achieve scalability using a clustering algorithm that leverages the transitivity of equivalence to discover intermediate reference solutions among student submissions. We implement our approach on top of the Stainless verification system, to support equivalence checking of Scala programs. We evaluate our system and its components on over 4000 programs drawn from a functional programming course and from the program equivalence checking literature; this is the largest such evaluation to date. We show that our system is capable of proving program correctness by generating inductive equivalence proofs, and providing counterexamples for incorrect programs, with a high success rate.

show abstract

Verified Functional Programming

Cited by 4 publications

References 0 publications

Generalized Arrays for Stainless Frames

Generalized Arrays for Stainless Frames

Verifying a Realistic Mutable Hash Table

Proving and Disproving Equivalence of Functional Programming Assignments

Contact Info

Product

Resources

About