Verifying Catamorphism-Based Contracts using Constrained Horn Clauses

Angelis, Emanuele De; Pettorossi, Alberto; Proietti, Maurizio

doi:10.1017/s1471068422000175

Cited by 11 publications

(7 citation statements)

References 39 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Our technique is based on the translation of the program functions and their contracts for which STAINLESS is not successful, into a set of constrained Horn clauses (CHCs) [5,13]. Then, in the case where programs manipulate Algebraic Data Structures, those clauses are transformed by VeriCaT [9], so that their satisfiability can hopefully be proved by SPACER (or a different CHC solver) in the domain of integers and/or booleans. If satisfiability is proved and a model for those clauses is found (which is defined by constraints on integers and/or booleans), then via a final translation step, we derive from that model suitable strengthened postconditions for the contracts.…”

Section: Discussionmentioning

confidence: 99%

“…Then, we proceed according to Step (ii) of our technique, which consists in applying a transformation that removes all ADT terms from ReverseCHCs. Indeed, we apply Algorithm T cata [9], implemented in the VeriCaT tool, and we get the new set TransfReverseCHCs of clauses (see Figure 3), whose satisfibility implies the satisfiability of the set ReverseCHCs. In particular, starting from goal GR, by transformation we obtain clauses T1-T5, and starting goal GS, by transformation we obtain clauses T6-T8.…”

Section: Verifying Contracts Via Chc Satisfiabilitymentioning

confidence: 99%

“…It is only important to note that all variables in TransfReverseCHCs are of sort boolean or integer. Indeed, Algorithm T cata always terminates and generates a set of clauses without ADT variables in the case where, as in our set ReverseCHCs of clauses, the contracts are specified by means of catamorphisms [9], that is, total functions defined by a simple recursion schema on the ADT structure. (The notion of catamorphism used here is an adaptation to CHCs of the one popularized by Meijer et al [21] in the area of functional programming.…”

Section: Verifying Contracts Via Chc Satisfiabilitymentioning

confidence: 99%

“…Let us briefly discuss the soundness of our technique for strengthening contracts. We consider the class of contracts specified by catamorphisms considered in previous work [9], where the termination of the transformation algorithm T cata is guaranteed. Soundness of our technique will be shown by proving that, if a given contract is valid and a CHC solver is able to prove the satisfiability of the set of clauses obtained by T cata , then also the strengthened version of the contract, which is derived by using our technique, is valid.…”

Section: Strengthening Program Contracts Using Chc Modelsmentioning

confidence: 99%

“…Step (ii): Then, by using already known methods [6,7], we transform this set of CHCs into a new set where all ADT terms are removed. In particular, we use the VeriCaT tool [9]. These methods are sound, in the sense that the satisfiability of the transformed clauses implies the satisfiability of the original set of clauses.…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

Contract Strengthening through Constrained Horn Clause Verification

Angelis

Fioravanti

Pettorossi

et al. 2022

Electron. Proc. Theor. Comput. Sci.

Self Cite

View full text Add to dashboard Cite

The functional properties of a program are often specified by providing a contract for each of its functions. A contract of a function consists of a pair of formulas, called a precondition and a postcondition, which, respectively, should hold before and after execution of that function. It might be the case that the contracts supplied by the programmer are not adequate to allow a verification system to prove program correctness, that is, to show that for every function, if the precondition holds and the execution of the function terminates, then the postcondition holds. We address this problem by providing a technique which may strengthen the postconditions of the functions, thereby improving the ability of the verifier to show program correctness. Our technique consists of four steps. First, the translation of the given program, which may manipulate algebraic data structures (ADTs), and its contracts into a set of constrained Horn clauses (CHCs) whose satisfiability implies the validity of the given contracts. Then, the derivation, via CHC transformation performed by the VeriCaT tool, of a new set of CHCs that manipulate only basic sorts (such as booleans or integers) and whose satisfiability implies the satisfiability of the original set of clauses. Then, the construction of a model, if any, of the new, derived CHCs using the CHC solver SPACER for basic sorts. Finally, the translation of that model into the formulas that suitably strengthen the postconditions of the given contracts. We will present our technique through an example consisting of a Scala program for reversing lists. Note that the STAINLESS verifier is not able to prove the correctness of that program when considering the given contracts, while it succeeds when considering the contracts with the strengthened postconditions constructed by applying our technique.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Verifying Contracts Via Chc Satisfiabilitymentioning

confidence: 99%

Section: Verifying Contracts Via Chc Satisfiabilitymentioning

confidence: 99%

Section: Strengthening Program Contracts Using Chc Modelsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Contract Strengthening through Constrained Horn Clause Verification

Angelis

Fioravanti

Pettorossi

et al. 2022

Electron. Proc. Theor. Comput. Sci.

Self Cite

View full text Add to dashboard Cite

show abstract

Multiple Query Satisfiability of Constrained Horn Clauses

Angelis

Fioravanti

Pettorossi

et al. 2023

Practical Aspects of Declarative Languages

View full text Add to dashboard Cite

Constrained Horn Clauses Satisfiability via Catamorphic Abstractions

De Angelis,

Fioravanti,

Pettorossi

et al. 2023

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Catamorphisms are functions that are recursively defined on list and trees and, in general, on Algebraic Data Types (ADTs), and are often used to compute suitable abstractions of programs that manipulate ADTs. Examples of catamorphisms include functions that compute size of lists, orderedness of lists, and height of trees. It is well known that program properties specified through catamorphisms can be proved by showing the satisfiability of suitable sets of Constrained Horn Clauses (CHCs). We address the problem of checking the satisfiability of those sets of CHCs, and we propose a method for transforming sets of CHCs into equisatisfiable sets where catamorphisms are no longer present. As a consequence, clauses with catamorphisms can be handled without extending the satisfiability algorithms used by existing CHC solvers. Through an experimental evaluation on a non-trivial benchmark consisting of many list and tree processing algorithms expressed as sets of CHCs, we show that our technique is indeed effective and significantly enhances the performance of state-of-the-art CHC solvers.

show abstract

Verifying Catamorphism-Based Contracts using Constrained Horn Clauses

Cited by 11 publications

References 39 publications

Contract Strengthening through Constrained Horn Clause Verification

Contract Strengthening through Constrained Horn Clause Verification

Multiple Query Satisfiability of Constrained Horn Clauses

Constrained Horn Clauses Satisfiability via Catamorphic Abstractions

Contact Info

Product

Resources

About