Hostname: page-component-8448b6f56d-xtgtn Total loading time: 0 Render date: 2024-04-24T20:12:12.842Z Has data issue: false hasContentIssue false
  • English
  • Français

αCheck: A mechanized metatheory model checker*

Published online by Cambridge University Press:  22 May 2017

JAMES CHENEY  and
ALBERTO MOMIGLIANO
JAMES CHENEY
Affiliation:
Laboratory for Foundations of Computer Science, University of Edinburgh, Edinburgh, Scotland (e-mail: jcheney@inf.ed.ac.uk)
ALBERTO MOMIGLIANO
Affiliation:
Dipartimento di Informatica, Università degli Studi di Milano, Milan, Italy (e-mail: alberto.momigliano@unimi.it)
Get access Rights & Permissions [Opens in a new window]

Abstract

The problem of mechanically formalizing and proving metatheoretic properties of programming language calculi, type systems, operational semantics, and related formal systems has received considerable attention recently. However, the dual problem of searching for errors in such formalizations has attracted comparatively little attention. In this article, we present αCheck, a bounded model checker for metatheoretic properties of formal systems specified using nominal logic. In contrast to the current state of the art for metatheory verification, our approach is fully automatic, does not require expertise in theorem proving on the part of the user, and produces counterexamples in the case that a flaw is detected. We present two implementations of this technique, one based on negation-as-failure and one based on negation elimination, along with experimental results showing that these techniques are fast enough to be used interactively to debug systems as they are developed.

Keywords

nominal logicmodel checkingcounterexample searchnegation elimination
Type
Regular Papers
Information
Theory and Practice of Logic Programming , Volume 17 , Issue 3 , May 2017 , pp. 311 - 352
Copyright
Copyright © Cambridge University Press 2017 

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

Footnotes

*

This research was supported by EPSRC grant GR/S63205/01 and a Royal Society University Research Fellowship.

References

Amaral, C., Florido, M. and Santos Costa, V. 2014. PrologCheck: Property-based testing in Prolog. In Functional and Logic Programming, vol. 8475, Codish, M. and Sumii, E., Eds. Lecture Notes in Computer Science, Springer International Publishing, 117.Google Scholar
Apt, K. R. and Bol, R. N. 1994. Logic programming and negation: A survey. The Journal of Logic Programming 19, 971.Google Scholar
Ayala-Rincón, M., Fernández, M. and Nantes-Sobrinho, D. 2016. Nominal narrowing. In Proc. of 1st International Conference on Formal Structures for Computation and Deduction, FSCD 2016, June 22–26, 2016, Porto, Portugal, Schloss Dagstuhl - Leibniz-Zentrum fuer Informatik, 11:1–11:17.Google Scholar
Aydemir, B. E., Bohannon, A., Fairbairn, M., Foster, J. N., Pierce, B. C., Sewell, P., Vytiniotis, D., Washburn, G., Weirich, S. and Zdancewic, S. 2005. Mechanized metatheory for the masses: The PoplMark Challenge. In TPHOLs, vol. 3603, Hurd, J. and Melham, T. F., Eds. Lecture Notes in Computer Science, Springer, 5065.Google Scholar
Baelde, D., Gacek, A., Miller, D., Nadathur, G. and Tiu, A. 2007. The Bedwyr system for model checking over syntactic expressions. In CADE, vol. 4603, Pfenning, F., Ed. Lecture Notes in Computer Science, Springer, 391397.Google Scholar
Barbuti, R., Mancarella, P., Pedreschi, D. and Turini, F. 1990. A transformational approach to negation in logic programming. Journal of Logic Programming 8, 201228.Google Scholar
Blanchette, J. C., Bulwahn, L. and Nipkow, T. 2011. Automatic proof and disproof in Isabelle/HOL. In FroCoS, vol. 6989, Tinelli, C. and Sofronie-Stokkermans, V., Eds. Lecture Notes in Computer Science, Springer, 1227.Google Scholar
Blanchette, J. C. and Nipkow, T. 2010. Nitpick: A counterexample generator for higher-order logic based on a relational model finder. In ITP 2010, vol. 6172, Kaufmann, M. and Paulson, L., Eds. LNCS, Springer, 131146.Google Scholar
Bojańczyk, M., Klin, B., Kurz, A. and Pitts, A. M. 2013. Nominal computation theory (Dagstuhl Seminar 13422). Dagstuhl Reports 3, 10, 5871.Google Scholar
Bruscoli, P., Levi, F., Levi, G. and Meo, M. C. 1994. Compilative constructive negation in constraint logic programs. In Proc. Trees in Algebra and Programming - CAAP'94, 19th International Colloquium, Tison, S., Ed. Lecture Notes in Computer Science, Springer, vol. 787. 52–76.Google Scholar
Bulwahn, L. 2012a. The new Quickcheck for Isabelle - random, exhaustive and symbolic testing under one roof. In CPP, vol. 7679, Hawblitzel, C. and Miller, D., Eds. Lecture Notes in Computer Science, Springer, 92108.Google Scholar
Bulwahn, L. 2012b. Smart testing of functional programs in Isabelle. In LPAR, vol. 7180, Bjørner, N. and Voronkov, A., Eds. Lecture Notes in Computer Science, Springer, 153167.Google Scholar
Calvès, C. and Fernández, M. 2008. A polynomial nominal unification algorithm. Theoretical Computer Science 403, 2–3, 285306.Google Scholar
Cheney, J. 2005a. Relating nominal and higher-order pattern unification. In Proc. of the 19th International Workshop on Unification (UNIF 2005), Vigneron, L., Ed., LORIA Research Report A05-R-022, 104–119.Google Scholar
Cheney, J. 2005b. Scrap your nameplate (functional pearl). In Proc. of the 10th International Conference on Functional Programming (ICFP 2005), Pierce, B., Ed. ACM, Tallinn, Estonia, 180191.Google Scholar
Cheney, J. 2006. Completeness and Herbrand theorems for nominal logic. Journal of Symbolic Logic 71, 1, 299320.Google Scholar
Cheney, J. 2010. Equivariant unification. Journal of Automated Reasoning 45, 3, 267300.Google Scholar
Cheney, J. 2016. A simple sequent calculus for nominal logic. Journal of Logic and Computation 26, 2, 699726.Google Scholar
Cheney, J. and Momigliano, A. 2007. Mechanized metatheory model-checking. In PPDP, Leuschel, M. and Podelski, A., Eds. ACM, 7586.Google Scholar
Cheney, J., Momigliano, A. and Pessina, M. 2016. Advances in property-based testing for αProlog. In Proc. of the 10th International Conference on Tests and Proofs (TAP 2016), Aichernig, B. K. and Furia, C. A., Eds. Lecture Notes in Computer Science, vol. 9762. Springer, Vienna, Austria, 37–56.Google Scholar
Cheney, J. and Urban, C. 2008. Nominal logic programming. ACM Transactions on Programming Languages and Systems 30, 5, 26.Google Scholar
Claessen, K. and Hughes, J. 2000. QuickCheck: A lightweight tool for random testing of Haskell programs. In Proc. of the 2000 ACM SIGPLAN International Conference on Functional Programming (ICFP 2000). ACM, Montreal, Canada, 268–279.Google Scholar
Clarke, E. M., Grumberg, O. and Peled, D. A. 2000. Model Checking. MIT Press.Google Scholar
Dybjer, P., Haiyan, Q. and Takeyama, M. 2004. Verifying Haskell programs by combining testing, model checking and interactive theorem proving. Information & Software Technology 46, 15, 10111025.Google Scholar
Felleisen, M., Findler, R. B. and Flatt, M. 2009. Semantics Engineering with PLT Redex. The MIT Press.Google Scholar
Fernández, M. and Gabbay, M. 2005. Nominal rewriting with name generation: Abstraction versus locality. In PPDP, Barahona, P. and Felty, A. P., Eds. ACM, 4758.Google Scholar
Fetscher, B., Claessen, K., Palka, M. H., Hughes, J. and Findler, R. B. 2015. Making random judgments: Automatically generating well-typed terms from the definition of a type-system. In Proc. of ESOP 2015, vol. 9032, Vitek, J., Ed. Lecture Notes in Computer Science, Springer, 383–405.Google Scholar
Findler, R. B., Klein, C. and Fetscher, B. 2015. Redex: Practical semantics engineering. URL: http://docs.racket-lang.org/redex. [Accessed on 25/04/2017]Google Scholar
Gabbay, M. 2007. Fresh logic: Proof-theory and semantics for FM and nominal techniques. Journal of Applied Logic 5, 2, 356387.Google Scholar
Gabbay, M. J. 2011. Foundations of nominal techniques: Logic and semantics of variables in abstract syntax. Bulletin of Symbolic Logic 17, 2, 161229.Google Scholar
Gabbay, M. J. and Cheney, J. 2004. A sequent calculus for nominal logic. In Proc. of the 19th Annual IEEE Symposium on Logic in Computer Science (LICS 2004). IEEE Computer Society, Turku, Finland, 139–148.Google Scholar
Gabbay, M. J. and Pitts, A. M. 2002. A new approach to abstract syntax with variable binding. Formal Aspects of Computing 13, 341363.CrossRefGoogle Scholar
Gacek, A. 2010. Relating nominal and higher-order abstract syntax specifications. In PPDP, Kutsia, T., Schreiner, W., and Fernández, M., Eds. ACM, 177186.Google Scholar
Gacek, A., Miller, D. and Nadathur, G. 2012. A two-level logic approach to reasoning about computations. Journal of Automated Reasoning 49, 2, 241273.Google Scholar
Gadducci, F., Miculan, M. and Montanari, U. 2006. About permutation algebras, (pre)sheaves and named sets. Higher-Order and Symbolic Computation 19, 2–3, 283304.Google Scholar
Harland, J. 1993. Success and failure for hereditary Harrop formulae. Journal of Logic Programming 17, 1, 129.CrossRefGoogle Scholar
Harper, R. and Pfenning, F. 2005. On equivalence and canonical forms in the LF type theory. ACM Transactions on Computational Logic 6, 1, 61101.Google Scholar
Heath, Q. and Miller, D. 2015. A framework for proof certificates in finite state exploration. In Proc. 4th Workshop on Proof eXchange for Theorem Proving, PxTP 2015, Kaliszyk, C. and Paskevich, A., Eds. EPTCS, vol. 186. 11–26. Open Publishing Association, Berlin, Germany.Google Scholar
Klein, C., Clements, J., Dimoulas, C., Eastlund, C., Felleisen, M., Flatt, M., McCarthy, J. A., Rafkind, J., Tobin-Hochstadt, S. and Findler, R. B. 2012a. Run your research: On the effectiveness of lightweight mechanization. In Proc. of the 39th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. POPL '12. ACM, New York, NY, USA, 285–296.Google Scholar
Klein, C., Flatt, M. and Findler, R. B. 2012b. The Racket virtual machine and randomized testing. Higher-Order and Symbolic Computation 25, 2–4, 209253.Google Scholar
Lakin, M. R. and Pitts, A. M. 2009. Resolving inductive definitions with binders in higher-order typed functional programming. In Proc. the 18th European Symposium on Programming (ESOP 2009), Springer, York, UK, 47–61.Google Scholar
Lassez, J.-L. and Marriott, K. 1987. Explicit representation of terms defined by counter examples. Journal of Automated Reasoning 3, 3, 301318.Google Scholar
Leach, J., Nieva, S. and Rodríguez-Artalejo, M. 2001. Constraint logic programming with hereditary Harrop formulas. TPLP 1, 4, 409445.Google Scholar
Levy, J. and Villaret, M. 2010. An efficient nominal unification algorithm. In Proc. of the 21st International Conference on Rewriting Techniques and Applications, RTA 2010, Springer, Edinburgh, Scottland, UK, 209–226.Google Scholar
Levy, J. and Villaret, M. 2012. Nominal unification from a higher-order perspective. ACM Transactions on Computational Logic 13, 2, 10:110:31.Google Scholar
Liu, H., Cheng, E. and Hudak, P. 2009. Causal commutative arrows and their optimization. SIGPLAN Notices 44, 9, 3546.Google Scholar
Mancarella, P. and Pedreschi, D. 1988. An algebra of logic programs. In Proc. of the 5th International Conference and Symposium on Logic Programming, Kowalski, R. A. and Bowen, K. A., Eds. ALP, IEEE, The MIT Press, Seatle, 1006–1023.Google Scholar
Miller, D., Nadathur, G., Pfenning, F. and Scedrov, A. 1991. Uniform proofs as a foundation for logic programming. Annals of Pure and Applied Logic 51, 125157.Google Scholar
Momigliano, A. 2000. Elimination of negation in a logical framework. In CSL, vol. 1862, Clote, P. and Schwichtenberg, H., Eds. Lecture Notes in Computer Science, Springer, 411426.Google Scholar
Momigliano, A. 2012. A supposedly fun thing I may have to do again: A HOAS encoding of Howe's method. In Proc. of the 7th International Workshop on Logical Frameworks and Meta-languages, Theory and Practice. LFMTP '12. ACM, New York, NY, USA, 33–42.Google Scholar
Momigliano, A. and Pfenning, F. 2003. Higher-order pattern complement and the strict lambda-calculus. ACM Transactions on Computational Logic 4, 4, 493529.Google Scholar
Montanari, U. and Pistore, M. 2005. History-dependent automata: An introduction. In Advanced Lectures of the 5th International School on Formal Methods for the Design of Computer, Communication, and Software Systems (SFM-Moby 2005), Bernardo, M. and Bogliolo, A., Ed., vol. 3465 of LNCS, Springer, 1–28.Google Scholar
Moreno-Navarro, J. J. and Muñoz-Hernández, S. 2000. How to incorporate negation in a Prolog compiler. In PADL 2000, vol. 1753, Pontelli, E. and Costa, V. S., Eds. LNCS, Springer, 124140.Google Scholar
Muñoz-Hernández, S., Mariño, J. and Moreno-Navarro, J. J. 2004. Constructive intensional negation. In FLOPS, vol. 2998, Kameyama, Y. and Stuckey, P. J., Eds. Lecture Notes in Computer Science, Springer, 3954.Google Scholar
Naish, L. 1997. A declarative debugging scheme. Journal of Functional and Logic Programming 1997, 3, 329.Google Scholar
Niemelä, I. 2006. Answer set programming: A declarative approach to solving search problems. In JELIA, vol. 4160, Fisher, M., van der Hoek, W., Konev, B., and Lisitsa, A., Eds. Lecture Notes in Computer Science, Springer, 1518.Google Scholar
Nipkow, T. and Klein, G. 2014. Concrete Semantics - With Isabelle/HOL. Springer.CrossRefGoogle Scholar
Owre, S. 2006. Random testing in PVS. In Workshop on Automated Formal Methods (AFM). Informatl proceedings, available at http://fm.csl.sri.com/AFM06/ [Accessed on 25/04/2017].Google Scholar
Paraskevopoulou, Z., Hritcu, C., Dénès, M., Lampropoulos, L. and Pierce, B. C. 2015. Foundational property-based testing. In Proc. of the 6th International Conference on Interactive Theorem Proving (ITP 2015), vol. 9236, Urban, C. and Zhang, X., Eds. Lecture Notes in Computer Science, Springer, 325–343.Google Scholar
Pientka, B. 2005. Verifying termination and reduction properties about higher-order logic programs. Journal of Automated Reasoning 34, 2, 179207.Google Scholar
Pierce, B. C. 2002. Types and Programming Languages. MIT Press.Google Scholar
Pierce, B. C., de Amorim, A. A., Casinghino, C., Gaboardi, M., Greenberg, M., Hriţcu, C., Sjöberg, V. and Yorgey, B. 2016. Software Foundations. Electronic textbook. Version 4.0. URL: http://www.cis.upenn.edu/~bcpierce/sf. [Accessed on 25/04/2017]Google Scholar
Pitts, A. 2016. Nominal techniques. ACM SIGLOG News 3, 1, 5772.Google Scholar
Pitts, A. M. 2003. Nominal logic, a first order theory of names and binding. Information and Computation 183, 165193.Google Scholar
Pitts, A. M. 2013. Nominal Sets: Names and Symmetry in Computer Science. Cambridge University Press.Google Scholar
Ramakrishnan, C. R., Ramakrishnan, I. V., Smolka, S. A., Dong, Y., Du, X., Roychoudhury, A. and Venkatakrishnan, V. N. 2000. XMC: A logic-programming-based verification toolset. In CAV 2000. Springer-Verlag, London, UK, 576580.Google Scholar
Roberson, M., Harries, M., Darga, P. T. and Boyapati, C. 2008. Efficient software model checking of soundness of type systems. In OOPSLA, Harris, G. E., Ed. ACM, 493504.Google Scholar
Roşu, G. and Şerbănuţă, T. F. 2010. An overview of the K semantic framework. Journal of Logic and Algebraic Programming 79, 6, 397434.Google Scholar
Runciman, C., Naylor, M. and Lindblad, F. 2008. Smallcheck and lazy SmallCheck: Automatic exhaustive testing for small values. In Haskell Workshop, Gill, A., Ed. ACM, 3748.Google Scholar
Schöpp, U. 2007. Modelling generic judgements. Electronic Notes in Theoretical Computer Science 174, 5, 1935.CrossRefGoogle Scholar
Schroeder-Heister, P. 1993. Definitional reflection and the completion. In Proc. of the 4th International Workshop on Extensions of Logic Programming (ELP'93), Dyckhoff, R., Ed. Lecture Notes in Computer Science, vol. 798. Springer, St. Andrews, UK, 333–347.Google Scholar
Schürmann, C. 2009. The Twelf proof assistant. In TPHOLs, vol. 5674, Berghofer, S., Nipkow, T., Urban, C., and Wenzel, M., Eds. Lecture Notes in Computer Science, Springer, 7983.Google Scholar
Sewell, P., Nardelli, F. Z., Owens, S., Peskine, G., Ridge, T., Sarkar, S. and Strnisa, R. 2010. Ott: Effective tool support for the working semanticist. Journal of Functional Programming 20, 1, 71122.Google Scholar
Stuckey, P. J. 1995. Negation and constraint logic programming. Information and Computation 118, 1, 1233.Google Scholar
Tiu, A. and Miller, D. 2010. Proof search specifications of bisimulation and modal logics for the π-calculus. ACM Transactions on Computers Logic 11, 2 (January), 13:113:35.Google Scholar
Urban, C., Cheney, J. and Berghofer, S. 2011. Mechanizing the metatheory of LF. ACM Transactions on Computational Logic 12, 2, Article 15.Google Scholar
Urban, C. and Kaliszyk, C. 2012. General bindings and alpha-equivalence in Nominal Isabelle. Logical Methods in Computer Science 8, 2, 135.Google Scholar
Urban, C., Pitts, A. M. and Gabbay, M. J. 2004. Nominal unification. Theoretical Computer Science 323, 1–3, 473497.Google Scholar
Volpano, D., Irvine, C. and Smith, G. 1996. A sound type system for secure flow analysis. Journal of Computer Security 4, 2–3, 167187.Google Scholar
Walker, D., Mackey, L., Ligatti, J., Reis, G. A. and August, D. I. 2006. Static typing for a faulty lambda calculus. In ICFP '06: Proc. of the 11th ACM SIGPLAN International Conference on Functional Programming. ACM Press, New York, NY, USA, 38–49.Google Scholar
Weirich, S., Yorgey, B. A. and Sheard, T. 2011. Binders unbound. In Proc. of the 16th ACM SIGPLAN International Conference on Functional Programming. ICFP '11. ACM, New York, NY, USA, 333–345.Google Scholar
Winskel, G. 1993. The Formal Semantics of Programming Languages: An Introduction. MIT Press, Cambridge, MA, USA.Google Scholar