Papers by Naoki Kobayashi
Model checking of higher-order recursion schemes (HORS) has recently been studied extensively and... more Model checking of higher-order recursion schemes (HORS) has recently been studied extensively and applied to higher-order program verification. Despite recent efforts, obtaining a scalable model checker for HORS remains a big challenge. We propose a new model checking algorithm for HORS, which combines two previous, independent approaches to higher-order model checking. Like previous type-based algorithms for HORS, it directly analyzes HORS and outputs intersection types as a certificate, but like Broadbent et al.'s saturation algorithm for collapsible pushdown systems (CPDS), it propagates information backward, in the sense that it starts with target configurations and iteratively computes their pre-images. We have implemented the new algorithm and confirmed that the prototype often outperforms TRECS and CSHORe, the state-of-the-art model checkers for HORS.
Foundations of Software Science and Computational Structures, 2011
The model checking of higher-order recursion schemes has been actively studied and is now becomin... more The model checking of higher-order recursion schemes has been actively studied and is now becoming a basis of higher-order program verification. We propose a new algorithm for trivial automata model checking of higher-order recursion schemes. To our knowledge, this is the first practical model checking algorithm for recursion schemes that runs in time linear in the size of the higher-order recursion scheme, under the assumption that the size of trivial automata and the largest order and arity of functions are fixed. The previous linear time algorithm was impractical due to a huge constant factor, and the only practical previous algorithm suffers from the hyper-exponential worst-case time complexity, under the same assumption. The new algorithm is remarkably simple, consisting of just two fixed-point computations. We have implemented the algorithm and confirmed that it outperforms Kobayashi's previous algorithm in a certain case.
CONCUR 2006 – Concurrency Theory, 2006
We extend a previous type system for the π-calculus that guarantees deadlock-freedom. The previou... more We extend a previous type system for the π-calculus that guarantees deadlock-freedom. The previous type systems for deadlockfreedom either lacked a reasonable type inference algorithm or were not strong enough to ensure deadlock-freedom of processes using recursion. Although the extension is fairly simple, the new type system admits type inference and is much more expressive than the previous type systems that admit type inference. In fact, we show that the simply-typed λcalculus with recursion can be encoded into the deadlock-free fragment of our typed π-calculus. To enable analysis of realistic programs, we also present an extension of the type system to handle recursive data structures like lists. Both extensions have already been incorporated into the recent release of TyPiCal, a type-based analyzer for the π-calculus. output operations that are guaranteed to succeed if they are ever executed and if the whole process does not diverge, and mark them with ?? and !!. The output shown in the figure indicates that the first client can eventually receive a reply (note that r1?x has been replaced by r1??x), while the second client may not be able to receive a reply (r2?x remains the same). Input program: *(server1?r.r!1) | *(server2?r.if b then r!1 else O) /* Servers */ | new r1 in server1!r1.r1?x /* A client for the first server */ | new r2 in server2!r2.r2?x /* A client for the second server */ Output: *(server1?r.r!!1) | *(server2?r.if b then r!!1 else O) | new r1 in server1!!r1.r1??x | new r2 in server2!!r2.r2?x
Lecture Notes in Computer Science, 2014
This paper studies the complexity of the reachability problem (a typical and practically importan... more This paper studies the complexity of the reachability problem (a typical and practically important instance of the model-checking problem) for simply-typed call-by-value programs with recursion, Boolean values, and non-deterministic branch, and proves the following results. (1) The reachability problem for order-3 programs is nonelementary. Thus, unlike in the call-by-name case, the order of the input program does not serve as a good measure of the complexity. (2) Instead, the depth of types is an appropriate measure: the reachability problem for depth-n programs is n-EXPTIME complete. In particular, the previous upper bound given by the CPS translation is not tight. The algorithm used to prove the upper bound result is based on a novel intersection type system, which we believe is of independent interest.
Lecture Notes in Computer Science, 2004
Region-based memory management scheme has been proposed for programming language ML. In this sche... more Region-based memory management scheme has been proposed for programming language ML. In this scheme, a compiler statically estimates the live range of each object by performing an extension of type inference (called region inference) and inserts code for memory allocation and deallocation. Advantages of this scheme are that memory objects can be deallocated safely (unlike with manual memory management using malloc/free) and often earlier than with run-time garbage collection. Since the region inference is an extension of the ML type inference, however, it was not clear whether the region-based memory management was applicable to dynamically-typed programming languages like Scheme. In this paper, we show that the region-based memory management can be applied to dynamically-typed languages by combining region inference and Cartwright et al.'s soft type system.
Lecture Notes in Computer Science, 2014
Higher-order grammars have been extensively studied in 1980's and interests in them have revived ... more Higher-order grammars have been extensively studied in 1980's and interests in them have revived recently in the context of higher-order model checking and program verification, where higherorder grammars are used as models of higher-order functional programs. A lot of theoretical questions remain open, however, for unsafe higherorder grammars (grammars without the so-called safety condition). In this paper, we show that any tree languages generated by order-2 unsafe grammars are context-sensitive. This also implies that any unsafe order-3 word languages are context-sensitive. The proof involves novel technique based on typed lambda-calculus, such as type-based grammar transformation.
Theoretical Computer Science: Exploring New Frontiers of Theoretical Informatics, 2000
In our previous papers , we presented advanced type systems for the π-calculus, which can guarant... more In our previous papers , we presented advanced type systems for the π-calculus, which can guarantee deadlock-freedom in the sense that certain communications will eventually succeed unless the whole process diverges. Although such guarantee is quite useful for reasoning about the behavior of concurrent programs, there still remains a weakness that the success of a communication cannot be completely guaranteed due to the problem of divergence. For example, while a server process that has received a request message cannot discard the request, it is allowed to infinitely delegate the request to other processes, causing a livelock. In this paper, we show that we can guarantee not only deadlockfreedom but also livelock-freedom, by modifying our previous type systems for deadlock-freedom. The resulting type system guarantees that certain communications will eventually succeed under fair scheduling, no matter whether processes diverge. Moreover, it can also guarantee that some of those communications will succeed within a certain amount of time.
Proceedings of the ACM SIGPLAN 2013 workshop on Partial evaluation and program manipulation, 2013
In our recent paper, we have shown how to construct a fullyautomated program verification tool (s... more In our recent paper, we have shown how to construct a fullyautomated program verification tool (so called a "software model checker") for a tiny subset of functional language ML, by combining higher-order model checking, predicate abstraction, and CE-GAR. This can be viewed as a higher-order counterpart of previous software model checkers for imperative languages like BLAST and SLAM. The naïve application of the proposed approach, however, suffered from scalability problems, both in terms of efficiency and supported language features. To obtain more scalable software model checkers for full-scale functional languages, we propose a series of optimizations and extensions of the previous approach. Among others, we introduce (i) selective CPS transformation, (ii) selective predicate abstraction, and (iii) refined predicate discovery as optimization techniques; and propose (iv) functional encoding of recursive data structures and control operations to support a larger subset of ML. We have implemented the proposed methods, and obtained promising results.
Proceedings of the 11th ACM SIGPLAN conference on Principles and practice of declarative programming, 2009
We propose a novel type inference algorithm for a dependentlytyped functional language. The novel... more We propose a novel type inference algorithm for a dependentlytyped functional language. The novel features of our algorithm are: (i) it can iteratively refine dependent types with interpolants until the type inference succeeds or the program is found to be illtyped, and (ii) in the latter case, it can generate a kind of counterexample as an explanation of why the program is ill-typed. We have implemented a prototype type inference system and tested it for several programs.
Lecture Notes in Computer Science
Dependent types are useful for statically checking detailed specifications of programs and detect... more Dependent types are useful for statically checking detailed specifications of programs and detecting pattern match or array bounds errors. We propose a novel approach to applications of dependent types to practical programming languages: Instead of requiring programmers' declaration of dependent function types (as in Dependent ML) or trying to infer them from function definitions only (as in size inference), we mine the output specification of a dependent function from the function's call sites, and then propagate that specification backward to infer the input specification. We have implemented a prototype type inference system which supports higher-order functions, parametric polymorphism, and algebraic data types based on our approach, and obtained promising experimental results. fun insert (x, xs) = match xs with Nil _ -> Cons (x, Nil ()) | Cons (y, ys) -> if x <= y then Cons(x, xs) else Cons(y, insert (x, ys)) fun isort xs = match xs with
Higher-Order and Symbolic Computation
This article presents a hybrid method of partial evaluation (PE), which is exactly as precise as ... more This article presents a hybrid method of partial evaluation (PE), which is exactly as precise as naive online PE and nearly as efficient as state-of-the-art offline PE, for a statically typed call-by-value functional language. PE is a program transformation that specializes a program with respect to a subset of its input by reducing the program and leaving a residual program. Online PE makes the reduction/residualization decision during specialization, while offline PE makes it before specialization by using a static analysis called binding-time analysis. Compared to offline PE, online PE is more precise in the sense that it finds more redexes, but less efficient in the sense that it takes more time. To solve this dilemma, we begin with a naive online partial evaluator, and make it efficient without sacrificing its precision. To this end, we (1) use state (instead of continuations) for let-insertion, (2) take a so-called cogen approach (instead of self-application), and (3) remove unnecessary let-insertion, unnecessary tags, and unnecessary values/expressions by using a type-based representation analysis, which subsumes various monovariant binding-time analyses. We implemented and compared our method and existing methods-both online and offline-in a subset of Standard ML. Experiments showed that (1) our method produces as fast residual programs as online PE and (2) it does so at least twice as fast as other methods (including a cogen approach to offline PE with a polyvariant binding-time analysis) that produce comparable residual programs.
Proceedings of the 2006 ACM SIGPLAN symposium on Partial evaluation and semantics-based program manipulation, 2006
Igarashi and Kobayashi have proposed a general type system for checking whether resources such as... more Igarashi and Kobayashi have proposed a general type system for checking whether resources such as files and memory are accessed in a valid manner. Their type system is, however, for call-byvalue λ-calculus with resource primitives, and does not deal with non-functional primitives such as exceptions and pointers. We extend their type system to deal with exception primitives and prove soundness of the type system. Dealing with exception primitives is especially important in practice, since many resource access primitives may raise exceptions. The extension is non-trivial: While Igarashi and Kobayashi's type system is based on linear types, our new type system is a combination of linear types and effect systems. We also report on a prototype analyzer based on the new type system.
Lecture Notes in Computer Science
Tree automata modulo associativity and commutativity axioms, called AC tree automata, accept tree... more Tree automata modulo associativity and commutativity axioms, called AC tree automata, accept trees by iterating the transition modulo equational reasoning. The class of languages accepted by monotone AC tree automata is known to include the solution set of the inequality x × y z, which implies that the class properly includes the AC closure of regular tree languages. In the paper, we characterize more precisely the expressiveness of monotone AC tree automata, based on the observation that, in addition to polynomials, a class of exponential constraints (called monotone exponential Diophantine inequalities) can be expressed by monotone AC tree automata with a minimal signature. Moreover, we show that a class of arithmetic logic consisting of monotone exponential Diophantine inequalities is definable by monotone AC tree automata. The results presented in the paper are obtained by applying our novel tree automata technique, called linearly bounded projection.
ACM SIGPLAN Notices, 2012
Higher-order model checking (more precisely, the model checking of higher-order recursion schemes... more Higher-order model checking (more precisely, the model checking of higher-order recursion schemes) has been extensively studied recently, which can automatically decide properties of programs written in the simply-typed λ-calculus with recursion and finite data domains. This paper formalizes predicate abstraction and counterexample-guided abstraction refinement (CEGAR) for higher-order model checking, enabling automatic verification of programs that use infinite data domains such as integers. A prototype verifier for higher-order functional programs based on the formalization has been implemented and tested for several programs.
Lecture Notes in Computer Science, 2009
Lecture Notes in Computer Science, 2009
We propose a type system for a programming language with memory allocation/deallocation primitive... more We propose a type system for a programming language with memory allocation/deallocation primitives, which prevents memory-related errors such as double-frees and memory leaks. The main idea is to augment pointer types with fractional ownerships, which express both capabilities and obligations to access or deallocate memory cells. By assigning an ownership to each pointer type constructor (rather than to a variable), our type system can properly reason about list/tree-manipulating programs. Furthermore, thanks to the use of fractions as ownerships, the type system admits a polynomial-time type inference algorithm, which serves as an algorithm for automatic verification of lack of memoryrelated errors. A prototype verifier has been implemented and tested for C programs.
Proceedings of the 40th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages, 2013
We present an automated approach to relatively completely verifying safety (i.e., reachability) p... more We present an automated approach to relatively completely verifying safety (i.e., reachability) property of higher-order functional programs. Our contribution is two-fold. First, we extend the refinement type system framework employed in the recent work on (incomplete) automated higher-order verification by drawing on the classical work on relatively complete "Hoare logic like" program logic for higher-order procedural languages. Then, by adopting the recently proposed techniques for solving constraints over quantified first-order logic formulas, we develop an automated type inference method for the type system, thereby realizing an automated relatively complete verification of higher-order programs.
Model checking of recursion schemes, known as higher-order model checking, has actively been stud... more Model checking of recursion schemes, known as higher-order model checking, has actively been studied recently and is becoming a basis for verification of higher-order programs. Some practical model checking algorithms have been developed based on the reduction from model checking to intersection type inference, but they are not completely satisfactory. We propose a novel approach to developing model checking algorithms, based on abstract interpretation of a rewriting system on (incomplete) derivations in a "rigid" intersection type system. The derivation rewriting can be regarded as a simple type inference process that is sound and complete in a certain sense. However it is not practical since the state space (i.e. the set of all incomplete derivations) is too large. We construct an abstraction of the rewriting system, and develop an algorithm based on the abstract model. We have implemented the algorithm and confirmed that it outperforms previous model checkers in certain cases.
Journal of Information Processing, 2011
Suenaga, et al. have developed a type-based framework for automatically translating tree-processi... more Suenaga, et al. have developed a type-based framework for automatically translating tree-processing programs into stream-processing ones. The key ingredient of the framework was the use of ordered linear types to guarantee that a tree-processing program traverses an input tree just once in the depth-first, left-to-right order (so that the input tree can be read from a stream). Their translation, however, sometimes introduces redundant buffering of input data. This paper extends their framework by introducing ordered, non-linear types in addition to ordered linear types. The resulting transformation framework reduces the redundant buffering, generating more efficient stream-processing programs.
Uploads
Papers by Naoki Kobayashi