Verification of Recursive Data Types using abstractions

Abstract

Reasoning about functions that operate over algebraic data types is an important problem for a large variety of applications. One application of particular interest is network applications that manipulate or reason about complex message structures, such as XML messages. In this dissertation, we present a decision procedure for reasoning about algebraic data types using abstractions that are provided by catamorphisms: fold functions that map instances of algebraic data types into values in a decidable domain. We show that the procedure is sound and complete for a class of monotonic catamorphisms. Our work extends a previous decision procedure that unrolls catamorphism functions until a solution is found. We propose the categories of monotonic catamorphisms and associative-commutative catamorphisms, which we argue provide a better formal foundation than previous categorizations of catamorphisms. We use monotonic catamorphisms to address an incompleteness in the previous unrolling algorithm (and associated proof), and then use these notions to address two open problems from previous work: (1) we provide a bound on the number of unrollings necessary for completeness, showing that it is exponentially small with respect to formula size for associative-commutative catamorphisms, and (2) we demonstrate that associative-commutative catamorphisms can be combined within a formula whilst preserving completeness. Our combination results extend the set of problems that can be reasoned about using the catamorphism-based approach. In addition, we generalize certain kinds of catamorphism functions to support additional parameters. This extension, called parameterized associative-commutative catamorphisms subsumes the associative-commutative class, widens the set of functions that are known to be decidable, and makes several practically important functions (such as forall, exists, and member) over elements of algebraic data types straightforward to express. We also describe an implementation of the approach, called RADA, which accepts formulas in an extended version of the SMT-Lib2 syntax. The procedure is quite general and is central to the reasoning infrastructure for Guardol, a domain-specific language for reasoning about network guards.