Skip to content
GitLab
Menu
Projects
Groups
Snippets
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
currypackages
failfree
Commits
22a083cb
Commit
22a083cb
authored
Aug 30, 2018
by
Michael Hanus
Browse files
README updated, nondeterminism example added
parent
239dc141
Changes
4
Hide whitespace changes
Inline
Sidebyside
README.md
View file @
22a083cb
...
...
@@ 5,14 +5,13 @@ Basic idea of the tool:

The objective is this tool is to verify that all operations are nonfailing,
i.e., their evaluation does not result in a failure, if they are called with
the correct arguments which satisfy the nonfailing precondition of
the operation.
i.e., their evaluation does not result in a failure, if they are called
with arguments satisfying the nonfailing precondition of the operation.
Example:
 The operation `head` does not fail if this precondition is satisfied:
head
_
nonfail xs = not (null xs)
head
'
nonfail xs = not (null xs)
head (x:xs) = x
...
...
@@ 28,7 +27,9 @@ is nonfailing:
if null ws then readCommand
else processCommand (head ws) (tail ws)
The following techniques to verify nonfailing properties are used:
A detailed description can be found in the
[
PPDP 2018 paper
](
https://doi.org/10.1145/3236950.3236957
)
.
Basically, the following techniques are used to verify nonfailing properties:
1.
Test whether the operation is patterncompletely defined
(i.e., branches on all patterns in all orbranches)
...
...
@@ 39,18 +40,18 @@ The following techniques to verify nonfailing properties are used:
are used with satisfied nonfailing preconditions
for all inputs satisfying the nonfailing precondition.
3.
Test whether a call to
`Prelude.fail`
is unreachable, e.g., in
3.
Test whether a call to
`Prelude.fail
ed
`
is unreachable, e.g., in
abs x = if x>=0 then x
else if x<0 then (0  x)
else fail
else fail
ed
Note that this might be the result translating the following definition:
abs x  x>=0 = x
 x<0 = 0  x
This requires SMT solv
ing..
.
This requires
reasoning on integer arithmetic, as supported by
SMT solv
ers
.
Depending on the state of the operation
`error`
,
...
...
@@ 63,7 +64,8 @@ this could also avoid the occurrence of runtime errors:
else do putStr "First char: "
putStrLn (head s)
If
`error`
is considered as an always failing operation,
If
`error`
is considered as an always failing operation
(which is done if the option
`error`
is set),
`readLine`
cannot be verified as nonfailing.
However, this requires also a careful analysis
of all external operations (like
`readFile`
)
...
...
@@ 74,7 +76,7 @@ which might raise exceptions.
Current restrictions:


The nonfail
specifica
tion should be a Boolean formula, i.e.,

The non

fail
condi
tion should be a Boolean formula, i.e.,
not a function with pattern matching or local definitions.
Furthermore, it should be a firstorder equation, i.e.,
in etaexpanded form.
...
...
@@ 85,16 +87,16 @@ Current restrictions:
Notes:


Contracts and nonfail
specifica
tions can also be stored in separate

Contracts and non

fail
condi
tions can also be stored in separate
files. When checking a module
`m`
, if there is a Curry module
`m_SPEC`
in the load path, the contents of
`m_SPEC`
is added to
`m`
before
it is checked.

n
onfail
specifica
tions for operators can
be
also specified by
operations named by
`op_xh1...hn'`
, where
each
`hi`
is a two digit hexadecimal number
, into
the name
of correspond
ing
to the ord values of
`h1...hn`
.
For instance, the nonfail
specifica
tion for
`&>`
can be named

N
on

fail
condi
tions for operators can also
be
specified by
operations named by
`op_xh1...hn'`
, where
each
`hi`
is a two digit hexadecimal number
and
the name
of
the operator
correspond
s
to the ord values of
`h1...hn`
.
For instance, the non

fail
condi
tion for
`&>`
can be named
`op_x263E'nonfail`
.

Operations defining contracts and properties are not verified.
...
...
examples/Perm.curry
0 → 100644
View file @
22a083cb
 Nondeterministic list insertion.
 Both rules are overlapping. Thus, if the Curry evaluator
 decides to take the second rule, the evaluation fails on the
 empty list.
ins :: a > [a] > [a]
ins x ys = x : ys
ins x (y:ys) = y : ins x ys
 Therefore, the following nonfail condition is required:
ins'nonfail :: a > [a] > Bool
ins'nonfail _ _ = False
 To provide a nonfailing version of list insertion, we define
 a nondeterministic list insertion by pattern matching:
insP :: a > [a] > [a]
insP x [] = [x]
insP x (y:ys) = x : y : ys ? y : insP x ys
 Exploiting nondeterministic list insertion, one can easily define
 list permutations:
perm :: [a] > [a]
perm [] = []
perm (x:xs) = insP x (perm xs)
src/Main.curry
View file @
22a083cb
...
...
@@ 2,7 +2,7 @@
 A tool to verify nonfailure properties of Curry operations.

 @author Michael Hanus
 @version A
pril
2018
 @version A
ugust
2018

module Main where
...
...
@@ 39,6 +39,8 @@ import ToolOptions
import TypedFlatCurryGoodies
import VerifierState

 To support testing:
test :: Int > String > IO ()
test v = verifyNonFailingMod defaultOptions { optVerb = v }
...
...
@@ 51,7 +53,7 @@ testv = test 3
banner :: String
banner = unlines [bannerLine,bannerText,bannerLine]
where
bannerText = "FailFree Verification Tool for Curry (Version of
27
/0
4
/18)"
bannerText = "FailFree Verification Tool for Curry (Version of
30
/0
8
/18)"
bannerLine = take (length bannerText) (repeat '=')

...
...
src/ToolOptions.curry
View file @
22a083cb
...
...
@@ 2,7 +2,7 @@
 The options of the nonfailing analysis tool.

 @author Michael Hanus
 @version A
pril
2018
 @version A
ugust
2018

module ToolOptions
...
...
@@ 78,7 +78,7 @@ options =
"check contracts w.r.t. strict evaluation strategy"
, Option "t" ["time"]
(NoArg (\opts > opts { optTime = True }))
"
check contracts w.r.t. strict evaluation strategy
"
"
show total verification time for each module
"
]
where
safeReadNat opttrans s opts =
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment