Verifying higher-order functional programs with pattern-matching algebraic data types

<jats:p> Type-based model checking algorithms for higher-order recursion schemes have recently emerged as a promising approach to the verification of functional programs. We introduce <jats:italic>pattern-matching recursion schemes</jats:italic> (PMRS) as an accurate model of computation for functional programs that manipulate algebraic data-types. PMRS are a natural extension of higher-order recursion schemes that incorporate pattern-matching in the defining rules. </jats:p> <jats:p> This paper is concerned with the following (undecidable) verification problem: given a correctness property φ, a functional program ℘ ( <jats:italic>qua</jats:italic> PMRS) and a regular input set ℑ, does every term that is reachable from ℑ under rewriting by ℘ satisfy φ? To solve the PMRS verification problem, we present a sound <jats:italic>semi-algorithm</jats:italic> which is based on model-checking and counterexample guided abstraction refinement. Given a no-instance of the verification problem, the method is guaranteed to terminate. </jats:p> <jats:p> From an order- <jats:italic>n</jats:italic> PMRS and an input set generated by a regular tree grammar, our method constructs an order- <jats:italic>n weak</jats:italic> PMRS which over-approximates <jats:italic>only</jats:italic> the first-order pattern-matching behaviour, whilst remaining completely faithful to the higher-order control flow. Using a variation of Kobayashi's type-based approach, we show that the (trivial automaton) model-checking problem for weak PMRS is decidable. When a violation of the property is detected in the abstraction which does not correspond to a violation in the model, the abstraction is automatically refined by `unfolding' the pattern-matching rules in the program to give successively more and more accurate weak PMRS models. </jats:p>