Principles of Program Verification for Arbitrary Monadic Effects. (Principes de la Vérification de Programmes à Effets Monadiques Arbitraires)

Computational monads are a convenient algebraic gadget to uniformly represent side-effects in programming languages, such as mutable state, divergence, exceptions, or non-determinism. Various frameworks for specifying programs and proving that they meet their specification have been proposed that are specific to a particular combination of side-effects. For instance, one can use Hoare logic to verify the functional correctness of programs with mutable state with respect to pre/post-conditions specifications, which are predicates on states. The goal of this thesis is to devise a principled semantic framework for verifying programs with arbitrary monadic effects in a generic way with respect to such rich specifications. One additional challenge is supporting various interpretations of effects, for instance total vs partial correctness, or angelic vs demonic nondeterminism. Finally, the framework should also accommodate relational verification, for properties such as program equivalence.

[1]  Nicolas Tabareau,et al.  Failure is Not an Option - An Exceptional Type Theory , 2018, ESOP.

[2]  Clemens Berger,et al.  Monads with arities and their associated theories , 2011, 1101.3064.

[3]  Bart Jacobs,et al.  Dijkstra and Hoare monads in monadic computation , 2015, Theor. Comput. Sci..

[4]  John Power,et al.  Semantics for Local Computational Effects , 2006, MFPS.

[5]  Thibaut Girka,et al.  A Mechanically Checked Generation of Correlating Programs Directed by Structured Syntactic Differences , 2015, ATVA.

[6]  Martin Hofmann,et al.  Revisiting the categorical interpretation of dependent type theory , 2014, Theor. Comput. Sci..

[7]  Nicolas Tabareau,et al.  The Definitional Side of the Forcing , 2016, 2016 31st Annual ACM/IEEE Symposium on Logic in Computer Science (LICS).

[8]  Michael Hicks,et al.  Decomposition instead of self-composition for proving the absence of timing channels , 2017, PLDI.

[9]  Martin C. Rinard,et al.  Proving acceptability properties of relaxed nondeterministic approximate programs , 2012, PLDI.

[10]  Andreas Blass Words, free algebras, and coequalizers , 1983 .

[11]  Sam Staton,et al.  Algebraic Effects, Linearity, and Quantum Programming Languages , 2015, POPL.

[12]  Benjamin Livshits,et al.  Verifying higher-order programs with the dijkstra monad , 2013, PLDI.

[13]  Amr Sabry,et al.  Extensible effects: an alternative to monad transformers , 2013, Haskell '13.

[14]  Peter Müller,et al.  Modular Product Programs , 2018, ESOP.

[15]  J. Benabou Introduction to bicategories , 1967 .

[16]  Andreas Haeberlen,et al.  Fuzzi: a three-level logic for differential privacy , 2019, Proc. ACM Program. Lang..

[17]  Isil Dillig,et al.  Verifying equivalence of database-driven applications , 2017, Proc. ACM Program. Lang..

[18]  Philip Wadler,et al.  Comprehending monads , 1990, LISP and Functional Programming.

[19]  Jean-Philippe Bernardy,et al.  Type-theory in color , 2013, ICFP.

[20]  David A. Naumann From Coupling Relations to Mated Invariants for Checking Information Flow , 2006, ESORICS.

[21]  Andreas Lochbihler,et al.  Effect Polymorphism in Higher-Order Logic (Proof Pearl) , 2017, Journal of Automated Reasoning.

[22]  Deepak Garg,et al.  Dependent Type Theory for Verification of Information Flow and Access Control Policies , 2013, TOPL.

[23]  Pierre-Yves Strub,et al.  Dependent types and multi-monadic effects in F* , 2016, POPL.

[24]  Gilles Barthe,et al.  Formal verification of higher-order probabilistic programs: reasoning about approximation, convergence, Bayesian inference, and optimization , 2018, Proc. ACM Program. Lang..

[25]  Eugenio Moggi,et al.  Monad transformers as monoid transformers , 2010, Theor. Comput. Sci..

[26]  Gilles Barthe,et al.  Higher-Order Approximate Relational Refinement Types for Mechanism Design and Differential Privacy , 2014, POPL.

[27]  Thorsten Altenkirch,et al.  Monads need not be endofunctors , 2010, Log. Methods Comput. Sci..

[28]  Stephanie Weirich,et al.  Combining proofs and programs in a dependently typed language , 2014, POPL.

[29]  Rasmus Ejlers Møgelberg,et al.  The enriched effect calculus: syntax and semantics , 2014, J. Log. Comput..

[30]  Anindya Banerjee,et al.  Relational Logic with Framing and Hypotheses , 2016, FSTTCS.

[31]  Eijiro Sumii A Complete Characterization of Observational Equivalence in Polymorphic λ-Calculus with General References , 2009 .

[32]  Hirotoshi Yasuoka,et al.  Quantitative information flow as safety and liveness hyperproperties , 2014, Theor. Comput. Sci..

[33]  Roman Fric,et al.  A Categorical Approach to Probability Theory , 2010, Stud Logica.

[34]  Kenji Maillard,et al.  A Fibrational Account of Local States , 2015, 2015 30th Annual ACM/IEEE Symposium on Logic in Computer Science.

[35]  Eugenio Moggi A Semantics for Evaluation Logic , 1995, Fundam. Informaticae.

[36]  Martin Hofmann,et al.  Counting Successes: Effects and Transformations for Non-deterministic Programs , 2016, A List of Successes That Can Change the World.

[37]  Nicolas Tabareau,et al.  Extending Type Theory with Forcing , 2012, 2012 27th Annual IEEE Symposium on Logic in Computer Science.

[38]  Paul Blain Levy,et al.  Call-By-Push-Value: A Functional/Imperative Synthesis , 2003, Semantics Structures in Computation.

[39]  Thierry Coquand,et al.  A Presheaf Model of Parametric Type Theory , 2015, MFPS.

[40]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[41]  Lars Birkedal,et al.  Mechanized relational verification of concurrent programs with continuations , 2019, Proc. ACM Program. Lang..

[42]  Michael Shulman,et al.  Univalence for inverse diagrams and homotopy canonicity , 2012, Mathematical Structures in Computer Science.

[43]  Shuvendu K. Lahiri,et al.  Verifying Relative Safety, Accuracy, and Termination for Program Approximations , 2016, Journal of Automated Reasoning.

[44]  Pedro R. D'Argenio,et al.  Secure information flow by self-composition , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[45]  Dominique Unruh,et al.  Quantum relational Hoare logic , 2018, Proc. ACM Program. Lang..

[46]  Kornel Szlachanyi,et al.  Skew-monoidal categories and bialgebroids , 2012, 1201.4981.

[47]  Shuvendu K. Lahiri,et al.  SYMDIFF: A Language-Agnostic Semantic Diff Tool for Imperative Programs , 2012, CAV.

[48]  Dominique Devriese,et al.  Degrees of Relatedness: A Unified Framework for Parametricity, Irrelevance, Ad Hoc Polymorphism, Intersections, Unions and Algebra in Dependent Type Theory , 2018, LICS.

[49]  永田 守男,et al.  Verifying Properties of Parallel Programs : An Axiomatic Approach , 1976 .

[50]  Christoph Lüth,et al.  Composing monads using coproducts , 2002, ICFP '02.

[51]  Roberto Blanco,et al.  Journey Beyond Full Abstraction: Exploring Robust Property Preservation for Secure Compilation , 2018, 2019 IEEE 32nd Computer Security Foundations Symposium (CSF).

[52]  Benjamin Grégoire,et al.  Coupling proofs are probabilistic product programs , 2016, POPL.

[53]  Aaron Roth,et al.  A Framework for Adaptive Di erential Privacy , 2017 .

[54]  Chung-Kil Hur,et al.  A Logical Step Forward in Parametric Bisimulations , 2014 .

[55]  Danfeng Zhang,et al.  LightDP: towards automating differential privacy proofs , 2016, POPL.

[56]  Tarmo Uustalu,et al.  Codensity Lifting of Monads and its Dual , 2018, Log. Methods Comput. Sci..

[57]  Lars Birkedal,et al.  A logical relation for monadic encapsulation of state: proving contextual equivalences in the presence of runST , 2017, Proc. ACM Program. Lang..

[58]  Paul Blain Levy,et al.  Exploring the Boundaries of Monad Tensorability on Set , 2013, Log. Methods Comput. Sci..

[59]  Jean-Philippe Bernardy,et al.  Realizability and Parametricity in Pure Type Systems , 2011, FoSSaCS.

[60]  Adam Chlipala Parametric higher-order abstract syntax for mechanized semantics , 2008, ICFP 2008.

[61]  Shin-ya Katsumata,et al.  A Semantic Formulation of TT-Lifting and Logical Predicates for Computational Metalanguage , 2005, CSL.

[62]  Francesco Gavazzo,et al.  Quantitative Behavioural Reasoning for Higher-order Effectful Programs: Applicative Distances , 2018, LICS.

[63]  Grigore Rosu,et al.  A language-independent proof system for full program equivalence , 2016, Formal Aspects of Computing.

[64]  Thorsten Altenkirch,et al.  Type theory in type theory using quotient inductive types , 2016, POPL.

[65]  Marco Gaboardi,et al.  Relational cost analysis , 2017, POPL.

[66]  Nikhil Swamy,et al.  Verified low-level programming embedded in F* , 2017, Proc. ACM Program. Lang..

[67]  Frank Pfenning,et al.  Higher-order abstract syntax , 1988, PLDI '88.

[68]  Ohad Kammar,et al.  A monad for full ground reference cells , 2017, 2017 32nd Annual ACM/IEEE Symposium on Logic in Computer Science (LICS).

[69]  Lars Birkedal,et al.  Hoare type theory, polymorphism and separation1 , 2008, Journal of Functional Programming.

[70]  Robert Atkey Syntax for Free: Representing Syntax with Binding Using Parametricity , 2009, TLCA.

[71]  Ambrus Kaposi,et al.  Signatures and Induction Principles for Higher Inductive-Inductive Types , 2020, Log. Methods Comput. Sci..

[72]  Benjamin Grégoire,et al.  EasyCrypt: A Tutorial , 2013, FOSAD.

[73]  Roberto M. Amadio,et al.  Domains and lambda-calculi , 1998, Cambridge tracts in theoretical computer science.

[74]  Lars Birkedal,et al.  A relational modal logic for higher-order stateful ADTs , 2010, POPL '10.

[75]  Nikhil Swamy,et al.  Recalling a witness: foundations and applications of monotonic state , 2017, Proc. ACM Program. Lang..

[76]  Peter LeFanu Lumsdaine,et al.  Homotopical inverse diagrams in categories with attributes , 2018, Journal of Pure and Applied Algebra.

[77]  Tarmo Uustalu,et al.  Update Monads: Cointerpreting Directed Containers , 2013, TYPES.

[78]  Guillaume Munch-Maccagnoni Syntax and Models of a non-Associative Composition of Programs and Proofs. (Syntaxe et modèles d'une composition non-associative des programmes et des preuves) , 2013 .

[79]  Alexander Aiken,et al.  Secure Information Flow as a Safety Problem , 2005, SAS.

[80]  Niels F. W. Voorneveld Quantitative Logics for Equivalence of Effectful Programs , 2019, MFPS.

[81]  Sam Staton Completeness for Algebraic Theories of Local State , 2010, FoSSaCS.

[82]  Bart Jacobs,et al.  A Recipe for State-and-Effect Triangles , 2017, Log. Methods Comput. Sci..

[83]  Joost-Pieter Katoen,et al.  Weakest Precondition Reasoning for Expected Run-Times of Probabilistic Programs , 2016, ESOP.

[84]  Gordon D. Plotkin,et al.  Notions of Computation Determine Monads , 2002, FoSSaCS.

[85]  Benjamin Grégoire,et al.  Probabilistic relational verification for cryptographic implementations , 2014, POPL.

[86]  Andreas Haeberlen,et al.  Linear dependent types for differential privacy , 2013, POPL.

[87]  John C. Mitchell,et al.  Representation independence and data abstraction , 1986, POPL '86.

[88]  Rohit Chadha,et al.  Automated Verification of Equivalence Properties of Cryptographic Protocols , 2012, ACM Trans. Comput. Log..

[89]  Davide Sangiorgi,et al.  Environmental Bisimulations for Higher-Order Languages , 2007, 22nd Annual IEEE Symposium on Logic in Computer Science (LICS 2007).

[90]  Mitchell Wand,et al.  Small bisimulations for reasoning about higher-order imperative programs , 2006, POPL '06.

[91]  Jim Andrianopoulos Remarks on Units of Skew Monoidal Categories , 2017, Appl. Categorical Struct..

[92]  Ugo Dal Lago,et al.  Effectful applicative bisimilarity: Monads, relators, and Howe's method , 2017, 2017 32nd Annual ACM/IEEE Symposium on Logic in Computer Science (LICS).

[93]  Skew-monoidal reflection and lifting theorems , 2014, 1410.6972.

[94]  Paul Hudak,et al.  Monad transformers and modular interpreters , 1995, POPL '95.

[95]  Lars Birkedal,et al.  The impact of higher-order state and control effects on local relational reasoning , 2012, J. Funct. Program..

[96]  Sorin Lerner,et al.  Proving optimizations correct using parameterized program equivalence , 2009, PLDI '09.

[97]  Martin Hofmann,et al.  Proof-Relevant Logical Relations for Name Generation , 2013, TLCA.

[98]  Lars Birkedal,et al.  Ynot: dependent types for imperative programs , 2008, ICFP 2008.

[99]  Alex K. Simpson,et al.  Behavioural Equivalence via Modalities for Algebraic Effects , 2018, ESOP.

[100]  Edsger W. Dijkstra,et al.  Guarded commands, nondeterminacy and formal derivation of programs , 1975, Commun. ACM.

[101]  Christine Paulin-Mohring,et al.  Proofs of randomized algorithms in Coq , 2006, Sci. Comput. Program..

[102]  Azadeh Farzan,et al.  Reductions for Automated Hypersafety Verification , 2019, ArXiv.

[103]  Robert Atkey,et al.  Unembedding domain-specific languages , 2009, Haskell.

[104]  A. J. Power,et al.  A general coherence result , 1989 .

[105]  Eugenio Moggi,et al.  Computational lambda-calculus and monads , 1989, [1989] Proceedings. Fourth Annual Symposium on Logic in Computer Science.

[106]  Paul-André Melliès Local States in String Diagrams , 2014, RTA-TLCA.

[107]  Pierre-Yves Strub,et al.  A relational logic for higher-order programs , 2017, Journal of Functional Programming.

[108]  R. Street,et al.  Review of the elements of 2-categories , 1974 .

[109]  Marco Gaboardi,et al.  Relational cost analysis for functional-imperative programs , 2018, Proc. ACM Program. Lang..

[110]  Lars Birkedal,et al.  Iris from the ground up: A modular foundation for higher-order concurrent separation logic , 2018, Journal of Functional Programming.

[111]  Gilles Barthe,et al.  Verifying Relational Properties using Trace Logic , 2019, 2019 Formal Methods in Computer Aided Design (FMCAD).

[112]  Exequiel Rivas,et al.  The next 700 relational program logics , 2019, Proc. ACM Program. Lang..

[113]  David A. Basin,et al.  CryptHOL: Game-Based Proofs in Higher-Order Logic , 2020, Journal of Cryptology.

[114]  E. Riehl Basic concepts of enriched category theory , 2014 .

[115]  Thorsten Altenkirch,et al.  Partiality, Revisited: The Partiality Monad as a Quotient Inductive-Inductive Type , 2017, FoSSaCS.

[116]  Carroll Morgan,et al.  Programming from specifications (2nd ed.) , 1994 .

[117]  Lars Birkedal,et al.  Logical Step-Indexed Logical Relations , 2009, 2009 24th Annual IEEE Symposium on Logic In Computer Science.

[118]  Gordon D. Plotkin,et al.  Handlers of Algebraic Effects , 2009, ESOP.

[119]  J. Gregory Morrisett,et al.  The Foundational Cryptography Framework , 2014, POST.

[120]  Gilles Barthe,et al.  Product programs and relational program logics , 2016, J. Log. Algebraic Methods Program..

[121]  Martín Abadi,et al.  Automated verification of selected equivalences for security protocols , 2008, J. Log. Algebraic Methods Program..

[122]  Isil Dillig,et al.  Cartesian hoare logic for verifying k-safety properties , 2016, PLDI.

[123]  Bart Jacobs,et al.  Category Theory in Coq 8.5 , 2016, FSCD.

[124]  C. A. R. HOARE,et al.  An axiomatic basis for computer programming , 1969, CACM.

[125]  Derek Dreyer,et al.  State-dependent representation independence , 2009, POPL '09.

[126]  Tarmo Uustalu,et al.  The Sequent Calculus of Skew Monoidal Categories , 2018, MFPS.

[127]  Tetsuya Sato,et al.  Preorders on Monads and Coalgebraic Simulations , 2013, FoSSaCS.

[128]  Simon Boulier,et al.  The next 700 syntactical models of type theory , 2017, CPP.

[129]  Nick Benton,et al.  Simple relational correctness proofs for static analyses and program transformations , 2004, POPL.

[130]  Thorsten Altenkirch,et al.  Constructing quotient inductive-inductive types , 2019, Proc. ACM Program. Lang..

[131]  Gordon D. Plotkin,et al.  Combining algebraic effects with continuations , 2007, Theor. Comput. Sci..

[132]  Ivan Di Liberti,et al.  On the unicity of formal category theories , 2019, 1901.01594.

[133]  A. Joyal,et al.  The geometry of tensor calculus, I , 1991 .

[134]  Gordon D. Plotkin,et al.  A Logic for Algebraic Effects , 2008, 2008 23rd Annual IEEE Symposium on Logic in Computer Science.

[135]  Shin-ya Katsumata,et al.  Towards a Formal Theory of Graded Monads , 2016, FoSSaCS.

[136]  Chung-Kil Hur,et al.  The marriage of bisimulations and Kripke logical relations , 2012, POPL '12.

[137]  Conor McBride Turing-Completeness Totally Free , 2015, MPC.

[138]  Noam Zeilberger,et al.  The logical basis of evaluation order and pattern-matching , 2009 .

[139]  Nikhil Swamy,et al.  A monadic framework for relational verification: applied to information security, program equivalence, and optimizations , 2017, CPP.

[140]  S. Lack,et al.  The formal theory of monads II , 2002 .

[141]  Glynn Winskel,et al.  Relative pseudomonads, Kleisli bicategories, and substitution monoidal structures , 2016, 1612.03678.

[142]  Sam Staton,et al.  A Sound and Complete Logic for Algebraic Effects , 2019, FoSSaCS.

[143]  Michael Shulman,et al.  Framed bicategories and monoidal fibrations , 2007, 0706.1286.

[144]  Christoph Rauch,et al.  Generic Hoare Logic for Order-Enriched Effects with Exceptions , 2016, WADT.

[145]  Dorel Lucanu,et al.  Program Equivalence by Circular Reasoning , 2013, IFM.

[146]  Claudio Hermida,et al.  Logical Relations and Parametricity - A Reynolds Programme for Category Theory and Programming Languages , 2014, WACT.

[147]  Bart Jacobs,et al.  Dijkstra Monads in Monadic Computation , 2014, CMCS.

[148]  Matthieu Sozeau,et al.  Equations reloaded: high-level dependently-typed functional programming and proving in Coq , 2019, Proc. ACM Program. Lang..

[149]  Robert Harper,et al.  Parametric Cubical Type Theory , 2019, ArXiv.

[150]  Amir Pnueli,et al.  CoVaC: Compiler Validation by Program Analysis of the Cross-Product , 2008, FM.

[151]  G. Plotkin,et al.  Combining effects: Sum and tensor , 2006, Theor. Comput. Sci..

[152]  Aleksandar Nanevski,et al.  Hoare-style reasoning with (algebraic) continuations , 2013, ICFP.

[153]  J. Gregory Morrisett,et al.  Trace-based verification of imperative programs with I/O , 2011, J. Symb. Comput..

[154]  S. Lack A 2-Categories Companion , 2007, math/0702535.

[155]  S. Lack,et al.  Skew monoidal categories and skew multicategories , 2017, Journal of Algebra.

[156]  Martin Hofmann,et al.  Relational semantics for effect-based program transformations: higher-order store , 2009, PPDP '09.

[157]  Gilles Barthe,et al.  Monadic refinements for relational cost analysis , 2017, Proc. ACM Program. Lang..

[158]  Shin-ya Katsumata,et al.  Parametric effect monads and semantics of effect systems , 2014, POPL.

[159]  Hongseok Yang,et al.  Relational separation logic , 2007, Theor. Comput. Sci..