16 research outputs found
Probabilistic Analysis of Binary Sessions
We study a probabilistic variant of binary session types that relate to a class of Finite-State Markov Chains. The probability annotations in session types enable the reasoning on the probability that a session terminates successfully, for some user-definable notion of successful termination. We develop a type system for a simple session calculus featuring probabilistic choices and show that the success probability of well-typed processes agrees with that of the sessions they use. To this aim, the type system needs to track the propagation of probabilistic choices across different sessions
A Categorical Approach to DIBI Models
The logic of Dependence and Independence Bunched Implications (DIBI) is a
logic to reason about conditional independence (CI); for instance, DIBI
formulas can characterise CI in probability distributions and relational
databases, using the probabilistic and relational DIBI models, respectively.
Despite the similarity of the probabilistic and relational models, a uniform,
more abstract account remains unsolved. The laborious case-by-case verification
of the frame conditions required for constructing new models also calls for
such a treatment. In this paper, we develop an abstract framework for
systematically constructing DIBI models, using category theory as the unifying
mathematical language. In particular, we use string diagrams -- a graphical
presentation of monoidal categories -- to give a uniform definition of the
parallel composition and subkernel relation in DIBI models. Our approach not
only generalises known models, but also yields new models of interest and
reduces properties of DIBI models to structures in the underlying categories.
Furthermore, our categorical framework enables a logical notion of CI, in terms
of the satisfaction of specific DIBI formulas. We compare it with string
diagrammatic approaches to CI and show that it is an extension of string
diagrammatic CI under reasonable conditions.Comment: 33 page
Hyper Hoare Logic: (Dis-)Proving Program Hyperproperties (extended version)
Hoare logics are proof systems that allow one to formally establish
properties of computer programs. Traditional Hoare logics prove properties of
individual program executions (so-called trace properties, such as functional
correctness). Hoare logic has been generalized to prove also properties of
multiple executions of a program (so-called hyperproperties, such as
determinism or non-interference). These program logics prove the absence of
(bad combinations of) executions. On the other hand, program logics similar to
Hoare logic have been proposed to disprove program properties (e.g.,
Incorrectness Logic), by proving the existence of (bad combinations of)
executions. All of these logics have in common that they specify program
properties using assertions over a fixed number of states, for instance, a
single pre- and post-state for functional properties or pairs of pre- and
post-states for non-interference.
In this paper, we present Hyper Hoare Logic, a generalization of Hoare logic
that lifts assertions to properties of arbitrary sets of states. The resulting
logic is simple yet expressive: its judgments can express arbitrary trace- and
hyperproperties over the terminating executions of a program. By allowing
assertions to reason about sets of states, Hyper Hoare Logic can reason about
both the absence and the existence of (combinations of) executions, and,
thereby, supports both proving and disproving program (hyper-)properties within
the same logic. In fact, we prove that Hyper Hoare Logic subsumes the
properties handled by numerous existing correctness and incorrectness logics,
and can express hyperproperties that no existing Hoare logic can. We also prove
that Hyper Hoare Logic is sound and complete, and admits powerful
compositionality rules. All our technical results have been proved in
Isabelle/HOL
Asynchronous Probabilistic Couplings in Higher-Order Separation Logic
Probabilistic couplings are the foundation for many probabilistic relational
program logics and arise when relating random sampling statements across two
programs. In relational program logics, this manifests as dedicated coupling
rules that, e.g., say we may reason as if two sampling statements return the
same value. However, this approach fundamentally requires aligning or
"synchronizing" the sampling statements of the two programs which is not always
possible.
In this paper, we develop Clutch, a higher-order probabilistic relational
separation logic that addresses this issue by supporting asynchronous
probabilistic couplings. We use Clutch to develop a logical step-indexed
logical relational to reason about contextual refinement and equivalence of
higher-order programs written in a rich language with higher-order local state
and impredicative polymorphism. Finally, we demonstrate the usefulness of our
approach on a number of case studies.
All the results that appear in the paper have been formalized in the Coq
proof assistant using the Coquelicot library and the Iris separation logic
framework
Outcome Logic: A Unifying Foundation for Correctness and Incorrectness Reasoning
Program logics for bug-finding (such as the recently introduced Incorrectness
Logic) have framed correctness and incorrectness as dual concepts requiring
different logical foundations. In this paper, we argue that a single unified
theory can be used for both correctness and incorrectness reasoning. We present
Outcome Logic (OL), a novel generalization of Hoare Logic that is both monadic
(to capture computational effects) and monoidal (to reason about outcomes and
reachability). OL expresses true positive bugs, while retaining correctness
reasoning abilities as well. To formalize the applicability of OL to both
correctness and incorrectness, we prove that any false OL specification can be
disproven in OL itself. We also use our framework to reason about new types of
incorrectness in nondeterministic and probabilistic programs. Given these
advances, we advocate for OL as a new foundational theory of correctness and
incorrectness