A Recipe for State-and-Effect Triangles

In the semantics of programming languages one can view programs as state transformers, or as predicate transformers. Recently the author has introduced state-and-effect triangles which capture this situation categorically, involving an adjunction between state- and predicate-transformers. The current paper exploits a classical result in category theory, part of Jon Beck's monadicity theorem, to systematically construct such a state-and-effect triangle from an adjunction. The power of this construction is illustrated in many examples, covering many monads occurring in program semantics, including (probabilistic) power domains

Healthiness from Duality

Healthiness is a good old question in program logics that dates back to Dijkstra. It asks for an intrinsic characterization of those predicate transformers which arise as the (backward) interpretation of a certain class of programs. There are several results known for healthiness conditions: for deterministic programs, nondeterministic ones, probabilistic ones, etc. Building upon our previous works on so-called state-and-effect triangles, we contribute a unified categorical framework for investigating healthiness conditions. We find the framework to be centered around a dual adjunction induced by a dualizing object, together with our notion of relative Eilenberg-Moore algebra playing fundamental roles too. The latter notion seems interesting in its own right in the context of monads, Lawvere theories and enriched categories.Comment: 13 pages, Extended version with appendices of a paper accepted to LICS 201

Graded Hoare Logic and its Categorical Semantics

Deductive verification techniques based on program logics (i.e., the family of Floyd-Hoare logics) are a powerful approach for program reasoning. Recently, there has been a trend of increasing the expressive power of such logics by augmenting their rules with additional information to reason about program side-effects. For example, general program logics have been augmented with cost analyses, logics for probabilistic computations have been augmented with estimate measures, and logics for differential privacy with indistinguishability bounds. In this work, we unify these various approaches via the paradigm of grading, adapted from the world of functional calculi and semantics. We propose Graded Hoare Logic (GHL), a parameterisable framework for augmenting program logics with a preordered monoidal analysis. We develop a semantic framework for modelling GHL such that grading, logical assertions (pre- and post-conditions) and the underlying effectful semantics of an imperative language can be integrated together. Central to our framework is the notion of a graded category which we extend here, introducing graded Freyd categories which provide a semantics that can interpret many examples of augmented program logics from the literature. We leverage coherent fibrations to model the base assertion language, and thus the overall setting is also fibrational

Stone-Type Dualities for Separation Logics

Stone-type duality theorems, which relate algebraic and relational/topological models, are important tools in logic because -- in addition to elegant abstraction -- they strengthen soundness and completeness to a categorical equivalence, yielding a framework through which both algebraic and topological methods can be brought to bear on a logic. We give a systematic treatment of Stone-type duality for the structures that interpret bunched logics, starting with the weakest systems, recovering the familiar BI and Boolean BI (BBI), and extending to both classical and intuitionistic Separation Logic. We demonstrate the uniformity and modularity of this analysis by additionally capturing the bunched logics obtained by extending BI and BBI with modalities and multiplicative connectives corresponding to disjunction, negation and falsum. This includes the logic of separating modalities (LSM), De Morgan BI (DMBI), Classical BI (CBI), and the sub-classical family of logics extending Bi-intuitionistic (B)BI (Bi(B)BI). We additionally obtain as corollaries soundness and completeness theorems for the specific Kripke-style models of these logics as presented in the literature: for DMBI, the sub-classical logics extending BiBI and a new bunched logic, Concurrent Kleene BI (connecting our work to Concurrent Separation Logic), this is the first time soundness and completeness theorems have been proved. We thus obtain a comprehensive semantic account of the multiplicative variants of all standard propositional connectives in the bunched logic setting. This approach synthesises a variety of techniques from modal, substructural and categorical logic and contextualizes the "resource semantics" interpretation underpinning Separation Logic amongst them

Dijkstra monads for all

This paper proposes a general semantic framework for verifying programs with arbitrary monadic side-effects using Dijkstra monads, which we define as monad-like structures indexed by a specification monad. We prove that any monad morphism between a computational monad and a specification monad gives rise to a Dijkstra monad, which provides great flexibility for obtaining Dijkstra monads tailored to the verification task at hand. We moreover show that a large variety of specification monads can be obtained by applying monad transformers to various base specification monads, including predicate transformers and Hoare-style pre- and postconditions. For defining correct monad transformers, we propose a language inspired by Moggi's monadic metalanguage that is parameterized by a dependent type theory. We also develop a notion of algebraic operations for Dijkstra monads, and start to investigate two ways of also accommodating effect handlers. We implement our framework in both Coq and F*, and illustrate that it supports a wide variety of verification styles for effects such as exceptions, nondeterminism, state, input-output, and general recursion

Dijkstra and Hoare monads in monadic computation

Contains fulltext : 149048.pdf (preprint version ) (Open Access

New Directions in Categorical Logic, for Classical, Probabilistic and Quantum Logic

Intuitionistic logic, in which the double negation law not-not-P = P fails, is dominant in categorical logic, notably in topos theory. This paper follows a different direction in which double negation does hold. The algebraic notions of effect algebra/module that emerged in theoretical physics form the cornerstone. It is shown that under mild conditions on a category, its maps of the form X -> 1+1 carry such effect module structure, and can be used as predicates. Predicates are identified in many different situations, and capture for instance ordinary subsets, fuzzy predicates in a probabilistic setting, idempotents in a ring, and effects (positive elements below the unit) in a C*-algebra or Hilbert space. In quantum foundations the duality between states and effects plays an important role. It appears here in the form of an adjunction, where we use maps 1 -> X as states. For such a state s and a predicate p, the validity probability s |= p is defined, as an abstract Born rule. It captures many forms of (Boolean or probabilistic) validity known from the literature. Measurement from quantum mechanics is formalised categorically in terms of `instruments', using L\"uders rule in the quantum case. These instruments are special maps associated with predicates (more generally, with tests), which perform the act of measurement and may have a side-effect that disturbs the system under observation. This abstract description of side-effects is one of the main achievements of the current approach. It is shown that in the special case of C*-algebras, side-effect appear exclusively in the non-commutative case. Also, these instruments are used for test operators in a dynamic logic that can be used for reasoning about quantum programs/protocols. The paper describes four successive assumptions, towards a categorical axiomatisation of quantitative logic for probabilistic and quantum systems

Dijkstra Monads for Free

International audienceDijkstra monads are a means by which a dependent type theory can beenhanced with support for reasoning about effectful code. Thesespecification-level monads computing weakest preconditions, and theirclosely related counterparts, Hoare monads, provide the basis on whichverification tools like F*, Hoare Type Theory (HTT), and Ynot arebuilt. In this paper we show that Dijkstra monads can be derived "forfree" by applying a continuation-passing style (CPS) translation tothe standard monadic definitions of the underlying computational effects.Automatically deriving Dijkstra monads provides acorrect-by-construction and efficient way of reasoning aboutuser-defined effects in dependent type theories. We demonstrate theseideas in EMF*, a new dependently typed calculus, validating it both byformal proof and via a prototype implementation within F*. Besidesequipping F* with a more uniform and extensible effect system, EMF*enables within F* a mixture of intrinsic and extrinsic proofs that waspreviously impossible

Verifying Programs with Logic and Extended Proof Rules: Deep Embedding v.s. Shallow Embedding

Many foundational program verification tools have been developed to build machine-checked program correctness proofs, a majority of which are based on Hoare logic. Their program logics, their assertion languages, and their underlying programming languages can be formalized by either a shallow embedding or a deep embedding. Tools like Iris and early versions of Verified Software Toolchain (VST) choose different shallow embeddings to formalize their program logics. But the pros and cons of these different embeddings were not yet well studied. Therefore, we want to study the impact of the program logic's embedding on logic's proof rules in this paper. This paper considers a set of useful extended proof rules, and four different logic embeddings: one deep embedding and three common shallow embeddings. We prove the validity of these extended rules under these embeddings and discuss their main challenges. Furthermore, we propose a method to lift existing shallowly embedded logics to deeply embedded ones to greatly simplify proofs of extended rules in specific proof systems. We evaluate our results on two existing verification tools. We lift the originally shallowly embedded VST to our deeply embedded VST to support extended rules, and we implement Iris-CF and deeply embedded Iris-Imp based on the Iris framework to evaluate our theory in real verification projects

Programming Languages and Systems

This open access book constitutes the proceedings of the 30th European Symposium on Programming, ESOP 2021, which was held during March 27 until April 1, 2021, as part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2021. The conference was planned to take place in Luxembourg and changed to an online format due to the COVID-19 pandemic. The 24 papers included in this volume were carefully reviewed and selected from 79 submissions. They deal with fundamental issues in the specification, design, analysis, and implementation of programming languages and systems