96 research outputs found
Healthiness from Duality
Healthiness is a good old question in program logics that dates back to
Dijkstra. It asks for an intrinsic characterization of those predicate
transformers which arise as the (backward) interpretation of a certain class of
programs. There are several results known for healthiness conditions: for
deterministic programs, nondeterministic ones, probabilistic ones, etc.
Building upon our previous works on so-called state-and-effect triangles, we
contribute a unified categorical framework for investigating healthiness
conditions. We find the framework to be centered around a dual adjunction
induced by a dualizing object, together with our notion of relative
Eilenberg-Moore algebra playing fundamental roles too. The latter notion seems
interesting in its own right in the context of monads, Lawvere theories and
enriched categories.Comment: 13 pages, Extended version with appendices of a paper accepted to
LICS 201
Dijkstra monads for all
This paper proposes a general semantic framework for verifying programs with arbitrary monadic side-effects using Dijkstra monads, which we define as monad-like structures indexed by a specification monad. We prove that any monad morphism between a computational monad and a specification monad gives rise to a Dijkstra monad, which provides great flexibility for obtaining Dijkstra monads tailored to the verification task at hand. We moreover show that a large variety of specification monads can be obtained by applying monad transformers to various base specification monads, including predicate transformers and Hoare-style pre- and postconditions. For defining correct monad transformers, we propose a language inspired by Moggi's monadic metalanguage that is parameterized by a dependent type theory. We also develop a notion of algebraic operations for Dijkstra monads, and start to investigate two ways of also accommodating effect handlers. We implement our framework in both Coq and F*, and illustrate that it supports a wide variety of verification styles for effects such as exceptions, nondeterminism, state, input-output, and general recursion
Healthiness Conditions for Predicate Transformers
AbstractThe behavior of a program can be modeled by describing how it transforms input states to output states, the state transformer semantics. Alternatively, for verification purposes one is interested in a 'predicate transformer semantics' which, for every condition on the output, yields the weakest precondition on the input that guarantees the desired property for the output.In the presence of computational effects like nondeterministic or probabilistic choice, a computation will be modeled by a map t:X→TY, where T is an appropriate computational monad. The corresponding predicate transformer assigns predicates on Y to predicates on X. One looks for necessary and, if possible, sufficient conditions (healthiness conditions) on predicate transformers that correspond to state transformers t:X→TY.In this paper we propose a framework for establishing healthiness conditions for predicate transformers. As far as the author knows, it fits to almost all situations in which healthiness conditions for predicate transformers have been worked out. It may serve as a guideline for finding new results; but it also shows quite narrow limitations
A Categorical Framework for Program Semantics and Semantic Abstraction
Categorical semantics of type theories are often characterized as
structure-preserving functors. This is because in category theory both the
syntax and the domain of interpretation are uniformly treated as structured
categories, so that we can express interpretations as structure-preserving
functors between them. This mathematical characterization of semantics makes it
convenient to manipulate and to reason about relationships between
interpretations. Motivated by this success of functorial semantics, we address
the question of finding a functorial analogue in abstract interpretation, a
general framework for comparing semantics, so that we can bring similar
benefits of functorial semantics to semantic abstractions used in abstract
interpretation. Major differences concern the notion of interpretation that is
being considered. Indeed, conventional semantics are value-based whereas
abstract interpretation typically deals with more complex properties. In this
paper, we propose a functorial approach to abstract interpretation and study
associated fundamental concepts therein. In our approach, interpretations are
expressed as oplax functors in the category of posets, and abstraction
relations between interpretations are expressed as lax natural transformations
representing concretizations. We present examples of these formal concepts from
monadic semantics of programming languages and discuss soundness.Comment: MFPS 202
Monads with merging
Monoids are one of the simplest theories in which we can compose elements of a set. Similarly, monads have been used extensively to treat composition of effectful code and its denotational semantics. During the last forty years the theory of monoids has been extended with diverse merge-like operators. In this article, we replicate several of these extensions at the level of monads. Building on a well-known relation between monads and monoids, we introduce monads with additional structure that account for merging. We show how monads with merging generalise and relate to models for well-known algebraic theories for concurrency such as classic process algebras and the more recent concurrent monoids. With these results, we aim to facilitate the generalisation and comparison of different approaches to concurrency
Interaction Tree Specifications: A Framework for Specifying Recursive, Effectful Computations That Supports Auto-Active Verification
This paper presents a specification framework for monadic, recursive, interactive programs that supports auto-active verification, an approach that combines user-provided guidance with automatic verification techniques. This verification tool is designed to have the flexibility of a manual approach to verification along with the usability benefits of automatic approaches. We accomplish this by augmenting Interaction Trees, a Coq datastructure for representing effectful computations, with logical quantifier events. We show that this yields a language of specifications that are easy to understand, automatable, and are powerful enough to handle properties that involve non-termination. Our framework is implemented as a library in Coq. We demonstrate the effectiveness of this framework by verifying real, low-level code
Graded Hoare Logic and its Categorical Semantics
Deductive verification techniques based on program logics (i.e., the family of Floyd-Hoare logics) are a powerful approach for program reasoning. Recently, there has been a trend of increasing the expressive power of such logics by augmenting their rules with additional information to reason about program side-effects. For example, general program logics have been augmented with cost analyses, logics for probabilistic computations have been augmented with estimate measures, and logics for differential privacy with indistinguishability bounds. In this work, we unify these various approaches via the paradigm of grading,
adapted from the world of functional calculi and semantics. We propose Graded Hoare Logic (GHL), a parameterisable framework for augmenting program logics with a preordered monoidal analysis. We develop a
semantic framework for modelling GHL such that grading, logical assertions (pre- and post-conditions) and the underlying effectful semantics of an imperative language can be integrated together. Central to our
framework is the notion of a graded category which we extend here, introducing graded Freyd categories which provide a semantics that can interpret many examples of augmented program logics from the literature.
We leverage coherent fibrations to model the base assertion language, and thus the overall setting is also fibrational
- …