8 research outputs found
Interaction Trees: Representing Recursive and Impure Programs in Coq
"Interaction trees" (ITrees) are a general-purpose data structure for
representing the behaviors of recursive programs that interact with their
environments. A coinductive variant of "free monads," ITrees are built out of
uninterpreted events and their continuations. They support compositional
construction of interpreters from "event handlers", which give meaning to
events by defining their semantics as monadic actions. ITrees are expressive
enough to represent impure and potentially nonterminating, mutually recursive
computations, while admitting a rich equational theory of equivalence up to
weak bisimulation. In contrast to other approaches such as relationally
specified operational semantics, ITrees are executable via code extraction,
making them suitable for debugging, testing, and implementing software
artifacts that are amenable to formal verification.
We have implemented ITrees and their associated theory as a Coq library,
mechanizing classic domain- and category-theoretic results about program
semantics, iteration, monadic structures, and equational reasoning. Although
the internals of the library rely heavily on coinductive proofs, the interface
hides these details so that clients can use and reason about ITrees without
explicit use of Coq's coinduction tactics.
To showcase the utility of our theory, we prove the termination-sensitive
correctness of a compiler from a simple imperative source language to an
assembly-like target whose meanings are given in an ITree-based denotational
semantics. Unlike previous results using operational techniques, our
bisimulation proof follows straightforwardly by structural induction and
elementary rewriting via an equational theory of combinators for control-flow
graphs.Comment: 28 pages, 4 pages references, published at POPL 202
Executable Denotational Semantics With Interaction Trees
Interaction trees are a representation of effectful and reactive systemsdesigned to be implemented in a proof assistant such as Coq. They are equipped with a rich algebra of combinators to construct recursive and effectful computations and to reason about them equationally. Interaction trees are also an executable structure, notably via extraction, which enables testing and directly developing executable programs in Coq. To demonstrate the usefulness of interaction trees, two applications are presented. First, I develop a novel approach to verify a compiler from a simple imperative language to assembly, by proving a semantic preservation theorem which is termination-sensitive, using an equational proof. Second, I present a framework of concurrent objects, inheriting the modularity, compositionality, and executability of interaction trees. Leveraging that framework, I formally prove the correctness of a transactionally predicated map, using a novel approach to reason about objects combining the notions of linearizability and strict serializability, two well-known correctness conditions for concurrent objects
Mechanized Reasoning About how Using Functional Programs And Embeddings
Embedding describes the process of encoding a program\u27s syntax and/or semantics in another language---typically a theorem prover in the context of mechanized reasoning. Among different embedding styles, deep embeddings are generally preferred as they enable the most faithful modeling of the original language. However, deep embeddings are also the most complex, and working with them requires additional effort. In light of that, this dissertation aims to draw more attention to alternative styles, namely shallow and mixed embeddings, by studying their use in mechanized reasoning about programs\u27 properties that are related to how . More specifically, I present a simple shallow embedding for reasoning about computation costs of lazy programs, and a class of mixed embeddings that are useful for reasoning about properties of general computation patterns in effectful programs. I show the usefulness of these embedding styles with examples based on real-world applications
Safety and Reliability - Safe Societies in a Changing World
The contributions cover a wide range of methodologies and application areas for safety and reliability that contribute to safe societies in a changing world. These methodologies and applications include: - foundations of risk and reliability assessment and management
- mathematical methods in reliability and safety
- risk assessment
- risk management
- system reliability
- uncertainty analysis
- digitalization and big data
- prognostics and system health management
- occupational safety
- accident and incident modeling
- maintenance modeling and applications
- simulation for safety and reliability analysis
- dynamic risk and barrier management
- organizational factors and safety culture
- human factors and human reliability
- resilience engineering
- structural reliability
- natural hazards
- security
- economic analysis in risk managemen
Mechanising an algebraic rely-guarantee refinement calculus
PhD ThesisDespite rely-guarantee (RG) being a well-studied program logic established in the 1980s, it
was not until recently that researchers realised that rely and guarantee conditions could be
treated as independent programming constructs. This recent reformulation of RG paved the
way to algebraic characterisations which have helped to better understand the difficulties that
arise in the practical application of this development approach.
The primary focus of this thesis is to provide automated tool support for a rely-guarantee
refinement calculus proposed by Hayes et. al., where rely and guarantee are defined as
independent commands. Our motivation is to investigate the application of an algebraic
approach to derive concrete examples using this calculus. In the course of this thesis, we
locate and fix a few issues involving the refinement language, its operational semantics and
preexisting proofs. Moreover, we extend the refinement calculus of Hayes et. al. to cover
indexed parallel composition, non-atomic evaluation of expressions within specifications,
and assignment to indexed arrays. These extensions are illustrated via concrete examples.
Special attention is given to design decisions that simplify the application of the mechanised
theory. For example, we leave part of the design of the expression language on the
hands of the user, at the cost of the requiring the user to define the notion of undefinedness
for unary and binary operators; and we also formalise a notion of indexed parallelism that is
parametric on the type of the indexes, this is done deliberately to simplify the formalisation of
algorithms. Additionally, we use stratification to reduce the number of cases in in simulation
proofs involving the operational semantics. Finally, we also use the algebra to discuss the
role of types in program derivation