1,511 research outputs found
Healthiness from Duality
Healthiness is a good old question in program logics that dates back to
Dijkstra. It asks for an intrinsic characterization of those predicate
transformers which arise as the (backward) interpretation of a certain class of
programs. There are several results known for healthiness conditions: for
deterministic programs, nondeterministic ones, probabilistic ones, etc.
Building upon our previous works on so-called state-and-effect triangles, we
contribute a unified categorical framework for investigating healthiness
conditions. We find the framework to be centered around a dual adjunction
induced by a dualizing object, together with our notion of relative
Eilenberg-Moore algebra playing fundamental roles too. The latter notion seems
interesting in its own right in the context of monads, Lawvere theories and
enriched categories.Comment: 13 pages, Extended version with appendices of a paper accepted to
LICS 201
An expectation transformer approach to predicate abstraction and data independence for probabilistic programs
In this paper we revisit the well-known technique of predicate abstraction to
characterise performance attributes of system models incorporating probability.
We recast the theory using expectation transformers, and identify transformer
properties which correspond to abstractions that yield nevertheless exact bound
on the performance of infinite state probabilistic systems. In addition, we
extend the developed technique to the special case of "data independent"
programs incorporating probability. Finally, we demonstrate the subtleness of
the extended technique by using the PRISM model checking tool to analyse an
infinite state protocol, obtaining exact bounds on its performance
A Fixpoint Semantics of Event Systems with and without Fairness Assumptions
We present a fixpoint semantics of event systems. The semantics is presented
in a general framework without concerns of fairness. Soundness and completeness
of rules for deriving "leads-to" properties are proved in this general
framework. The general framework is instantiated to minimal progress and weak
fairness assumptions and similar results are obtained. We show the power of
these results by deriving sufficient conditions for "leads-to" under minimal
progress proving soundness of proof obligations without reasoning over
state-traces
A Recipe for State-and-Effect Triangles
In the semantics of programming languages one can view programs as state
transformers, or as predicate transformers. Recently the author has introduced
state-and-effect triangles which capture this situation categorically,
involving an adjunction between state- and predicate-transformers. The current
paper exploits a classical result in category theory, part of Jon Beck's
monadicity theorem, to systematically construct such a state-and-effect
triangle from an adjunction. The power of this construction is illustrated in
many examples, covering many monads occurring in program semantics, including
(probabilistic) power domains
Inferring Concise Specifications of APIs
Modern software relies on libraries and uses them via application programming
interfaces (APIs). Correct API usage as well as many software engineering tasks
are enabled when APIs have formal specifications. In this work, we analyze the
implementation of each method in an API to infer a formal postcondition.
Conventional wisdom is that, if one has preconditions, then one can use the
strongest postcondition predicate transformer (SP) to infer postconditions.
However, SP yields postconditions that are exponentially large, which makes
them difficult to use, either by humans or by tools. Our key idea is an
algorithm that converts such exponentially large specifications into a form
that is more concise and thus more usable. This is done by leveraging the
structure of the specifications that result from the use of SP. We applied our
technique to infer postconditions for over 2,300 methods in seven popular Java
libraries. Our technique was able to infer specifications for 75.7% of these
methods, each of which was verified using an Extended Static Checker. We also
found that 84.6% of resulting specifications were less than 1/4 page (20 lines)
in length. Our technique was able to reduce the length of SMT proofs needed for
verifying implementations by 76.7% and reduced prover execution time by 26.7%
Weakest Preconditions for Progress
Predicate transformers that map the postcondition and all intermediate conditions of a command to a precondition are introduced. They can be used to specify certain progress properties of sequential programs
A Weakest Pre-Expectation Semantics for Mixed-Sign Expectations
We present a weakest-precondition-style calculus for reasoning about the
expected values (pre-expectations) of \emph{mixed-sign unbounded} random
variables after execution of a probabilistic program. The semantics of a
while-loop is well-defined as the limit of iteratively applying a functional to
a zero-element just as in the traditional weakest pre-expectation calculus,
even though a standard least fixed point argument is not applicable in this
context. A striking feature of our semantics is that it is always well-defined,
even if the expected values do not exist. We show that the calculus is sound,
allows for compositional reasoning, and present an invariant-based approach for
reasoning about pre-expectations of loops
- …