skip to main content
research-article
Open Access
Artifacts Available
Artifacts Evaluated & Reusable

The next 700 relational program logics

Published:20 December 2019Publication History
Skip Abstract Section

Abstract

We propose the first framework for defining relational program logics for arbitrary monadic effects. The framework is embedded within a relational dependent type theory and is highly expressive. At the semantic level, we provide an algebraic presentation of relational specifications as a class of relative monads, and link computations and specifications by introducing relational effect observations, which map pairs of monadic computations to relational specifications in a way that respects the algebraic structure. For an arbitrary relational effect observation, we generically define the core of a sound relational program logic, and explain how to complete it to a full-fledged logic for the monadic effect at hand. We show that this generic framework can be used to define relational program logics for effects as diverse as state, input-output, nondeterminism, and discrete probabilities. We, moreover, show that by instantiating our framework with state and unbounded iteration we can embed a variant of Benton's Relational Hoare Logic, and also sketch how to reconstruct Relational Hoare Type Theory. Finally, we identify and overcome conceptual challenges that prevented previous relational program logics from properly dealing with control effects, and are the first to provide a relational program logic for exceptions.

Skip Supplemental Material Section

Supplemental Material

a4-maillard.webm

References

  1. C. Abate, R. Blanco, D. Garg, C. Hriţcu, M. Patrignani, and J. Thibault. Journey beyond full abstraction: Exploring robust property preservation for secure compilation . CSF , 2019. To Appear.Google ScholarGoogle ScholarCross RefCross Ref
  2. A. Aguirre, G. Barthe, M. Gaboardi, D. Garg, and P.-Y. Strub. A relational logic for higher-order programs . ICFP, 2017.Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. D. Ahman, C. Hriţcu, K. Maillard, G. Martínez, G. Plotkin, J. Protzenko, A. Rastogi, and N. Swamy. Dijkstra monads for free . POPL . 2017. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. A. Ahmed, D. Dreyer, and A. Rossberg. State-dependent representation independence . POPL. 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. T. Altenkirch, J. Chapman, and T. Uustalu. Monads need not be endofunctors . LMCS, 11(1), 2015. Google ScholarGoogle ScholarCross RefCross Ref
  6. T. Antonopoulos, P. Gazzillo, M. Hicks, E. Koskinen, T. Terauchi, and S. Wei. Decomposition instead of self-composition for proving the absence of timing channels . PLDI . 2017. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. P. Audebaud and C. Paulin-Mohring. Proofs of randomized algorithms in coq. In T. Uustalu, editor, Mathematics of Program Construction . 2006.Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. A. Banerjee, D. A. Naumann, and M. Nikouei. Relational logic with framing and hypotheses . FSTTCS. 2016. Google ScholarGoogle ScholarCross RefCross Ref
  9. G. Barthe, B. Grégoire, and S. Zanella-Béguelin. Formal certification of code-based cryptographic proofs . POPL, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. G. Barthe, P. R. D’Argenio, and T. Rezk. Secure information flow by self-composition . MSCS, 21(6):1207–1252, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. G. Barthe, F. Dupressoir, B. Grégoire, C. Kunz, B. Schmidt, and P. Strub. EasyCrypt: A tutorial . In A. Aldini, J. Lopez, and F. Martinelli, editors, Foundations of Security Analysis and Design VII - FOSAD 2012/2013 Tutorial Lectures. 2013a. Google ScholarGoogle ScholarCross RefCross Ref
  12. G. Barthe, B. Köpf, F. Olmedo, and S. Zanella-Béguelin. Probabilistic relational reasoning for differential privacy . TOPLAS, 35(3):9:1–9:49, 2013b. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. G. Barthe, C. Fournet, B. Grégoire, P. Strub, N. Swamy, and S. Zanella-Béguelin. Probabilistic relational verification for cryptographic implementations . POPL. 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. G. Barthe, T. Espitau, B. Grégoire, J. Hsu, L. Stefanesco, and P. Strub. Relational reasoning via probabilistic coupling . In Logic for Programming, Artificial Intelligence, and Reasoning - 20th International Conference, LPAR-20 2015, Suva, Fiji, November 24-28, 2015, Proceedings , 2015a. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. G. Barthe, M. Gaboardi, E. J. G. Arias, J. Hsu, A. Roth, and P. Strub. Higher-order approximate relational refinement types for mechanism design and differential privacy . POPL. 2015b. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. G. Barthe, J. M. Crespo, and C. Kunz. Product programs and relational program logics . JLAMP, 85(5):847–859, 2016. Google ScholarGoogle ScholarCross RefCross Ref
  17. G. Barthe, B. Grégoire, J. Hsu, and P. Strub. Coupling proofs are probabilistic product programs . POPL. 2017.Google ScholarGoogle Scholar
  18. G. Barthe, R. Eilers, P. Georgiou, B. Gleiss, L. Kovács, and M. Maffei. Verifying relational properties using trace logic . Draft, 2019.Google ScholarGoogle ScholarCross RefCross Ref
  19. D. A. Basin, A. Lochbihler, and S. R. Sefidgar. CryptHOL: Game-based proofs in higher-order logic . IACR Cryptology ePrint Archive , 2017:753, 2017.Google ScholarGoogle Scholar
  20. N. Benton. Simple relational correctness proofs for static analyses and program transformations . POPL. 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. N. Benton, J. Hughes, and E. Moggi. Monads and effects . APPSEM. 2000. Google ScholarGoogle ScholarCross RefCross Ref
  22. N. Benton, A. Kennedy, L. Beringer, and M. Hofmann. Relational semantics for effect-based program transformations: higher-order store . POPL. 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. N. Benton, M. Hofmann, and V. Nigam. Proof-relevant logical relations for name generation . TLCA. 2013. Google ScholarGoogle ScholarCross RefCross Ref
  24. N. Benton, M. Hofmann, and V. Nigam. Abstract effects and proof-relevant logical relations . POPL. 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. N. Benton, A. Kennedy, M. Hofmann, and V. Nigam. Counting successes: Effects and transformations for non-deterministic programs . In S. Lindley, C. McBride, P. W. Trinder, and D. Sannella, editors, A List of Successes That Can Change the World - Essays Dedicated to Philip Wadler on the Occasion of His 60th Birthday . 2016. Google ScholarGoogle ScholarCross RefCross Ref
  26. C. Berger, P.-A. Melliès, and M. Weber. Monads with arities and their associated theories . Journal of Pure and Applied Algebra , 216(8-9):2029–2048, 2012. New introduction; Section 1 shortened and redispatched with Section 2; Subsections on symmetric operads (3.14) and symmetric simplicial sets (4.17) added; Bibliography completed.Google ScholarGoogle ScholarCross RefCross Ref
  27. B. Blanchet, M. Abadi, and C. Fournet. Automated verification of selected equivalences for security protocols . J. Log. Algebr. Program. , 75(1):3–51, 2008. Google ScholarGoogle ScholarCross RefCross Ref
  28. S. Boulier, P. Pédrot, and N. Tabareau. The next 700 syntactical models of type theory . CPP, 2017. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. N. Bowler, S. Goncharov, P. B. Levy, and L. Schröder. Exploring the boundaries of monad tensorability on set . Logical Methods in Computer Science , 9(3), 2013. Google ScholarGoogle ScholarCross RefCross Ref
  30. M. Carbin, D. Kim, S. Misailovic, and M. C. Rinard. Proving acceptability properties of relaxed nondeterministic approximate programs . PLDI . 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. C. Casinghino, V. Sjöberg, and S. Weirich. Combining proofs and programs in a dependently typed language . In The 41st Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL ’14, San Diego, CA, USA, January 20-21, 2014 , 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. R. Chadha, V. Cheval, Ştefan Ciobâcă, and S. Kremer. Automated verification of equivalence properties of cryptographic protocols . ACM Trans. Comput. Log., 17(4):23:1–23:32, 2016.Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. E. Çiçek, G. Barthe, M. Gaboardi, D. Garg, and J. Hoffmann. Relational cost analysis . POPL, 2017.Google ScholarGoogle Scholar
  34. M. R. Clarkson and F. B. Schneider. Hyperproperties . J. Comput. Secur., 18(6):1157–1210, 2010.Google ScholarGoogle ScholarCross RefCross Ref
  35. U. Dal Lago, F. Gavazzo, and P. B. Levy. Effectful applicative bisimilarity: Monads, relators, and Howe’s method . LICS. 2017. Google ScholarGoogle ScholarCross RefCross Ref
  36. G. A. Delbianco and A. Nanevski. Hoare-style reasoning with (algebraic) continuations . ICFP. 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. D. Dreyer, G. Neis, A. Rossberg, and L. Birkedal. A relational modal logic for higher-order stateful ADTs . POPL. 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. D. Dreyer, A. Ahmed, and L. Birkedal. Logical step-indexed logical relations . Logical Methods in Computer Science, 7(2), 2011. Google ScholarGoogle ScholarCross RefCross Ref
  39. D. Dreyer, G. Neis, and L. Birkedal. The impact of higher-order state and control effects on local relational reasoning . J. Funct. Program. , 22(4-5):477–528, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. M. Eilers, P. Müller, and S. Hitz. Modular product programs . In A. Ahmed, editor, Programming Languages and Systems -27th European Symposium on Programming, ESOP 2018, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2018, Thessaloniki, Greece, April 14-20, 2018, Proceedings . 2018. Google ScholarGoogle ScholarCross RefCross Ref
  41. F. Faissole and B. Spitters. Synthetic topology in homotopy type theory for probabilistic programming . PPS 2017 - Workshop on probabilistic programming semantics, 2017. Poster.Google ScholarGoogle Scholar
  42. A. Farzan and A. Vandikas. Automated hypersafety verification . In I. Dillig and S. Tasiran, editors, Computer Aided Verification - 31st International Conference, CAV 2019, New York City, NY, USA, July 15-18, 2019, Proceedings, Part I . 2019. Google ScholarGoogle ScholarCross RefCross Ref
  43. C. Führmann. Varieties of effects . FOSSACS, 2002. Google ScholarGoogle ScholarCross RefCross Ref
  44. M. Gaboardi, A. Haeberlen, J. Hsu, A. Narayan, and B. C. Pierce. Linear dependent types for differential privacy . POPL. 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. F. Gavazzo. Quantitative behavioural reasoning for higher-order effectful programs: Applicative distances . LICS. 2018. Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. T. Girka, D. Mentré, and Y. Régis-Gianas. A mechanically checked generation of correlating programs directed by structured syntactic differences . In Automated Technology for Verification and Analysis - 13th International Symposium, ATVA 2015, Shanghai, China, October 12-15, 2015, Proceedings , 2015. Google ScholarGoogle ScholarCross RefCross Ref
  47. T. Girka, D. Mentré, and Y. Régis-Gianas. Verifiable semantic difference languages . In Proceedings of the 19th International Symposium on Principles and Practice of Declarative Programming, Namur, Belgium, October 09 - 11, 2017 , 2017. Google ScholarGoogle ScholarDigital LibraryDigital Library
  48. M. Giry. A categorical approach to probability theory . Categorical Aspects of Topology and Analysis. 1982.Google ScholarGoogle Scholar
  49. B. Godlin and O. Strichman. Inference rules for proving the equivalence of recursive procedures . In Z. Manna and D. A. Peled, editors, Time for Verification, Essays in Memory of Amir Pnueli. 2010. Google ScholarGoogle ScholarCross RefCross Ref
  50. N. Grimm, K. Maillard, C. Fournet, C. Hriţcu, M. Maffei, J. Protzenko, T. Ramananandro, A. Rastogi, N. Swamy, and S. ZanellaBéguelin. A monadic framework for relational verification: Applied to information security, program equivalence, and optimizations . CPP, 2018.Google ScholarGoogle ScholarDigital LibraryDigital Library
  51. S. He, S. K. Lahiri, and Z. Rakamaric. Verifying relative safety, accuracy, and termination for program approximations . J. Autom. Reasoning , 60(1):23–42, 2018. Google ScholarGoogle ScholarDigital LibraryDigital Library
  52. C. Hur, D. Dreyer, G. Neis, and V. Vafeiadis. The marriage of bisimulations and kripke logical relations . POPL. 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  53. C. Hur, G. Neis, D. Dreyer, and V. Vafeiadis. A logical step forward in parametric bisimulations . Technical Report MPI-SWS-2014-003, 2014.Google ScholarGoogle Scholar
  54. B. Jacobs. Dijkstra and Hoare monads in monadic computation . Theor. Comput. Sci., 604:30–45, 2015. Google ScholarGoogle ScholarDigital LibraryDigital Library
  55. C. Kapulkin and P. L. Lumsdaine. Homotopical inverse diagrams in categories with attributes , 2018.Google ScholarGoogle Scholar
  56. S. Katsumata. Parametric effect monads and semantics of effect systems . POPL. 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  57. G. Kelly. Basic Concepts of Enriched Category Theory. Lecture note series / London mathematical society. Cambridge University Press, 1982.Google ScholarGoogle Scholar
  58. V. Koutavas and M. Wand. Small bisimulations for reasoning about higher-order imperative programs . POPL. 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  59. S. Kundu, Z. Tatlock, and S. Lerner. Proving optimizations correct using parameterized program equivalence . PLDI . 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  60. S. K. Lahiri, C. Hawblitzel, M. Kawaguchi, and H. Rebêlo. SYMDIFF: A language-agnostic semantic diff tool for imperative programs . CAV . 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  61. A. Lochbihler. Effect polymorphism in higher-order logic (proof pearl) . JAR, 2018.Google ScholarGoogle Scholar
  62. D. Lucanu and V. Rusu. Program equivalence by circular reasoning . Formal Asp. Comput., 27(4):701–726, 2015. Google ScholarGoogle ScholarCross RefCross Ref
  63. C. Lüth and N. Ghani. Composing monads using coproducts . ICFP. 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  64. K. Maillard, D. Ahman, R. Atkey, G. Martínez, C. Hriţcu, E. Rivas, and É. Tanter. Dijkstra monads for all . PACMPL, 3(ICFP): 104:1–104:29, 2019. Google ScholarGoogle ScholarDigital LibraryDigital Library
  65. J. C. Mitchell. Representation independence and data abstraction . In POPL. 1986. Google ScholarGoogle ScholarDigital LibraryDigital Library
  66. E. Moggi. Computational lambda-calculus and monads . LICS. 1989. Google ScholarGoogle ScholarCross RefCross Ref
  67. A. Nanevski, G. Morrisett, A. Shinnar, P. Govereau, and L. Birkedal. Ynot: dependent types for imperative programs . ICFP. 2008a. Google ScholarGoogle ScholarDigital LibraryDigital Library
  68. A. Nanevski, J. G. Morrisett, and L. Birkedal. Hoare type theory, polymorphism and separation . JFP, 18(5-6):865–911, 2008b.Google ScholarGoogle ScholarDigital LibraryDigital Library
  69. A. Nanevski, A. Banerjee, and D. Garg. Dependent type theory for verification of information flow and access control policies . ACM TOPLAS, 35(2):6, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  70. D. A. Naumann. From coupling relations to mated invariants for checking information flow . ESORICS. 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  71. P. Pédrot and N. Tabareau. Failure is not an option - an exceptional type theory . ESOP, 2018. Google ScholarGoogle ScholarCross RefCross Ref
  72. A. Petcher and G. Morrisett. The foundational cryptography framework . POST . 2015. Google ScholarGoogle ScholarDigital LibraryDigital Library
  73. G. D. Plotkin and J. Power. Notions of computation determine monads . FOSSACS, 2002. Google ScholarGoogle ScholarCross RefCross Ref
  74. G. D. Plotkin and M. Pretnar. Handlers of algebraic effects . ESOP. 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  75. W. Qu, M. Gaboardi, and D. Garg. Relational cost analysis for functional-imperative programs . To appear at ICFP, 2019.Google ScholarGoogle Scholar
  76. I. Radicek, G. Barthe, M. Gaboardi, D. Garg, and F. Zuleger. Monadic refinements for relational cost analysis . PACMPL, 2 (POPL):36:1–36:32, 2018. Google ScholarGoogle ScholarDigital LibraryDigital Library
  77. A. Sabelfeld and A. C. Myers. Language-based information-flow security . IEEE Journal on Selected Areas in Communications, 21(1):5–19, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  78. D. Sangiorgi, N. Kobayashi, and E. Sumii. Environmental bisimulations for higher-order languages . ACM Trans. Program. Lang. Syst. , 33(1):5:1–5:69, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  79. T. Sato, A. Aguirre, G. Barthe, M. Gaboardi, D. Garg, and J. Hsu. Formal verification of higher-order probabilistic programs: reasoning about approximation, convergence, bayesian inference, and optimization . PACMPL, 3(POPL):38:1–38:30, 2019. Google ScholarGoogle ScholarDigital LibraryDigital Library
  80. M. Shulman. Univalence for inverse diagrams and homotopy canonicity . Mathematical Structures in Computer Science, 25: 1203–1277, 2014. Google ScholarGoogle ScholarCross RefCross Ref
  81. M. Sousa and I. Dillig. Cartesian Hoare logic for verifying k-safety properties . PLDI . 2016. Google ScholarGoogle ScholarDigital LibraryDigital Library
  82. R. Street. The formal theory of monads . Journal of Pure and Applied Algebra, 2, 1972. Google ScholarGoogle ScholarCross RefCross Ref
  83. E. Sumii. A complete characterization of observational equivalence in polymorphic lambda-calculus with general references . CSL . 2009. Google ScholarGoogle ScholarCross RefCross Ref
  84. N. Swamy, J. Weinberger, C. Schlesinger, J. Chen, and B. Livshits. Verifying higher-order programs with the Dijkstra monad . PLDI , 2013.Google ScholarGoogle ScholarDigital LibraryDigital Library
  85. N. Swamy, C. Hriţcu, C. Keller, A. Rastogi, A. Delignat-Lavaud, S. Forest, K. Bhargavan, C. Fournet, P.-Y. Strub, M. Kohlweiss, J.-K. Zinzindohoué, and S. Zanella-Béguelin. Dependent types and multi-monadic effects in F* . POPL. 2016.Google ScholarGoogle Scholar
  86. T. Terauchi and A. Aiken. Secure information flow as a safety problem . SAS. 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  87. A. Timany and L. Birkedal. Mechanized relational verification of concurrent programs with continuations . To appear at ICFP, 2019.Google ScholarGoogle Scholar
  88. A. Timany, L. Stefanesco, M. Krogh-Jespersen, and L. Birkedal. A logical relation for monadic encapsulation of state: proving contextual equivalences in the presence of runST . PACMPL, 2(POPL):64:1–64:28, 2018. Google ScholarGoogle ScholarDigital LibraryDigital Library
  89. S. Tonelli. Investigations into a model of type theory based on the concept of basic pair . Master’s thesis, Stockholm University, 2013. supervisors Erik Palmgren and Giovanni Sambin.Google ScholarGoogle Scholar
  90. D. Unruh. Quantum relational Hoare logic . PACMPL, 3(POPL):33:1–33:31, 2019. Google ScholarGoogle ScholarDigital LibraryDigital Library
  91. Y. Wang, I. Dillig, S. K. Lahiri, and W. R. Cook. Verifying equivalence of database-driven applications . PACMPL, 2(POPL): 56:1–56:29, 2018. Google ScholarGoogle ScholarDigital LibraryDigital Library
  92. D. Winograd-Cort, A. Haeberlen, A. Roth, and B. C. Pierce. A framework for adaptive differential privacy . PACMPL, 1(ICFP): 10:1–10:29, 2017. Google ScholarGoogle ScholarDigital LibraryDigital Library
  93. H. Yang. Relational separation logic . Theor. Comput. Sci., 375(1-3):308–334, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  94. H. Yasuoka and T. Terauchi. Quantitative information flow as safety and liveness hyperproperties . Theor. Comput. Sci., 538: 167–182, 2014. Google ScholarGoogle ScholarCross RefCross Ref
  95. A. Zaks and A. Pnueli. CoVaC: Compiler validation by program analysis of the cross-product . FM. 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  96. N. Zeilberger. The Logical Basis of Evaluation Order and Pattern-Matching . PhD thesis, Carnegie Mellon University, 2009.Google ScholarGoogle Scholar
  97. D. Zhang and D. Kifer. LightDP: towards automating differential privacy proofs . POPL. 2017.Google ScholarGoogle Scholar
  98. H. Zhang, E. Roth, A. Haeberlen, B. C. Pierce, and A. Roth. Fuzzi: A three-level logic for differential privacy . CoRR, abs/1905.12594, 2019.Google ScholarGoogle Scholar

Index Terms

  1. The next 700 relational program logics

              Recommendations

              Comments

              Login options

              Check if you have access through your login credentials or your institution to get full access on this article.

              Sign in

              Full Access

              PDF Format

              View or Download as a PDF file.

              PDF

              eReader

              View online with eReader.

              eReader
              About Cookies On This Site

              We use cookies to ensure that we give you the best experience on our website.

              Learn more

              Got it!