Recalling a Witness: Foundations and Applications of Monotonic State

TL;DR

This paper introduces a monotonic-state monad for simplifying the verification of programs with monotonic state evolution, enabling concise proofs and scalable application to distributed systems.

Contribution

It presents a novel monotonic-state monad framework, proven sound, for modular reasoning about monotonic state in dependently typed languages like F*.

Findings

Soundness of the monotonic-state monad established

Libraries for monotonic references developed and used in distributed applications

Verification of multiple distributed systems demonstrated

Abstract

We provide a way to ease the verification of programs whose state evolves monotonically. The main idea is that a property witnessed in a prior state can be soundly recalled in the current state, provided (1) state evolves according to a given preorder, and (2) the property is preserved by this preorder. In many scenarios, such monotonic reasoning yields concise modular proofs, saving the need for explicit program invariants. We distill our approach into the monotonic-state monad, a general yet compact interface for Hoare-style reasoning about monotonic state in a dependently typed language. We prove the soundness of the monotonic-state monad and use it as a unified foundation for reasoning about monotonic state in the F* verification system. Based on this foundation, we build libraries for various mutable data structures like monotonic references and apply these libraries at scale to the verification of several distributed applications.