Proof Engineering with Predicate Transformer Semantics
Christa Jenkins, Mark Moir, Harold Carr
TL;DR
This paper introduces an Agda-based framework that simplifies the verification of effectful programs through predicate transformer semantics, enabling flexible and practical proof engineering for complex effectful code.
Contribution
It provides a lightweight, open source tool that generalizes proof techniques for effectful programs, demonstrated on a Byzantine fault tolerant consensus protocol.
Findings
Framework effectively verifies effectful programs in Agda
Automates decomposition of proof obligations for branching code
Proven practical in verifying LibraBFT protocol
Abstract
We present a lightweight, open source Agda framework for manually verifying effectful programs using predicate transformer semantics. We represent the abstract syntax trees (AST) of effectful programs with a generalized algebraic datatype (GADT) AST, whose generality enables even complex operations to be primitive AST nodes. Users can then assign bespoke predicate transformers to such operations to aid the proof effort, for example by automatically decomposing proof obligations for branching code. Our framework codifies and generalizes a proof engineering methodology used by the authors to reason about a prototype implementation of LibraBFT, a Byzantine fault tolerant consensus protocol in which code executed by participants may have effects such as updating state and sending messages. Successful use of our framework in this context demonstrates its practical applicability.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsLogic, programming, and type systems · Formal Methods in Verification · Distributed systems and fault tolerance