Proof Engineering with Predicate Transformer Semantics

08/17/2022

∙

We present a lightweight, open source Agda framework for manually verifying effectful programs using predicate transformer semantics. We represent the abstract syntax trees (AST) of effectful programs with a generalized algebraic datatype (GADT) AST, whose generality enables even complex operations to be primitive AST nodes. Users can then assign bespoke predicate transformers to such operations to aid the proof effort, for example by automatically decomposing proof obligations for branching code. Our framework codifies and generalizes a proof engineering methodology used by the authors to reason about a prototype implementation of LibraBFT, a Byzantine fault tolerant consensus protocol in which code executed by participants may have effects such as updating state and sending messages. Successful use of our framework in this context demonstrates its practical applicability.

READ FULL TEXT

Proof Engineering with Predicate Transformer Semantics

An approach to translating Haskell programs to Agda and reasoning about them

SENATE: A Permissionless Byzantine Consensus Protocol in Wireless Networks

The Attack of the Clones against Proof-of-Authority

S-semantics – an example

Consensus-Free Spreadsheet Integration

Synthesizing Abstract Transformers

Looped Transformers as Programmable Computers

Proof Engineering with Predicate Transformer Semantics

Related Research

An approach to translating Haskell programs to Agda and reasoning about them

SENATE: A Permissionless Byzantine Consensus Protocol in Wireless Networks

The Attack of the Clones against Proof-of-Authority

S-semantics – an example

Consensus-Free Spreadsheet Integration

Synthesizing Abstract Transformers

Looped Transformers as Programmable Computers