research-article

Open Access

A predicate transformer semantics for effects (functional pearl)

Authors:
Wouter Swierstra

Utrecht University, Netherlands

Utrecht University, Netherlands
View Profile

,
Tim Baanen

Utrecht University, Netherlands

Utrecht University, Netherlands
View Profile

Proceedings of the ACM on Programming Languages Volume 3 Issue ICFPArticle No.: 103pp 1–26https://doi.org/10.1145/3341707

Published:26 July 2019Publication History

Related Artifact: Source code July 2019 software https://doi.org/10.5281/zenodo.3257707

Proceedings of the ACM on Programming Languages

Abstract

Reasoning about programs that use effects can be much harder than reasoning about their pure counterparts. This paper presents a predicate transformer semantics for a variety of effects, including exceptions, state, non-determinism, and general recursion. The predicate transformer semantics gives rise to a refinement relation that can be used to relate a program to its specification, or even calculate effectful programs that are correct by construction.

Supplemental Material

a103-swierstra.webm

webm

95.4 MB

Download

References

Danel Ahman, Cătălin Hriţcu, Kenji Maillard, Guido Martínez, Gordon Plotkin, Jonathan Protzenko, Aseem Rastogi, and Nikhil Swamy. 2017. Dijkstra Monads for Free. In Proceedings of the 44th ACM SIGPLAN Symposium on Principles of Programming Languages (POPL 2017). ACM, 515–529. Google ScholarDigital Library
João Alpuim and Wouter Swierstra. 2018. Embedding the refinement calculus in Coq. Science of Computer Programming 164 (2018), 37–48.Google ScholarCross Ref
Thorsten Altenkirch, Neil Ghani, Peter Hancock, Conor McBride, and Peter Morris. 2015. Indexed containers. Journal of Functional Programming 25 (2015).Google Scholar
Ralph-Johan Back and Joakim von Wright. 2012. Refinement calculus: a systematic introduction. Springer Graduate Texts in Computer Science. Google ScholarDigital Library
R. J. R. Back and J. von Wright. 1989. Refinement Concepts Formalized in Higher Order Logic. Formal Aspects of Computing 2 (1989).Google Scholar
Richard Bird. 2010. Pearls of Functional Algorithm Design. Cambridge University Press. Google ScholarDigital Library
Richard Bird and Oege de Moor. 1996. The algebra of programming. Prentice Hall. Google ScholarDigital Library
Sylvain Boulmé. 2007. Intuitionistic refinement calculus. In Typed Lambda Calculi and Applications. Springer, 54–69. Google ScholarDigital Library
Ana Bove and Venanzio Capretta. 2005. Modelling general recursion in type theory. Mathematical Structures in Computer Science 15, 4 (2005), 671–708. Google ScholarDigital Library
Ana Bove, Alexander Krauss, and Matthieu Sozeau. 2016. Partiality and recursion in interactive theorem provers – an overview. Mathematical Structures in Computer Science 26, 1 (2016), 38–88.Google ScholarCross Ref
Edwin Brady. 2013a. Idris, a general-purpose dependently typed programming language: Design and implementation. Journal of Functional Programming 23, 5 (2013), 552–593.Google ScholarCross Ref
Edwin Brady. 2013b. Programming and Reasoning with Algebraic Effects and Dependent Types. In Proceedings of the 18th ACM SIGPLAN International Conference on Functional Programming (ICFP ’13). ACM, 133–144. Google ScholarDigital Library
M. J. Butler, J. Grundy, T. Långbacka, R. Ruksenas, and J. von Wright. 1997. The Refinement Calculator: Proof Support for Program Refinement. In Proc. Conf. Formal Methods Pacific’97, Springer Series in Discrete Mathematics and Theoretical Computer Science, L. Groves and S. Reeves (Eds.). 40–61.Google Scholar
Venanzio Capretta. 2005. General Recursion via Coinductive Types. Logical Methods in Computer Science 1, 2 (2005), 1–28.Google ScholarCross Ref
Adam Chlipala, Benjamin Delaware, Samuel Duchovni, Jason Gross, Clément Pit-Claudel, Sorawit Suriyakarn, Peng Wang, and Katherine Ye. 2017. The end of history? Using a proof assistant to replace language design with library design. In 2nd Summit on Advances in Programming Languages (SNAPL 2017). Schloss Dagstuhl-Leibniz-Zentrum für Informatik.Google Scholar
The Coq Development Team. 2017. The Coq Proof Assistant Reference Manual, version 8.7. ADT Coq (Action for Technological Development). http://coq.inria.frGoogle Scholar
Edsger W. Dijkstra. 1975. Guarded commands, non-determinacy and formal. derivation of programs. Commun. ACM 18, 8 (1975), 453–457. Google ScholarDigital Library
Brijesh Dongol, Victor B.F. Gomes, and Georg Struth. 2015. A Program Construction and Verification Tool for Separation Logic. In Mathematics of Program Construction (LNCS), Vol. 9129. Springer, 137–158.Google Scholar
Jeremy Gibbons. 2013. Unifying Theories of Programming with Monads. In Unifying Theories of Programming, Burkhart Wolff, Marie-Claude Gaudel, and Abderrahmane Feliachi (Eds.). Springer, 23–67.Google Scholar
Jeremy Gibbons and Ralf Hinze. 2011. Just Do It: Simple Monadic Equational Reasoning. In Proceedings of the 16th ACM SIGPLAN International Conference on Functional Programming (ICFP ’11). ACM, 2–14. Google ScholarDigital Library
Peter Hancock and Anton Setzer. 2000a. Interactive Programs in Dependent Type Theory. In Computer Science Logic: 14th InternationalWorkshop, CSL 2000 Annual Conference of the EACSL Fischbachau, Germany, August 21 – 26, 2000 Proceedings, Peter G. Clote and Helmut Schwichtenberg (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 317–331. Google ScholarDigital Library
Peter Hancock and Anton Setzer. 2000b. Specifying interactions with dependent types. In Workshop on Subtyping and Dependent Types in Programming. INRIA, Ponte de Lima, Portugal, Article 5, 13 pages.Google Scholar
Graham Hutton and Diana Fulger. 2008. Reasoning about effects: Seeing the wood through the trees. (2008).Google Scholar
Martin Hyland, Gordon Plotkin, and John Power. 2006. Combining effects: Sum and tensor. Theoretical Computer Science 357, 1-3 (2006), 70–99. Google ScholarDigital Library
Shin-ya Katsumata and Tetsuya Sato. 2013. Preorders on monads and coalgebraic simulations. In International Conference on Foundations of Software Science and Computational Structures. Springer, 145–160. Google ScholarDigital Library
Oleg Kiselyov and Hiromi Ishii. 2015. Freer Monads, More Extensible Effects. In Proceedings of the 2015 ACM SIGPLAN Symposium on Haskell (Haskell ’15). ACM, 94–105. Google ScholarDigital Library
Sheng Liang, Paul Hudak, and Mark Jones. 1995. Monad transformers and modular interpreters. In Conference record of the 22nd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. ACM, 333–343. Google ScholarDigital Library
Kenji Maillard, Danel Ahman, Robert Atkey, Guido Martinez, Catalin Hritcu, Exequiel Rivas, and Éric Tanter. 2019. Dijkstra Monads for All. (2019). arXiv: cs.PL/1903.01237Google Scholar
Conor McBride. 2015. Turing-completeness totally free. In International Conference on Mathematics of Program Construction. Springer, 257–275.Google ScholarCross Ref
Carroll Morgan. 1994. Programming from specifications. Prentice Hall,. Google ScholarDigital Library
Aleksandar Nanevski and Greg Morrisett. 2005. Dependent Type Theory of Stateful Higher-Order Functions. Technical Report TR-24-05. Harvard University.Google Scholar
Aleksandar Nanevski, Greg Morrisett, and Lars Birkedal. 2006. Polymorphism and Separation in Hoare Type Theory. In Proceedings of the Eleventh ACM SIGPLAN International Conference on Functional Programming (ICFP ’06). ACM, 62–73. Google ScholarDigital Library
Aleksandar Nanevski, Greg Morrisett, Avraham Shinnar, Paul Govereau, and Lars Birkedal. 2008. Ynot: Dependent Types for Imperative Programs. In Proceedings of the 13th ACM SIGPLAN International Conference on Functional Programming (ICFP ’08). ACM, 229–240. Google ScholarDigital Library
Ulf Norell. 2007. Towards a practical programming language based on dependent type theory. Ph.D. Dissertation. Chalmers University of Technology.Google Scholar
Gordon Plotkin and John Power. 2002. Notions of computation determine monads. In International Conference on Foundations of Software Science and Computation Structures. Springer, 342–356. Google ScholarDigital Library
Gordon Plotkin and John Power. 2003. Algebraic operations and generic effects. Applied categorical structures 11, 1 (2003), 69–94.Google Scholar
Matija Pretnar. 2010. Logic and handling of algebraic effects. Ph.D. Dissertation. The University of Edinburgh.Google Scholar
Nikhil Swamy, Juan Chen, Cédric Fournet, Pierre-Yves Strub, Karthikeyan Bhargavan, and Jean Yang. 2011. Secure distributed programming with value-dependent types. In Proceeding of the 16th ACM SIGPLAN International Conference on Functional Programming, Manuel M. T. Chakravarty, Zhenjiang Hu, and Olivier Danvy (Eds.). ACM, 266–278. Google ScholarDigital Library
Nikhil Swamy, Cătălin Hriţcu, Chantal Keller, Aseem Rastogi, Antoine Delignat-Lavaud, Simon Forest, Karthikeyan Bhargavan, Cédric Fournet, Pierre-Yves Strub, Markulf Kohlweiss, Jean-Karim Zinzindohoue, and Santiago ZanellaBéguelin. 2016. Dependent Types and Multi-monadic Effects in F*. In Proceedings of the 43rd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL ’16). ACM, New York, NY, USA, 256–270. Google ScholarDigital Library
Nikhil Swamy, Joel Weinberger, Cole Schlesinger, Juan Chen, and Benjamin Livshits. 2013. Verifying Higher-order Programs with the Dijkstra Monad. In Proceedings of the 34th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI ’13). ACM, 387–398. Google ScholarDigital Library
Wouter Swierstra. 2008. Data types à la carte. Journal of Functional Programming 18, 4 (2008), 423–436. Google ScholarDigital Library
Wouter Swierstra. 2009a. A functional specification of effects. Ph.D. Dissertation. University of Nottingham.Google Scholar
Wouter Swierstra. 2009b. A Hoare Logic for the State Monad. In Theorem Proving in Higher Order Logics, Stefan Berghofer, Tobias Nipkow, Christian Urban, and Makarius Wenzel (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 440–451. Google ScholarDigital Library
Wouter Swierstra and João Alpuim. 2016. From Proposition to Program - Embedding the Refinement Calculus in Coq. In Functional and Logic Programming - 13th International Symposium, FLOPS 2016, Kochi, Japan, March 4-6, 2016, Proceedings (LNCS), Vol. 9613. Springer, 29–44.Google Scholar
Wouter Swierstra and Thorsten Altenkirch. 2007. Beauty in the Beast: a functional semantics for the awkward squad. In Proceedings of the ACM SIGPLAN Workshop on Haskell Workshop (Haskell ’07). ACM, 25–36. Google ScholarDigital Library
Janis Voigtländer. 2008. Asymptotic Improvement of Computations over Free Monads. In Mathematics of Program Construction, Philippe Audebaud and Christine Paulin-Mohring (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 388–403. Google ScholarDigital Library
Philip Wadler. 1987. A critique of Abelson and Sussman or why calculating is better than scheming. ACM SIGPLAN Notices 22, 3 (1987), 83–94. Google ScholarDigital Library
Nicolas Wu, Tom Schrijvers, and Ralf Hinze. 2014. Effect Handlers in Scope. In Proceedings of the 2014 ACM SIGPLAN Symposium on Haskell (Haskell ’14). ACM, 1–12. Google ScholarDigital Library

Index Terms

A predicate transformer semantics for effects (functional pearl)
1. Software and its engineering
  1. Software notations and tools
    1. General programming languages
      1. Language types
        Functional languages
2. Theory of computation
  1. Logic
  2. Semantics and reasoning
    1. Program reasoning
      1. Program specifications
    2. Program semantics

Recommendations

Relating direct and predicate transformer partial correctness semantics for an imperative probabilistic-nondeterministic language

In Keimel et al. (2009) [5] we have systematically derived a predicate transformer semantics from a direct semantics in total correctness style for a nondeterministic/probabilistic basic imperative programming language L"p. In the current paper we ...
Read More
Probabilistic predicate transformers

Probabilistic predicates generalize standard predicates over a state space; with probabilistic predicate transformers one thus reasons about imperative programs in terms of probabilistic pre- and postconditions. Probabilistic healthiness conditions ...
Read More
Effect Polymorphism in Higher-Order Logic (Proof Pearl)

The notion of a monad cannot be expressed within higher-order logic (HOL) due to type system restrictions. I show that if a monad is restricted to values of a fixed type, this notion can be formalised in HOL. Based on this idea, I develop a library of ...
Read More

Reviews

Reviewer: Jacques Carette

Proving properties of imperative programs with side effects is quite arduous. Purely functional code, on the other hand, has a relatively pleasant equational theory that enables reasonable proofs. Is it possible to use modern machinery to make proofs about effectful programs easier The work here illustrates such a path forward. As befits the pearl style, it walks the reader slowly and steadily through the ideas, with plenty of illustrative examples along the way. Complex ideas-the "predicate transformer semantics for effects" of the title, as well as a similar semantics for specifications and a way to mix them-are made quite clear. For the expert, various concepts from category theory that underlie the semantics are sprinkled throughout. The ideas are made clear by explicitly showing Agda code (a dependently typed programming language in the Haskell family), along with explanations of each new idea. Full code can also be found online. As system programming languages (such as Rust) give us more features for ensuring safety, we also need to keep looking ahead to the next level of features. Anyone who wants a clear preview of the bright future such investigations have should read this paper.

Access critical reviews of Computing literature here

Become a reviewer for Computing Reviews.

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in

Proceedings of the ACM on Programming Languages Volume 3, Issue ICFP
August 2019
1054 pages
EISSN:2475-1421
DOI:10.1145/3352468
Issue’s Table of Contents

Copyright © 2019 Owner/Author
This work is licensed under a Creative Commons Attribution International 4.0 License.
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 26 July 2019
Published in pacmpl Volume 3, Issue ICFP

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Badges
- Artifacts Available
- Artifacts Evaluated & Functional
Author Tags
Agda
effects
free monads
predicate transformers
program calculation
programming with dependent types
refinement
weakest precondition semantics
Qualifiers
- research-article
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 11
  Total Citations
  View Citations
- 1,274
  Total Downloads
- Downloads (Last 12 months)216
- Downloads (Last 6 weeks)23
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.