English

Proof Engineering with Predicate Transformer Semantics

Software Engineering 2022-08-18 v1 Logic in Computer Science

Abstract

We present a lightweight, open source Agda framework for manually verifying effectful programs using predicate transformer semantics. We represent the abstract syntax trees (AST) of effectful programs with a generalized algebraic datatype (GADT) AST, whose generality enables even complex operations to be primitive AST nodes. Users can then assign bespoke predicate transformers to such operations to aid the proof effort, for example by automatically decomposing proof obligations for branching code. Our framework codifies and generalizes a proof engineering methodology used by the authors to reason about a prototype implementation of LibraBFT, a Byzantine fault tolerant consensus protocol in which code executed by participants may have effects such as updating state and sending messages. Successful use of our framework in this context demonstrates its practical applicability.

Keywords

Cite

@article{arxiv.2208.08070,
  title  = {Proof Engineering with Predicate Transformer Semantics},
  author = {Christa Jenkins and Mark Moir and Harold Carr},
  journal= {arXiv preprint arXiv:2208.08070},
  year   = {2022}
}

Comments

15 pages excluding references

R2 v1 2026-06-25T01:45:24.308Z