Towards Weakest Precondition Calculus for Local Store Miriam Polzer - PowerPoint PPT Presentation

Towards Weakest Precondition Calculus for Local Store Miriam Polzer February 5, 2019

wp semantics via modality 1 τ : T ( T 1 ) → T 1 Ex ample (Powerset Monad P ) P 1 = 2 = {⊤ , ⊥} τ � : P 2 → 2 {} , {⊤} τ � {⊥} , {⊥ , ⊤} τ � �− → ⊤ �− → ⊥ Given postcondition φ : Y → 2 and program p : X → P ( Y ) p P φ τ � wp ( p , φ ) = ( X → P ( Y ) → P 2 → 2 ) − − − − returns ⊤ is φ is true for every possible result of p. 1 Hasuo, “Generic Weakest Precondition Semantics from Monads Enriched with Order”. 1 29

wp semantics via modality 1 τ : T ( T 1 ) → T 1 Example (Powerset Monad P ) P 1 = 2 = {⊤ , ⊥} τ � τ � τ � : P 2 → 2 {⊥ , ⊤} , {⊤} �− → ⊤ {} , {⊥} �− → ⊥ Given postcondition φ : Y → 2 and program p : X → P ( Y ) p P φ τ � wp ( p , φ ) = ( X → P ( Y ) → P 2 → 2 ) − − − − returns ⊤ is φ is true for some possible result of p. 1 Hasuo, “Generic Weakest Precondition Semantics from Monads Enriched with Order”. 1 29

modality for the state monad State Monad Let S be a set of states. Define T : Set → Set : TX = ( X × S ) S = S S T 1 ∼ T is not commutative. There are p , q ∈ S S and s ∈ S such that p ( q ( s )) � = q ( p ( s )) ⇒ Using T to obtain truth values does not seem feasible 2 29

wp for the state monad Reader Monad Define R ֒ → T : RX = X S Given (uncurried) postcondition φ : Y × S → 2 and program p : X × S → ( Y × S ) , define wp ( p , φ ) : X × S → 2 p φ X × S → Y × S → 2 − − 3 29

wp for the state monad Reader Monad Define R ֒ → T : RX = X S ρ T R υ pr S ρ X = (( X × S ) S → X S ) 1 υ = ( R ֒ → T ) − − T ρ µ τ = ( TR 2 → TT 2 → T 2 → R 2 ) υ − − − Yoneda: Set ( TR 2 , R 2 ) ∼ = Nat ( Set ( − , R 2 ) , Set ( T − , R 2 )) 4 29

T -algebras Theorem τ : T Ω → Ω is a T-algebra if and only if for the corresponding wp operator wp ( g ∗ ◦ f , φ ) = wp ( f , wp ( g , φ )) wp ( η ( x ) , φ ) = φ Verify this for τ : TR 2 → R 2 from before. Theorem ρ τ : TRX → RX is T-algebra if there are maps T R such υ that 1. ρ ◦ υ = id 2. ρ is a monad morphism 5 29

The category of heap layouts W L = { l 1 , l 2 , l 3 , . . . } is a set of locations objects of W are finite heap layouts w ⊆ fin L W ( w , w ′ ) are injections ρ : w → w ′ We will use [ W , Set ] , the (covariant) presheaf category Example (Location Presheaf) W : W → Set W ( w ) = w W ( ρ ) = ρ 6 29

The contravariant store presheaf Let V be a set of values. We construct a store presheaf. Unfortunately, that is not covariant. H : W op → Set Hw = V w v 1 l 3 v 2 v 2 l 2 l 2 v 3 v 1 l 1 l 1 H ρ ρ V w w V w ′ w ′ ⇒ Introduce some more structure and switch categories. 7 29

Independence structures 1 Definition (Independent Coproduct) W is a strict monoidal category. ⊕ : W × W → W w 1 ⊕ w 2 = w 1 ∪ { l i + max ( w 1 ) | l i ∈ w 2 } l 4 l 3 l 2 l 2 l 2 l 1 l 1 l 1 ι ⊕ ι ⊕ w 1 1 2 w 2 w 8 29

Independence structures 2 Definition (Complement) Let ρ : w → w ′ , define w ′ ⊖ ρ = w ′ \ img ( ρ ) and ρ ∁ = ( w ′ ⊖ ρ ֒ → w ′ ) l 3 l 2 l 2 l 1 l 1 l 2 ρ ρ ∁ w ′ ⊖ ρ w w ′ 9 29

moving to the category of initializations E Definition (Category E ) objects are finite heap layouts w ⊆ fin L ( | W | = | E | ) E ( w , w ′ ) = { ( ρ, η ) | ρ : w → w ′ , η ∈ V w ′ ⊖ ρ } There is a forgetful functor U : E → W . Denote ǫ ∈ E ( w , w ′ ) and U ǫ ∈ W ( w , w ′ ) , η ǫ ∈ V w ′ ⊖ U ǫ Hw = V w H : E → Set [ η, s ] ( H ( ρ, η ))( s ∈ V w ) = ( w ′ ∼ = ( w ′ ⊖ ρ ) ⊕ w − − → V ) 10 29

Relating H and H Extending and then reducing s ∈ V w ( ρ, η ) ∈ E ( w , w ′ ) s H ρ H ( ρ, η ) s s ′ H ρ ∁ η v 2 v 3 v 2 v 3 v 1 v 1 H ρ H ( ρ ∁ ) s s ′ η 11 29

Relating H and H Reducing and then extending s ′ ∈ V w ′ ρ ∈ W ( w , w ′ ) s H ρ H ( ρ, η ) s ′ s ′ H ρ ∁ η v 2 v 2 v 3 v 1 v 1 v 3 H ρ H ( ρ ∁ ) s s ′ η 12 29

the store monad on [ E , Set ] − × H [ E , Set ] [ E , Set ] ⊥ ( − ) H ( TX ) w = ( Xw × V w ) V w wp can be defined as done before for the store monad. 13 29

allocation: the hiding monad P : [ E , Set ] → [ E , Set ] � ρ : w → w ′ ∈ w ↓ U PXw = Xw ′ The category w ↓ U objects are morphisms with domain w , ρ : w → w ′ morphism ǫ : ρ 1 → ρ 2 is an initialization such that w 1 ρ 1 w U ǫ ρ 2 w 2 14 29

allocation: the hiding monad � ρ : w → w ′ ∈ w ↓ U ( PX ) w = Xw ′ This coend is just an undercover colimit Recall that colimits in sets are formed via equivalence classes.   � ρ : w → w ′ ∈ w ↓ U Xw ′ = Xw ′  �  / ∼ ρ : w → w ′ ( ρ 1 : w → w 1 , x 1 ∈ Xw 1 ) ∼ ( ρ 2 : w → w 2 , x 2 ∈ Xw 2 ) if there exists ǫ : ρ 1 → ρ 2 such that ( X ǫ ) x 1 = x 2 . 15 29

hiding example � ρ : w → w ′ ∈ w ↓ U ( PH ) w = Hw ′ Think of w as public and w ′ ⊖ ρ as private. w = { l 1 , l 2 } l 3 : v 3 l 3 : v 4 l 2 : v 2 l 2 : v 2 l 2 : v 2 ∼ ∼ l 1 : v 1 l 1 : v 1 l 1 : v 1 s 1 s 2 s 3 16 29

hiding store � ρ : w → w ′ ∈ w ↓ U ( PH ) w = Hw ′ Theorem PH ∼ = H Proof. Isomorphism: [ ρ : w → w ′ , s ∈ V w ′ ] �→ H ρ ( s ) 17 29

making cells public � ρ : w → w ′ ∈ w ↓ U Hw ′ × WUw ′ ( P ( H × WU )) w = Recall W : W → Set , Ww = w . Example ( { l 1 } ֒ → { l 1 , l 2 } , [ l 1 �→ v 1 , l 2 �→ v 2 ] , l 2 ) ∼ ( { l 1 } ֒ → { l 1 , l 3 , l 4 } , [ l 1 �→ v 1 , l 3 �→ v 3 , l 4 �→ v 2 ] , l 4 ) We can not remove the additional cell and its content. 18 29

Local store on [ E , Set ] We would like to work with the monad � V w �� ρ : w → w ′ Xw ′ × V w ′ ( TX ) w = − × H [ E , Set ] [ E , Set ] ⊥ P ( − ) H Problem: P is not strong 19 29

P is not strong Would like to define � ρ : w → w ′ ∈ w ↓ U � ρ : w → w ′ ∈ w ↓ U Yw ′ → ( Xw ′ × Yw ′ ) τ X , Yw : Xw × τ X , Yw ( x ∈ Xw , [( ρ : w → w ′ , y ∈ Yw ′ )]) = [( ρ : w → w ′ , (?? ∈ Xw ′ , y ))] ρ is not an initialization, we cannot map x ∈ Xw to Xw ′ . 20 29

Implications of P not being strong �� ρ : w → w ′ Xw ′ × V w ′ � V w Can not show that ( TX ) w = is strong �� ρ : w → w ′ Xw ′ � V w Can not show that ( RX ) w = is a monad However, for X : W → Set , we can define strength: τ X , Y : XU × PY → P ( XU × Y ) τ X , Yw ( x ∈ Xw , [( ρ : w → w ′ , y ∈ Yw ′ )]) = [( ρ : w → w ′ , ( X ρ ) x , y ))] (Recall U : E → W forgetful) 21 29

moving back to W via a geometric morphism We arrive at the full ground storage monad T 2 : − × H U ∗ T = [ W , Set ] [ E , Set ] [ E , Set ] ⊥ ⊥ P U ∗ ( − ) H U ∗ ( X ) = XU U ∗ X = Ran U ( X ) ( U ∗ , U ∗ ) is a geometric morphism 2 Kammar et al., “A monad for full ground reference cells”. 22 29

Exponentials and the Kan extension Theorem Let X : E → Set . U ∗ ( X H ) = X ( − ) V ( − ) where X ( − ) V ( − ) : W → Set with ( X ( − ) V ( − ) )( ρ : w → v )( p ∈ Xw V w )( s ∈ V v ) = ( X ( δ, V ρ ∁ ( s )))( p (( H ρ ) s )) The theorem enables one to unify developments by Plotkin/Power 3 and Kammar et al. 4 . 3 Plotkin and Power, “Notions of Computation Determine Monads”. 4 Kammar et al., “A monad for full ground reference cells”. 23 29

subobject classifier in presheaf categories We still need to come up with a reader monad... Let C be a small category. Definition Let c ∈ | C | . A set C of morphisms with domain c is a cosieve on c if whenever ρ : c → c ′ ∈ C and ρ ′ : c ′ → c ′′ then ρ ′ ◦ ρ ∈ C . Theorem The subobject classifier in [ C , Set ] is the functor that maps c ∈ C to the set of cosieves on c. Ω c = { C | C cosieve on c } 24 29

hiding the subobject classifier Theorem Let Ω be the subobject classifier in [ E , Set ] . P Ω ∼ = 2 Proof. � ρ : w → w ′ (Ω w ′ ) [( ρ : w → w ′ , ¯ t ∈ Ω w ′ )] ∈ Case 1 ¯ t = ∅ = ⊥ Case 2 ǫ : w ′ → w ′′ ∈ ¯ t . [( ρ : w → w ′ , ¯ t ∈ Ω w ′ )] = [( U ǫ ◦ ρ, ⊤ w ′′ ∈ Ω w ′′ )] = [( id w , ⊤ w ∈ Ω w )] 25 29

duck duck duck duck duck Theorem Duck duck duck : duck → duck, duck duck duck duck duck duck : duck → duck ⊥ . Duck ⊥ = { ¯ d ∈ � ( duck + ⊥ ) | duck ↓ DUCK ∀ duck : duck → duck ′ pr duck (¯ d ) � = ⊥ ⇒ DUCK ( pr duck (¯ d )) } duck ⊥ ∼ = Goose 26 29

partial map classifiers in presheaf categories Theorem For every B : C → Set , the following functor forms a partial map classifier together with the canonical map η B : B → B ⊥ . ( Bc ′ + ⊥ ) | B ⊥ c = { ¯ b ∈ � ρ : c → c ′ ∈ c ↓ id C ∀ ρ : c → c ′ , δ : c ′ → c ′′ , pr ρ (¯ b ) � = ⊥ ⇒ B δ ( pr ρ (¯ b )) = pr δ ◦ ρ (¯ b ) } 1 ⊥ ∼ = Ω 27 29

the reader monad and its simplification U ∗ R = [ W , Set ] [ E , Set ] ⊥ ( − ) H ⊥ U ∗ By abstract nonsense one can show R is a strong, commutative and copyable monad R 1 is a complete internal Heyting algebra (i.e. supports logical operators) The functor simplifies: ( RX ) w = X ⊥ E w V w ( R 1 ) w = Ω V w 28 29