Logical Relations for Program Verification
Lead Research Organisation:
University of Strathclyde
Department Name: Computer and Information Sciences
Abstract
In an economy as relentlessly digital as the modern worldwide one, in
which everything from toasters to interpersonal communications to
global financial services are computerised, the need for formally
verified software cannot be overestimated. Formal verification uses
mathematical techniques to prove that programs actually perform the
computations they are intended to perform (e.g., that text editors
really do save files when a SAVE command is issued or that automatic
pilots really do correctly execute flight plans) and also avoid
performing unintended ones (e.g., leaking credit card details or
launching nuclear weapons without authorisation). Since programmers
make 15 to 50 errors per 1000 lines of code, and since repairing them
accounts for some 80% of project expenses, the ever-increasing size
and sophistication of programs makes formal verification increasingly
critical to modern software development.
Mathematical reasoning lies at the core of all formal verification,
and so is crucial for building truly secure and reliable software.
One of the key techniques for formally verifying properties of
software systems uses logical relations. Logical relations provide a
means of deriving properties of a software system directly from the
system itself; as a result, they can be used to prove important
properties of programs, programming languages, and language
implementations. Logical relations have been developed for core
fragments of many modern programming languages and verification
systems. They are currently extended to richer programming languages
and properties by constructing plausible variants of the definitions
of logical relations for appropriate core fragments and checking that
the mathematical theory goes through. But as languages and properties
to be proved have become increasingly sophisticated and expressive,
this ad hoc approach has become both difficult and unsustainable. It
has also led to an enormous constellation of complicated and
non-reusable logical relations that "work" for particular language
features, rather than their principled and transferrable development
from fundamental principles. In short, logical relations have
struggled to keep pace with developments in programming languages,
with the obvious consequences for security and reliability of software
systems.
We aim to revolutionise the landscape of logical relations by
providing framework for their development and use that is principled,
conceptually simple, reusable, and uniform (rather than ad hoc). Our
framework will be capable of both describing the wide array of logical
relations already used in existing applications and prescribing new
logical relations for future ones. It will be based on the
mathematical concept of comprehension for a fibration, which has not
previously been identified as a key ingredient in
the construction of logical relations. Our use of it thus
distinguishes our framework from all other treatments of logical
relations in the literature. Comprehension allows explicit representation of logical properties of
languages within those languages themselves. This means that our
framework will be implementable, so we will produce a logic for
deriving consequences of logical relations and a prototype
implementation of that logic in a modern interactive theorem
prover. This will allow users to experiment with our framework, and
allow their experiences with it to feed back into its
foundations. We will also apply our new framework for logical
relations to cutting-edge problems that are the focus of active
research and for which there is presently no consensus on the way
forward. Successful application of our framework will show that it can
solve problems that are the focus of active research, as
well as open up unanticipated new research directions. Conversely, the
practical applications we pursue will raise challenges that prompt us
to further refine its foundations
which everything from toasters to interpersonal communications to
global financial services are computerised, the need for formally
verified software cannot be overestimated. Formal verification uses
mathematical techniques to prove that programs actually perform the
computations they are intended to perform (e.g., that text editors
really do save files when a SAVE command is issued or that automatic
pilots really do correctly execute flight plans) and also avoid
performing unintended ones (e.g., leaking credit card details or
launching nuclear weapons without authorisation). Since programmers
make 15 to 50 errors per 1000 lines of code, and since repairing them
accounts for some 80% of project expenses, the ever-increasing size
and sophistication of programs makes formal verification increasingly
critical to modern software development.
Mathematical reasoning lies at the core of all formal verification,
and so is crucial for building truly secure and reliable software.
One of the key techniques for formally verifying properties of
software systems uses logical relations. Logical relations provide a
means of deriving properties of a software system directly from the
system itself; as a result, they can be used to prove important
properties of programs, programming languages, and language
implementations. Logical relations have been developed for core
fragments of many modern programming languages and verification
systems. They are currently extended to richer programming languages
and properties by constructing plausible variants of the definitions
of logical relations for appropriate core fragments and checking that
the mathematical theory goes through. But as languages and properties
to be proved have become increasingly sophisticated and expressive,
this ad hoc approach has become both difficult and unsustainable. It
has also led to an enormous constellation of complicated and
non-reusable logical relations that "work" for particular language
features, rather than their principled and transferrable development
from fundamental principles. In short, logical relations have
struggled to keep pace with developments in programming languages,
with the obvious consequences for security and reliability of software
systems.
We aim to revolutionise the landscape of logical relations by
providing framework for their development and use that is principled,
conceptually simple, reusable, and uniform (rather than ad hoc). Our
framework will be capable of both describing the wide array of logical
relations already used in existing applications and prescribing new
logical relations for future ones. It will be based on the
mathematical concept of comprehension for a fibration, which has not
previously been identified as a key ingredient in
the construction of logical relations. Our use of it thus
distinguishes our framework from all other treatments of logical
relations in the literature. Comprehension allows explicit representation of logical properties of
languages within those languages themselves. This means that our
framework will be implementable, so we will produce a logic for
deriving consequences of logical relations and a prototype
implementation of that logic in a modern interactive theorem
prover. This will allow users to experiment with our framework, and
allow their experiences with it to feed back into its
foundations. We will also apply our new framework for logical
relations to cutting-edge problems that are the focus of active
research and for which there is presently no consensus on the way
forward. Successful application of our framework will show that it can
solve problems that are the focus of active research, as
well as open up unanticipated new research directions. Conversely, the
practical applications we pursue will raise challenges that prompt us
to further refine its foundations
Planned Impact
The long-term impact of this research is to contribute to our ability
to formally verify properties of programs. Logical relations are a
key technique for proving properties of programs, programming
languages, and programming language implementations. Although the
proposed research --- namely, providing a principled, comprehensive,
and predictive foundation for logical relations --- does not lend
itself to immediate industrial uptake, we have devised the following
five-point plan for maximising its impact.
- We will publish in top international venues so as to disseminate
our ideas and results to a wide audience and, at conferences, get
feedback and network.
- This year Dr Johann organised a workshop on logical relations that
attracted most of the leaders in the field. We will organise
another such workshop for early on in the grant period. We expect
this follow-up workshop to attract a similarly strong group of
participants, which will enable us to disseminate our ideas to
precisely those people most likely to be interested in them.
- Collaborate extensively with leaders in the field so as to ensure
our ideas receive attention even while in development. To
facilitate this, we have teamed up with five leaders in various
aspects of the proposed research. Not only will their input help
keep the research outwardly focused, but it will mean that
dissemination into the community takes place even as the research
is being developed.
- Undertake carefully designed work packages that show case the
benefits of our ideas. In particular, each work package not only
contains great science, but also demonstrates something specific
about our approach, such as how the different degrees of freedom it
engenders can be exploited in applications or how it can be used to
solve state-of-the-art problems that have attracted the attention
of researchers around the world.
- Provide a logical system for reasoning with logical relations,
together with an implementation of it, so as to make our ideas
accessible to the wider community. This will be crucial if we are
to have as great an impact as we desire because not all researchers
will have our technical background. Indeed, with our logical system
and implementation, users can access our results without any
knowledge whatsoever of its category-theoretic foundations.
It is worth noting that Reynolds' seminal presentation of logical
relations still forms the basis of current research on logical
relations nearly 30 years after it was first developed. Overall, our
goal is to give a new foundation of logical relations. If we are
successful, we can expect our ideas to remain central to the subject
--- both academically and in terms of commercial exploitation --- for
an equally long time. That certainly would be impact!
to formally verify properties of programs. Logical relations are a
key technique for proving properties of programs, programming
languages, and programming language implementations. Although the
proposed research --- namely, providing a principled, comprehensive,
and predictive foundation for logical relations --- does not lend
itself to immediate industrial uptake, we have devised the following
five-point plan for maximising its impact.
- We will publish in top international venues so as to disseminate
our ideas and results to a wide audience and, at conferences, get
feedback and network.
- This year Dr Johann organised a workshop on logical relations that
attracted most of the leaders in the field. We will organise
another such workshop for early on in the grant period. We expect
this follow-up workshop to attract a similarly strong group of
participants, which will enable us to disseminate our ideas to
precisely those people most likely to be interested in them.
- Collaborate extensively with leaders in the field so as to ensure
our ideas receive attention even while in development. To
facilitate this, we have teamed up with five leaders in various
aspects of the proposed research. Not only will their input help
keep the research outwardly focused, but it will mean that
dissemination into the community takes place even as the research
is being developed.
- Undertake carefully designed work packages that show case the
benefits of our ideas. In particular, each work package not only
contains great science, but also demonstrates something specific
about our approach, such as how the different degrees of freedom it
engenders can be exploited in applications or how it can be used to
solve state-of-the-art problems that have attracted the attention
of researchers around the world.
- Provide a logical system for reasoning with logical relations,
together with an implementation of it, so as to make our ideas
accessible to the wider community. This will be crucial if we are
to have as great an impact as we desire because not all researchers
will have our technical background. Indeed, with our logical system
and implementation, users can access our results without any
knowledge whatsoever of its category-theoretic foundations.
It is worth noting that Reynolds' seminal presentation of logical
relations still forms the basis of current research on logical
relations nearly 30 years after it was first developed. Overall, our
goal is to give a new foundation of logical relations. If we are
successful, we can expect our ideas to remain central to the subject
--- both academically and in terms of commercial exploitation --- for
an equally long time. That certainly would be impact!
Organisations
- University of Strathclyde (Lead Research Organisation)
- UNIVERSITY OF EDINBURGH (Collaboration)
- Microsoft Research (Collaboration)
- IT University of Copenhagen (Project Partner)
- Microsoft Research (United Kingdom) (Project Partner)
- Microsoft (United Kingdom) (Project Partner)
- University of Edinburgh (Project Partner)
People |
ORCID iD |
Neil Ghani (Principal Investigator) |
Publications
Atkey R
(2014)
A relationally parametric model of dependent type theory
Ghani N
(2015)
Positive Inductive-Recursive Definitions
in Logical Methods in Computer Science
Ghani N
(2015)
Bifibrational Functorial Semantics of Parametric Polymorphism
in Electronic Notes in Theoretical Computer Science
Ghani N
(2016)
A List of Successes That Can Change the World
Ghani N.
(2017)
Inductive-recursive definitions and composition
in Leibniz International Proceedings in Informatics, LIPIcs
Altenkirch T
(2018)
Foundations of Software Science and Computation Structures
Ghani N
(2018)
A compositional treatment of iterated open games
in Theoretical Computer Science
Description | We have produced a new and better understanding of parametricity |
Exploitation Route | Via papers |
Sectors | Digital/Communication/Information Technologies (including Software) |
Description | I have been asked by email to include ACADEMIC impact. This grant has had significant academic impact. Highlights include a paper winning best paper award at a major conference which then led others to use that paper as a basis for their own work. Another paper solved the open problem of providing a model encompassing dependent type theory and dependent type theory. Again, many others have used this research within their research. |
First Year Of Impact | 2014 |
Sector | Other |
Description | Project partnership with MICROSOFT RESEARCH LTD |
Organisation | Microsoft Research |
Country | Global |
Sector | Private |
PI Contribution | MICROSOFT RESEARCH LTD worked with the research team and assisted/contributed to the project outcomes |
Start Year | 2013 |
Description | Project partnership with University of Edinburgh |
Organisation | University of Edinburgh |
Country | United Kingdom |
Sector | Academic/University |
PI Contribution | University of Edinburgh worked with the research team and assisted/contributed to the project outcomes |
Start Year | 2013 |