A Monadic Framework for Relational Verification: Applied to Information Security, Program Equivalence, and Optimizations
This work addresses the problem of relational verification for effectful programs in proof assistants, offering a general-purpose solution that is incremental by building on existing monadic and SMT-based techniques.
The authors tackled the challenge of verifying relational properties for effectful programs by proposing a monadic framework in F*, which unified various analyses like information flow control and program equivalence, demonstrating that verifying relational properties required little additional effort compared to unary properties.
Relational properties describe multiple runs of one or more programs. They characterize many useful notions of security, program refinement, and equivalence for programs with diverse computational effects, and they have received much attention in the recent literature. Rather than developing separate tools for special classes of effects and relational properties, we advocate using a general purpose proof assistant as a unifying framework for the relational verification of effectful programs. The essence of our approach is to model effectful computations using monads and to prove relational properties on their monadic representations, making the most of existing support for reasoning about pure programs. We apply this method in F* and evaluate it by encoding a variety of relational program analyses, including information flow control, program equivalence and refinement at higher order, correctness of program optimizations and game-based cryptographic security. By relying on SMT-based automation, unary weakest preconditions, user-defined effects, and monadic reification, we show that, compared to unary properties, verifying relational properties requires little additional effort from the F* programmer.