Skip to main content
European Commission logo print header

LiquidEff: Algebraic Foundations for Liquid Effects

Periodic Reporting for period 1 - LiquidEff (LiquidEff: Algebraic Foundations for Liquid Effects)

Período documentado: 2019-10-01 hasta 2021-09-30

In our ever-more digital world, the cost of software failure is staggering, and consequently many approaches to software correctness have been developed, e.g. testing, model checking, and formal verification. Programming languages can address verification via the correct-by-construction paradigm, where the types of programs are used to state the desired properties, and successful typechecking provides modular, compile-time machine-certification that those properties hold. Decades of research have culminated in the development of advanced programming languages (such as Agda, Coq, F*, Idris, Liquid Haskell), whose sophisticated type systems permit a continuum of precision of specification. The technology behind these systems also drives the development of mainstream languages with significant industrial deployment, such as F\#, Haskell, and OCaml.

While such languages can accommodate precise type-level specifications and offer strong correctness guarantees, this has historically been predominantly limited to pure values or a select few computational effects. The goal of this project was to reduce this gap by building on algebraic effects and effect handlers as a unifying framework for modelling a wide range of computational effects. The project had three objectives: (i) to study the foundations of type-based specification of effectful programs; (ii) to explore and develop the language design and implementation of prototype programming language(s) for type-based specification of effectful programs; and (iii) to apply the developed prototype programming language(s) to practically relevant case studies.
The work carried out during the project towards its objectives was motivated by three case studies.

Resources in effectful programs: As the control flow of effectful programs can often be highly non-trivial, ensuring that programs use their resources correctly (e.g. that one does not read from a previously closed file) is consequently also non-trivial. For this, the project identified that simple (sub)set-based type-and-effect systems can provide a lightweight approach for specifying and controlling how programs use resources. Based on this idea, the project developed programming abstractions to model resources using runners (also known as comodels) of algebraic effects, which intuitively are a denotational account of small state-manipulating virtual machines. The end result was a core lambda-calculus for resource management in effectful languages with a strong guarantee that the resource finalisation code (e.g. file closing) is run once. These results have been published at a major programming languages conference (ESOP), and presented at seminars and workshops. This work also resulted in a prototype programming language implementation of the core calculus and an embedding of it as a library in Haskell.

Asynchrony and algebraic effects: While algebraic effects cover a wide range of computational effects, their operational treatment has always been synchronous. Namely, when an algebraic operation call is executed, its continuation is blocked until some implementation of this operation returns a value. To this end, the project identified that the different phases of the execution of an algebraic operation call can be decoupled into separate programming abstractions. The result was a core lambda-calculus formalising these ideas, whose type-and-effect system is based on generalising the simple (sub)set-based account of effect typing to a domain-theoretic variant, in which the effect information can recursively also describe the possible effects of suspended computations, e.g. of yet to be executed interrupt handlers. These results have been published at a major programming languages conference (POPL), with an extended journal version currently in preparation, and they have been presented at seminars and workshops. This part of the project also resulted in a prototype programming language implementation of the core calculus and the mechanisation of its metatheory in Agda.

Extending F* with a concurrent separation logic: In collaboration with the researchers at Microsoft Research and elsewhere who are behind the refinement- and dependently typed programming language F*, the project contributed towards developing and embedding a core concurrent separation logic, SteelCore, in F*. This embedding is based on representing SteelCore computations using indexed action trees in F*, and by proving the soundness of the resulting program logic by giving these action trees a nondeterministic stateful semantics based on F*'s existing monotonic state effect. As a result, one can now use F* to write and verify type-level separation logic (and refinement-typed) specifications for concurrent programs. These results have been published at a major programming languages conference (ICFP), and have been consequently incorporated and absorbed into F*'s libraries.
For resource management in effectful programs, the project demonstrated that one does not necessarily need a (somewhat heavier and more complex) linear or uniqueness typing discipline to control resource usage, but that a more lightweight effect-typing and algebraic effects based programming abstractions suffice for specifying and controlling correct resource usage. In addition to just programming with resources, the project further improved the state of the art by demonstrating that the resulting framework is also well-suited for examples such as runtime monitoring and instrumentation of user code (e.g. by logging user operations) without changing the original code, and for runtime code verification (e.g. to ensure the monotonic use of program's state). Another key addition to the state of art was the development of a notion of effectful runners of algebraic effects that can themselves invoke further effects, allowing for modular nesting of resources.

For asynchrony, the project first improved the state of the art by generalising effect typing from its usual (sub)set-based account to a more general domain-theoretic variant. Importantly, the project improved the state of the art by providing the first non-blocking, asynchronous operational semantics for algebraic operation calls. Similarly to resources, the project again demonstrated that the algebraic effects based programming abstractions developed for one specific purpose can actually be applied much more widely, in this case to implement advanced examples such as preemptive multi-threading, (cancellable) remote function calls, non-blocking post-processing of promised values, and a parallel variant of runners of algebraic effects.

For separation logics, the collaboration with the researchers behind the F* language showed that existing refinement- and dependently typed languages are excellent hosts for embedding concurrent separation logics, and that algebraic effects (in the guise of indexed action trees) serve as an excellent vessel for such embeddings. This collaboration demonstrated the applicability of SteelCore using various involved examples, such as spin locks, fork-join model of concurrency, and communication protocols in synchronous message-passing concurrency inspired by session types. SteelCore significantly improved the state of the art of program verification in F*---prior to it, F* did not have any support for writing or reasoning about concurrent programs.
Asynchronous algebraic operation calls via signals and interrupt handlers in the Æff language
Programming with resources using runners of algebraic effects in the Coop language
Typing rules for the Æff language
Typing rules for the Coop language