A Monadic Framework for Relational Verification (Functional Pearl)

Relational properties relate multiple runs of one or more programs. They characterize many useful notions of security, program refinement, and equivalence for programs with diverse computational effects, and have received much attention in the recent literature. Rather than designing and developing tools for special classes of relational properties, as typically proposed in the literature, we advocate the relational verification of effectful programs within general purpose proof assistants. The essence of our approach is to model effectful computations using monads and prove relational properties on their monadic representations, making the most of existing support for reasoning about pure programs. We apply our method in F* and evaluate it by encoding a variety of relational program analyses, including static information flow control, semantic declassification, provenance tracking, program equivalence at higher order, game-based cryptographic security, and various combinations thereof. By relying on SMT-based automation, unary weakest preconditions, user-defined effects, and monadic reification, we show that the task of verifying relational properties requires little additional effort from the F* programmer.