Hoare Type Theory (HTT) is a verification system for reasoning about sequential heap-manipulating programs based on Separation logic.
HTT incorporates Hoare-style specifications via preconditions and postconditions into types. A
Hoare type ST P (fun x : A => Q) denotes computations with a precondition P and postcondition
Q, returning a value x of type A. Hoare types are a dependently typed version of monads,
as used in the programming language Haskell. Monads hygienically combine the language features
for pure functional programming, with those for imperative programming, such as state or
exceptions. In this sense, HTT establishes a formal connection in the style of Curry-Howard
isomorphism between monads and (functional programming variant of) Separation logic. Every
effectful command in HTT has a type that corresponds to the appropriate non-structural inference
rule in Separation logic, and vice versa, every non-structural inference rule corresponds to a
command in HTT that has that rule as the type. The type for monadic bind is the Hoare rule for
sequential composition, and the type for monadic unit combines the Hoare rules for the idle
program (in a small-footprint variant) and for variable assignment (adapted for functional
variables). The connection reconciles dependent types with effects of state and exceptions and
establishes Separation logic as a type theory for such effects. In implementation terms, it means
that HTT implements Separation logic as a shallow embedding in Coq.
- Author(s):
- Aleksandar Nanevski (initial)
- Germán Andrés Delbianco
- Alexander Gryzlov
- License: Apache-2.0
- Compatible Coq versions: Coq 8.15 to 8.17
- Additional dependencies:
- Coq namespace:
htt - Related publication(s):
The easiest way to install the latest released version of Hoare Type Theory is via OPAM:
opam repo add coq-released https://coq.inria.fr/opam/released
opam install coq-httTo instead build and install manually, do:
git clone https://github.com/imdea-software/htt.git
cd htt
dune build
dune install httIf you also want to build the examples, run make instead of dune.
The original version of HTT can be found here.
-
Dependent Type Theory of Stateful Higher-Order Functions
Aleksandar Nanevski and Greg Morrisett. Technical report TR-24-05, Harvard University, 2005.
-
Polymorphism and Separation in Hoare Type Theory
Aleksandar Nanevski, Greg Morrisett and Lars Birkedal. ICFP 2006.
The first paper containing a (very impoverished) definition of HTT.
-
Hoare Type Theory, Polymorphism and Separation
Aleksandar Nanevski, Greg Morrisett and Lars Birkedal. JFP 2007.
Journal version of the ICFP 2006 paper.
-
Abstract Predicates and Mutable ADTs in Hoare Type Theory
Aleksandar Nanevski, Amal Ahmed, Greg Morrisett, Lars Birkedal. ESOP 2007.
Adding abstract predicates to HTT.
-
A Realizability Model for Impredicative Hoare Type Theory
Rasmus L. Petersen, Lars Birkedal, Aleksandar Nanevski, Greg Morrisett. ESOP 2008.
A semantic model for HTT, but without large sigma types.
-
Ynot: Dependent Types for Imperative Programs
Aleksandar Nanevski, Greg Morrisett, Avi Shinnar, Paul Govereau, Lars Birkedal. ICFP 2008.
First implementation of HTT as a DSL in Coq, and a number of examples.
-
Structuring the Verification of Heap-Manipulating Programs
Aleksandar Nanevski, Viktor Vafeiadis and Josh Berfine. POPL 2010.
This paper introduces what is closest to the current structure of the implementation of HTT. It puts emphasis on structuring programs and proofs together, rather than on attacking the verification problem using proof automation. It carries out a large case study, verifying the congruence closure algorithm of the Barcelogic SAT solver.
The current implementation differs from what's explained in this paper, in that it uses unary, rather than binary postconditions.
-
Partiality, State and Dependent Types
Kasper Svendsen, Lars Birkedal and Aleksandar Nanevski. TLCA 2011.
A semantic model for HTT, with large sigma types.