A Monadic Formalization of ML5

ML5 is a programming language for spatially distributed computing, based on a Curry-Howard correspondence with the modal logic S5. Despite being designed by a correspondence with S5 modal logic, the ML5 programming language differs from the logic in several ways. In this paper, we explain these discrepancies between ML5 and S5 by translating ML5 into a slightly different logic: intuitionistic S5 extended with a lax modality that encapsulates effectful computations in a monad. This translation both explains the existing ML5 design and suggests some simplifications and generalizations. We have formalized our translation within the Agda proof assistant. Rather than formalizing lax S5 as a proof theory, we \emph{embed} it as a universe within the the dependently typed host language, with the universe elimination given by implementing the modal logic’s Kripke semantics. This representation technique saves us the work of defining a proof theory for the logic and proving it correct, and additionally allows us to inherit the equational theory of the meta-language, which can be exploited in proving that the semantics validates the operational semantics of ML5.

💡 Research Summary

The paper investigates the gap between the programming language ML5, which was originally designed to correspond to the modal logic S5 via the Curry‑Howard isomorphism, and the actual features of the language that deviate from pure S5. The authors propose a systematic explanation by translating ML5 into an extended logical framework: intuitionistic S5 enriched with a lax modality that captures effectful computations as a monad. This lax modality, denoted ◇, behaves like a “possibility” operator but is interpreted as a monadic wrapper around computations that may involve side‑effects, network communication, or remote state changes. Consequently, □ retains its usual meaning of necessity (truth in all worlds), while ◇ encapsulates computations that can be performed in some world and whose results are later used.

The translation proceeds in two main steps. First, the authors define the syntax and typing rules of intuitionistic S5 plus the lax modality. The key addition is a pair of monadic operations, return and bind, which serve as introduction and elimination rules for ◇. These rules allow effectful terms to be composed while preserving the logical discipline of the underlying modal system. Second, they embed this extended logic directly into the dependently‑typed host language Agda. Rather than constructing a separate proof‑theoretic presentation of lax S5, they represent logical formulas as Agda types within a dedicated universe. The Kripke semantics of the modal operators are realized as Agda functions that eliminate the universe: □‑terms are interpreted as functions that are valid for any world, and ◇‑terms as monadic computations that may be executed in a particular world. This embedding automatically inherits Agda’s definitional equality and normalization properties, eliminating the need to prove soundness of a separate proof system.

With the embedding in place, the authors map each core construct of ML5 to the corresponding logical operation. The here construct, which accesses a value in the current world, becomes a □‑introduction. The at w e construct, which evaluates expression e at world w, is interpreted as ◇‑elimination combined with a world‑specific function. The move primitive, which changes the current world, corresponds to the accessibility relation in the Kripke model and is implemented as a world‑changing function in Agda. Remote procedure calls and other effectful interactions are expressed as monadic values of type ◇A, and sequencing of such calls uses the bind operation.

The authors formalize the entire translation in Agda and prove two central theorems. First, they show type preservation: the type of any ML5 term, when translated, coincides with the type derived in the intuitionistic S5 + lax system. Second, they prove semantic adequacy: the operational semantics of ML5 (the step‑by‑step execution of distributed programs) is validated by the Kripke‑style semantics encoded in Agda. In effect, the paper demonstrates that the seemingly ad‑hoc design choices of ML5 are not arbitrary but arise naturally from a well‑structured logical foundation that combines modal reasoning with monadic effects.

Beyond explaining the existing language, the work suggests simplifications. By treating world‑dependent computation uniformly as monadic ◇‑terms, many special‑case typing rules in ML5 can be eliminated, leading to a cleaner type system. Moreover, the approach is modular: other modal logics (e.g., K, T) could be combined with a lax modality in the same Agda‑based universe, opening a path toward a family of distributed languages with provably correct semantics. The paper thus bridges the gap between modal logic and practical distributed programming, offering both a theoretical clarification and a practical roadmap for future language design.