Compositional Certification of Resource Bounds

• The paper presents the main contribution of defining a formal compositional framework that modularly certifies resource bounds in diverse computational paradigms.
• It employs algebraic axiomatization, potential-based analysis, flow matrices, and type-theoretic extraction to enable local reasoning and scalable certification.
• The framework ensures that certifying individual components aggregates to robust guarantees on resource usage such as time, space, and computation complexity.

A compositional framework for certifying resource bounds provides the formal infrastructure and criteria necessary to prove—in a modular and local manner—that program executions respect specified computational resource limits (e.g., time, space). Such frameworks allow the resource-related properties of complex systems to be inferred from the resource signatures and behaviors of their constituents via well-structured closure properties, type systems, logic, or constraint-solving mechanisms. This approach is realized across a spectrum of computational paradigms, including higher-order functional languages, imperative programs, substructural type systems, and formal models of computation. Below, principal frameworks, their axiomatizations, and their compositionality principles are described.

1. Algebraic Axiomatization of Resource Bounds

The formal basis of compositional certification in the setting of computational complexity and resource-bounded measure is the algebraic axiomatization of resource bounds via closure properties on classes of higher-type functionals. A resource bound $\Delta$ is any class of type-1 and type-2 functionals closed under the operations of:

• (i) Inclusion of polynomial-time type-1 functions and the application functional.
• (ii) Functional composition: For $H, G_1, ..., G_l \in \Delta$,

$$F(\vec f, \vec x) = H(\vec f, G_1(\vec f, \vec x), ..., G_l(\vec f, \vec x))$$

must belong to $\Delta$.

• (iii) Expansion: Given $G \in \Delta$,

$$F(\vec f, \vec g, \vec x, \vec y) = G(\vec f, \vec x)$$

must be in $\Delta$.

• (iv) Limited recursion on notation, with resource-bounding, as specified in the original formulation (see (Gu et al., 2011), Def. 4.1).

This framework fully subsumes previous "list-of-examples" approaches, capturing familiar classes such as polynomial time ($\mathrm{P}_{\mathrm{BFF}}$), polynomial space, quasi-polynomial time, and second-order time-hierarchies, provided via robust characterizations aligned with Turing machine complexity classes. The Mehlhorn closure conditions are not only sufficient for all needed constructions in resource-bounded measure but are also necessary for a uniform compositional perspective (Gu et al., 2011).

2. Compositional Potential-Based Resource Analysis

Automated resource certifiers rooted in automatic amortized resource analysis (AARA) and its multivariate generalizations cast input programs into a resource-annotated type system. Each function, data structure, and program point receives a symbolic potential—often as a multivariate polynomial over input size indices—subject to composition and structural rule constraints. Compositionality arises from the potential method's additive and local reasoning:

• Function application: Input potential is split and recombined for callee and argument.
• Data constructors/pattern-matching: Potentials are shifted and folded/unfolded according to the inductive structure of types (see (Hoffmann et al., 2016, Ngo et al., 2018)).
• Let/sequence: Potential sums over sequential subcomputations.

Resource soundness is proved by induction on the structure of programs, using folding/unfolding and contraction/expansion lemmas. Bound inference reduces to solving a global system of linear inequalities over potential variables, yielding minimal polynomial bounds (e.g., via LP solvers). This approach allows compositional reasoning even in the presence of user-defined inductive types, polymorphism, and higher-order functions (Hoffmann et al., 2016).

3. Compositionality in Imperative and Concurrency Settings

3.1 Matrix Flow Analysis for Imperative Programs

The mwp-flow framework (Aubert et al., 2021) tracks the dependency of computed values' size on input sizes through flow matrices over a finite semi-ring $\{\mathbf{0},\mathbf{m},\mathbf{w},\mathbf{p}\}$. Each command is assigned a matrix summarizing how each output depends polynomially on each input. For function calls and sequencing, compositionality is achieved by matrix multiplication, and all summaries can be precomputed and combined via matrix algebra. Loop-nesting and choice are made modular through an explicit treatment of non-determinism and extended matrices accommodating infinite growth. This matrix-based certification is compositional at the level of function summaries and command composition (Aubert et al., 2021).

3.2 Substructural Types for Channel-Based Concurrency

In process calculi, coinductive reasoning about explicit resource management (e.g., channels, memory) is based on substructural type systems. Permissions (affine, unique, unrestricted) are allocated with channel types, and compositional resource certification is achieved by constructing amortized bisimulations between implementations and their specifications, preserved under contextual composition (parallel composition, environment extension) (Francalanza et al., 2014). The substructural type discipline ensures modular certification: typechecking and bisimulation proofs of individual processes can be combined in arbitrary process contexts without invalidating the resource bounds.

4. Modular Extraction and Certification in Type Theory

A fully compositional pipeline for extraction and certification of resource bounds is provided in the setting of type-theoretic proof assistants. For example, certifying extraction from Coq to the call-by-value lambda calculus (Forster et al., 2019) involves:

• Logical relations: A recursive relation tracks both functional correctness and complexity (cost) for each constructively extracted term.
• Compositionality: Each extracted constant/function is equipped with a local certificate of correctness and time bound; composition follows from the inductive structure of types and the arrow-case in the logical relation.
• Automation and modularity: Extraction and certification can be performed independently per function, with global correctness established by combining per-function proofs in the application clause.

5. Resource-Bounded Modal Type Theory and Graded Modalities

Resource-Bounded Type Theory (RBTT) (Mannucci et al., 7 Dec 2025) exemplifies a syntactic, lattice-indexed approach to compositional cost certification. Terms are assigned synthesized bounds in an abstract resource lattice $L$, with typing judgments

$\Gamma \vdash_{r\;;\;b} t : A$

ensuring that under budget $r$, $t$'s operational cost does not exceed $b \preceq r$. The $\Box_r$ feasibility modality internalizes budget-stratification, enabling modular encapsulation of resource contracts:

• Key rules: Composition via $\oplus$ (sequential cost accumulation), $\sqcup$ (branches), and monotonicity of grades.
• Syntactic model: All typable terms embed into a presheaf topos $\mathbf{Set}^L$ with cost extraction as a natural transformation.

The canonical forms and initiality theorems guarantee that all resource-bounded models factor uniquely through the syntactic term model, establishing a firm foundation for modular and compositional resource analysis.

6. Selective Amortization and Modular Invariant Decomposition

The selectively-amortized analysis framework (Lu et al., 2021) bridges full amortization and worst-case resource proofs by enabling local decomposition of resource variables into distinct amortization groups. Program transformations insert reset and accumulation points, so that proving local bounds on each segment suffices for a global certificate. This compositionality is manifest both at the level of program structure (modular transformation/invariant assignment per loop/procedure) and in the resource decomposition itself, simplifying proof obligations and supporting automation.

7. Summary Table: Core Principles Across Frameworks

Framework/Domain	Key Notion of Resource Bound	Compositionality Mechanism
Resource-bounded measure (Gu et al., 2011)	Type-1/2 functionals closed under BFF	Closure under composition, expansion, recursion
AARA/Resource Polynomials (Hoffmann et al., 2016, Ngo et al., 2018)	Potential-based polynomials	Additivity of potential, local type rules
mwp-flow for imperative (Aubert et al., 2021)	Matrix semi-ring flow summary	Matrix algebra (summaries per function/command)
Coq extraction/CbV $\lambda$ (Forster et al., 2019)	Logical relation/certified extraction	Inductive on type, per-function certification
Substructural types/concurrency (Francalanza et al., 2014)	Permissions, credit carrying	Contextual bisimulation, type system preservation
RBTT/modal type (Mannucci et al., 7 Dec 2025)	Abstract lattice, graded modality	Lattice-indexed functoriality, modal rules
Selective amortization (Lu et al., 2021)	Segmented counters, group resets	Decomposition, localized invariants, modular proof

Each of these approaches operationalizes the notion that resource certification should be local, principled, and tractable—modular analysis is possible if and only if the framework admits composition rules that mirror the compositional structure of programs and computations.

8. Impact and Theoretical Guarantees

The main theorems and proof methodologies across frameworks assert that if each constituent component (function, process, loop, module) is certified to satisfy its local resource contract under the prescribed closure rules or typing discipline, then the composed system satisfies the corresponding aggregate resource bound. In the algebraic (type-2) setting, this is embodied in the fact that all resource-bounded measure-theoretic constructions materialize within $\Delta$ whenever it is BFF-closed (Gu et al., 2011); in the type-based approaches, sequential, parallel, or higher-order composition of code is reflected as sum, max, or functional composition in the cost annotations.

The compositional certification program thus provides a uniform basis for designing scalable, modular, and automated resource bound analyses across a wide variety of programming paradigms and cost models.