Results 1  10
of
19
Mechanizing the Metatheory of Standard ML
, 2006
"... We present an internal language with equivalent expressive power to Standard ML, and discuss its formalization in LF and the machinechecked verification of its type safety in Twelf. The internal language is intended to serve as the target of elaboration in an elaborative semantics for Standard ML i ..."
Abstract

Cited by 75 (9 self)
 Add to MetaCart
We present an internal language with equivalent expressive power to Standard ML, and discuss its formalization in LF and the machinechecked verification of its type safety in Twelf. The internal language is intended to serve as the target of elaboration in an elaborative semantics for Standard ML in the style of Harper and Stone. Therefore, it includes all the programming mechanisms necessary to implement Standard ML, including translucent modules, abstraction, polymorphism, higher kinds, references, exceptions, recursive types, and recursive functions. Our successful formalization of the proof involved a careful interplay between the precise formulations of the various mechanisms, and required the invention of new representation and proof techniques of general interest.
Polymorphism and separation in Hoare type theory
 In icfp
, 2006
"... In previous work we have proposed a Dependent Hoare Type Theory (HTT) as a framework for development and reasoning about higherorder functional programs with effects of state, aliasing and nontermination. The main feature of HTT is the type of Hoare triples {P}x:A{Q} specifying computations with pr ..."
Abstract

Cited by 64 (14 self)
 Add to MetaCart
In previous work we have proposed a Dependent Hoare Type Theory (HTT) as a framework for development and reasoning about higherorder functional programs with effects of state, aliasing and nontermination. The main feature of HTT is the type of Hoare triples {P}x:A{Q} specifying computations with precondition P and postcondition Q, that return a result of type A. Here we extend HTT with predicative type polymorphism. Type quantification is possible in both types and assertions, and we can also quantify over Hoare triples. We show that as a consequence it becomes possible to reason about disjointness of heaps in the assertion logic of HTT. We use this expressiveness to interpret the Hoare triples in the “small footprint ” manner advocated by Separation Logic, whereby a precondition tightly describes the heap fragment required by the computation. We support stateful commands of allocation, lookup, strong update, deallocation, and pointer arithmetic. 1
Abstract predicates and mutable ADTs in Hoare type theory
 In Proc. ESOP’07, volume 4421 of LNCS
, 2007
"... Hoare Type Theory (HTT) combines a dependently typed, higherorder language with monadicallyencapsulated, stateful computations. The type system incorporates pre and postconditions, in a fashion similar to Hoare and Separation Logic, so that programmers can modularly specify the requirements and e ..."
Abstract

Cited by 43 (19 self)
 Add to MetaCart
Hoare Type Theory (HTT) combines a dependently typed, higherorder language with monadicallyencapsulated, stateful computations. The type system incorporates pre and postconditions, in a fashion similar to Hoare and Separation Logic, so that programmers can modularly specify the requirements and effects of computations within types. This paper extends HTT with quantification over abstract predicates (i.e., higherorder logic), thus embedding into HTT the Extended Calculus of Constructions. When combined with the Hoarelike specifications, abstract predicates provide a powerful way to define and encapsulate the invariants of private state; that is, state which may be shared by several functions, but is not accessible to their clients. We demonstrate this power by sketching a number of abstract data types and functions that demand ownership of mutable memory, including an idealized custom memory manager. 1
Focusing the inverse method for linear logic
 Proceedings of CSL 2005
, 2005
"... 1.1 Quantification and the subformula property.................. 3 1.2 Ground forward sequent calculus......................... 5 1.3 Lifting to free variables............................... 10 ..."
Abstract

Cited by 37 (11 self)
 Add to MetaCart
1.1 Quantification and the subformula property.................. 3 1.2 Ground forward sequent calculus......................... 5 1.3 Lifting to free variables............................... 10
ILC: A Foundation for Automated Reasoning About Pointer Programs
, 2005
"... This paper shows how to use Girard’s intuitionistic linear logic extended with arithmetic or other constraints to reason about pointer programs. More specifically, first, the paper defines the proof theory for ILC (Intuitionistic Linear logic with Constraints) and shows it is consistent via a proof ..."
Abstract

Cited by 15 (3 self)
 Add to MetaCart
This paper shows how to use Girard’s intuitionistic linear logic extended with arithmetic or other constraints to reason about pointer programs. More specifically, first, the paper defines the proof theory for ILC (Intuitionistic Linear logic with Constraints) and shows it is consistent via a proof of cut elimination. Second, inspired by prior work of O’Hearn, Reynolds and Yang, the paper explains how to interpret linear logical formulas as descriptions of a program store. Third, we define a simple imperative programming language with mutable references and arrays and give verification condition generation rules that produce assertions in ILC. Finally, we identify a fragment of ILC, ILC − , that is both decidable and closed under generation of verification conditions. In other words, if loop invariants are specified in ILC − , then the resulting verification conditions are also in ILC −. Since verification condition generation is syntaxdirected, we obtain a decidable procedure for checking properties of pointer programs.
A realizability model of impredicative hoare type theory
 In European Symposium on Programming (ESOP
, 2007
"... Abstract. We present a denotational model of impredicative Hoare Type Theory, a very expressive dependent type theory in which one can specify and reason about mutable abstract data types. The model ensures soundness of the extension of Hoare Type Theory with impredicative polymorphism; makes the co ..."
Abstract

Cited by 15 (9 self)
 Add to MetaCart
Abstract. We present a denotational model of impredicative Hoare Type Theory, a very expressive dependent type theory in which one can specify and reason about mutable abstract data types. The model ensures soundness of the extension of Hoare Type Theory with impredicative polymorphism; makes the connections to separation logic clear, and provides a basis for investigation of further sound extensions of the theory, in particular equations between computations and types. 1
Typetheoretic semantics for transactional concurrency
, 2007
"... We propose a dependent type theory that integrates programming, specifications, and reasoning about higherorder concurrent programs with shared transactional memory. The design builds upon our previous work on Hoare Type Theory (HTT), which we extend with types that correspond to Hoarestyle specif ..."
Abstract

Cited by 6 (4 self)
 Add to MetaCart
We propose a dependent type theory that integrates programming, specifications, and reasoning about higherorder concurrent programs with shared transactional memory. The design builds upon our previous work on Hoare Type Theory (HTT), which we extend with types that correspond to Hoarestyle specifications for transactions. The types track shared and local state of the process separately, and enforce that shared state always satisfies a given invariant, except at specific critical sections which appear to execute atomically. Atomic sections may violate the invariant, but must restore it upon exit. HTT follows Separation Logic in providing tight specifications of space requirements. As a logic, we argue that HTT is sound and compositional. As a programming language, we define its operational semantics and show adequacy with respect to specifications.
Mechanizing the metatheory of a language with linear resources and context effects (abstract
 Presented in 2008 Informal ACM SIGPLAN Workshop on Mechanizing Metatheory
, 2008
"... We present a mechanized formalization and type safety proof for the variant of Dreyer’s RTG language [2] (for Recursive Type Generativity) used in Dreyer and Rossberg’s work on MLstyle mixin modules [3]. This is a core module calculus with the ability to forward declare type variables and then late ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
We present a mechanized formalization and type safety proof for the variant of Dreyer’s RTG language [2] (for Recursive Type Generativity) used in Dreyer and Rossberg’s work on MLstyle mixin modules [3]. This is a core module calculus with the ability to forward declare type variables and then later give them (possibly recursive) definitions. The static semantics of RTG involves tracking the definability of these type variables, which is a linear resource — for soundness reasons, a type variable may only be defined once. Once a type variable is defined, the knowledge of its definition must be added to the context for typechecking subsequent code. The linear nature of definability, combined with the use of context effects to add definitions for existing type variables, means that the mechanized encoding of the metatheory of RTG is not obvious. Our mechanization uses the Twelf proof system. For the most part, we employ standard techniques for formalizing λcalculi using HOAS. However, for handling type definability and type definitions, we needed to develop more advanced techniques. Type definability is a linear resource. In order to ensure that a module defines an abstract type exactly once, we employ a judgment defonce ([a] M a), which identifies when M a is a module that defines a only once. Within M a, the variable a can also appear in other nondefinition sites, such as type ascriptions, an arbitrary number of times. While our use of the defonce judgment is a standard trick, we additionally need to impose wellformedness
Refinement Types for Logical Frameworks
, 2010
"... The logical framework LF and its metalogic Twelf can be used to encode and reason about a wide variety of logics, languages, and other deductive systems in a formal, machinecheckable way. Recent studies have shown that MLlike languages can profitably be extended with a notion of subtyping called r ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
The logical framework LF and its metalogic Twelf can be used to encode and reason about a wide variety of logics, languages, and other deductive systems in a formal, machinecheckable way. Recent studies have shown that MLlike languages can profitably be extended with a notion of subtyping called refinement types. A refinement type discipline uses an extra layer of term classification above the usual type system to more accurately capture certain properties of terms. I propose that adding refinement types to LF is both useful and practical. To support the claim, I exhibit an extension of LF with refinement types called LFR, work out important details of its metatheory, delineate a practical algorithm for refinement type reconstruction, and present several case studies that highlight the utility of refinement types for formalized mathematics. In the end I find that refinement types and LF are a match made in heaven: refinements enable many rich new modes of expression, and the simplicity of
Towards typetheoretic semantics for transactional concurrency
, 2009
"... We propose a dependent type theory that integrates programming, specifications, and reasoning about higherorder concurrent programs with shared transactional memory. The design builds upon our previous work on Hoare Type Theory (HTT), which we extend with types that correspond to Hoarestyle specif ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
We propose a dependent type theory that integrates programming, specifications, and reasoning about higherorder concurrent programs with shared transactional memory. The design builds upon our previous work on Hoare Type Theory (HTT), which we extend with types that correspond to Hoarestyle specifications for transactions. The types track shared and local state of the process separately, and enforce that shared state always satisfies a given invariant, except at specific critical sections which appear to execute atomically. Atomic sections may violate the invariant, but must restore it upon exit. HTT follows Separation Logic in providing tight specifications of space requirements. As a logic, we argue that HTT is sound and compositional. As a programming language, we define its operational semantics and show adequacy with respect to specifications.