Results 1  10
of
11
A bisimulation for type abstraction and recursion
 SYMPOSIUM ON PRINCIPLES OF PROGRAMMING LANGUAGES
, 2005
"... We present a bisimulation method for proving the contextual equivalence of packages in λcalculus with full existential and recursive types. Unlike traditional logical relations (either semantic or syntactic), our development is “elementary, ” using only sets and relations and avoiding advanced mach ..."
Abstract

Cited by 46 (4 self)
 Add to MetaCart
We present a bisimulation method for proving the contextual equivalence of packages in λcalculus with full existential and recursive types. Unlike traditional logical relations (either semantic or syntactic), our development is “elementary, ” using only sets and relations and avoiding advanced machinery such as domain theory, admissibility, and ⊤⊤closure. Unlike other bisimulations, ours is complete even for existential types. The key idea is to consider sets of relations—instead of just relations—as bisimulations.
Relational reasoning for recursive types and references
 ASIAN SYMPOSIUM ON PROGRAMMING LANGUAGES AND SYSTEMS (APLAS)
, 2006
"... We present a local relational reasoning method for reasoning about contextual equivalence of expressions in a λcalculus with recursive types and general references. Our development builds on the work of Benton and Leperchey, who devised a nominal semantics and a local relational reasoning method fo ..."
Abstract

Cited by 24 (6 self)
 Add to MetaCart
We present a local relational reasoning method for reasoning about contextual equivalence of expressions in a λcalculus with recursive types and general references. Our development builds on the work of Benton and Leperchey, who devised a nominal semantics and a local relational reasoning method for a language with simple types and simple references. Their method uses a parameterized logical relation. Here we extend their approach to recursive types and general references. For the extension, we build upon Pitts ’ and Shinwell’s work on relational reasoning about recursive types (but no references) in nominal semantics. The extension is nontrivial because of general references (higherorder store) and makes use of some new ideas for proving the existence of the parameterized logical relation and for the choice of parameters.
Relational parametricity for references and recursive types
 In Proceedings Fourth ACM Workshop on Types in Language Design and Implementation, TLDI’09
, 2009
"... We present a possible world semantics for a callbyvalue higherorder programming language with impredicative polymorphism, general references, and recursive types. The model is one of the first relationally parametric models of a programming language with all these features. To model impredicative ..."
Abstract

Cited by 11 (4 self)
 Add to MetaCart
We present a possible world semantics for a callbyvalue higherorder programming language with impredicative polymorphism, general references, and recursive types. The model is one of the first relationally parametric models of a programming language with all these features. To model impredicative polymorphism we define the semantics of types via parameterized (worldindexed) logical relations over a universal domain. It is wellknown that it is nontrivial to show the existence of logical relations in the presence of recursive types. Here the problems are exacerbated because of general references. We explain what the problems are and present our solution, which makes use of a novel approach to modeling references. We prove that the resulting semantics is adequate with respect to a standard operational semantics and include simple examples of reasoning about contextual equivalence via parametricity.
Reasoning about class behavior
 In FOOL/WOOD
, 2007
"... We present a sound and complete method for reasoning about contextual equivalence between different implementations of classes in an imperative subset of Java. To the extent of our knowledge this is the first such method for a language with unrestricted inheritance, where the context can arbitrarily ..."
Abstract

Cited by 11 (3 self)
 Add to MetaCart
We present a sound and complete method for reasoning about contextual equivalence between different implementations of classes in an imperative subset of Java. To the extent of our knowledge this is the first such method for a language with unrestricted inheritance, where the context can arbitrarily extend classes to distinguish otherwise equivalent implementations. Similar reasoning techniques for classbased languages [1, 12] don’t consider inheritance at all, or forbid the context from extending related classes. Other techniques that do consider inheritance [3] study wholeprogram equivalence. Our technique also handles public, private, and protected interfaces of classes, imperative fields, and invocations of callbacks. Using our technique we were able to prove equivalences in examples with higherorder behavior, where previous methods for functional calculi admit limitations [21, 24]. Adding inheritance to a classbased language increases the distinguishing power of the context. Here we show how this extra distinguishing power is reflected in the conditions for equivalence of our technique. Furthermore we show that adding a cast operator is a conservative extension of the language. 1.
A Mechanized Bisimulation for the NuCalculus
, 2008
"... We introduce a SumiiPierceKoutavasWandstyle bisimulation for Pitts and Stark’s nucalculus, a simplytyped lambda calculus with fresh name generation. This bisimulation coincides with contextual equivalence and provides a usable and elementary method for establishing all the subtle equivalences ..."
Abstract

Cited by 6 (3 self)
 Add to MetaCart
We introduce a SumiiPierceKoutavasWandstyle bisimulation for Pitts and Stark’s nucalculus, a simplytyped lambda calculus with fresh name generation. This bisimulation coincides with contextual equivalence and provides a usable and elementary method for establishing all the subtle equivalences given by Stark [11]. We also describe the formalization of soundness and of the examples in the Coq proof assistant.
From Applicative to Environmental Bisimulation
 MFPS 2011
, 2011
"... We illuminate important aspects of the semantics of higherorder functions that are common in the presence of local state, exceptions, names and type abstraction via a series of examples that add to those given by Stark. Most importantly we show that any of these language features gives rise to the ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
We illuminate important aspects of the semantics of higherorder functions that are common in the presence of local state, exceptions, names and type abstraction via a series of examples that add to those given by Stark. Most importantly we show that any of these language features gives rise to the phenomenon that certain behaviour of higherorder functions can only be observed by providing them with arguments which internally call the functions again. Other examples show the need for the observer to accumulate values received from the program and generate new names. This provides evidence for the necessity of complex conditions for functions in the definition of environmental bisimulation, which deviates in each of these ways from that of applicative bisimulation.
Firstorder reasoning for higherorder concurrency
, 2009
"... By combining and simplifying two of the most prominent theories for HOπ of Sangiorgi et al. and Jeffrey and Rathke [15, 4], we present an effective firstorder theory for a higherorder picalculus. There are two significant aspects to our theory. The first is that higherorder inputs are treated in ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
By combining and simplifying two of the most prominent theories for HOπ of Sangiorgi et al. and Jeffrey and Rathke [15, 4], we present an effective firstorder theory for a higherorder picalculus. There are two significant aspects to our theory. The first is that higherorder inputs are treated in a firstorder manner, hence eliminating the need to reason about arbitrarily complicated higherorder contexts, or to use upto context techniques, when establishing equivalences between processes. The second is that we use augmented processes to record directly the knowledge of the observer. This has the benefit of making ordinary firstorder weak bisimulation fully abstract w.r.t. contextual equivalence. It also simplifies the handling of names, giving rise to a truly propositional HennessyMilner characterisation of higherorder contextual equivalence. Furthermore, we illustrate the simplicity of our approach in proving several interesting equivalences by exhibiting firstorder witness weak bisimulations, and inequivalences by using the propositional HennessyMilner Logic. Finally we show that contextual equivalence
Limitations of Applicative Bisimulation
"... We present a series of examples that illuminate an important aspect of the semantics of higherorder functions with local state. Namely that certain behaviour of such functions can only be observed by providing them with arguments that contain the functions themselves. This provides evidence for th ..."
Abstract
 Add to MetaCart
We present a series of examples that illuminate an important aspect of the semantics of higherorder functions with local state. Namely that certain behaviour of such functions can only be observed by providing them with arguments that contain the functions themselves. This provides evidence for the necessity of complex conditions for functions in modern semantics for state, such as logical relations and Kripkelike bisimulations, where related functions are applied to related arguments (that may contain the functions). It also suggests that simpler semantics, such as those based on applicative bisimulations where functions are applied to identical arguments, would not scale to higherorder languages with local state.
Higher Order Symb Comput manuscript No. (will be inserted by the editor) A Mechanized Bisimulation for the NuCalculus
, 2012
"... Abstract We introduce a SumiiPierceKoutavasWandstyle bisimulation for the nucalculus of Pitts and Stark, a simplytyped lambda calculus with fresh name generation. This bisimulation coincides with contextual equivalence and provides a usable and elementary method for establishing all the subtle ..."
Abstract
 Add to MetaCart
Abstract We introduce a SumiiPierceKoutavasWandstyle bisimulation for the nucalculus of Pitts and Stark, a simplytyped lambda calculus with fresh name generation. This bisimulation coincides with contextual equivalence and provides a usable and elementary method for establishing all the subtle equivalences given by Stark. We also describe the formalisation of soundness and of the examples in the Coq proof assistant.
Verifying Backwards Compatibility of ObjectOriented Libraries Using Boogie (Extended Abstract)
, 2012
"... Proving that a library is backwards compatible to an older version can be challenging, as the internal representation of the libraries might completely differ and the clients of the library are usually unknown. This is especially difficult in the setting of objectoriented programs with complex heap ..."
Abstract
 Add to MetaCart
Proving that a library is backwards compatible to an older version can be challenging, as the internal representation of the libraries might completely differ and the clients of the library are usually unknown. This is especially difficult in the setting of objectoriented programs with complex heaps and callbacks. Mechanical verification is a key success factor to make such proofs practicable. In this paper, we present a technique to verify the backwards compatibility or equivalence of class libraries in the setting of unknown program contexts. For a number of textbook examples we have formulated the verification conditions as input to the Boogie program verification system and validated the approach.