Ownership Types prevent representation exposure - unauthorised access to the encapsulated implementation of an object. Unfortunately, existing ownership type systems are too strict, do not support subtyping, and exclude many important object-oriented idioms, such as iterators, objects with multiple interfaces, and initialisation with pre-existing objects. We develop a more flexible model of containment by abstractly modeling the two sides of object access, that is, which objects an object can access and which objects can access it. Using a variant of Abadi and Cardelli's object calculus as a vehicle, we provide an account of object ownership which supports subtyping and allows more flexible object graph structure.

Object-oriented programming languages allow inter-object aliasing to represent linked data structures and networks of interacting objects. Aliasing complicates formal reasoning about programs, as it can occur anywhere in a program. In our mode system programs are annotated with modes that indicate object ownership and control the extent of object aliases. By localising aliases, our mode system provides a context for formal reasoning about object systems. Being statically checkable our system offers a practical target for the formal refinement of object-based specifications. 1

this paper, we address the problem of names and name capture on its own by designing, through the use of three operators, a complete and consistent mechanism of name capture for a declarative framework. We perceive expressions with free names as incomplete expressions which will be dynamically completed by a name capture mechanism. The formalism allows the denition of rst-class environments (which can be the result of a computation). We apply this mechanism to model distributed incremental program construction and to dene an object oriented programming style in a declarative language

We present a syntactic method for proving observational equivalences in reduction systems. The method is based on establishing a weak diamond property for critical pairs. It has been used successfully in proofs on the observational equivalence theories of var and . 1 Introduction Observational equivalence is the most comprehensive notion of equality of between program fragments. Usually, it is what programmers have in mind when they say that two program fragments are interchangeable. The observational equivalences of a language define thus the transformations that are admissible in it. Hence, knowing what those equivalences are is important in areas such as program verification, transformational programming, partial evaluation and code optimization. Intuitively, two terms are observationally equivalent if they cannot be distinguished by some experiment. Experiments place a program fragment in a context and observe the output of the resulting program. If each experiment yields the sam...

This paper introduces a new recursion principle for inductively defined data modulo α-equivalence of bound names that makes use of Odersky-style local names when recursing over bound names. It is formulated in simply typed λ-calculus extended with names that can be restricted to a lexical scope, tested for equality, explicitly swapped and abstracted. The new recursion principle is motivated by the nominal sets notion of “α-structural recursion”, whose use of names and associated freshness side-conditions in recursive definitions formalizes common practice with binders. The new calculus has a simple interpretation in nominal sets equipped with name restriction operations. It is shown to adequately represent α-structural recursion while avoiding the need to verify freshness side-conditions in definitions and computations. The paper is a revised and expanded version of (Pitts, 2010). 1

We introduce a method for proving the correctness of transformations of programs in languages like Scheme and ML. The method consists of giving the programs a denotational semantics in an operationally-based term model in which interaction is the basic observable, and showing that the transformation is meaning-preserving. This allows us to consider correctness for programs that interact with their environment without terminating, and also for transformations that change the internal store behavior of the program. We illustrate the technique on one of the Meyer-Sieber examples, and we use it to prove the correctness of assignment elimination for Scheme. The latter is an important but subtle step for Scheme compilers; we believe ours is the first proof of its correctness. 1 Introduction Compilers for higher-order languages typically perform elaborate program transformations in order to improve performance. Such transformations often change the storage behavior of the program. For concre...

this paper, we develop the type theory M

. This paper describes the design of a meta-logical framework that supports the representation and verication of deductive systems which are prevalent in the areas of programming languages, type theory, and logics. It extends the logical framework LF [HHP93] by a meta-logic M + 2 whose soundness follows from a realizability argument. The metalogical framework is implemented in the Twelf system [PS99]. 1 Introduction The logical framework LF [HHP93] has been designed as a meta-language for representing deductive systems. It allows concise encodings of many inference systems, such as natural deduction, sequent calculi, type systems, operational semantics, compilers, etc. The logical framework derives its expressive power from dependent types together with higher-order representation techniques which directly support common concepts in deductive systems such as variable binding, capture-avoiding substitutions, parametric and hypothetical judgments and substitution properties. Th...

We describe a typed object calculus which makes explicit the nesting between objects. The calculus is based on Abadi and Cardelli's object calculus [1] extended with regions. Regions have properties describing their nesting and the bounds on their access. They are used not only in a stack-based manner, but also to store an object's private implementation. This creates opportunities to improve memory management. In particular, the calculus allows the entire private implementation of an aggregate object to be deleted when the interface to the aggregate becomes garbage. The calculus also allows entire aggregate objects to be allocated on stack-based regions.

We introduce weak binders, a lightweight construct to deal with fresh names in nominal calculi. Weak binders do not define the scope of names as precisely as the standard ν-binders, yet they enjoy strong semantic properties. We provide them with a denotational semantics, an equational theory, and a trace inclusion preorder. Furthermore, we present a trace-preserving mapping between weak binders and ν-binders.