Results 1  10
of
63
A Syntactic Approach to Type Soundness
 Information and Computation
, 1992
"... We present a new approach to proving type soundness for Hindley/Milnerstyle polymorphic type systems. The keys to our approach are (1) an adaptation of subject reduction theorems from combinatory logic to programming languages, and (2) the use of rewriting techniques for the specification of the la ..."
Abstract

Cited by 538 (21 self)
 Add to MetaCart
We present a new approach to proving type soundness for Hindley/Milnerstyle polymorphic type systems. The keys to our approach are (1) an adaptation of subject reduction theorems from combinatory logic to programming languages, and (2) the use of rewriting techniques for the specification of the language semantics. The approach easily extends from polymorphic functional languages to imperative languages that provide references, exceptions, continuations, and similar features. We illustrate the technique with a type soundness theorem for the core of Standard ML, which includes the first type soundness proof for polymorphic exceptions and continuations. 1 Type Soundness Static type systems for programming languages attempt to prevent the occurrence of type errors during execution. A definition of type error depends on a specific language and type system, but always includes the use of a function on arguments for which it is not defined, and the attempted application of a nonfunction. ...
Constructive Design of a Hierarchy of Semantics of a Transition System by Abstract Interpretation
, 2002
"... We construct a hierarchy of semantics by successive abstract interpretations. Starting from the maximal trace semantics of a transition system, we derive the bigstep semantics, termination and nontermination semantics, Plotkin’s natural, Smyth’s demoniac and Hoare’s angelic relational semantics and ..."
Abstract

Cited by 98 (17 self)
 Add to MetaCart
We construct a hierarchy of semantics by successive abstract interpretations. Starting from the maximal trace semantics of a transition system, we derive the bigstep semantics, termination and nontermination semantics, Plotkin’s natural, Smyth’s demoniac and Hoare’s angelic relational semantics and equivalent nondeterministic denotational semantics (with alternative powerdomains to the EgliMilner and Smyth constructions), D. Scott’s deterministic denotational semantics, the generalized and Dijkstra’s conservative/liberal predicate transformer semantics, the generalized/total and Hoare’s partial correctness axiomatic semantics and the corresponding proof methods. All the semantics are presented in a uniform fixpoint form and the correspondences between these semantics are established through composable Galois connections, each semantics being formally calculated by abstract interpretation of a more concrete one using Kleene and/or Tarski
A Simplified Account of Polymorphic References
 INFORMATION PROCESSING LETTERS
, 1994
"... A proof of the soundness of Tofte's imperative type discipline with respect to a structured operational semantics is given. The presentation is based on a semantic formalism that combines the benefits of the approaches considered by Wright and Felleisen, and by Tofte, leading to a particularly simpl ..."
Abstract

Cited by 57 (7 self)
 Add to MetaCart
A proof of the soundness of Tofte's imperative type discipline with respect to a structured operational semantics is given. The presentation is based on a semantic formalism that combines the benefits of the approaches considered by Wright and Felleisen, and by Tofte, leading to a particularly simple proof of soundness of Tofte's type discipline.
Implementation of the typed callbyvalue λcalculus using a stack of regions
 In ACM Symposium on Principles of Programming Languages
, 1994
"... We present a translation scheme for the polymorphically typed callbyvalue λcalculus. All runtime values, including function closures, are put into regions. The store consists of a stack of regions. Region inference and effect inference are used to infer where regions can be allocated and dealloc ..."
Abstract

Cited by 57 (0 self)
 Add to MetaCart
We present a translation scheme for the polymorphically typed callbyvalue λcalculus. All runtime values, including function closures, are put into regions. The store consists of a stack of regions. Region inference and effect inference are used to infer where regions can be allocated and deallocated. Recursive functions are handled using a limited form of polymorphic recursion. The translation is proved correct with respect to a store semantics, which models a regionbased runtime system. Experimental results suggest that regions tend to be small, that region allocation is frequent and that overall memory demands are usually modest, even without garbage collection. 1
Semantics of Types for Mutable State
, 2004
"... Proofcarrying code (PCC) is a framework for mechanically verifying the safety of machine language programs. A program that is successfully verified by a PCC system is guaranteed to be safe to execute, but this safety guarantee is contingent upon the correctness of various trusted components. For in ..."
Abstract

Cited by 55 (5 self)
 Add to MetaCart
Proofcarrying code (PCC) is a framework for mechanically verifying the safety of machine language programs. A program that is successfully verified by a PCC system is guaranteed to be safe to execute, but this safety guarantee is contingent upon the correctness of various trusted components. For instance, in traditional PCC systems the trusted computing base includes a large set of lowlevel typing rules. Foundational PCC systems seek to minimize the size of the trusted computing base. In particular, they eliminate the need to trust complex, lowlevel type systems by providing machinecheckable proofs of type soundness for real machine languages. In this thesis, I demonstrate the use of logical relations for proving the soundness of type systems for mutable state. Specifically, I focus on type systems that ensure the safe allocation, update, and reuse of memory. For each type in the language, I define logical relations that explain the meaning of the type in terms of the operational semantics of the language. Using this model of types, I prove each typing rule as a lemma. The major contribution is a model of System F with general references — that is, mutable cells that can hold values of any closed type including other references, functions, recursive types, and impredicative quantified types. The model is based on ideas from both possible worlds and the indexed model of Appel and McAllester. I show how the model of mutable references is encoded in higherorder logic. I also show how to construct an indexed possibleworlds model for a von Neumann machine. The latter is used in the Princeton Foundational PCC system to prove type safety for a fullfledged lowlevel typed assembly language. Finally, I present a semantic model for a region calculus that supports typeinvariant references as well as memory reuse. iii
On the Foundations of Final Semantics: NonStandard Sets, Metric Spaces, Partial Orders
 PROCEEDINGS OF THE REX WORKSHOP ON SEMANTICS: FOUNDATIONS AND APPLICATIONS, VOLUME 666 OF LECTURE NOTES IN COMPUTER SCIENCE
, 1998
"... Canonical solutions of domain equations are shown to be final coalgebras, not only in a category of nonstandard sets (as already known), but also in categories of metric spaces and partial orders. Coalgebras are simple categorical structures generalizing the notion of postfixed point. They are ..."
Abstract

Cited by 48 (10 self)
 Add to MetaCart
Canonical solutions of domain equations are shown to be final coalgebras, not only in a category of nonstandard sets (as already known), but also in categories of metric spaces and partial orders. Coalgebras are simple categorical structures generalizing the notion of postfixed point. They are also used here for giving a new comprehensive presentation of the (still) nonstandard theory of nonwellfounded sets (as nonstandard sets are usually called). This paper is meant to provide a basis to a more general project aiming at a full exploitation of the finality of the domains in the semantics of programming languages  concurrent ones among them. Such a final semantics enjoys uniformity and generality. For instance, semantic observational equivalences like bisimulation can be derived as instances of a single `coalgebraic' definition (introduced elsewhere), which is parametric of the functor appearing in the domain equation. Some properties of this general form of equivalence are also studied in this paper.
From Polyvariant Flow Information to Intersection and Union Types
 J. FUNCT. PROGRAMMING
, 1998
"... Many polyvariant program analyses have been studied in the 1990s, including kCFA, polymorphic splitting, and the cartesian product algorithm. The idea of polyvariance is to analyze functions more than once and thereby obtain better precision for each call site. In this paper we present an equivalen ..."
Abstract

Cited by 41 (7 self)
 Add to MetaCart
Many polyvariant program analyses have been studied in the 1990s, including kCFA, polymorphic splitting, and the cartesian product algorithm. The idea of polyvariance is to analyze functions more than once and thereby obtain better precision for each call site. In this paper we present an equivalence theorem which relates a coinductively defined family of polyvariant ow analyses and a standard type system. The proof embodies a way of understanding polyvariant flow information in terms of union and intersection types, and, conversely, a way of understanding union and intersection types in terms of polyvariant flow information. We use the theorem as basis for a new flowtype system in the spirit of the CIL calculus of Wells, Dimock, Muller, and Turbak, in which types are annotated with flow information. A flowtype system is useful as an interface between a owanalysis algorithm and a program optimizer. Derived systematically via our equivalence theorem, our flowtype system should be a g...
Mechanizing Coinduction and Corecursion in Higherorder Logic
 Journal of Logic and Computation
, 1997
"... A theory of recursive and corecursive definitions has been developed in higherorder logic (HOL) and mechanized using Isabelle. Least fixedpoints express inductive data types such as strict lists; greatest fixedpoints express coinductive data types, such as lazy lists. Wellfounded recursion expresse ..."
Abstract

Cited by 41 (5 self)
 Add to MetaCart
A theory of recursive and corecursive definitions has been developed in higherorder logic (HOL) and mechanized using Isabelle. Least fixedpoints express inductive data types such as strict lists; greatest fixedpoints express coinductive data types, such as lazy lists. Wellfounded recursion expresses recursive functions over inductive data types; corecursion expresses functions that yield elements of coinductive data types. The theory rests on a traditional formalization of infinite trees. The theory is intended for use in specification and verification. It supports reasoning about a wide range of computable functions, but it does not formalize their operational semantics and can express noncomputable functions also. The theory is illustrated using finite and infinite lists. Corecursion expresses functions over infinite lists; coinduction reasons about such functions. Key words. Isabelle, higherorder logic, coinduction, corecursion Copyright c fl 1996 by Lawrence C. Paulson Content...
A Coinduction Principle for Recursively Defined Domains
 THEORETICAL COMPUTER SCIENCE
, 1992
"... This paper establishes a new property of predomains recursively defined using the cartesian product, disjoint union, partial function space and convex powerdomain constructors. We prove that the partial order on such a recursive predomain D is the greatest fixed point of a certain monotone operator ..."
Abstract

Cited by 40 (3 self)
 Add to MetaCart
This paper establishes a new property of predomains recursively defined using the cartesian product, disjoint union, partial function space and convex powerdomain constructors. We prove that the partial order on such a recursive predomain D is the greatest fixed point of a certain monotone operator associated to D. This provides a structurally defined family of proof principles for these recursive predomains: to show that one element of D approximates another, it suffices to find a binary relation containing the two elements that is a postfixed point for the associated monotone operator. The statement of the proof principles is independent of any of the various methods available for explicit construction of recursive predomains. Following Milner and Tofte [10], the method of proof is called coinduction. It closely resembles the way bisimulations are used in concurrent process calculi [9]. Two specific instances of the coinduction principle already occur in work of Abramsky [2, 1] in the form of `internal full abstraction' theorems for denotational semantics of SCCS and the lazy lambda calculus. In the first case postfixed binary relations are precisely Abramsky's partial bisimulations, whereas in the second case they are his applicative bisimulations. The coinduction principle also provides an apparently useful tool for reasoning about equality of elements of recursively defined datatypes in (strict or lazy) higher order functional programming languages.
A Naïve Time Analysis and its Theory of Cost Equivalence
 Journal of Logic and Computation
, 1995
"... Techniques for reasoning about extensional properties of functional programs are well understood, but methods for analysing the underlying intensional or operational properties have been much neglected. This paper begins with the development of a simple but useful calculus for time analysis of nons ..."
Abstract

Cited by 39 (7 self)
 Add to MetaCart
Techniques for reasoning about extensional properties of functional programs are well understood, but methods for analysing the underlying intensional or operational properties have been much neglected. This paper begins with the development of a simple but useful calculus for time analysis of nonstrict functional programs with lazy lists. One limitation of this basic calculus is that the ordinary equational reasoning on functional programs is not valid. In order to buy back some of these equational properties we develop a nonstandard operational equivalence relation called cost equivalence, by considering the number of computation steps as an `observable' component of the evaluation process. We define this relation by analogy with Park's definition of bisimulation in CCS. This formulation allows us to show that cost equivalence is a contextual congruence (and thus is substitutive with respect to the basic calculus) and provides useful proof techniques for establishing costequivalen...