Results 1  10
of
40
MetaML and MultiStage Programming with Explicit Annotations
 Theoretical Computer Science
, 1999
"... . We introduce MetaML, a practicallymotivated, staticallytyped multistage programming language. MetaML is a "real" language. We have built an implementation and used it to solve multistage problems. MetaML allows the programmer to construct, combine, and execute code fragments in a ..."
Abstract

Cited by 242 (30 self)
 Add to MetaCart
. We introduce MetaML, a practicallymotivated, staticallytyped multistage programming language. MetaML is a "real" language. We have built an implementation and used it to solve multistage problems. MetaML allows the programmer to construct, combine, and execute code fragments in a typesafe manner. Code fragments can contain free variables, but they obey the staticscoping principle. MetaML performs typechecking for all stages once and for all before the execution of the first stage. Certain anomalies with our first MetaML implementation led us to formalize an illustrative subset of the MetaML implementation. We present both a bigstep semantics and type system for this subset, and prove the type system's soundness with respect to a bigstep semantics. From a software engineering point of view, this means that generators written in the MetaML subset never generate unsafe programs. A type system and semantics for full MetaML is still ongoing work. We argue that multi...
Verification by abstract interpretation
 In Verification: Theory and Practice
, 2003
"... Dedicated to Zohar Manna, for his 2 6 th birthday. Abstract. Abstract interpretation theory formalizes the idea of abstraction of mathematical structures, in particular those involved in the specification of properties and proof methods of computer systems. Verification by abstract interpretation is ..."
Abstract

Cited by 197 (16 self)
 Add to MetaCart
Dedicated to Zohar Manna, for his 2 6 th birthday. Abstract. Abstract interpretation theory formalizes the idea of abstraction of mathematical structures, in particular those involved in the specification of properties and proof methods of computer systems. Verification by abstract interpretation is illustrated on the particular cases of predicate abstraction, which is revisited to handle infinitary abstractions, and on the new parametric predicate abstraction. 1
A Per Model of Secure Information Flow in Sequential Programs
 HIGHERORDER AND SYMBOLIC COMPUTATION
, 1998
"... This paper proposes an extensional semanticsbased formal specification of secure informationflow properties in sequential programs based on representing degrees of security by partial equivalence relations (pers). The specification clarifies and unifies a number of specific correctness arguments i ..."
Abstract

Cited by 93 (19 self)
 Add to MetaCart
This paper proposes an extensional semanticsbased formal specification of secure informationflow properties in sequential programs based on representing degrees of security by partial equivalence relations (pers). The specification clarifies and unifies a number of specific correctness arguments in the literature and connections to other forms of program analysis. The approach is inspired by (and in the deterministic case equivalent to) the use of partial equivalence relations in specifying bindingtime analysis, and is thus able to specify security properties of higherorder functions and "partially confidential data". We also show how the per approach can handle nondeterminism for a firstorder language, by using powerdomain semantics and show how probabilistic security properties can be formalised by using probabilistic powerdomain semantics. We illustrate the usefulness of the compositional nature of the security specifications by presenting a straightforward correctness proof for a simple typebased security analysis.
MultiStage Programming: Its Theory and Applications
, 1999
"... MetaML is a statically typed functional programming language with special support for program generation. In addition to providing the standard features of contemporary programming languages such as Standard ML, MetaML provides three staging annotations. These staging annotations allow the construct ..."
Abstract

Cited by 87 (18 self)
 Add to MetaCart
MetaML is a statically typed functional programming language with special support for program generation. In addition to providing the standard features of contemporary programming languages such as Standard ML, MetaML provides three staging annotations. These staging annotations allow the construction, combination, and execution of objectprograms. Our thesis is that MetaML's three staging annotations provide a useful, theoretically sound basis for building program generators. This dissertation reports on our study of MetaML's staging constructs, their use, their implementation, and their formal semantics. Our results include an extended example of where MetaML allows us to produce efficient programs, an explanation of why implementing these constructs in traditional ways can be challenging, two formulations of MetaML's semantics, a type system for MetaML, and a proposal for extending ...
Representing control: a study of the CPS transformation
, 1992
"... This paper investigates the transformation of v terms into continuationpassing style (CPS). We show that by appropriate jexpansion of Fischer and Plotkin's twopass equational specification of the CPS transform, we can obtain a static and contextfree separation of the result terms into ..."
Abstract

Cited by 82 (7 self)
 Add to MetaCart
This paper investigates the transformation of v terms into continuationpassing style (CPS). We show that by appropriate jexpansion of Fischer and Plotkin's twopass equational specification of the CPS transform, we can obtain a static and contextfree separation of the result terms into "essential" and "administrative" constructs. Interpreting the former as syntax builders and the latter as directly executable code, we obtain a simple and efficient onepass transformation algorithm, easily extended to conditional expressions, recursive definitions, and similar constructs. This new transformation algorithm leads to a simpler proof of Plotkin's simulation and indifference results. Further we show how CPSbased control operators similar to but more general than Scheme's call/cc can be naturally accommodated by the new transformation algorithm. To demonstrate the expressive power of these operators, we use them to present an equivalent but even more concise formulation of t...
Finite differencing of logical formulas for static analysis
 IN PROC. 12TH ESOP
, 2003
"... This paper concerns mechanisms for maintaining the value of an instrumentationpredicate (a.k.a. derived predicate or view), defined via a logical formula over core predicates, in response to changes in the values of the core predicates. It presents an algorithm fortransforming the instrumentation p ..."
Abstract

Cited by 35 (18 self)
 Add to MetaCart
This paper concerns mechanisms for maintaining the value of an instrumentationpredicate (a.k.a. derived predicate or view), defined via a logical formula over core predicates, in response to changes in the values of the core predicates. It presents an algorithm fortransforming the instrumentation predicate's defining formula into a predicatemaintenance formula that captures what the instrumentation predicate's new value should be.This technique applies to programanalysis problems in which the semantics of statements is expressed using logical formulas that describe changes to corepredicate values,and provides a way to reflect those changes in the values of the instrumentation predicates.
Binding Time Analysis: A New PERspective
 In Proceedings of the ACM Symposium on Partial Evaluation and SemanticsBased Program Manipulation (PEPM'91
, 1991
"... Given a description of the parameters in a program that will be known at partial evaluation time, a binding time analysis must determine which parts of the program are dependent solely on these known parts (and therefore also known at partial evaluation time). In this paper a binding time analysis f ..."
Abstract

Cited by 34 (6 self)
 Add to MetaCart
Given a description of the parameters in a program that will be known at partial evaluation time, a binding time analysis must determine which parts of the program are dependent solely on these known parts (and therefore also known at partial evaluation time). In this paper a binding time analysis for the simply typed lambda calculus is presented. The analysis takes the form of an abstract interpretation and uses a novel formalisation of the problem of binding time analysis, based on the use of partial equivalence relations. A simple proof of correctness is achieved by the use of logical relations. 1 Introduction Given a description of the parameters in a program that will be known at partial evaluation time, a binding time analysis must determine which parts of the program are dependent solely on these known parts (and therefore also known at partial evaluation time). A binding time analysis performed prior to the partial evaluation process can have several practical benefits (see [...
A Security Flow Control Algorithm and Its Denotational Semantics Correctness Proof
, 1992
"... We derive a security flow control algorithm for messagebased, modular systems and prove the algorithm correct. The development is noteworthy because it is completely rigorous: the flow control algorithm is derived as an abstract interpretation of the dentotational semantics of the programming langu ..."
Abstract

Cited by 27 (0 self)
 Add to MetaCart
We derive a security flow control algorithm for messagebased, modular systems and prove the algorithm correct. The development is noteworthy because it is completely rigorous: the flow control algorithm is derived as an abstract interpretation of the dentotational semantics of the programming language for the modular system, and the correctness proof is a proof by logical relations of the congruence between the denotational semantics and its abstract interpretation. Effectiveness is also addressed: we give conditions under which an abstract interpretation can be computed as a traditional iterative data flow analysis, and we prove that our security flow control algorithm satisfies the conditions. We also show that symbolic expressions (that is, data flow values that contain unknowns) can be used in a convergent, iterative analysis. An important consequence of the latter result is that the security flow control algorithm can analyze individual modules in a system for well formedness and...
Abstract Interpretation of Functional Languages: From Theory to Practice
, 1991
"... Abstract interpretation is the name applied to a number of techniques for reasoning about programs by evaluating them over nonstandard domains whose elements denote properties over the standard domains. This thesis is concerned with higherorder functional languages and abstract interpretations with ..."
Abstract

Cited by 25 (0 self)
 Add to MetaCart
Abstract interpretation is the name applied to a number of techniques for reasoning about programs by evaluating them over nonstandard domains whose elements denote properties over the standard domains. This thesis is concerned with higherorder functional languages and abstract interpretations with a formal semantic basis. It is known how abstract interpretation for the simply typed lambda calculus can be formalised by using binary logical relations. This has the advantage of making correctness and other semantic concerns straightforward to reason about. Its main disadvantage is that it enforces the identification of properties as sets. This thesis shows how the known formalism can be generalised by the use of ternary logical relations, and in particular how this allows abstract values to deno...