Results 1  10
of
25
Proving Security Protocols With Model Checkers By Data Independence Techniques
, 1999
"... Model checkers such as FDR have been extremely effective in checking for, and finding, attacks on cryptographic protocols  see, for example [16, 20] and many of the papers in [7]. Their use in proving protocols has, on the other hand, generally been limited to showing that a given small instanc ..."
Abstract

Cited by 60 (9 self)
 Add to MetaCart
Model checkers such as FDR have been extremely effective in checking for, and finding, attacks on cryptographic protocols  see, for example [16, 20] and many of the papers in [7]. Their use in proving protocols has, on the other hand, generally been limited to showing that a given small instance, usually restricted by the finiteness of some set of resources such as keys and nonces, is free of attacks. While for specific protocols there are frequently good reasons for supposing that this will find any attack, it leaves a substantial gap in the method. The purpose of this paper is to show how techniques borrowed from data independence and related fields can be used to achieve the illusion that nodes can call upon an infinite supply of different nonces, keys, etc., even though the actual types used for these things remain finite. It is thus possible to create models of protocols in which nodes do not have to stop after a small number of runs, and to claim that a finitestate r...
Types, Abstraction, and Parametric Polymorphism, Part 2
, 1991
"... The concept of relations over sets is generalized to relations over an arbitrary category, and used to investigate the abstraction (or logicalrelations) theorem, the identity extension lemma, and parametric polymorphism, for Cartesianclosedcategory models of the simply typed lambda calculus and P ..."
Abstract

Cited by 54 (1 self)
 Add to MetaCart
The concept of relations over sets is generalized to relations over an arbitrary category, and used to investigate the abstraction (or logicalrelations) theorem, the identity extension lemma, and parametric polymorphism, for Cartesianclosedcategory models of the simply typed lambda calculus and PLcategory models of the polymorphic typed lambda calculus. Treatments of Kripke relations and of complete relations on domains are included.
On functors expressible in the polymorphic typed lambda calculus
 Logical Foundations of Functional Programming
, 1990
"... This is a preprint of a paper that has been submitted to Information and Computation. ..."
Abstract

Cited by 16 (1 self)
 Add to MetaCart
(Show Context)
This is a preprint of a paper that has been submitted to Information and Computation.
Nonparametric Parametricity
 UNDER CONSIDERATION FOR PUBLICATION IN J. FUNCTIONAL PROGRAMMING
, 2010
"... Type abstraction and intensional type analysis are features seemingly at odds—type abstraction is intended to guarantee parametricity and representation independence, while type analysis is inherently nonparametric. Recently, however, several researchers have proposed and implemented “dynamic type, ..."
Abstract

Cited by 13 (3 self)
 Add to MetaCart
Type abstraction and intensional type analysis are features seemingly at odds—type abstraction is intended to guarantee parametricity and representation independence, while type analysis is inherently nonparametric. Recently, however, several researchers have proposed and implemented “dynamic type, one should also be able to generate at run time a fresh type name, which may be used as a dynamic representative of the abstract type for purposes of type analysis. The question remains: in a language with nonparametric polymorphism, does dynamic type generation provide us with the same kinds of abstraction guarantees that we get from parametric polymorphism? Our goal is to provide a rigorous answer to this question. We define a stepindexed Kripke logical relation for a language with both nonparametric polymorphism (in the form of typesafe cast) and dynamic type generation. Our logical relation enables us to establish parametricity and representation independence results, even in a nonparametric setting, by attaching arbitrary relational interpretations to dynamicallygenerated type names. In addition, we explore how programs that are provably equivalent in a more traditional parametric logical relation may be “wrapped” systematically to produce terms that are related by our nonparametric relation, and vice versa. This leads us to a novel “polarized” form of our logical relation, which enables us to distinguish formally between positive and negative notions of parametricity.
Structuring Specifications intheLarge and intheSmall: HigherOrder Functions, Dependent Types and Inheritance in SPECTRAL
 PROC. COLLOQ. ON COMBINING PARADIGMS FOR SOFTWARE DEVELOPMENT, JOINT CONF. ON THEORY AND PRACTICE OF SOFTWARE DEVELOPMENT (TAPSOFT
"... ..."
Abstraction preservation and subtyping in distributed languages
 In Proc. ICFP
, 2006
"... 1. Introduction 1.1 Background and motivation Abstract types are a powerful feature of modern programminglanguages. They arise when the implementation of a collection of types and accompanying functions, often called a module, ispartly hidden by an interface. The creation and manipulation of an abst ..."
Abstract

Cited by 10 (3 self)
 Add to MetaCart
(Show Context)
1. Introduction 1.1 Background and motivation Abstract types are a powerful feature of modern programminglanguages. They arise when the implementation of a collection of types and accompanying functions, often called a module, ispartly hidden by an interface. The creation and manipulation of an abstract data type are then constrained by the functions declared inits interface.
A Game Semantics For Generic Polymorphism
, 1971
"... Genericity is the idea that the same program can work at many dierent data types. Longo, Milstead and Soloviev proposed to capture the inability of generic programs to probe the structure of their instances by the following equational principle: if two generic programs, viewed as terms of type 8X ..."
Abstract

Cited by 9 (4 self)
 Add to MetaCart
Genericity is the idea that the same program can work at many dierent data types. Longo, Milstead and Soloviev proposed to capture the inability of generic programs to probe the structure of their instances by the following equational principle: if two generic programs, viewed as terms of type 8X:A[X ], are equal at any given instance A[T ], then they are equal at all instances. They proved that this rule is admissible in a certain extension of System F, but nding a semantically motivated model satisfying this principle remained an open problem.
Models for Persistence in Lazy Functional Programming Systems
, 1993
"... Research into providing support for long term data in lazy functional programming systems is presented in this thesis. The motivation for this work has been to reap the benefits of integrating lazy functional programming languages and persistence. The benefits are . the programmer need not write cod ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
Research into providing support for long term data in lazy functional programming systems is presented in this thesis. The motivation for this work has been to reap the benefits of integrating lazy functional programming languages and persistence. The benefits are . the programmer need not write code to support long term data since this is provided as part of the programming system . persistent data can be used in a type safe way since the programming language type system applies to data with the whole range of persistence . the benefits of lazy evaluation are extended to the full lifetime of a data value. Whilst data is reachable, any evaluation performed on the data persists. A data value changes monotonically from an unevaluated state towards a completely evaluated state over time. . interactive data intensive applications such as functional databases can be developed. These benefits are realised by the development of models for persistence in lazy functional programming systems. Tw...
A New Paradox in Type Theory
 Logic, Methodology and Philosophy of Science IX : Proceedings of the Ninth International Congress of Logic, Methodology, and Philosophy of Science
, 1994
"... this paper is to present a new paradox for Type Theory, which is a typetheoretic refinement of Reynolds' result [24] that there is no settheoretic model of polymorphism. We discuss then one application of this paradox, which shows unexpected connections between the principle of excluded middl ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
(Show Context)
this paper is to present a new paradox for Type Theory, which is a typetheoretic refinement of Reynolds' result [24] that there is no settheoretic model of polymorphism. We discuss then one application of this paradox, which shows unexpected connections between the principle of excluded middle and the axiom of description in impredicative Type Theories. 1 Minimal and Polymorphic HigherOrder Logic
An Introduction to Polymorphic Lambda Calculus
 Logical Foundations of Functional Programming
, 1994
"... Introduction to the Polymorphic Lambda Calculus John C. Reynolds Carnegie Mellon University December 23, 1994 The polymorphic (or secondorder) typed lambda calculus was invented by JeanYves Girard in 1971 [11, 10], and independently reinvented by myself in 1974 [24]. It is extraordinary that ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
(Show Context)
Introduction to the Polymorphic Lambda Calculus John C. Reynolds Carnegie Mellon University December 23, 1994 The polymorphic (or secondorder) typed lambda calculus was invented by JeanYves Girard in 1971 [11, 10], and independently reinvented by myself in 1974 [24]. It is extraordinary that essentially the same programming language was formulated independently by the two of us, especially since we were led to the language by entirely different motivations. In my own case, I was seeking to extend conventional typed programming languages to permit the definition of "polymorphic" procedures that could accept arguments of a variety of types. I started with the ordinary typed lambda calculus and added the ability to pass types as parameters (an idea that was "in the air" at the time, e.g. [4]). For example, as in the ordinary typed lambda calculus one can write f int!int : x int : f(f (x)) to denote the "doubling" function for the type int, which accepts a function from integers