Results 1  10
of
20
Equivalence in Functional Languages with Effects
, 1991
"... Traditionally the view has been that direct expression of control and store mechanisms and clear mathematical semantics are incompatible requirements. This paper shows that adding objects with memory to the callbyvalue lambda calculus results in a language with a rich equational theory, satisfying ..."
Abstract

Cited by 125 (13 self)
 Add to MetaCart
Traditionally the view has been that direct expression of control and store mechanisms and clear mathematical semantics are incompatible requirements. This paper shows that adding objects with memory to the callbyvalue lambda calculus results in a language with a rich equational theory, satisfying many of the usual laws. Combined with other recent work this provides evidence that expressive, mathematically clean programming languages are indeed possible. 1. Overview Real programs have effectscreating new structures, examining and modifying existing structures, altering flow of control, etc. Such facilities are important not only for optimization, but also for communication, clarity, and simplicity in programming. Thus it is important to be able to reason both informally and formally about programs with effects, and not to sweep effects either to the side or under the store parameter rug. Recent work of Talcott, Mason, Felleisen, and Moggi establishes a mathematical foundation for...
Semantics of Types for Mutable State
, 2004
"... Proofcarrying code (PCC) is a framework for mechanically verifying the safety of machine language programs. A program that is successfully verified by a PCC system is guaranteed to be safe to execute, but this safety guarantee is contingent upon the correctness of various trusted components. For in ..."
Abstract

Cited by 62 (5 self)
 Add to MetaCart
Proofcarrying code (PCC) is a framework for mechanically verifying the safety of machine language programs. A program that is successfully verified by a PCC system is guaranteed to be safe to execute, but this safety guarantee is contingent upon the correctness of various trusted components. For instance, in traditional PCC systems the trusted computing base includes a large set of lowlevel typing rules. Foundational PCC systems seek to minimize the size of the trusted computing base. In particular, they eliminate the need to trust complex, lowlevel type systems by providing machinecheckable proofs of type soundness for real machine languages. In this thesis, I demonstrate the use of logical relations for proving the soundness of type systems for mutable state. Specifically, I focus on type systems that ensure the safe allocation, update, and reuse of memory. For each type in the language, I define logical relations that explain the meaning of the type in terms of the operational semantics of the language. Using this model of types, I prove each typing rule as a lemma. The major contribution is a model of System F with general references — that is, mutable cells that can hold values of any closed type including other references, functions, recursive types, and impredicative quantified types. The model is based on ideas from both possible worlds and the indexed model of Appel and McAllester. I show how the model of mutable references is encoded in higherorder logic. I also show how to construct an indexed possibleworlds model for a von Neumann machine. The latter is used in the Princeton Foundational PCC system to prove type safety for a fullfledged lowlevel typed assembly language. Finally, I present a semantic model for a region calculus that supports typeinvariant references as well as memory reuse. iii
A Variable Typed Logic of Effects
 Information and Computation
, 1993
"... In this paper we introduce a variable typed logic of effects inspired by the variable type systems of Feferman for purely functional languages. VTLoE (Variable Typed Logic of Effects) is introduced in two stages. The first stage is the firstorder theory of individuals built on assertions of equalit ..."
Abstract

Cited by 50 (13 self)
 Add to MetaCart
(Show Context)
In this paper we introduce a variable typed logic of effects inspired by the variable type systems of Feferman for purely functional languages. VTLoE (Variable Typed Logic of Effects) is introduced in two stages. The first stage is the firstorder theory of individuals built on assertions of equality (operational equivalence `a la Plotkin), and contextual assertions. The second stage extends the logic to include classes and class membership. The logic we present provides an expressive language for defining and studying properties of programs including program equivalences, in a uniform framework. The logic combines the features and benefits of equational calculi as well as program and specification logics. In addition to the usual firstorder formula constructions, we add contextual assertions. Contextual assertions generalize Hoare's triples in that they can be nested, used as assumptions, and their free variables may be quantified. They are similar in spirit to program modalities in ...
Assignments for applicative languages
 Conf. on Functional Program. Lang. and Comput. Arch
, 1991
"... We propose a theoretical framework for adding assignments and dynamic data to functional languages without violating their semantic properties. This differs from semifunctional languages like Scheme and ML in that values of expressions remain static and sideeffectfree. A new form of abstraction c ..."
Abstract

Cited by 39 (11 self)
 Add to MetaCart
We propose a theoretical framework for adding assignments and dynamic data to functional languages without violating their semantic properties. This differs from semifunctional languages like Scheme and ML in that values of expressions remain static and sideeffectfree. A new form of abstraction called observer is designed to encapsulate stateoriented computation from the remaining purely applicative computation. The type system ensures that observers are combined linearly, allowing an implementation in terms of a global store. The utility of this extension is in manipulating shared dynamic data embedded in data structures. Evaluation of welltyped programs is ChurchRosser. Thus, programs produce the same results whether an eager or lazy evaluation order is used (assuming termination). A simple, sound logic permits reasoning about welltyped programs. The benefits of this work include greater expressive power and efficiency (compared to applicative languages), while retaining simplicity of reasoning.
References, Local Variables and Operational Reasoning
 In Seventh Annual Symposium on Logic in Computer Science
, 1992
"... this paper we regard the following as synonyms: references, program variables, pointers, locations, and unary cells) to a programming language complicates life. Adding them to the simply typed lambda calculus causes the failure of most of the nice mathematical properties and some of the more basic r ..."
Abstract

Cited by 32 (4 self)
 Add to MetaCart
(Show Context)
this paper we regard the following as synonyms: references, program variables, pointers, locations, and unary cells) to a programming language complicates life. Adding them to the simply typed lambda calculus causes the failure of most of the nice mathematical properties and some of the more basic rules (such as j). For example strong normalization fails since it is possible, for each provably nonempty function type, to construct a Y combinator for that type. References also interact unpleasantly with polymorphism [34, 35]. They are also troublesome from a denotational point of view as illustrated by the lack of fully abstract models. For example, in [22] Meyer and Sieber give a series of examples of programs that are operationally equivalent (according to the intended semantics of blockstructured Algollike programs) but which are not given equivalent denotations in traditional denotational semantics. They propose various modifications to the denotational semantics which solve some of these discrepancies, but not all. In [27, 26] a denotational semantics that overcomes some of these problems is presented. However variations on the seventh example remain problematic. Since numerous proof systems for Algol are sound for the denotational models in question, [8, 7, 32, 28, 16, 27, 26], these equivalences, if expressible, must be independent of these systems. The problem which motivated Meyer and Sieber's paper, [22], was to provide mathematical justification for the informal but convincing proofs of the operational equivalence of their examples. In this paper we approach the same problem, but from an operational rather than denotational perspective. This paper accomplishes two goals. Firstly, we present the firstorder part of a new logic for reasoning about programs....
A Complete Transformational Toolkit for Compilers
 ACM Transactions on Programming Languages and Systems
, 1996
"... . In an earlier paper, one of the present authors presented a preliminary account of an equational logic called PIM. PIM is intended to function as a "transformational toolkit" to be used by compilers and analysis tools for imperative languages, and has been applied to such problems as ..."
Abstract

Cited by 23 (9 self)
 Add to MetaCart
(Show Context)
. In an earlier paper, one of the present authors presented a preliminary account of an equational logic called PIM. PIM is intended to function as a "transformational toolkit" to be used by compilers and analysis tools for imperative languages, and has been applied to such problems as program slicing, symbolic evaluation, conditional constant propagation, and dependence analysis. PIM consists of the untyped lambda calculus extended with an algebraic rewriting system that characterizes the behavior of lazy stores and generalized conditionals. A major question left open in the earlier paper was whether there existed a complete equational axiomatization of PIM's semantics. In this paper, we answer this question in the affirmative for PIM's core algebraic component, PIM t , under the assumption of certain reasonable restrictions on term formation. We systematically derive the complete PIM logic as the culmination of a sequence of increasingly powerful equational systems starti...
Objects and classes in Algollike languages
 Information and Computation
, 2002
"... Many objectoriented languages used in practice descend from Algol. With this motivation, we study the theoretical issues underlying such languages via the theory of Algollike languages. It is shown that the basic framework of this theory extends cleanly and elegantly to the concepts of objects and ..."
Abstract

Cited by 22 (5 self)
 Add to MetaCart
(Show Context)
Many objectoriented languages used in practice descend from Algol. With this motivation, we study the theoretical issues underlying such languages via the theory of Algollike languages. It is shown that the basic framework of this theory extends cleanly and elegantly to the concepts of objects and classes. An important idea that comes to light is that classes are abstract data types, whose theory corresponds to that of existential types. Equational and Hoarelike reasoning methods, and relational parametricity provide powerful formal tools for reasoning about Algollike objectoriented programs. 1
MLISP: A RepresentationIndependent Dialect of LISP with Reduction Semantics
 ACM Transactions on Programming Languages and Systems
, 1992
"... In this paper we introduce MLISP, a simple new dialect of LISP which is designed with an eye toward reconciling LISP's metalinguistic power with the structural style of operational semantics advocated by Plotkin [Plo75]. We begin by reviewing the original denition of LISP [McC61] in an atte ..."
Abstract

Cited by 21 (2 self)
 Add to MetaCart
In this paper we introduce MLISP, a simple new dialect of LISP which is designed with an eye toward reconciling LISP's metalinguistic power with the structural style of operational semantics advocated by Plotkin [Plo75]. We begin by reviewing the original denition of LISP [McC61] in an attempt to clarify the source of its metalinguistic power. We nd that it arises from a problematic clause in this denition. We then dene the abstract syntax and operational semantics of MLISP, essentially a hybrid of Mexpression LISP and Scheme. Next, we tie the operational semantics to the corresponding equational logic. As usual, provable equality in the logic implies operational equality. Having established this framework we then extend MLISP with the metalinguistic eval and reify operators (the latter is a nonstrict operator which converts its argument to its metalanguage representation.) These operators encapsulate the metalinguistic representation conversions that occur globall...
Reasoning about Programs with Effects
, 1990
"... objects Abstract objects exhibit the noninheritance aspects of objectoriented programming. An abstract object is a function with local store. Abstract objects provide a means of encapsulating features of a structure and controlling access to that structure. The idea is that the local store can on ..."
Abstract

Cited by 12 (6 self)
 Add to MetaCart
objects Abstract objects exhibit the noninheritance aspects of objectoriented programming. An abstract object is a function with local store. Abstract objects provide a means of encapsulating features of a structure and controlling access to that structure. The idea is that the local store can only be changed by sending a message to the object. The operations on the encapsulated structure are determined by the messages accepted by the object. We illustrate these ideas for the special case of accumulators. An accumulator object accumulates a sequence of the things sent to it (via a !put; x? message) and responds to a !get? message by returning the sequence collected. If mkac(y) creates an accumulator object with initial contents the elements of y, then it mus satisfy the following three laws: Specification (Accumulator behavior): (put) letfa := mkac(y)gseq(a(!put; x?); e) 12 ' letfa := mkac(append (y; cons (x; Nil)))ge (get) letfa := mkac(y)gletfz := a(!get?)ge ' letfa := mkac(...
A Theory of Classes for a Functional Language with Effects
 In Proceedings of CSL92, volume 702 of Lecture Notes in Computer Science
, 1993
"... this paper we introduce a variable typed logic of effects (i.e. a logic of effects where classes can be defined and quantified over) inspired by the variable type systems of Feferman [3, 4] for purely functional languages. A similar extension incorporating nonlocal control operations was introduced ..."
Abstract

Cited by 7 (6 self)
 Add to MetaCart
(Show Context)
this paper we introduce a variable typed logic of effects (i.e. a logic of effects where classes can be defined and quantified over) inspired by the variable type systems of Feferman [3, 4] for purely functional languages. A similar extension incorporating nonlocal control operations was introduced in [27]. The logic we present provides an expressive language for defining specifications and constraints and for studying properties and program equivalences, in a uniform framework. Thus it has an advantage over a plethora of systems in the literature that aim to capture solitary aspects of computation. The theory also allows for the construction of inductively defined sets and derivation of the corresponding induction principles. Classes can be used to express, inter alia, the nonexpansiveness of terms [29]. Other effects can also be represented within the system. These include read/write effects and various forms of interference [24]. The first order fragment is described in [16] where it is used to resolve the denotationally problematic examples of [17]. In our language atoms, references and lambda abstractions are all first class values and as such are storable. This has several consequences. Firstly, mutation and variable binding are separate and so we avoid the problems that typically arise (e.g. in Hoare's and dynamic logic) from the conflation of program variables and logical variables. Secondly, the equality and sharing of references (aliasing) is easily expressed and reasoned about. Thirdly, the combination of mutable references and lambda abstractions allows us to study object based programming within our framework. Our atomic formulas express the (operational or observational) equivalence of programs `a la Plotkin [23]. Neither Hoare's logic nor Dynamic logi...