Results 1  10
of
43
Statedependent representation independence
 In Proceedings of the 36th ACM SIGPLANSIGACT Symposium on Principles of Programming Languages
, 2009
"... Mitchell’s notion of representation independence is a particularly useful application of Reynolds ’ relational parametricity — two different implementations of an abstract data type can be shown contextually equivalent so long as there exists a relation between their type representations that is pre ..."
Abstract

Cited by 88 (24 self)
 Add to MetaCart
(Show Context)
Mitchell’s notion of representation independence is a particularly useful application of Reynolds ’ relational parametricity — two different implementations of an abstract data type can be shown contextually equivalent so long as there exists a relation between their type representations that is preserved by their operations. There have been a number of methods proposed for proving representation independence in various pure extensions of System F (where data abstraction is achieved through existential typing), as well as in Algol or Javalike languages (where data abstraction is achieved through the use of local mutable state). However, none of these approaches addresses the interaction of existential type abstraction and local state. In particular, none allows one to prove representation independence results for generative ADTs — i.e., ADTs that both maintain some local state and define abstract types whose internal
The impact of higherorder state and control effects on local relational reasoning
, 2010
"... Reasoning about program equivalence is one of the oldest problems in semantics. In recent years, useful techniques have been developed, based on bisimulations and logical relations, for reasoning about equivalence in the setting of increasingly realistic languages—languages nearly as complex as ML o ..."
Abstract

Cited by 56 (16 self)
 Add to MetaCart
Reasoning about program equivalence is one of the oldest problems in semantics. In recent years, useful techniques have been developed, based on bisimulations and logical relations, for reasoning about equivalence in the setting of increasingly realistic languages—languages nearly as complex as ML or Haskell. Much of the recent work in this direction has considered the interesting representation independence principles enabled by the use of local state, but it is also important to understand the principles that powerful features like higherorder state and control effects disable. This latter topic has been broached extensively within the framework of game semantics, resulting in what Abramsky dubbed the “semantic cube”: fully abstract gamesemantic characterizations of various axes in the design space of MLlike languages. But when it comes to reasoning about many actual examples, game semantics does not yet supply a useful technique for proving equivalences. In this paper, we marry the aspirations of the semantic cube to the powerful proof method of stepindexed Kripke logical relations. Building on recent work of Ahmed, Dreyer, and Rossberg, we define the first fully abstract logical relation for an MLlike language with recursive types, abstract types, general references and call/cc. We then show how, under orthogonal restrictions to the expressive power of our language—namely, the restriction to firstorder state and/or the removal of call/cc—we can enhance the proving power of our possibleworlds model in correspondingly orthogonal ways, and we demonstrate this proving power on a range of interesting examples. Central to our story is the use of state transition systems to model the way in which properties of local state evolve over time.
A bisimulation for type abstraction and recursion
 SYMPOSIUM ON PRINCIPLES OF PROGRAMMING LANGUAGES
, 2005
"... We present a bisimulation method for proving the contextual equivalence of packages in λcalculus with full existential and recursive types. Unlike traditional logical relations (either semantic or syntactic), our development is “elementary, ” using only sets and relations and avoiding advanced mach ..."
Abstract

Cited by 54 (6 self)
 Add to MetaCart
We present a bisimulation method for proving the contextual equivalence of packages in λcalculus with full existential and recursive types. Unlike traditional logical relations (either semantic or syntactic), our development is “elementary, ” using only sets and relations and avoiding advanced machinery such as domain theory, admissibility, and ⊤⊤closure. Unlike other bisimulations, ours is complete even for existential types. The key idea is to consider sets of relations—instead of just relations—as bisimulations.
Environmental bisimulations for higherorder languages
 In TwentySecond Annual IEEE Symposium on Logic in Computer Science
, 2007
"... Developing a theory of bisimulation in higherorder languages can be hard. Particularly challenging can be: (1) the proof of congruence, as well as enhancements of the bisimulation proof method with “upto context ” techniques, and (2) obtaining definitions and results that scale to languages with d ..."
Abstract

Cited by 50 (14 self)
 Add to MetaCart
(Show Context)
Developing a theory of bisimulation in higherorder languages can be hard. Particularly challenging can be: (1) the proof of congruence, as well as enhancements of the bisimulation proof method with “upto context ” techniques, and (2) obtaining definitions and results that scale to languages with different features. To meet these challenges, we present environmental bisimulations, a form of bisimulation for higherorder languages, and its basic theory. We consider four representative calculi: pure λcalculi (callbyname and callbyvalue), callbyvalue λcalculus with higherorder store, and then HigherOrder πcalculus. In each case: we present the basic properties of environmental bisimilarity, including congruence; we show that it coincides with contextual equivalence; we develop some upto techniques, including upto context, as examples of possible enhancements of the associated bisimulation method. Unlike previous approaches (such as applicative bisimulations, logical relations, SumiiPierceKoutavasWand), our method does not require induction/indices on evaluation derivation/steps (which may complicate the proofs of congruence, transitivity, and the combination with upto techniques), or sophisticated methods such as Howe’s for proving congruence. It also scales from the pure λcalculi to the richer calculi with simple congruence proofs. 1
Logical StepIndexed Logical Relations
"... We show how to reason about “stepindexed ” logical relations in an abstract way, avoiding the tedious, errorprone, and proofobscuring stepindex arithmetic that seems superficially to be an essential element of the method. Specifically, we define a logic LSLR, which is inspired by Plotkin and Aba ..."
Abstract

Cited by 26 (9 self)
 Add to MetaCart
(Show Context)
We show how to reason about “stepindexed ” logical relations in an abstract way, avoiding the tedious, errorprone, and proofobscuring stepindex arithmetic that seems superficially to be an essential element of the method. Specifically, we define a logic LSLR, which is inspired by Plotkin and Abadi’s logic for parametricity, but also supports recursively defined relations by means of the modal “later ” operator from Appel et al.’s “very modal model” paper. We encode in LSLR a logical relation for reasoning (in)equationally about programs in callbyvalue System F extended with recursive types. Using this logical relation, we derive a useful set of rules with which we can prove contextual (in)equivalences without mentioning step indices. 1
A Kripke Logical Relation Between ML and Assembly
"... There has recently been great progress in proving the correctness of compilers for increasingly realistic languages with increasingly realistic runtime systems. Most work on this problem has focused on proving the correctness of a particular compiler, leaving open the question of how to verify the c ..."
Abstract

Cited by 24 (9 self)
 Add to MetaCart
(Show Context)
There has recently been great progress in proving the correctness of compilers for increasingly realistic languages with increasingly realistic runtime systems. Most work on this problem has focused on proving the correctness of a particular compiler, leaving open the question of how to verify the correctness of assembly code that is handoptimized or linked together from the output of multiple compilers. This has led Benton and other researchers to propose more abstract, compositional notions of when a lowlevel program correctly realizes a highlevel one. However, the state of the art in socalled “compositional compiler correctness ” has only considered relatively simple highlevel and lowlevel languages. In this paper, we propose a novel, extensional, compilerindependent notion of equivalence between highlevel programs in an expressive, impure MLlike λcalculus and lowlevel programs in an (only slightly) idealized assembly language. We define this equivalence by means of a biorthogonal, stepindexed, Kripke logical relation, which enables us to reason quite flexibly about assembly code that uses local state in a different manner than the highlevel code it implements (e.g., selfmodifying code). In contrast to prior work, we factor our relation in a symmetric, languagegeneric fashion, which helps to simplify and clarify the formal presentation, and we also show how to account for the presence of a garbage collector. Our approach relies on recent developments in Kripke logical relations for MLlike languages, in particular the idea of possible worlds as state transition systems. 1.
Contracts Made Manifest
, 2009
"... Since Findler and Felleisen [2002] introduced higherorder contracts, many variants of their system have been proposed. Broadly, these fall into two groups: some follow Findler and Felleisen in using latent contracts, purely dynamic checks that are transparent to the type system; others use manifest ..."
Abstract

Cited by 23 (4 self)
 Add to MetaCart
Since Findler and Felleisen [2002] introduced higherorder contracts, many variants of their system have been proposed. Broadly, these fall into two groups: some follow Findler and Felleisen in using latent contracts, purely dynamic checks that are transparent to the type system; others use manifest contracts, where refinement types record the most recent check that has been applied. These two approaches are generally assumed to be equivalent—different ways of implementing the same idea, one retaining a simple type system, and the other providing more static information. Our goal is to formalize and clarify this folklore understanding. Our work extends that of Gronski and Flanagan [2007], who defined a latent calculus λC and a manifest calculus λH, gave a translation φ from λC to λH, and proved that if a λC term reduces to a constant, then so does its φimage. We enrich their account with a translation ψ in the opposite direction and prove an analogous theorem for ψ. More importantly, we generalize the whole framework to dependent contracts, where the predicates in contracts can mention variables from the local context. This extension is both pragmatically crucial, supporting a much more interesting range of contracts, and theoretically challenging. We define dependent versions of λC (following Findler and Felleisen’s semantics) and λH, establish type soundness—a challenging result in itself, for λH—and extend φ and ψ accordingly. Interestingly, the intuition that the two systems are equivalent appears to break down here: we show that ψ preserves behavior exactly, but that a natural extension of φ to the dependent case will sometimes yield terms that blame more because of a subtle difference in the treatment of dependent function contracts when the codomain contract itself abuses the argument. Note to reviewers: This is a preliminary version. It is technically complete, but not yet fully polished. Please do not distribute. 1 1
A Relational Modal Logic for HigherOrder Stateful ADTs
"... The method of logical relations is a classic technique for proving the equivalence of higherorder programs that implement the same observable behavior but employ different internal data representations. Although it was originally studied for pure, strongly normalizing languages like System F, it ha ..."
Abstract

Cited by 22 (12 self)
 Add to MetaCart
(Show Context)
The method of logical relations is a classic technique for proving the equivalence of higherorder programs that implement the same observable behavior but employ different internal data representations. Although it was originally studied for pure, strongly normalizing languages like System F, it has been extended over the past two decades to reason about increasingly realistic languages. In particular, Appel and McAllester’s idea of stepindexing has been used recently to develop syntactic Kripke logical relations for MLlike languages that mix functional and imperative forms of data abstraction. However, while stepindexed models are powerful tools, reasoning with them directly is quite painful, as one is forced to engage in tedious stepindex arithmetic to derive even simple results. In this paper, we propose a logic LADR for equational reasoning about higherorder programs in the presence of existential type abstraction, general recursive types, and higherorder mutable state. LADR exhibits a novel synthesis of features from PlotkinAbadi logic, GödelLöb logic, S4 modal logic, and relational separation logic. Our model of LADR is based on Ahmed, Dreyer, and Rossberg’s stateoftheart stepindexed Kripke logical relation, which was designed to facilitate proofs of representation independence for “statedependent ” ADTs. LADR enables one to express such proofs at a much higher level, without counting steps or reasoning about the subtle, stepstratified construction of possible worlds.
Nonparametric Parametricity
 UNDER CONSIDERATION FOR PUBLICATION IN J. FUNCTIONAL PROGRAMMING
, 2010
"... Type abstraction and intensional type analysis are features seemingly at odds—type abstraction is intended to guarantee parametricity and representation independence, while type analysis is inherently nonparametric. Recently, however, several researchers have proposed and implemented “dynamic type, ..."
Abstract

Cited by 17 (3 self)
 Add to MetaCart
(Show Context)
Type abstraction and intensional type analysis are features seemingly at odds—type abstraction is intended to guarantee parametricity and representation independence, while type analysis is inherently nonparametric. Recently, however, several researchers have proposed and implemented “dynamic type, one should also be able to generate at run time a fresh type name, which may be used as a dynamic representative of the abstract type for purposes of type analysis. The question remains: in a language with nonparametric polymorphism, does dynamic type generation provide us with the same kinds of abstraction guarantees that we get from parametric polymorphism? Our goal is to provide a rigorous answer to this question. We define a stepindexed Kripke logical relation for a language with both nonparametric polymorphism (in the form of typesafe cast) and dynamic type generation. Our logical relation enables us to establish parametricity and representation independence results, even in a nonparametric setting, by attaching arbitrary relational interpretations to dynamicallygenerated type names. In addition, we explore how programs that are provably equivalent in a more traditional parametric logical relation may be “wrapped” systematically to produce terms that are related by our nonparametric relation, and vice versa. This leads us to a novel “polarized” form of our logical relation, which enables us to distinguish formally between positive and negative notions of parametricity.
Normal form bisimulation for parametric polymorphism
 In LICS
, 2008
"... This paper presents a new bisimulation theory for parametric polymorphism which enables straightforward coinductive proofs of program equivalences involving existential types. The theory is an instance of typed normal form bisimulation and demonstrates the power of this recent framework for modeling ..."
Abstract

Cited by 17 (4 self)
 Add to MetaCart
(Show Context)
This paper presents a new bisimulation theory for parametric polymorphism which enables straightforward coinductive proofs of program equivalences involving existential types. The theory is an instance of typed normal form bisimulation and demonstrates the power of this recent framework for modeling typed lambda calculi as labelled transition systems. We develop our theory for a continuationpassing style calculus, JumpWithArgument, where normal form bisimulation takes a simple form. We equip the calculus with both existential and recursive types. An “ultimate pattern matching theorem ” enables us to define bisimilarity and we show it to be a congruence. We apply our theory to proving program equivalences, type isomorphisms and genericity. 1