Results 1  10
of
55
StepIndexed Syntactic Logical Relations for Recursive and Quantified Types
 of Lecture Notes in Computer Science
, 2006
"... We present a sound and complete proof technique, based on syntactic logical relations, for showing contextual equivalence of expressions in a #calculus with recursive types and impredicative universal and existential types. Our development builds on the stepindexed PER model of recursive types ..."
Abstract

Cited by 72 (10 self)
 Add to MetaCart
We present a sound and complete proof technique, based on syntactic logical relations, for showing contextual equivalence of expressions in a #calculus with recursive types and impredicative universal and existential types. Our development builds on the stepindexed PER model of recursive types presented by Appel and McAllester. We have discovered that a direct proof of transitivity of that model does not go through, leaving the "PER" status of the model in question. We show how to extend the AppelMcAllester model to obtain a logical relation that we can prove is transitive, as well as sound and complete with respect to contextual equivalence. We then augment this model to support relational reasoning in the presence of quantified types.
Semantics of Types for Mutable State
, 2004
"... Proofcarrying code (PCC) is a framework for mechanically verifying the safety of machine language programs. A program that is successfully verified by a PCC system is guaranteed to be safe to execute, but this safety guarantee is contingent upon the correctness of various trusted components. For in ..."
Abstract

Cited by 55 (5 self)
 Add to MetaCart
Proofcarrying code (PCC) is a framework for mechanically verifying the safety of machine language programs. A program that is successfully verified by a PCC system is guaranteed to be safe to execute, but this safety guarantee is contingent upon the correctness of various trusted components. For instance, in traditional PCC systems the trusted computing base includes a large set of lowlevel typing rules. Foundational PCC systems seek to minimize the size of the trusted computing base. In particular, they eliminate the need to trust complex, lowlevel type systems by providing machinecheckable proofs of type soundness for real machine languages. In this thesis, I demonstrate the use of logical relations for proving the soundness of type systems for mutable state. Specifically, I focus on type systems that ensure the safe allocation, update, and reuse of memory. For each type in the language, I define logical relations that explain the meaning of the type in terms of the operational semantics of the language. Using this model of types, I prove each typing rule as a lemma. The major contribution is a model of System F with general references — that is, mutable cells that can hold values of any closed type including other references, functions, recursive types, and impredicative quantified types. The model is based on ideas from both possible worlds and the indexed model of Appel and McAllester. I show how the model of mutable references is encoded in higherorder logic. I also show how to construct an indexed possibleworlds model for a von Neumann machine. The latter is used in the Princeton Foundational PCC system to prove type safety for a fullfledged lowlevel typed assembly language. Finally, I present a semantic model for a region calculus that supports typeinvariant references as well as memory reuse. iii
Syntactic Type Abstraction
 ACM TOPLAS
, 2000
"... data types; F.3.2 [Logics and Meanings of Programs]: Semantics of Programming LanguagesOperational Semantics; F.3.3 [Logics and Meanings of Programs]: Studies of Program ConstructsType Structure General Terms: Languages, Security, Theory, Verification Additional Key Words and Phrases: Opera ..."
Abstract

Cited by 52 (1 self)
 Add to MetaCart
data types; F.3.2 [Logics and Meanings of Programs]: Semantics of Programming LanguagesOperational Semantics; F.3.3 [Logics and Meanings of Programs]: Studies of Program ConstructsType Structure General Terms: Languages, Security, Theory, Verification Additional Key Words and Phrases: Operational semantics, parametricity, proof techniques, syntactic proofs, type abstraction 1.
Dynamic Opacity for Abstract Types
"... Existential types are the standard formalisation of abstract types. While this formulation is sufficient in entirely statically typed languages, it proves to be too weak for languages enriched with forms of dynamic typing: in the presence of operations performing type analysis, the abstraction barri ..."
Abstract

Cited by 44 (11 self)
 Add to MetaCart
Existential types are the standard formalisation of abstract types. While this formulation is sufficient in entirely statically typed languages, it proves to be too weak for languages enriched with forms of dynamic typing: in the presence of operations performing type analysis, the abstraction barrier erected by the static typing rules for existential types is no longer impassable, because parametricity is violated. We present a lightweight calculus for polymorphic languages with abstract types that addresses this shortcoming. It features a variation of existential types that retains most of the simplicity of standard existentials. It relies on modified scoping rules and explicit coercions between the quantified variable and its witness type.
Logical Relations for Encryption
, 2002
"... The theory of relational parametricity and its logical relations proof technique are powerful tools for reasoning about information hiding in the polymorphic calculus. We investigate the application of these tools in the security domain by defining a cryptographic calculusan extension of the ..."
Abstract

Cited by 38 (2 self)
 Add to MetaCart
The theory of relational parametricity and its logical relations proof technique are powerful tools for reasoning about information hiding in the polymorphic calculus. We investigate the application of these tools in the security domain by defining a cryptographic calculusan extension of the standard simply typed calculus with primitives for encryption, decryption, and key generation and introducing syntactic logical relations (in the style of Pitts and BirkedalHarper) for this calculus that can be used to prove behavioral equivalences between programs that use encryption. We illustrate
Free Theorems in the Presence of seq
, 2004
"... Parametric polymorphism constrains the behavior of pure functional programs in a way that allows the derivation of interesting theorems about them solely from their types, i.e., virtually for free. Unfortunately, the standard parametricity theorem fails for nonstrict languages supporting a polymorph ..."
Abstract

Cited by 37 (12 self)
 Add to MetaCart
Parametric polymorphism constrains the behavior of pure functional programs in a way that allows the derivation of interesting theorems about them solely from their types, i.e., virtually for free. Unfortunately, the standard parametricity theorem fails for nonstrict languages supporting a polymorphic strict evaluation primitive like Haskell's $\mathit{seq}$. Contrary to the folklore surrounding $\mathit{seq}$ and parametricity, we show that not even quantifying only over strict and bottomreflecting relations in the $\forall$clause of the underlying logical relation  and thus restricting the choice of functions with which such relations are instantiated to obtain free theorems to strict and total ones  is sufficient to recover from this failure. By addressing the subtle issues that arise when propagating up the type hierarchy restrictions imposed on a logical relation in order to accommodate the strictness primitive, we provide a parametricity theorem for the subset of Haskell corresponding to a GirardReynoldsstyle calculus with fixpoints, algebraic datatypes, and $\mathit{seq}$. A crucial ingredient of our approach is the use of an asymmetric logical relation, which leads to ``inequational'' versions of free theorems enriched by preconditions guaranteeing their validity in the described setting. Besides the potential to obtain corresponding preconditions for standard equational free theorems by combining some new inequational ones, the latter also have value in their own right, as is exemplified with a careful analysis of $\mathit{seq}$'s impact on familiar program transformations.
Operational Properties of Lily, a Polymorphic Linear Lambda Calculus with Recursion
"... Plotkin has advocated the combination of linear lambda calculus, polymorphism and fixed point recursion as an expressive semantic metalanguage. We study its expressive power from an operational point of view. We show that the naturally callbyvalue operators of linear lambda calculus can be given a ..."
Abstract

Cited by 35 (1 self)
 Add to MetaCart
Plotkin has advocated the combination of linear lambda calculus, polymorphism and fixed point recursion as an expressive semantic metalanguage. We study its expressive power from an operational point of view. We show that the naturally callbyvalue operators of linear lambda calculus can be given a callbyname semantics without affecting termination at exponential types and hence without affecting ground contextual equivalence. This result is used to prove properties of a logical relation that provides a new extensional characterisation of ground contextual equivalence and relational parametricity properties of polymorphic types.
Operational Semantics and Program Equivalence
 INRIA Sophia Antipolis, 2000. Lectures at the International Summer School On Applied Semantics, APPSEM 2000, Caminha, Minho
, 2000
"... This tutorial paper discusses a particular style of operational semantics that enables one to give a `syntaxdirected' inductive definition of termination which is very useful for reasoning about operational equivalence of programs. We restrict attention to contextual equivalence of expressions ..."
Abstract

Cited by 34 (4 self)
 Add to MetaCart
This tutorial paper discusses a particular style of operational semantics that enables one to give a `syntaxdirected' inductive definition of termination which is very useful for reasoning about operational equivalence of programs. We restrict attention to contextual equivalence of expressions in the ML family of programming languages, concentrating on functions involving local state. A brief tour of structural operational semantics culminates in a structural definition of termination via an abstract machine using `frame stacks'. Applications of this to reasoning about contextual equivalence are given.
Sequentiality and the πCalculus
, 2001
"... We present a simple type discipline for the πcalculus which precisely captures the notion of sequential functional computation as a specific class of name passing interactive behaviour. The typed calculus allows direct interpretation of both callbyname and callbyvalue sequential functions. T ..."
Abstract

Cited by 29 (15 self)
 Add to MetaCart
We present a simple type discipline for the πcalculus which precisely captures the notion of sequential functional computation as a specific class of name passing interactive behaviour. The typed calculus allows direct interpretation of both callbyname and callbyvalue sequential functions. The precision of the representation is demonstrated by way of a fully abstract encoding of PCF.
Monads, effects and transformations
 Electronic Notes in Theoretical Computer Science
, 1999
"... Abstract We define a typed compiler intermediate language, MILlite, which incorporates computational types refined with effect information. We characterise MILlite observational congruence by using Howe's method to prove a ciu theorem for the language in terms of a termination predicate defined di ..."
Abstract

Cited by 27 (9 self)
 Add to MetaCart
Abstract We define a typed compiler intermediate language, MILlite, which incorporates computational types refined with effect information. We characterise MILlite observational congruence by using Howe's method to prove a ciu theorem for the language in terms of a termination predicate defined directly on the term. We then define a logical predicate which captures an observable version of the intended meaning of each of our effect annotations. Having proved the fundamental theorem for this predicate, we use it with the ciu theorem to validate a number of effectbased transformations performed by the MLj compiler for Standard ML.