a higher-order CBV language with recursion and dynamically allocated mutable references that may store both ground data and the addresses of other references, but not functions. This model is adequate, though far from fully abstract. We then develop a relational reasoning principle over the denotational model, and show how it may be used to establish various contextual equivalences involving allocation and encapsulation of store. 1

We explain how game semantics can be used to reason about term equivalence in a finitary imperative first order language with arrays. For this language, the game-semantic interpretation of types and terms is fully characterized by their sets of complete plays. Because these sets are regular over the alphabet of moves, they are representable by (extended) regular expressions. The formal apparatus of game semantics is greatly simplified but the good theoretical properties of the model are preserved. The principal advantage of this approach is that it is mathematically elementary, while fully formalized. Since language equivalence for regular languages is decidable, this method of proving term equivalence is suitable for automation.

This note is a historical survey of Christopher Strachey's influence on the development of semantic models of assignment and storage management in procedural languages.

We extend Meyer and Ritchie’s Loop language with higher-order procedures and procedural variables and we show that the resulting programming language (called Loop ω) is a natural imperative counterpart of Gödel System T. The argument is two-fold: 1. we define a translation of the Loop ω language into System T and we prove that this translation actually provides a lock-step simulation, 2. using a converse translation, we show that Loop ω is expressive enough to encode any term of System T. Moreover, we define the “iteration rank ” of a Loop ω program, which corresponds to the classical notion of “recursion rank ” in System T, and we show that both translations preserve ranks. Two applications of these results in the area of implicit complexity are described. 1

Abstract. We give a fully abstract game model for Idealized Algol with non-local control flow. In contrast to most previous papers on game semantics, we do not need to include the bad-variable constructor mkvar to obtain full abstraction. Using the model we show that, unlike in the “control-free ” case, the presence of mkvar does affect observational equivalence. We conclude by discussing the effect of mkvar on nondeterministic and probabilistic variants of Idealized Algol. 1

We study the use of the π-calculus for semantical descriptions of languages such as Concurrent Idealised ALGOL (CIA), combining imperative, functional and concurrent features. We first present an operational semantics for CIA, given by SOS rules and a contextual form of behavioural equivalence; then a π-calculus semantics. As behavioural equivalence on π-calculus processes we choose the standard (weak early) bisimilarity. We compare the two semantics, demonstrating that there is a close operational correspondence between them and that the π-calculus semantics is sound. This allows for applying the-calculus theory in proving behavioural properties of CIA phrases. We discuss laws and examples which have served as benchmarks to various semantics, and a more complex example involving procedures of higher order.

Abstract We outline a possible logic that will allow us to give a unified approach to reasoning about computational effects. The logic is given by extending Moggi's computational *-calculus by basic types and a signature, the latter given by constant symbols, function symbols, and operation symbols, and by including a _ operator. We give both syntax and semantics for the logic except for _. We consider a number of sound and complete classes of models, all given in category-theoretic terms. We illustrate the ideas with some of our leading examples of computational effects, and we observe that operations give rise to natural modalities.

The hiding of internal invariants creates a mismatch between procedure specifications in an interface and proof obligations on the implementations of those procedures. The mismatch is sound if the invariants depend only on encapsulated state, but encapsulation is problematic in contemporary software due to the many uses of shared mutable objects. The mismatch is formalized here in a proof rule that achieves flexibility via explicit restrictions on client effects, expressed using ghost state and ordinary first order assertions. The restrictions amount to a stateful frame condition that must be satisfied by any client; this dynamic encapsulation boundary complements conventional scope-based encapsulation. The technical development is based on a companion paper, Part I, that presents a programming logic with stateful frame conditions for commands.

Abramsky’s Geometry of Interaction interpretation (GoI) is a logical-directed way to reconcile the process and functional views of computation, and can lead to a dataflow-style semantics of programming languages that is both operational (i.e. effective) and denotational (i.e. inductive on the language syntax). The key idea of Ghica’s Geometry of Synthesis (GoS) approach is that for certain programming languages (namely Reynolds’s affine Syntactic Control of Interference–SCI) the GoI processes-like interpretation of the language can be given a finitary representation, for both internal state and tokens. A physical realisation of this representation becomes a semantics-directed compiler for SCI into hardware. In this paper we examine the issue of compiling affine recursive programs into hardware using the GoS method. We give syntax and compilation techniques for unfolding recursive computation in space or in time and we illustrate it with simple benchmark-style examples. We examine the performance of the benchmarks against conventional CPU-based execution models.

Formally establishing safety properties of software presents a grand challenge to the computer science community. Producing proof-carrying code, i.e., machine code with machine-checkable specifications and proofs, is particularly difficult for system softwares written in low-level languages. One central problem is the lack of verification theories that can handle the expressive power of low-level code in a modular fashion. In partic-ular, traditional type- and logic-based verification approaches have restrictions on either expressive power or modularity. This dissertation presents XCAP, a logic-based proof-carrying code framework for modular machine code verification. In XCAP, program specifications are written as gen-eral logic predicates, in which syntactic constructs are used to modularly specify some crucial higher-order programming concepts for system code, including embedded code pointers, impredicative polymorphisms, recursive invariants, and general references, all in a logical setting. Thus, XCAP achieves the expressive power of logic-based approaches and the modularity of type-based approaches. Its meta theory has been completely mech-anized and proved.