Results 1  10
of
16
Polymorphism and separation in Hoare type theory
 In icfp
, 2006
"... In previous work we have proposed a Dependent Hoare Type Theory (HTT) as a framework for development and reasoning about higherorder functional programs with effects of state, aliasing and nontermination. The main feature of HTT is the type of Hoare triples {P}x:A{Q} specifying computations with pr ..."
Abstract

Cited by 67 (14 self)
 Add to MetaCart
In previous work we have proposed a Dependent Hoare Type Theory (HTT) as a framework for development and reasoning about higherorder functional programs with effects of state, aliasing and nontermination. The main feature of HTT is the type of Hoare triples {P}x:A{Q} specifying computations with precondition P and postcondition Q, that return a result of type A. Here we extend HTT with predicative type polymorphism. Type quantification is possible in both types and assertions, and we can also quantify over Hoare triples. We show that as a consequence it becomes possible to reason about disjointness of heaps in the assertion logic of HTT. We use this expressiveness to interpret the Hoare triples in the “small footprint ” manner advocated by Separation Logic, whereby a precondition tightly describes the heap fragment required by the computation. We support stateful commands of allocation, lookup, strong update, deallocation, and pointer arithmetic. 1
Abstract predicates and mutable ADTs in Hoare type theory
 In Proc. ESOP’07, volume 4421 of LNCS
, 2007
"... Hoare Type Theory (HTT) combines a dependently typed, higherorder language with monadicallyencapsulated, stateful computations. The type system incorporates pre and postconditions, in a fashion similar to Hoare and Separation Logic, so that programmers can modularly specify the requirements and e ..."
Abstract

Cited by 42 (19 self)
 Add to MetaCart
Hoare Type Theory (HTT) combines a dependently typed, higherorder language with monadicallyencapsulated, stateful computations. The type system incorporates pre and postconditions, in a fashion similar to Hoare and Separation Logic, so that programmers can modularly specify the requirements and effects of computations within types. This paper extends HTT with quantification over abstract predicates (i.e., higherorder logic), thus embedding into HTT the Extended Calculus of Constructions. When combined with the Hoarelike specifications, abstract predicates provide a powerful way to define and encapsulate the invariants of private state; that is, state which may be shared by several functions, but is not accessible to their clients. We demonstrate this power by sketching a number of abstract data types and functions that demand ownership of mutable memory, including an idealized custom memory manager. 1
A realizability model of impredicative hoare type theory
 In European Symposium on Programming (ESOP
, 2007
"... Abstract. We present a denotational model of impredicative Hoare Type Theory, a very expressive dependent type theory in which one can specify and reason about mutable abstract data types. The model ensures soundness of the extension of Hoare Type Theory with impredicative polymorphism; makes the co ..."
Abstract

Cited by 15 (9 self)
 Add to MetaCart
Abstract. We present a denotational model of impredicative Hoare Type Theory, a very expressive dependent type theory in which one can specify and reason about mutable abstract data types. The model ensures soundness of the extension of Hoare Type Theory with impredicative polymorphism; makes the connections to separation logic clear, and provides a basis for investigation of further sound extensions of the theory, in particular equations between computations and types. 1
Reasoning about Function Objects
, 2009
"... Modern objectoriented languages support higherorder implementations through function objects such as delegates in C#, agents in Eiffel, or function objects in Scala. Function objects bring a new level of abstraction to the objectoriented programming model, and require a comparable extension to s ..."
Abstract

Cited by 10 (7 self)
 Add to MetaCart
Modern objectoriented languages support higherorder implementations through function objects such as delegates in C#, agents in Eiffel, or function objects in Scala. Function objects bring a new level of abstraction to the objectoriented programming model, and require a comparable extension to specification and verification techniques. We introduce a verification methodology that equips each function object with sideeffect free (pure) methods for its pre and postcondition, respectively. These pure methods can be used to specify client code relatively to the contract of the function object. We demonstrate the expressiveness of our approach through several nontrivial examples. It can be combined with any verification technique that supports pure methods, as illustrated by our experiments with Spec#.
Dependent type theory of stateful higherorder functions
, 2005
"... In this paper we investigate a logic for reasoning about programs with higherorder functions and effectful features like nontermination and state with aliasing. We propose a dependent type theory HTT (short for Hoare Type Theory), where types serve as program specifications. In case of effectful p ..."
Abstract

Cited by 7 (2 self)
 Add to MetaCart
In this paper we investigate a logic for reasoning about programs with higherorder functions and effectful features like nontermination and state with aliasing. We propose a dependent type theory HTT (short for Hoare Type Theory), where types serve as program specifications. In case of effectful programs, the type of Hoare triples {P}x:A{Q} specifies the precondition P, the type of the return result A, and the postcondition Q. By CurryHoward isomorphism, a dependent type theory may be viewed as a functional programming language. From this perspective, the type of Hoare triples is a monad, and HTT is a monadic language, whose pure fragment consists of higherorder functions, while the effectful fragment is a full Turingcomplete imperative language with conditionals, loops, recursion and commands for stateful operations like allocation, lookup and mutation of location content. 1
Typetheoretic semantics for transactional concurrency
, 2007
"... We propose a dependent type theory that integrates programming, specifications, and reasoning about higherorder concurrent programs with shared transactional memory. The design builds upon our previous work on Hoare Type Theory (HTT), which we extend with types that correspond to Hoarestyle specif ..."
Abstract

Cited by 6 (4 self)
 Add to MetaCart
We propose a dependent type theory that integrates programming, specifications, and reasoning about higherorder concurrent programs with shared transactional memory. The design builds upon our previous work on Hoare Type Theory (HTT), which we extend with types that correspond to Hoarestyle specifications for transactions. The types track shared and local state of the process separately, and enforce that shared state always satisfies a given invariant, except at specific critical sections which appear to execute atomically. Atomic sections may violate the invariant, but must restore it upon exit. HTT follows Separation Logic in providing tight specifications of space requirements. As a logic, we argue that HTT is sound and compositional. As a programming language, we define its operational semantics and show adequacy with respect to specifications.
UJ: Type Soundness for Universe Types
"... Universe types characterise aliasing in object oriented programming languages and are used to reason modularly about programs. In this report we formalise prior work by Müller and PoetzschHeffter, who designed the Universe Type System for a core subset of Java. We present our work in two steps. We ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
Universe types characterise aliasing in object oriented programming languages and are used to reason modularly about programs. In this report we formalise prior work by Müller and PoetzschHeffter, who designed the Universe Type System for a core subset of Java. We present our work in two steps. We first give a Topological Universe Type System and show subject reduction to a smallstep dynamic semantics for our language. Motivated by concerns of Modular verification, we then give an Encapsulation Universe Type System (based on the ownerasmodifier principle), prove subject reduction with respect to the former smallstep semantics, and show how the type system can be used for modular verification. 1
Hoare Logic in the Abstract
"... Abstract. We present an abstraction of Hoare logic to traced symmetric monoidal categories, a very general framework for the theory of systems. We first identify a particular class of functors – which we call ‘verification functors ’ – between traced symmetric monoidal categories and subcategories ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Abstract. We present an abstraction of Hoare logic to traced symmetric monoidal categories, a very general framework for the theory of systems. We first identify a particular class of functors – which we call ‘verification functors ’ – between traced symmetric monoidal categories and subcategories of Preord (the category of preordered sets and monotone mappings). We then give an abstract definition of Hoare triples, parametrised by a verification functor, and prove a single soundness and completeness theorem for such triples. In the particular case of the traced symmetric monoidal category of while programs we get back Hoare’s original rules. We discuss how our framework handles extensions of the Hoare logic for while programs, e.g. the extension with pointer manipulations via separation logic. Finally, we give an example of how our theory can be used in the development of new Hoare logics: we present a new sound and complete set of Hoarelogiclike rules for the verification of linear dynamical systems, modelled via stream circuits. 1
Program Logics for Homogeneous MetaProgramming
"... Abstract. A metaprogram is a program that generates or manipulates another program; in homogeneous metaprogramming, a program may generate new parts of, or manipulate, itself. Metaprogramming has been used extensively since macros were introduced to Lisp, yet we have little idea how formally to r ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Abstract. A metaprogram is a program that generates or manipulates another program; in homogeneous metaprogramming, a program may generate new parts of, or manipulate, itself. Metaprogramming has been used extensively since macros were introduced to Lisp, yet we have little idea how formally to reason about metaprograms. This paper provides the first program logics for homogeneous metaprogramming – using a variant of MiniML □ e by Davies and Pfenning as underlying metaprogramming language. We show the applicability of our approach by reasoning about example metaprograms from the literature. We also demonstrate that our logics are relatively complete in the sense of Cook, enable the inductive derivation of characteristic formulae, and exactly capture the observational properties induced by the operational semantics. 1
Taming NonCompositionality Using New Binders
"... Abstract. We propose an extension of the traditional λcalculus in which terms are used to control an outside computing device (quantum computer, DNA computer...). We introduce two new binders: ν and ρ. In νx.M, x denotes an abstract resource of the outside computing device, whereas in ρx.M, x denot ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Abstract. We propose an extension of the traditional λcalculus in which terms are used to control an outside computing device (quantum computer, DNA computer...). We introduce two new binders: ν and ρ. In νx.M, x denotes an abstract resource of the outside computing device, whereas in ρx.M, x denotes a concrete resource. These two binders have different properties (in terms of αconversion, scope extrusion, convertibility) than the ones of standard λbinder. We illustrate the potential benefits of our approach with a study of a quantum computing language in which these new binders prove meaningful. We introduce a typing system for this quantum computing framework in which linearity is only required for concrete quantum bits offering a greater expressiveness than previous propositions. 1