Results 1  10
of
31
Polymorphism and Separation in Hoare Type Theory
, 2006
"... In previous work, we proposed a Hoare Type Theory (HTT) which combines effectful higherorder functions, dependent types and Hoare Logic specifications into a unified framework. However, the framework did not support polymorphism, and failed to provide a modular treatment of state in specifications. ..."
Abstract

Cited by 69 (14 self)
 Add to MetaCart
(Show Context)
In previous work, we proposed a Hoare Type Theory (HTT) which combines effectful higherorder functions, dependent types and Hoare Logic specifications into a unified framework. However, the framework did not support polymorphism, and failed to provide a modular treatment of state in specifications. In this paper, we address these shortcomings by showing that the addition of polymorphism alone is sufficient for capturing modular state specifications in the style of Separation Logic. Furthermore, we argue that polymorphism is an essential ingredient of the extension, as the treatment of higherorder functions requires operations not encodable via the spatial connectives of Separation Logic.
Bi hyperdoctrines, higherorder separation logic, and abstraction
 IN ESOP’05, LNCS
, 2005
"... We present a precise correspondence between separation logic and a simple notion of predicate BI, extending the earlier correspondence given between part of separation logic and propositional BI. Moreover, we introduce the notion of a BI hyperdoctrine and show that it soundly models classical and in ..."
Abstract

Cited by 58 (21 self)
 Add to MetaCart
We present a precise correspondence between separation logic and a simple notion of predicate BI, extending the earlier correspondence given between part of separation logic and propositional BI. Moreover, we introduce the notion of a BI hyperdoctrine and show that it soundly models classical and intuitionistic first and higherorder predicate BI, and use it to show that we may easily extend separation logic to higherorder. We also demonstrate that this extension is important for program proving, since it provides sound reasoning principles for data abstraction in the presence of
Abstract predicates and mutable ADTs in Hoare type theory
 In Proc. ESOP’07, volume 4421 of LNCS
, 2007
"... Hoare Type Theory (HTT) combines a dependently typed, higherorder language with monadicallyencapsulated, stateful computations. The type system incorporates pre and postconditions, in a fashion similar to Hoare and Separation Logic, so that programmers can modularly specify the requirements and e ..."
Abstract

Cited by 43 (19 self)
 Add to MetaCart
(Show Context)
Hoare Type Theory (HTT) combines a dependently typed, higherorder language with monadicallyencapsulated, stateful computations. The type system incorporates pre and postconditions, in a fashion similar to Hoare and Separation Logic, so that programmers can modularly specify the requirements and effects of computations within types. This paper extends HTT with quantification over abstract predicates (i.e., higherorder logic), thus embedding into HTT the Extended Calculus of Constructions. When combined with the Hoarelike specifications, abstract predicates provide a powerful way to define and encapsulate the invariants of private state; that is, state which may be shared by several functions, but is not accessible to their clients. We demonstrate this power by sketching a number of abstract data types and functions that demand ownership of mutable memory, including an idealized custom memory manager. 1
A realizability model of impredicative hoare type theory
 In European Symposium on Programming (ESOP
, 2007
"... Abstract. We present a denotational model of impredicative Hoare Type Theory, a very expressive dependent type theory in which one can specify and reason about mutable abstract data types. The model ensures soundness of the extension of Hoare Type Theory with impredicative polymorphism; makes the co ..."
Abstract

Cited by 15 (9 self)
 Add to MetaCart
(Show Context)
Abstract. We present a denotational model of impredicative Hoare Type Theory, a very expressive dependent type theory in which one can specify and reason about mutable abstract data types. The model ensures soundness of the extension of Hoare Type Theory with impredicative polymorphism; makes the connections to separation logic clear, and provides a basis for investigation of further sound extensions of the theory, in particular equations between computations and types. 1
Reasoning about Function Objects
, 2009
"... Modern objectoriented languages support higherorder implementations through function objects such as delegates in C#, agents in Eiffel, or function objects in Scala. Function objects bring a new level of abstraction to the objectoriented programming model, and require a comparable extension to s ..."
Abstract

Cited by 11 (8 self)
 Add to MetaCart
Modern objectoriented languages support higherorder implementations through function objects such as delegates in C#, agents in Eiffel, or function objects in Scala. Function objects bring a new level of abstraction to the objectoriented programming model, and require a comparable extension to specification and verification techniques. We introduce a verification methodology that equips each function object with sideeffect free (pure) methods for its pre and postcondition, respectively. These pure methods can be used to specify client code relatively to the contract of the function object. We demonstrate the expressiveness of our approach through several nontrivial examples. It can be combined with any verification technique that supports pure methods, as illustrated by our experiments with Spec#.
Dependent type theory of stateful higherorder functions
, 2005
"... In this paper we investigate a logic for reasoning about programs with higherorder functions and effectful features like nontermination and state with aliasing. We propose a dependent type theory HTT (short for Hoare Type Theory), where types serve as program specifications. In case of effectful p ..."
Abstract

Cited by 7 (2 self)
 Add to MetaCart
(Show Context)
In this paper we investigate a logic for reasoning about programs with higherorder functions and effectful features like nontermination and state with aliasing. We propose a dependent type theory HTT (short for Hoare Type Theory), where types serve as program specifications. In case of effectful programs, the type of Hoare triples {P}x:A{Q} specifies the precondition P, the type of the return result A, and the postcondition Q. By CurryHoward isomorphism, a dependent type theory may be viewed as a functional programming language. From this perspective, the type of Hoare triples is a monad, and HTT is a monadic language, whose pure fragment consists of higherorder functions, while the effectful fragment is a full Turingcomplete imperative language with conditionals, loops, recursion and commands for stateful operations like allocation, lookup and mutation of location content. 1
Typetheoretic semantics for transactional concurrency
, 2007
"... We propose a dependent type theory that integrates programming, specifications, and reasoning about higherorder concurrent programs with shared transactional memory. The design builds upon our previous work on Hoare Type Theory (HTT), which we extend with types that correspond to Hoarestyle specif ..."
Abstract

Cited by 6 (4 self)
 Add to MetaCart
(Show Context)
We propose a dependent type theory that integrates programming, specifications, and reasoning about higherorder concurrent programs with shared transactional memory. The design builds upon our previous work on Hoare Type Theory (HTT), which we extend with types that correspond to Hoarestyle specifications for transactions. The types track shared and local state of the process separately, and enforce that shared state always satisfies a given invariant, except at specific critical sections which appear to execute atomically. Atomic sections may violate the invariant, but must restore it upon exit. HTT follows Separation Logic in providing tight specifications of space requirements. As a logic, we argue that HTT is sound and compositional. As a programming language, we define its operational semantics and show adequacy with respect to specifications.
Towards typetheoretic semantics for transactional concurrency
, 2009
"... We propose a dependent type theory that integrates programming, specifications, and reasoning about higherorder concurrent programs with shared transactional memory. The design builds upon our previous work on Hoare Type Theory (HTT), which we extend with types that correspond to Hoarestyle specif ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
We propose a dependent type theory that integrates programming, specifications, and reasoning about higherorder concurrent programs with shared transactional memory. The design builds upon our previous work on Hoare Type Theory (HTT), which we extend with types that correspond to Hoarestyle specifications for transactions. The types track shared and local state of the process separately, and enforce that shared state always satisfies a given invariant, except at specific critical sections which appear to execute atomically. Atomic sections may violate the invariant, but must restore it upon exit. HTT follows Separation Logic in providing tight specifications of space requirements. As a logic, we argue that HTT is sound and compositional. As a programming language, we define its operational semantics and show adequacy with respect to specifications.
UJ: Type Soundness for Universe Types
, 2006
"... Universe types characterise aliasing in object oriented programming languages and are used to reason modularly about programs. In this report we formalise prior work by Müller and PoetzschHeffter, who designed the Universe Type System for a core subset of Java. We present our work in two steps. We ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
Universe types characterise aliasing in object oriented programming languages and are used to reason modularly about programs. In this report we formalise prior work by Müller and PoetzschHeffter, who designed the Universe Type System for a core subset of Java. We present our work in two steps. We first give a Topological Universe Type System and show subject reduction to a smallstep dynamic semantics for our language. Motivated by concerns of Modular verification, we then give an Encapsulation Universe Type System (based on the ownerasmodifier principle), prove subject reduction with respect to the former smallstep semantics, and show how the type system can be used for modular verification.
Taming NonCompositionality Using New Binders
"... Abstract. We propose an extension of the traditional λcalculus in which terms are used to control an outside computing device (quantum computer, DNA computer...). We introduce two new binders: ν and ρ. In νx.M, x denotes an abstract resource of the outside computing device, whereas in ρx.M, x denot ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
(Show Context)
Abstract. We propose an extension of the traditional λcalculus in which terms are used to control an outside computing device (quantum computer, DNA computer...). We introduce two new binders: ν and ρ. In νx.M, x denotes an abstract resource of the outside computing device, whereas in ρx.M, x denotes a concrete resource. These two binders have different properties (in terms of αconversion, scope extrusion, convertibility) than the ones of standard λbinder. We illustrate the potential benefits of our approach with a study of a quantum computing language in which these new binders prove meaningful. We introduce a typing system for this quantum computing framework in which linearity is only required for concrete quantum bits offering a greater expressiveness than previous propositions. 1