Results 1  10
of
11
Designing a securitytyped language with certificatebased declassification
 In Proc. of the 10th European Symposium on Programming, Lecture Notes in Computer Science
, 2005
"... This paper presents a calculus that supports information ow security policies and certi catebased declassi cation. The decentralized label model and its downgrading mechanisms are concisely expressed in the polymorphic lambda calculus with subtyping (System F). We prove a conditioned version of th ..."
Abstract

Cited by 20 (6 self)
 Add to MetaCart
This paper presents a calculus that supports information ow security policies and certi catebased declassi cation. The decentralized label model and its downgrading mechanisms are concisely expressed in the polymorphic lambda calculus with subtyping (System F). We prove a conditioned version of the noninterference theorem such that authorization for declassi cation is justi ed by digital certi cates from publickey infrastructures. Note to the reviewers: An earlier version of this paper appears in European Symposium on Programming (ESOP), 2005. The main di erence is that the present version (1) contains detailed inference rules and proofs, and (2) formalizes noninterference with xpoints and divergence, (3) implements and typechecks a distributed bank example in the monadic style.
Implementing a Normalizer Using Sized Heterogeneous Types
 Journal of Functional Programming, MSFP’06 special issue
"... In the simplytyped lambdacalculus, a hereditary substitution replaces a free variable in a normal form r by another normal form s of type a, removing freshly created redexes on the fly. It can be defined by lexicographic induction on a and r, thus, giving rise to a structurally recursive normalize ..."
Abstract

Cited by 9 (1 self)
 Add to MetaCart
(Show Context)
In the simplytyped lambdacalculus, a hereditary substitution replaces a free variable in a normal form r by another normal form s of type a, removing freshly created redexes on the fly. It can be defined by lexicographic induction on a and r, thus, giving rise to a structurally recursive normalizer for the simplytyped lambdacalculus. We generalize this scheme to simultaneous substitutions, preserving its simple termination argument. We further implement hereditary simultaneous substitutions in a functional programming language with sized heterogeneous inductive types, Fωb, arriving at an interpreter whose termination can be tracked by the type system of its host programming language.
A Formalization of Strong Normalization for SimplyTyped LambdaCalculus and System F
 LFMTP 2006
, 2006
"... We formalize in the logical framework ATS/LF a proof based on Tait’s method that establishes the simplytyped lambdacalculus being strongly normalizing. In this formalization, we employ higherorder abstract syntax to encode lambdaterms and an inductive datatype to encode the reducibility predicat ..."
Abstract

Cited by 8 (0 self)
 Add to MetaCart
We formalize in the logical framework ATS/LF a proof based on Tait’s method that establishes the simplytyped lambdacalculus being strongly normalizing. In this formalization, we employ higherorder abstract syntax to encode lambdaterms and an inductive datatype to encode the reducibility predicate in Tait’s method. The resulting proof is particularly simple and clean when compared to previously formalized ones. Also, we mention briefly how a proof based on Girard’s method can be formalized in a similar fashion that establishes System F being strongly normalizing.
Structural Logical Relations ∗
"... Tait’s method (a.k.a. proof by logical relations) is a powerful proof technique frequently used for showing foundational properties of languages based on typed λcalculi. Historically, these proofs have been extremely difficult to formalize in proof assistants with weak metalogics, such as Twelf, a ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
Tait’s method (a.k.a. proof by logical relations) is a powerful proof technique frequently used for showing foundational properties of languages based on typed λcalculi. Historically, these proofs have been extremely difficult to formalize in proof assistants with weak metalogics, such as Twelf, and yet they are often straightforward in proof assistants with stronger metalogics. In this paper, we propose structural logical relations as a technique for conducting these proofs in systems with limited metalogical strength by explicitly representing and reasoning about an auxiliary logic. In support of our claims, we give a Twelfchecked proof of the completeness of an algorithm for checking equality of simply typed λterms. 1.
Towards a judgmental reconstruction of logical relation proofs
, 2006
"... Abstract. Tait’s method (a.k.a. proof by logical relations) is a powerful proof technique frequently used for showing foundational properties of languages based on typed lambdacalculi. Historically, these proofs have been difficult to formalize in proof assistants with weak metalogics, such as Twe ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
Abstract. Tait’s method (a.k.a. proof by logical relations) is a powerful proof technique frequently used for showing foundational properties of languages based on typed lambdacalculi. Historically, these proofs have been difficult to formalize in proof assistants with weak metalogics, such as Twelf. Logical relations are notoriously difficult to define judgmentally. In this paper, we present and discuss a Twelf proof of weak normalization for System F making use of higherorder encodings. We exhibit a modular technique on how to formalize proofs of this kind, and make explicit all logical principles that one needs to trust in order believe in the proof. 1
Abstract Syntactic Finitism in the Metatheory of Programming Languages
, 2010
"... One of the central goals of programminglanguage research is to develop mathematically sound formal methods for precisely specifying and reasoning about the behavior of programs. However, just as software developers sometimes make mistakes when programming, researchers sometimes make mistakes when p ..."
Abstract
 Add to MetaCart
One of the central goals of programminglanguage research is to develop mathematically sound formal methods for precisely specifying and reasoning about the behavior of programs. However, just as software developers sometimes make mistakes when programming, researchers sometimes make mistakes when proving that a formal method is mathematically sound. As the field of programminglanguage research has grown, these proofs have become larger and more complex, and thus harder to verify on paper. This phenomenon has motivated a great deal of research into the development of logical systems that provide an automated means to apply— and verify the application of—trusted reasoning principles to concrete proofs. The boundary between trusted and untrusted reasoning principles is inherently blurry, and different researchers draw the line in different places. However, just as certain principles are widely recognized to allow the proofs of contradictory statements, others are so uncontroversially ubiquitous in practice that they can be considered beyond reproach. We posit the following questions: (1) what are these principles and (2) how much can we do with them?
Under consideration for publication in Math. Struct. in Comp. Science Polarized Subtyping for Sized Types
, 2006
"... We present an algorithm for deciding polarized higherorder subtyping without bounded quantification. Constructors are identified not only modulo β, but also η. We give a direct proof of completeness, without constructing a model or establishing a strong normalization theorem. Inductive and coinduct ..."
Abstract
 Add to MetaCart
(Show Context)
We present an algorithm for deciding polarized higherorder subtyping without bounded quantification. Constructors are identified not only modulo β, but also η. We give a direct proof of completeness, without constructing a model or establishing a strong normalization theorem. Inductive and coinductive types are enriched with a notion of size and the subtyping calculus is extended to account for the arising inclusions between the sized types. 1.
Polarized Subtyping for Sized Types
, 2006
"... We present an algorithm for deciding polarized higherorder subtyping without bounded quantification. Constructors are identified not only modulo β, but also η. We give a direct proof of completeness, without constructing a model or establishing a strong normalization theorem. Inductive and coinduct ..."
Abstract
 Add to MetaCart
(Show Context)
We present an algorithm for deciding polarized higherorder subtyping without bounded quantification. Constructors are identified not only modulo β, but also η. We give a direct proof of completeness, without constructing a model or establishing a strong normalization theorem. Inductive and coinductive types are enriched with a notion of size and the subtyping calculus is extended to account for the arising inclusions between the sized types. 1.
Under consideration for publication in Math. Struct. in Comp. Science Polarized Subtyping for Sized Types
, 2006
"... We present an algorithm for deciding polarized higherorder subtyping without bounded quantification. Constructors are identified not only modulo β, but also η. We give a direct proof of completeness, without constructing a model or establishing a strong normalization theorem. Inductive and coinduct ..."
Abstract
 Add to MetaCart
(Show Context)
We present an algorithm for deciding polarized higherorder subtyping without bounded quantification. Constructors are identified not only modulo β, but also η. We give a direct proof of completeness, without constructing a model or establishing a strong normalization theorem. Inductive and coinductive types are enriched with a notion of size and the subtyping calculus is extended to account for the arising inclusions between the sized types. 1.
Syntactical Strong Normalization for Intersection Types with Term Rewriting Rules
, 2007
"... We investigate the intersection type system of Coquand and Spiwack with rewrite rules and natural numbers and give an elementary proof of strong normalization which can be formalized in a weak metatheory. 1 ..."
Abstract
 Add to MetaCart
(Show Context)
We investigate the intersection type system of Coquand and Spiwack with rewrite rules and natural numbers and give an elementary proof of strong normalization which can be formalized in a weak metatheory. 1