During the past few years, many researchers have begun to present semantic specifications in a style that has been strongly advocated by Plotkin in [19]. The purpose of this paper is to introduce in an intuitive manner the essential ideas of the method that we call now Natural Semantics ~ together with its connections to ideas in logic and computing. Natural Semantics is of interest per se and because it is used as a semantics specification formalism for an interactive computer system that we are currently building at INRIA. 1.

We present a translation scheme for the polymorphically typed call-by-value λ-calculus. All runtime values, including function closures, are put into regions. The store consists of a stack of regions. Region inference and effect inference are used to infer where regions can be allocated and de-allocated. Recursive functions are handled using a limited form of polymorphic recursion. The translation is proved correct with respect to a store semantics, which models a regionbased run-time system. Experimental results suggest that regions tend to be small, that region allocation is frequent and that overall memory demands are usually modest, even without garbage collection. 1

Many polyvariant program analyses have been studied in the 1990s, including k-CFA, polymorphic splitting, and the cartesian product algorithm. The idea of polyvariance is to analyze functions more than once and thereby obtain better precision for each call site. In this paper we present an equivalence theorem which relates a co-inductively defined family of polyvariant ow analyses and a standard type system. The proof embodies a way of understanding polyvariant flow information in terms of union and intersection types, and, conversely, a way of understanding union and intersection types in terms of polyvariant flow information. We use the theorem as basis for a new flow-type system in the spirit of the CIL -calculus of Wells, Dimock, Muller, and Turbak, in which types are annotated with flow information. A flow-type system is useful as an interface between a owanalysis algorithm and a program optimizer. Derived systematically via our equivalence theorem, our flow-type system should be a g...

We sketch a methodology for the verification of compiler correctness based on the LF Logical Framework as realized within the Elf programming language. We have applied this technique to specify, implement, and verify a compiler from a simple functional programming language to a variant of the Categorical Abstract Machine (CAM). 1 Introduction Compiler correctness is an essential aspect of program verification as almost all programs are compiled before being executed. Unfortunately, even for small languages and simple compilers, proving their correctness can be an enormous task, and verifying these proofs becomes an equally difficult task. Our goal is to develop techniques for mechanizing proofs of compiler correctness. To this end we employ 1. the LF Logical Framework [13] to specify relationships between source and target languages; 2. the Elf programming language [21] to provide an operational semantics for these relationships; and 3. a related meta-theory [22] to reason about the ...

Safety analysis is an algorithm for determining if a term in an untyped lambda calculus with constants is safe, i.e., if it does not cause an error during evaluation. This ambition is also shared by algorithms for type inference. Safety analysis and type inference are based on rather different perspectives, however. Safety analysis is global in that it can only analyze a complete program. In contrast, type inference is local in that it can analyze pieces of a program in isolation. In this paper we prove that safety analysis is sound , relative to both a strict and a lazy operational semantics. We also prove that safety analysis accepts strictly more safe lambda terms than does type inference for simple types. The latter result demonstrates that global program analyses can be more precise than local ones.

We develop formal methods for reasoning about memory usage at a level of abstraction suitable for establishing or refuting claims about the potential applications of linear logic for static analysis. In particular, we demonstrate a precise relationship between type correctness for a language based on linear logic and the correctness of a reference-counting interpretation of the primitives that the language draws from the rules for the `of course' operation. Our semantics is `low-level' enough to express sharing and copying while still being `highlevel ' enough to abstract away from details of memory layout. This enables the formulation and proof of a result describing the possible run-time reference counts of values of linear type. Contents 1 Introduction 1 2 Operational Semantics with Memory 4 3 A Programming Language Based on Linear Logic 9 4 Semantics 14 5 Properties of the Semantics 24 6 Linear Logic and Memory 27 7 Discussion 32 A Proofs of the Main Theorems 36 Acknowledgements...

Natural semantics is a formalism used for specifying both semantics and implementations of programming languages. Until recently, no practical implementation of the formalism existed. We have defined the Relational Meta-Language, RML, as an executable specification language for natural semantics. After a brief outline of the language, we describe the compilation strategy used by our rml2c compiler: transformations are applied to minimize non-determinism, and a continuation-passing style form is produced and simplified. Finally the CPS is emitted as low-level C code, using an efficient technique for implementing tailcalls. We also present performance measurements that support our choice of compilation strategy.

We have designed, implemented, and proved the correctness of a compiler generator that accepts action semantic descriptions of imperative programming languages. The generated compilers emit absolute code for an abstract RISC machine language that currently is assembled into code for the SPARC and the HP Precision Architecture. Our machine language needs no run-time type-checking and is thus more realistic than those considered in previous compiler proofs. We use solely algebraic specifications; proofs are given in the initial model. 1 Introduction The previous approaches to proving correctness of compilers for non-trivial languages all use target code with run-time type-checking. The following semantic rule is typical for these target languages: (FIRST : C; hv 1 ; v 2 i : S) ! (C; v 1 : S) The rule describes the semantics of an instruction that extracts the first component of the top-element of the stack, provided that the top-element is a pair. If not, then it is implicit that the...

We present a stack-allocation scheme for the call-by-value lambda calculus typed according to Milner's polymorphic type discipline. All the values a program produces, including function closures, are put into regions at runtime. Regions are allocated and deallocated in a stack-like manner. Region inference and effect inference is used to infer where regions can be allocated and deallocated. By allowing a limited form of polymorphic recursion in region types, the region inference is able to distinguish between the life-times of different invocations of a function, even when the function is recursive. The region analysis is eager in its attempt to reclaim memory as quickly as possible. The main result of this report is that region inference is safe, a result which entails that regions really can be deallocated, when region inference says they can. We give detailed proofs of this claim, which (in various forms) has been advanced several times in the literature. An algorithm for implementi...

This paper gives an introduction to type theory, focusing on its recent use as a logical framework for proofs and programs. The first two sections give a background to type theory intended for the reader who is new to the subject. The following presents Martin-Lof's monomorphic type theory and an implementation, ALF, of this theory. Finally, a few small tutorial examples in ALF are given.