We describe a semantic type soundness result, formalized in the Coq proof assistant, for a compiler from a simple imperative language with heap-allocated data into an idealized assembly language. Types in the high-level language are interpreted as binary relations, built using both second-order quantification and a form of separation structure, over stores and code pointers in the low-level machine.

We give a semantics to a polymorphic effect analysis that tracks possibly-thrown exceptions and possible non-termination for a higher-order language. The semantics is defined using partial equivalence relations over a standard monadic, domain-theoretic model of the original language and establishes the correctness of both the analysis itself and of the contextual program transformations that it enables.

Type-and-effect systems are a natural approach for statically reasoning about a program’s execution. They have been used to track a variety of computational effects, for example memory manipulation, exceptions, and locking. However, each type-and-effect system is typically implemented as its own monolithic type system that hard-codes a particular syntax of effects along with particular rules to track and control those effects. We present a generic type-and-effect system, which is parameterized by the syntax of effects to track and by two functions that together specify the effect discipline to be statically enforced. We describe how a standard form of type soundness is ensured by requiring these two functions to obey a few natural monotonicity requirements. We demonstrate that several effect systems from the literature can be viewed as instantiations of our generic type system. Finally, we describe the implementation of our type-and-effect system and mechanically checked type soundness proof in the Twelf proof assistant.

Abstract. We consider a type system capable of tracking reading, writing and allocation in a higher-order language with dynamically allocated references. We give a denotational semantics to this type system which allows us to validate a number of effect-dependent program equivalences in the sense of observational equivalence. An example is the following: x = e; y = e; e ′ (x, y) is equivalent to x = e; e ′ (x, x) provided that e does not read from memory regions that it writes to and moreover does not allocate memory that is encapsulated in the values of x and y. Here x can be a higher-order function or a reference or a combination of both. The two sides of the above equivalence turn out to be related in the denotational semantics which implies that they are observationally equivalent, ie can be replaced by one another in any (well-typed) program. On the way we learn popular techniques such as parametrised logical relations, regions, admissible relations, etc., which belong to the toolbox of researchers in principles of programming languages.

Bugs caused by units-of-measure errors can have catastrophic consequences, the most famous of which was the loss in 1999 of NASA’s Mars Climate Orbiter probe [8], caused by a confusion between newtons (the SI unit of force) and lbf (the Imperial unit). Many researchers have proposed preventing such errors at development time by type-checking [5, 6] or by static analysis [4, 2]. The former approach is exemplified by the Fortress programming language [1] and a recently-prototyped extension to F # [9]. Here, numeric types are parameterized by units, so float<m/s^2> represents an acceleration, and functions can be polymorphic in units, so float<’u>-> float<’u^2> is the type of fun x->x*x. What is a semantics of units? An intensional approach would be to tag run-time values with their units, and then show that for type-correct programs the rules governing units are not broken at run-time. In contrast, we claim that the essence of unit correctness

We give a denotational semantics to a region-based effect system tracking reading, writing and allocation in a higher-order language with dynamically allocated integer references. Effects are interpreted in terms of the preservation of certain binary relations on the store, parameterized by region-indexed partial bijections on locations. The semantics validates a number of effect-dependent program equivalences and can thus serve as a foundation for effect-based compiler transformations.

We present a Kripke logical relation for showing the correctness of program transformations based on a type-and-effect system for an ML-like programming language with higher-orde¡r store and dynamic allocation. We show how to use our model to verify a number of interesting program transformations that rely on effect annotations. Our model is constructed as a step-indexed model over the standard operational semantics of the programming language. It extends earlier work [8, 9] that has considered, respectively, dynamically allocated first-order references and higher-order store for global variables (but no dynamic allocation). It builds on ideas from region-based memory management [22], and on Kripke logical relations for higher-order store, e.g. [13, 15]. Our type-and-effect system is region-based and includes a region-masking rule which allows to hide local effects. One of the key challenges in the model construction for dynamically allocated higher-order store is that the meaning of a type may change since references, conceptually speaking, may become dangling due to region-masking. We explain how our Kripke model can be used to show correctness of program transformations for programs involving references that, conceptually, are dangling. 1.