Results 11  20
of
32
Using dependent types to certify the safety of assembly code
 In SAS’05
, 2005
"... Abstract. There are many sourcelevel analyses or instrumentation tools that enforce various safety properties. In this paper we present an infrastructure that can be used to check independently that the assembly output of such tools has the desired safety properties. By working at assembly level we ..."
Abstract

Cited by 8 (1 self)
 Add to MetaCart
(Show Context)
Abstract. There are many sourcelevel analyses or instrumentation tools that enforce various safety properties. In this paper we present an infrastructure that can be used to check independently that the assembly output of such tools has the desired safety properties. By working at assembly level we avoid the complications with unavailability of source code, with sourcelevel parsing, and we certify the code that is actually deployed. The novel feature of the framework is an extensible dependentlytyped framework that supports type inference and mutation of dependent values in memory. The type system can be extended with new types as needed for the sourcelevel tool that is certified. Using these dependent types, we are able to express the invariants enforced by CCured, a sourcelevel instrumentation tool that guarantees type safety in legacy C programs. We can therefore check that the x86 assembly code resulting from compilation with CCured is in fact typesafe. 1
Näıve computational type theory
 Proof and SystemReliability, Proceedings of International Summer School Marktoberdorf, July 24 to August 5, 2001, volume 62 of NATO Science Series III
, 2002
"... ..."
Compositional computational reflection
, 2014
"... Abstract. Current work on computational reflection is singleminded; each reflective procedure is written with a specific application or scope in mind. Composition of these reflective procedures is done by a proofgenerating tactic language such as Ltac. This composition, however, comes at the cost ..."
Abstract

Cited by 7 (2 self)
 Add to MetaCart
(Show Context)
Abstract. Current work on computational reflection is singleminded; each reflective procedure is written with a specific application or scope in mind. Composition of these reflective procedures is done by a proofgenerating tactic language such as Ltac. This composition, however, comes at the cost of both larger proof terms and redundant preprocessing. In this work, we propose a methodology for writing composable reflective procedures that solve many small tasks in a single invocation. The key technical insights are techniques for reasoning semantically about extensible syntax in intensional type theory. Our techniques make it possible to compose sound procedures and write generic procedures parametrized by lemmas mimicking Coq’s support for hint databases.
Type Theoretical Foundations for Data Structures, Classes, and Objects
, 2004
"... In this thesis we explore the question of how to represent programming data structures in a constructive type theory. The basic data structures in programing languages are records and objects. Most known papers treat such data structure as primitive. That is, they add new primitive type constructors ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
In this thesis we explore the question of how to represent programming data structures in a constructive type theory. The basic data structures in programing languages are records and objects. Most known papers treat such data structure as primitive. That is, they add new primitive type constructors and supporting axioms for records and objects. This approach is not satisfactory. First of all it complicates a type theory a lot. Second, the validity of the new axioms is not easily established. As we will see the naive choice of axioms can lead to contradiction even in the simplest cases. We will show that records and objects can be defined in a powerful enough type theory. We will also show how to use these type constructors to define abstract data structure.
Programming Language Semantics in Foundational Type Theory
 In Proc. the IFIP TC2/WG2.2,2.3 International Conference on Programming Concepts and Methods (PROCOMET’98
, 1996
"... There are compelling benefits to using foundational type theory as a framework for programming language semantics. I give a semantics of an expressive programming calculus in the foundational type theory of Nuprl. Previous typetheoretic semantics have used less expressive type theories, or have sacr ..."
Abstract

Cited by 5 (1 self)
 Add to MetaCart
(Show Context)
There are compelling benefits to using foundational type theory as a framework for programming language semantics. I give a semantics of an expressive programming calculus in the foundational type theory of Nuprl. Previous typetheoretic semantics have used less expressive type theories, or have sacrificed important programming constructs such as recursion and modules. The primary mechanisms of this semantics are partial types, for typing recursion, set types, for encoding power and singleton kinds, which are used for subtyping and module programming, and very dependent function types, for encoding signatures. Keywords Semantics, program verification, type theory, functional programming 1 INTRODUCTION Type theory has become a popular framework for formal reasoning in computer science and has formed the basis for a number of automated deduction systems, including Automath, Nuprl, HOL and Coq, among others. In addition to formalizing mathematics, these systems are widely used for the a...
A Predicative TypeTheoretic Interpretation of Objects
, 1997
"... Predicative type theories are powerful tools for giving foundational interpretations of programming languages. Due to their explicit inductive construction, predicative type theories have multiple mathematical models that provide precise definitions of programming language features. However, not all ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
(Show Context)
Predicative type theories are powerful tools for giving foundational interpretations of programming languages. Due to their explicit inductive construction, predicative type theories have multiple mathematical models that provide precise definitions of programming language features. However, not all features have predicative interpretations, and current interpretations of objects rely on impredicative type theories, such as Girard's System F, because of the difficulty in specifying a type for objects in the presence of selfapplication. In this paper we show that objects have a predicative interpretation. We show that predicativity is associated with method monotonicity, and that binary methods prevent the inductive type construction. Our interpretation differs from impredicative accounts by replacing the use of recursive types for objects with conditions for method polymorphism over the self type. We further give a propositional meaning to objects in the type theory, providing a calc...
Inheritance of Proofs
, 1996
"... The CurryHoward isomorphism, a fundamental property shared by many type theories, establishes a direct correspondence between programs and proofs. This suggests that the same structuring principles that ease programming be used to simplify proving as well. To exploit objectoriented structuring me ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
The CurryHoward isomorphism, a fundamental property shared by many type theories, establishes a direct correspondence between programs and proofs. This suggests that the same structuring principles that ease programming be used to simplify proving as well. To exploit objectoriented structuring mechanisms for verification, we extend the objectmodel of Pierce and Turner, based on the higher order typed calculus F ! , with a proof component. By enriching the (functional) signature of objects with a specification, the methods and their correctness proofs are packed together in the objects. The uniform treatment of methods and proofs gives rise in a natural way to objectoriented proving principles  including inheritance of proofs, late binding of proofs, and encapsulation of proofs  as analogues to objectoriented programming principles. We have used Lego, a typetheoretic proof checker, to explore the feasibility of this approach. In particular, we have verified a small hier...
CS 671, Automated Reasoning Lesson 20: Type Constructs based on Intersection (II):
, 2001
"... Last time we discussed record types and their representation through intersection types. We had defined {x1:T 1;..; xn:T n} ≡ {x1:T 1} ∩.. ∩ {xn:T n} where {x:T} ≡ z:Labels → if z=x then T else Top That is, records are represented as dependent functions with a type of labels as domain whose range ..."
Abstract
 Add to MetaCart
Last time we discussed record types and their representation through intersection types. We had defined {x1:T 1;..; xn:T n} ≡ {x1:T 1} ∩.. ∩ {xn:T n} where {x:T} ≡ z:Labels → if z=x then T else Top That is, records are represented as dependent functions with a type of labels as domain whose range types depend on the value of the chosen label. Finite record type declarations are underspecified type declarations for these functions, as they only specify the type of the function’s results for input labels that are explicitly mentioned. By intersecting these declarations we refine the function’s range for other input labels as well and thus specify it for a larger collection of labels. 3 We will now use the same methodology to define dependent records, i.e. types of the form {x1:T 1; x2:T2[x1];..; xn:Tn[x1;..xn−1]} In a dependent record r, the type of a component xi may depend on the values of the components x1..xi−1., that is r.x ∈T
Caltech
"... Abstract This article presents a theory of classes and inheritance built on top of constructive typetheory. Classes are defined using dependent and very dependent function types that are found in the Nuprl constructive type theory. Inheritance is defined in terms of a general subtypingrelation over ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract This article presents a theory of classes and inheritance built on top of constructive typetheory. Classes are defined using dependent and very dependent function types that are found in the Nuprl constructive type theory. Inheritance is defined in terms of a general subtypingrelation over the underlying types. Among the basic types is the intersection type which plays a critical role in the applications because it provides a method of composing program components.The class theory is applied to defining algebraic structures such as monoids, groups, rings, etc. and relating them. It is also used to define communications protocols as infinite stateautomata. The article illustrates the role of these formal automata in defining the services of a distributed group communications system. In both applications the inheritance mechanismsallow reuse of proofs and the statement of general properties of system composition. 1 Introduction The results presented here were created as part of a broad effort to understand how to use computers to significantly automate the design and development of software systems. This is one of the main goals of the "PRL project " at Cornell1. One of the basic tenants of our approach to this task is that we should seek the most naturally expressive formal language in which to specify the services, characteristics and constraints that a software system must satisfy. If the formal expression of services is close to a natural one, then people can more readily use it. We also want to allow very compact notations for concepts used to describe systems, and this effect is also a consequence of expressive richness. We have discovered that it is frequently the case that the system we have built to implement one formal language will support an even richer one. So we have come to see our work as also progressively improving the reach of our tools.