Results 1  10
of
11
Ynot: Dependent types for imperative programs
 In Proceedings of ICFP 2008
, 2008
"... We describe an axiomatic extension to the Coq proof assistant, that supports writing, reasoning about, and extracting higherorder, dependentlytyped programs with sideeffects. Coq already includes a powerful functional language that supports dependent types, but that language is limited to pure, t ..."
Abstract

Cited by 36 (10 self)
 Add to MetaCart
We describe an axiomatic extension to the Coq proof assistant, that supports writing, reasoning about, and extracting higherorder, dependentlytyped programs with sideeffects. Coq already includes a powerful functional language that supports dependent types, but that language is limited to pure, total functions. The key contribution of our extension, which we call Ynot, is the added support for computations that may have effects such as nontermination, accessing a mutable store, and throwing/catching exceptions. The axioms of Ynot form a small trusted computing base which has been formally justified in our previous work on Hoare Type Theory (HTT). We show how these axioms can be combined with the powerful type and abstraction mechanisms of Coq to build higherlevel reasoning mechanisms which in turn can be used to build realistic, verified software components. To substantiate this claim, we describe here a representative series of modules that implement imperative finite maps, including support for a higherorder (effectful) iterator. The implementations range from simple (e.g., association lists) to complex (e.g., hash tables) but share a common interface which abstracts the implementation details and ensures that the modules properly implement the finite map abstraction.
Biorthogonality, StepIndexing and Compiler Correctness
, 2009
"... We define logical relations between the denotational semantics of a simply typed functional language with recursion and the operational behaviour of lowlevel programs in a variant SECD machine. The relations, which are defined using biorthogonality and stepindexing, capture what it means for a piec ..."
Abstract

Cited by 24 (10 self)
 Add to MetaCart
We define logical relations between the denotational semantics of a simply typed functional language with recursion and the operational behaviour of lowlevel programs in a variant SECD machine. The relations, which are defined using biorthogonality and stepindexing, capture what it means for a piece of lowlevel code to implement a mathematical, domaintheoretic function and are used to prove correctness of a simple compiler. The results have been formalized in the Coq proof assistant.
Ynot: Reasoning with the awkward squad
 In ACM SIGPLAN International Conference on Functional Programming
, 2008
"... We describe an axiomatic extension to the Coq proof assistant, that supports writing, reasoning about, and extracting higherorder, dependentlytyped programs with sideeffects. Coq already includes a powerful functional language that supports dependent types, but that language is limited to pure, t ..."
Abstract

Cited by 16 (0 self)
 Add to MetaCart
We describe an axiomatic extension to the Coq proof assistant, that supports writing, reasoning about, and extracting higherorder, dependentlytyped programs with sideeffects. Coq already includes a powerful functional language that supports dependent types, but that language is limited to pure, total functions. The key contribution of our extension, which we call Ynot, is the added support for computations that may have effects such as nontermination, accessing a mutable store, and throwing/catching exceptions. The axioms of Ynot form a small trusted computing base which has been formally justified in our previous work on Hoare Type Theory (HTT). We show how these axioms can be combined with the powerful type and abstraction mechanisms of Coq to build higherlevel reasoning mechanisms which in turn can be used to build realistic, verified software components. To substantiate this claim, we describe here a representative series of modules that implement imperative finite maps, including support for a higherorder (effectful) iterator. The implementations range from simple (e.g., association lists) to complex (e.g., hash tables) but share a common interface which abstracts the implementation details and ensures that the modules properly implement the finite map abstraction.
Compiling functional types to relational specifications for low level imperative code
 In TLDI
, 2009
"... We describe a semantic type soundness result, formalized in the Coq proof assistant, for a compiler from a simple functional language into an idealized assembly language. Types in the highlevel language are interpreted as binary relations, built using both secondorder quantification and separation, ..."
Abstract

Cited by 15 (5 self)
 Add to MetaCart
We describe a semantic type soundness result, formalized in the Coq proof assistant, for a compiler from a simple functional language into an idealized assembly language. Types in the highlevel language are interpreted as binary relations, built using both secondorder quantification and separation, over stores and values in the lowlevel machine. Categories and Subject Descriptors F.3.1 [Logics and meanings of programs]: Specifying and Verifying and Reasoning about
Extensible proofproducing compilation
 In 18th International Conference on Compiler Construction (CC) (2009
"... Abstract. This paper presents a compiler which produces machine code from functions defined in the logic of a theorem prover, and at the same time proves that the generated code executes the source functions. Unlike previously published work on proofproducing compilation from a theorem prover, our ..."
Abstract

Cited by 10 (7 self)
 Add to MetaCart
Abstract. This paper presents a compiler which produces machine code from functions defined in the logic of a theorem prover, and at the same time proves that the generated code executes the source functions. Unlike previously published work on proofproducing compilation from a theorem prover, our compiler provides broad support for userdefined extensions, targets multiple carefully modelled commercial machine languages, and does not require termination proofs for input functions. As a case study, the compiler is used to construct verified interpreters for a small LISPlike language. The compiler has been implemented in the HOL4 theorem prover. 1
Trusted source translation of a total function language
 In 14th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS
, 2008
"... Abstract. We present a trusted source translator that transforms total functions defined in the specification language of the HOL theorem prover to simple intermediate code. This translator eliminates polymorphism by code specification, removes higherorder functions through closure conversion, inte ..."
Abstract

Cited by 9 (8 self)
 Add to MetaCart
Abstract. We present a trusted source translator that transforms total functions defined in the specification language of the HOL theorem prover to simple intermediate code. This translator eliminates polymorphism by code specification, removes higherorder functions through closure conversion, interprets pattern matching as conditional expressions, etc. The target intermediate language can be further translated by proof to a simple imperative language. Each transformation is proven to be correct automatically. The formalization, implementation and mechanical verification of all transformations are done in HOL4. 1
Semantic foundations for typed assembly languages
 Prog. Languages and Systems (TOPLAS
, 2008
"... Typed Assembly Languages (TALs) are used to validate the safety of machinelanguage programs. The Foundational ProofCarrying Code project seeks to verify the soundness of TALs using the smallest possible set of axioms—the axioms of a suitably expressive logic plus a specification of machine semanti ..."
Abstract

Cited by 7 (2 self)
 Add to MetaCart
Typed Assembly Languages (TALs) are used to validate the safety of machinelanguage programs. The Foundational ProofCarrying Code project seeks to verify the soundness of TALs using the smallest possible set of axioms—the axioms of a suitably expressive logic plus a specification of machine semantics. This paper proposes general semantic foundations that permit modular proofs of the soundness of TALs. These semantic foundations include Typed Machine Language (TML), a type theory for specifying properties of lowlevel data with powerful and orthogonal type constructors, and Lc, a compositional logic for specifying properties of machine instructions with simplified reasoning about unstructured control flow. Both of these components, whose semantics we specify using higherorder logic, are useful for proving the soundness of TALs. We demonstrate this by using TML and Lc to verify the soundness of a lowlevel, typed assembly language, LTAL, which is the target of our coreMLtosparc compiler. To prove the soundness of the TML type system we have successfully applied a new approach, that of stepindexed logical relations. This approach provides the first semantic model for a type system with updatable references to values of impredicative quantified types. Both impredicative polymorphism and mutable references are essential when representing function closures in compilers with typed closure conversion, or when compiling objects to simpler typed primitives.