Results 1  10
of
32
On the Observable Properties of Higher Order Functions that Dynamically Create Local Names
 IN MATHEMATICAL FOUNDATIONS OF COMPUTER SCIENCE, PROC. 18TH INT. SYMP
, 1993
"... The research reported in this paper is concerned with the problem of reasoning about properties of higher order functions involving state. It is motivated by the desire to identify what, if any, are the difficulties created purely by locality of state, independent of other properties such as sideef ..."
Abstract

Cited by 131 (14 self)
 Add to MetaCart
(Show Context)
The research reported in this paper is concerned with the problem of reasoning about properties of higher order functions involving state. It is motivated by the desire to identify what, if any, are the difficulties created purely by locality of state, independent of other properties such as sideeffects, exceptional termination and nontermination due to recursion. We consider a simple language (equivalent to a fragment of Standard ML) of typed, higher order functions that can dynamically create fresh names. Names are created with local scope, can be tested for equality and can be passed around via function application, but that is all. we demonstrate
Parametricity and Local Variables
, 1995
"... We propose that the phenomenon of local state may be understood in terms of Strachey 's concept of parametric (i.e., uniform) polymorphism. The intuitive basis for our proposal is the following analogy: a nonlocal procedure is independent of locallydeclared variables in the same way that a pa ..."
Abstract

Cited by 114 (9 self)
 Add to MetaCart
(Show Context)
We propose that the phenomenon of local state may be understood in terms of Strachey 's concept of parametric (i.e., uniform) polymorphism. The intuitive basis for our proposal is the following analogy: a nonlocal procedure is independent of locallydeclared variables in the same way that a parametrically polymorphic function is independent of types to which it is instantiated. A connection between parametricity and representational abstraction was first suggested by J. C. Reynolds. Reynolds used logical relations to formalize this connection in languages with type variables and userdefined types. We use relational parametricity to construct a model for an Algollike language in which interactions between local and nonlocal entities satisfy certain relational criteria. Reasoning about local variables essentially involves proving properties of polymorphic functions. The new model supports straightforward validations of all the test equivalences that have been proposed in the literatu...
Metatheory and Reflection in Theorem Proving: A Survey and Critique
, 1995
"... One way to ensure correctness of the inference performed by computer theorem provers is to force all proofs to be done step by step in a simple, more or less traditional, deductive system. Using techniques pioneered in Edinburgh LCF, this can be made palatable. However, some believe such an appro ..."
Abstract

Cited by 69 (2 self)
 Add to MetaCart
One way to ensure correctness of the inference performed by computer theorem provers is to force all proofs to be done step by step in a simple, more or less traditional, deductive system. Using techniques pioneered in Edinburgh LCF, this can be made palatable. However, some believe such an approach will never be efficient enough for large, complex proofs. One alternative, commonly called reflection, is to analyze proofs using a second layer of logic, a metalogic, and so justify abbreviating or simplifying proofs, making the kinds of shortcuts humans often do or appealing to specialized decision algorithms. In this paper we contrast the fullyexpansive LCF approach with the use of reflection. We put forward arguments to suggest that the inadequacy of the LCF approach has not been adequately demonstrated, and neither has the practical utility of reflection (notwithstanding its undoubted intellectual interest). The LCF system with which we are most concerned is the HOL proof ...
Semantics of Types for Mutable State
, 2004
"... Proofcarrying code (PCC) is a framework for mechanically verifying the safety of machine language programs. A program that is successfully verified by a PCC system is guaranteed to be safe to execute, but this safety guarantee is contingent upon the correctness of various trusted components. For in ..."
Abstract

Cited by 60 (4 self)
 Add to MetaCart
Proofcarrying code (PCC) is a framework for mechanically verifying the safety of machine language programs. A program that is successfully verified by a PCC system is guaranteed to be safe to execute, but this safety guarantee is contingent upon the correctness of various trusted components. For instance, in traditional PCC systems the trusted computing base includes a large set of lowlevel typing rules. Foundational PCC systems seek to minimize the size of the trusted computing base. In particular, they eliminate the need to trust complex, lowlevel type systems by providing machinecheckable proofs of type soundness for real machine languages. In this thesis, I demonstrate the use of logical relations for proving the soundness of type systems for mutable state. Specifically, I focus on type systems that ensure the safe allocation, update, and reuse of memory. For each type in the language, I define logical relations that explain the meaning of the type in terms of the operational semantics of the language. Using this model of types, I prove each typing rule as a lemma. The major contribution is a model of System F with general references — that is, mutable cells that can hold values of any closed type including other references, functions, recursive types, and impredicative quantified types. The model is based on ideas from both possible worlds and the indexed model of Appel and McAllester. I show how the model of mutable references is encoded in higherorder logic. I also show how to construct an indexed possibleworlds model for a von Neumann machine. The latter is used in the Princeton Foundational PCC system to prove type safety for a fullfledged lowlevel typed assembly language. Finally, I present a semantic model for a region calculus that supports typeinvariant references as well as memory reuse. iii
A Variable Typed Logic of Effects
 Information and Computation
, 1993
"... In this paper we introduce a variable typed logic of effects inspired by the variable type systems of Feferman for purely functional languages. VTLoE (Variable Typed Logic of Effects) is introduced in two stages. The first stage is the firstorder theory of individuals built on assertions of equalit ..."
Abstract

Cited by 50 (13 self)
 Add to MetaCart
(Show Context)
In this paper we introduce a variable typed logic of effects inspired by the variable type systems of Feferman for purely functional languages. VTLoE (Variable Typed Logic of Effects) is introduced in two stages. The first stage is the firstorder theory of individuals built on assertions of equality (operational equivalence `a la Plotkin), and contextual assertions. The second stage extends the logic to include classes and class membership. The logic we present provides an expressive language for defining and studying properties of programs including program equivalences, in a uniform framework. The logic combines the features and benefits of equational calculi as well as program and specification logics. In addition to the usual firstorder formula constructions, we add contextual assertions. Contextual assertions generalize Hoare's triples in that they can be nested, used as assumptions, and their free variables may be quantified. They are similar in spirit to program modalities in ...
Compilation and Equivalence of Imperative Objects
, 1998
"... We adopt the untyped imperative object calculus of Abadi and Cardelli as a minimal setting in which to study problems of compilation and program equivalence that arise when compiling objectoriented languages. We present both a bigstep and a smallstep substitutionbased operational semantics fo ..."
Abstract

Cited by 36 (4 self)
 Add to MetaCart
We adopt the untyped imperative object calculus of Abadi and Cardelli as a minimal setting in which to study problems of compilation and program equivalence that arise when compiling objectoriented languages. We present both a bigstep and a smallstep substitutionbased operational semantics for the calculus. Our rst two results are theorems asserting the equivalence of our substitutionbased semantics with a closurebased semantics like that given by Abadi and Cardelli. Our third result is a direct proof of the correctness of compilation to a stackbased abstract machine via a smallstep decompilation algorithm. Our fourth result is that contextual equivalence of objects coincides with a form of Mason and Talcott's CIU equivalence; the latter provides a tractable means of establishing operational equivalences. Finally, we prove correct an algorithm, used in our prototype compiler, for statically resolving method osets. This is the rst study of correctness of an objectoriented abstract machine, and of operational equivalence for the imperative object calculus.
Logical reasoning for higherorder functions with local state
 In Foundations of Software Science and Computation Structure
"... ABSTRACT. We introduce an extension of Hoare logic for callbyvalue higherorder functions with MLlike local reference generation. Local references may be generated dynamically and exported outside their scope, may store higherorder functions and may be used to construct complex mutable data stru ..."
Abstract

Cited by 15 (6 self)
 Add to MetaCart
(Show Context)
ABSTRACT. We introduce an extension of Hoare logic for callbyvalue higherorder functions with MLlike local reference generation. Local references may be generated dynamically and exported outside their scope, may store higherorder functions and may be used to construct complex mutable data structures. This primitive is captured logically using a predicate asserting reachability of a reference name from a possibly higherorder datum and quantifiers over hidden references. We explore the logic’s descriptive and reasoning power with nontrivial programming examples combining higherorder procedures and dynamically generated local state. Axioms for reachability and local invariant play a central role for reasoning about the examples.
Behavioral Subtyping in ObjectOriented Languages
, 1997
"... data types, modules, packages; F.3.1 [Logics and Meanings of Programs] Specifying and Verifying and Reasoning about Programs  logics of programs, pre and postconditions, theory A version of this technical report is published as the author's doctoral dissertation. c fl Copyright 1997 by Kr ..."
Abstract

Cited by 8 (2 self)
 Add to MetaCart
(Show Context)
data types, modules, packages; F.3.1 [Logics and Meanings of Programs] Specifying and Verifying and Reasoning about Programs  logics of programs, pre and postconditions, theory A version of this technical report is published as the author's doctoral dissertation. c fl Copyright 1997 by Krishna Kishore Dhara All rights reserved. Department of Computer Science 226 Atanasoff Hall Iowa State University Ames, Iowa 500111040, USA ii TABLE OF CONTENTS 1. INTRODUCTION : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 1 1.1 Problem : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 2 1.1.1 Reasoning problem and behavioral subtyping : : : : : : : : : : 2 1.1.2 Aliasing and behavioral subtyping : : : : : : : : : : : : : : : : 4 1.2 Overview of the solutions : : : : : : : : : : : : : : : : : : : : : : : : : 6 1.2.1 Different notions of behavioral subtyping : : : : : : : : : : : : 6 1.2.2 Semantic conditions : : : : : : : : : : : : : : : : : : : : : : : : 7 1.2.3 "...