We introduce a Sumii-Pierce-Koutavas-Wand-style bisimulation for Pitts and Stark’s nu-calculus, a simply-typed lambda calculus with fresh name generation. This bisimulation coincides with contextual equivalence and provides a usable and elementary method for establishing all the subtle equivalences given by Stark [11]. We also describe the formalization of soundness and of the examples in the Coq proof assistant.

Abstract. We present a sound and complete method for reasoning about contextual equivalence in the untyped, imperative object calculus of Abadi and Cardelli [1]. Our method is based on bisimulations, following the work of Sumii and Pierce [25, 26] and our own [14]. Using our method we were able to prove equivalence in more complex examples than the ones of Gordon, Hankin and Lassen [7] and Gordon and Rees [8]. We can also write bisimulations in closed form in cases where similar bisimulation methods [26] require an inductive specification. To derive our bisimulations we follow the same technique as we did in [14], thus indicating the extensibility of this method. 1

Reflecting on type meta-data at runtime—type-directed programming—often provides a succinct and modular solution to many programming problems. However, type-directed programming can violate the data abstraction techniques used in standard software engineering practices. I propose that type-directed programming and data abstraction can be reconciled by the application of static information-flow techniques. I intend to explore whether this is true by (a) developing the meta-theory to show that these protection mechanisms can ensure the confidentiality and integrity of abstract data types and (b) developing a language, Informl, with an information-flow type and kind system to determine whether these techniques are compatible with type-directed programming idioms and to assess the impact these mechanisms have on programmers. i

This paper describes a method to treat contextual equivalence in polymorphically typed lambda-calculi, and also how to transfer equivalences from the untyped versions of lambda-calculi to their typed variant, where our specific calculus has letrec, recursive types and is nondeterministic. An addition of a type label to every subexpression is all that is needed, together with some natural constraints for the consistency of the type labels and well-scopedness of expressions. One result is that an elementary but typed notion of program transformation is obtained and that untyped contextual equivalences also hold in the typed calculus as long as the expressions are well-typed. In order to have a nice interaction between reduction and typing, some reduction rules have to be accompanied with a type modification by generalizing or instantiating types.

Semantic models are the basis for specification and verification of software. Operational, denotational, and axiomatic or algebraic methods offer complementary insights and reasoning techniques which are surveyed here. Unifying theories are needed to link models. Also considered are selected programming features for which new models are needed.

By combining and simplifying two of the most prominent theories for HOπ of Sangiorgi et al. and Jeffrey and Rathke [15, 4], we present an effective first-order theory for a higher-order picalculus. There are two significant aspects to our theory. The first is that higher-order inputs are treated in a first-order manner, hence eliminating the need to reason about arbitrarily complicated higher-order contexts, or to use up-to context techniques, when establishing equivalences between processes. The second is that we use augmented processes to record directly the knowledge of the observer. This has the benefit of making ordinary firstorder weak bisimulation fully abstract w.r.t. contextual equivalence. It also simplifies the handling of names, giving rise to a truly propositional Hennessy-Milner characterisation of higher-order contextual equivalence. Furthermore, we illustrate the simplicity of our approach in proving several interesting equivalences by exhibiting first-order witness weak bisimulations, and inequivalences by using the propositional Hennessy-Milner Logic. Finally we show that contextual equivalence

We develop a general method of proving properties of programs under arbitrary contexts—including (but not limited to) observational equivalence, space improvement, and a form of memory safety of the programs—in untyped call-byvalue λ-calculus with first-class, dynamically allocated, higher-order references and deallocation. The method generalizes Sumii et al.’s environmental bisimulation technique, and gives a sound and complete characterization of each proved property, in the sense that the “bisimilarity ” (the largest set satisfying the bisimulation-like conditions) equals the set of terms with the property to be proved. We give examples of contextual properties concerning typical data structures such as linked lists, binary search trees, and directed acyclic graphs with reference counts, all with deletion operations that release memory. This shows the scalability of the environmental approach from contextual equivalence to other binary relations (such as space improvement) and unary predicates (such as memory safety), as well as to languages with non-monotone store.

The method of logical relations assigns a relational interpretation to types that expresses operational invariants satisfied by all terms of a type. The method is widely used in the study of typed languages, for example to establish contextual equivalences of terms. The chief di#culty in using logical relations is to establish the existence of a relational interpretation. For simple language this is often justified by a straightforward induction on the structure of types, but in the presence of impredicative polymorphism and unrestricted recursive types, it is much more di#cult to carry out the construction. Standard methods rely on denotational semantics, building first a domain model of the language, then constructing relations over the model. Building on Freyd and Pitts work on universal properties of domain models, Birkedal and Harper gave a purely operational account of logical relations for a language with a single recursive type. We extend their work to impredicative (second-order) polymorphism and general recursive types, and apply it to establishing parametricity and representation independence properties in a purely operational setting. We compare our methods to the bisimulation methods introduced by Sumii and Pierce for proving such properties in an operational setting. We argue that, once the existence of a relational interpretation has been established, it is straightforward to use it to establish properties of interest.

We develop a general method of proving properties of programs under arbitrary contexts—including (but not limited to) observational equivalence, space improvement, and memory safety (of the programs)—in untyped call-by-value λ-calculus with first-class, dynamically allocated, higher-order references and deallocation. The method generalizes Sumii et al.’s environmental bisimulation technique, and gives a sound and complete characterization of each proved property, in the sense that the “bisimilarity ” (the largest set satisfying the bisimulation-like conditions) equals the set of terms with the property to be proved. We give examples of contextual properties concerning typical data structures such as linked lists, binary search trees, and directed acyclic graphs with reference counts, all with deletion operations that release memory. This shows the scalability of the environmental approach from contextual equivalence to other binary relations (such as space improvement) and unary predicates (such as memory safety), as well as to languages with non-monotone store.

We give a denotational semantics to a region-based effect system tracking reading, writing and allocation in a higher-order language with dynamically allocated integer references. Effects are interpreted in terms of the preservation of certain binary relations on the store, parameterized by region-indexed partial bijections on locations. The semantics validates a number of effect-dependent program equivalences and can thus serve as a foundation for effect-based compiler transformations.