Results 1  10
of
35
Tridirectional Typechecking
, 2004
"... In prior work we introduced a pure type assignment system that encompasses a rich set of property types, including intersections, unions, and universally and existentially quantified dependent types. In this paper ..."
Abstract

Cited by 39 (9 self)
 Add to MetaCart
In prior work we introduced a pure type assignment system that encompasses a rich set of property types, including intersections, unions, and universally and existentially quantified dependent types. In this paper
Modular Data Structure Verification
 EECS DEPARTMENT, MASSACHUSETTS INSTITUTE OF TECHNOLOGY
, 2007
"... This dissertation describes an approach for automatically verifying data structures, focusing on techniques for automatically proving formulas that arise in such verification. I have implemented this approach with my colleagues in a verification system called Jahob. Jahob verifies properties of Java ..."
Abstract

Cited by 38 (21 self)
 Add to MetaCart
This dissertation describes an approach for automatically verifying data structures, focusing on techniques for automatically proving formulas that arise in such verification. I have implemented this approach with my colleagues in a verification system called Jahob. Jahob verifies properties of Java programs with dynamically allocated data structures. Developers write Jahob specifications in classical higherorder logic (HOL); Jahob reduces the verification problem to deciding the validity of HOL formulas. I present a new method for proving HOL formulas by combining automated reasoning techniques. My method consists of 1) splitting formulas into individual HOL conjuncts, 2) soundly approximating each HOL conjunct with a formula in a more tractable fragment and 3) proving the resulting approximation using a decision procedure or a theorem prover. I present three concrete logics; for each logic I show how to use it to approximate HOL formulas, and how to decide the validity of formulas in this logic. First, I present an approximation of HOL based on a translation to firstorder logic, which enables the use of existing resolutionbased theorem provers. Second, I present an approximation of HOL based on field constraint analysis, a new technique that enables
Type Assignment for Intersections and Unions in CallbyValue Languages
"... We develop a system of type assignment with intersection types, union types, indexed types, and universal and existential dependent types that is sound in a callby value functional language. The combination of logical and computational principles underlying our formulation naturally leads to the c ..."
Abstract

Cited by 22 (9 self)
 Add to MetaCart
(Show Context)
We develop a system of type assignment with intersection types, union types, indexed types, and universal and existential dependent types that is sound in a callby value functional language. The combination of logical and computational principles underlying our formulation naturally leads to the central idea of typechecking subterms in evaluation order. We thereby provide a uniform generalization and explanation of several earlier isolated systems. The proof of progress and type preservation, usually formulated for closed terms only, relies on a notion of definite substitution.
Using firstorder theorem provers in the Jahob data structure verification system
 In Byron Cook and Andreas Podelski, editors, Verification, Model Checking, and Abstract Interpretation, LNCS 4349
, 2007
"... Abstract. This paper presents our integration of efficient resolutionbased theorem provers into the Jahob data structure verification system. Our experimental results show that this approach enables Jahob to automatically verify the correctness of a range of complex dynamically instantiable data st ..."
Abstract

Cited by 20 (1 self)
 Add to MetaCart
(Show Context)
Abstract. This paper presents our integration of efficient resolutionbased theorem provers into the Jahob data structure verification system. Our experimental results show that this approach enables Jahob to automatically verify the correctness of a range of complex dynamically instantiable data structures, including data structures such as hash tables and search trees, without the need for interactive theorem proving or techniques tailored to individual data structures. Our primary technical results include: (1) a translation from higherorder logic to firstorder logic that enables the application of resolutionbased theorem provers and (2) a proof that eliminating type (sort) information in formulas is both sound and complete, even in the presence of a generic equality operator. Moreover, our experimental results show that the elimination of this type information dramatically decreases the time required to prove the resulting formulas. These techniques enabled us to verify complex correctness properties of Java programs such as a mutable set implemented as an imperative linked list, a finite map implemented as a functional ordered tree, a hash table with a mutable array, and a simple library system example that uses these container data structures. Our system verifies (in a matter of minutes) that data structure operations correctly update the finite map, that they preserve data structure invariants (such as ordering of elements, membership in appropriate hash table buckets, or relationships between sets and relations), and that there are no runtime errors such as null dereferences or array out of bounds accesses. 1
A bidirectional refinement type system for LF
 Electronic Notes in Theoretical Computer Science, 196:113–128, January 2008. [NPP07] [Pfe92] [Pfe93] [Pfe01] Aleksandar Nanevski, Frank Pfenning, and Brigitte
"... We present a system of refinement types for LF in the style of recent formulations where only canonical forms are welltyped. Both the usual LF rules and the rules for type refinements are bidirectional, leading to a straightforward proof of decidability of typechecking even in the presence of inter ..."
Abstract

Cited by 16 (9 self)
 Add to MetaCart
(Show Context)
We present a system of refinement types for LF in the style of recent formulations where only canonical forms are welltyped. Both the usual LF rules and the rules for type refinements are bidirectional, leading to a straightforward proof of decidability of typechecking even in the presence of intersection types. Because we insist on canonical forms, structural rules for subtyping can now be derived rather than being assumed as primitive. We illustrate the expressive power of our system with several examples in the domain of logics and programming languages.
A Hoare Logic for CallbyValue Functional Programs
"... Abstract. We present a Hoare logic for a callbyvalue programming language equipped with recursive, higherorder functions, algebraic data types, and a polymorphic type system in the style of Hindley and Milner. It is the theoretical basis for a tool that extracts proof obligations out of programs ..."
Abstract

Cited by 15 (1 self)
 Add to MetaCart
(Show Context)
Abstract. We present a Hoare logic for a callbyvalue programming language equipped with recursive, higherorder functions, algebraic data types, and a polymorphic type system in the style of Hindley and Milner. It is the theoretical basis for a tool that extracts proof obligations out of programs annotated with logical assertions. These proof obligations, expressed in a typed, higherorder logic, are discharged using offtheshelf automated or interactive theorem provers. Although the technical apparatus that we exploit is by now standard, its application to callbyvalue functional programming languages appears to be new, and (we claim) deserves attention. As a sample application, we check the partial correctness of a balanced binary search tree implementation. 1
The Fox Project: Advanced Language Technology for Extensible Systems
, 1998
"... It has been amply demonstrated in recent years that careful attention to the structure of systems software can lead to greater flexibility, reliability, and ease of implementation, without incurring an undue penalty in performance#8;. It is our contention that advanced programming languages  partic ..."
Abstract

Cited by 13 (0 self)
 Add to MetaCart
(Show Context)
It has been amply demonstrated in recent years that careful attention to the structure of systems software can lead to greater flexibility, reliability, and ease of implementation, without incurring an undue penalty in performance#8;. It is our contention that advanced programming languages  particularly languages with a mathematically rigorous semantics, and featuring higher order functions, polymorphic types, and a strong module system are ideally
suited to expressing such structure#8;. Indeed, our previous research has shown that the use of an advanced programming language can have a fundamental eff#11;ect on system design, leading naturally to system architectures that are
highly modular, effi#12;cient, and allow reuse of code#8;
We are thus working to demonstrate the viability and ibenefts of advanced languages for programming real
world systems. and in particular Active Networks#8;. To achieve this we have organized our research into the areas of language technology, safety infrastructure, compiler technology, and applications#8;. This report describes the current plans for this e#11;ffort which we refer to as the Fox project#8;.
HigherOrder MultiParameter Tree Transducers . . .
, 2010
"... We introduce higherorder, multiparameter, tree transducers (HMTTs, for short), which are kinds of higherorder tree transducers that take input trees and output a (possibly infinite) tree. We study the problem of checking whether the tree generated by a given HMTT conforms to a given output specif ..."
Abstract

Cited by 11 (2 self)
 Add to MetaCart
We introduce higherorder, multiparameter, tree transducers (HMTTs, for short), which are kinds of higherorder tree transducers that take input trees and output a (possibly infinite) tree. We study the problem of checking whether the tree generated by a given HMTT conforms to a given output specification, provided that the input trees conform to input specifications (where both input/output specifications are regular tree languages). HMTTs subsume higherorder recursion schemes and ordinary tree transducers, so that their verification has a number of potential applications to verification of functional programs using recursive data structures, including resource usage verification, string analysis, and exact typechecking of XMLprocessing programs. We propose a sound but incomplete verification algorithm for the HMTT verification problem: the algorithm reduces the verification problem to a modelchecking problem for higherorder recursion schemes extended with finite data domains, and then uses (an extension of) Kobayashi’s algorithm for modelchecking recursion schemes. While the algorithm is incomplete (indeed, as we show in the paper, the verification problem is undecidable in general), it is sound and complete for a subclass of HMTTs called linear HMTTs. We have applied our HMTT verification algorithm to various program verification problems and obtained promising results.
Refined typechecking with Stardust
 In Workshop on Programming Languages Meets Program Verification (PLPV
, 2007
"... We present Stardust, an implementation of a type system for a subset of ML with type refinements, intersection types, and union types, enabling programmers to legibly specify certain classes of program invariants that are verified at compile time. This is the first implementation of unrestricted int ..."
Abstract

Cited by 8 (5 self)
 Add to MetaCart
(Show Context)
We present Stardust, an implementation of a type system for a subset of ML with type refinements, intersection types, and union types, enabling programmers to legibly specify certain classes of program invariants that are verified at compile time. This is the first implementation of unrestricted intersection and union types in a mainstream functional programming setting, as well as the first implementation of a system with both datasort and index refinements. The system—with the assistance of external constraint solvers—supports integer, Boolean and dimensional index refinements; we apply both value refinements (to check redblack tree invariants) and invaluable refinements (to check dimensional consistency). While typechecking with intersection and union types is intrinsically complex, our experience so far suggests that it can be practical in many instances.
Nested refinements: A logic for duck typing
"... Programs written in dynamic languages make heavy use of features — runtime type tests, valueindexed dictionaries, polymorphism, and higherorder functions — that are beyond the reach of type systems that employ either purely syntactic or purely semantic reasoning. We present a core calculus, Syste ..."
Abstract

Cited by 7 (1 self)
 Add to MetaCart
(Show Context)
Programs written in dynamic languages make heavy use of features — runtime type tests, valueindexed dictionaries, polymorphism, and higherorder functions — that are beyond the reach of type systems that employ either purely syntactic or purely semantic reasoning. We present a core calculus, System D, that merges these two modes of reasoning into a single powerful mechanism of nested refinement types wherein the typing relation is itself a predicate in the refinement logic. System D coordinates SMTbased logical implication and syntactic subtyping to automatically typecheck sophisticated dynamic language programs. By coupling nested refinements with McCarthy’s theory of finite maps, System D can precisely reason about the interaction of higherorder functions, polymorphism, and dictionaries. The addition of type predicates to the refinement logic creates a circularity that leads to unique technical challenges in the metatheory, which we solve with a novel stratification approach that we use to prove the soundness of System D.