Results 1  10
of
92
Stack Inspection: Theory and Variants
 ACM TRANSACTIONS ON PROGRAMMING LANGUAGES AND SYSTEMS
, 2001
"... Stack inspection is a security mechanism implemented in runtimes such as the JVM and the CLR to accommodate components with diverse levels of trust. Although stack inspection enables the finegrained expression of access control policies, it has rather a complex and subtle semantics. We present a ..."
Abstract

Cited by 90 (4 self)
 Add to MetaCart
Stack inspection is a security mechanism implemented in runtimes such as the JVM and the CLR to accommodate components with diverse levels of trust. Although stack inspection enables the finegrained expression of access control policies, it has rather a complex and subtle semantics. We present a formal semantics and an equational theory to explain how stack inspection a#ects program behaviour and code optimisations. We discuss the security properties enforced by stack inspection, and also consider variants with stronger, simpler properties.
Operationallybased theories of program equivalence
 Semantics and Logics of Computation
, 1997
"... ..."
From Rewrite Rules to Bisimulation Congruences
 THEORETICAL COMPUTER SCIENCE
, 1998
"... The dynamics of many calculi can be most clearly defined by a reduction semantics. To work with a calculus, however, an understanding of operational congruences is fundamental; these can often be given tractable definitions or characterisations using a labelled transition semantics. This paper consi ..."
Abstract

Cited by 71 (2 self)
 Add to MetaCart
The dynamics of many calculi can be most clearly defined by a reduction semantics. To work with a calculus, however, an understanding of operational congruences is fundamental; these can often be given tractable definitions or characterisations using a labelled transition semantics. This paper considers calculi with arbitrary reduction semantics of three simple classes, firstly ground term rewriting, then leftlinear term rewriting, and then a class which is essentially the action calculi lacking substantive name binding. General definitions of labelled transitions are given in each case, uniformly in the set of rewrite rules, and without requiring the prescription of additional notions of observation. They give rise to bisimulation congruences. As a test of the theory it is shown that bisimulation for a fragment of CCS is recovered. The transitions generated for a fragment of the Ambient Calculus of Cardelli and Gordon, and for SKI combinators, are also discussed briefly.
Coinductive Axiomatization of Recursive Type Equality and Subtyping
, 1998
"... e present new sound and complete axiomatizations of type equality and subtype inequality for a firstorder type language with regular recursive types. The rules are motivated by coinductive characterizations of type containment and type equality via simulation and bisimulation, respectively. The mai ..."
Abstract

Cited by 64 (2 self)
 Add to MetaCart
e present new sound and complete axiomatizations of type equality and subtype inequality for a firstorder type language with regular recursive types. The rules are motivated by coinductive characterizations of type containment and type equality via simulation and bisimulation, respectively. The main novelty of the axiomatization is the fixpoint rule (or coinduction principle), which has the form A; P ` P A ` P (Fix) where P is either a type equality = 0 or type containment 0 and the proof of the premise must be contractive in a formal sense. In particular, a proof of A; P ` P using the assumption axiom is not contractive. The fixpoint rule embodies a finitary coinduction principle and thus allows us to capture a coinductive relation in the fundamentally inductive framework of inference systems. The new axiomatizations are more concise than previous axiomatizations, particularly so for type containment since no separate axiomatization of type equality is required, as in A...
A bisimulation for type abstraction and recursion
 SYMPOSIUM ON PRINCIPLES OF PROGRAMMING LANGUAGES
, 2005
"... We present a bisimulation method for proving the contextual equivalence of packages in λcalculus with full existential and recursive types. Unlike traditional logical relations (either semantic or syntactic), our development is “elementary, ” using only sets and relations and avoiding advanced mach ..."
Abstract

Cited by 47 (4 self)
 Add to MetaCart
We present a bisimulation method for proving the contextual equivalence of packages in λcalculus with full existential and recursive types. Unlike traditional logical relations (either semantic or syntactic), our development is “elementary, ” using only sets and relations and avoiding advanced machinery such as domain theory, admissibility, and ⊤⊤closure. Unlike other bisimulations, ours is complete even for existential types. The key idea is to consider sets of relations—instead of just relations—as bisimulations.
A Congruence Theorem for Structured Operational Semantics of HigherOrder Languages
, 1997
"... In this paper we describe the promoted tyft/tyxt rule format for defining higherorder languages. The rule format is a generalization of Groote and Vaandrager 's tyft/tyxt format in which terms are allowed as labels on transitions in rules. We prove that bisimulation is a congruence for any languag ..."
Abstract

Cited by 36 (0 self)
 Add to MetaCart
In this paper we describe the promoted tyft/tyxt rule format for defining higherorder languages. The rule format is a generalization of Groote and Vaandrager 's tyft/tyxt format in which terms are allowed as labels on transitions in rules. We prove that bisimulation is a congruence for any language defined in promoted tyft/tyxt format and demonstrate the usefulness of the rule format by presenting promoted tyft/tyxt definitions for the lazy calculus, CHOCS and the ßcalculus. 1 Introduction For a programming language definition that uses bisimulation as the notion of equivalence, it is desirable for the bisimulation relation to be compatible with the language constructs; i.e. that bisimulation be a congruence. Several rule formats have been defined, so that as long as a definition satisfies certain syntactic constraints, then the defined bisimulation relation is guaranteed to be a congruence. However these rule formats have not been widely used for defining languages with higher...
Compilation by Transformation in NonStrict Functional Languages
, 1995
"... In this thesis we present and analyse a set of automatic sourcetosource program transformations that are suitable for incorporation in optimising compilers for lazy functional languages. These transformations improve the quality of code in many different respects, such as execution time and memory ..."
Abstract

Cited by 32 (1 self)
 Add to MetaCart
In this thesis we present and analyse a set of automatic sourcetosource program transformations that are suitable for incorporation in optimising compilers for lazy functional languages. These transformations improve the quality of code in many different respects, such as execution time and memory usage. The transformations presented are divided in two sets: global transformations, which are performed once (or sometimes twice) during the compilation process; and a set of local transformations, which are performed before and after each of the global transformations, so that they can simplify the code before applying the global transformations and also take advantage of them afterwards. Many of the local transformations are simple, well known, and do not have major effects on their own. They become important as they interact with each other and with global transformations, sometimes in nonobvious ways. We present how and why they improve the code, and perform extensive experiments wit...
A Tutorial on Coinduction and Functional Programming
 IN GLASGOW FUNCTIONAL PROGRAMMING WORKSHOP
, 1994
"... Coinduction is an important tool for reasoning about unbounded structures. This tutorial explains the foundations of coinduction, and shows how it justifies intuitive arguments about lazy streams, of central importance to lazy functional programmers. We explain from first principles a theory based ..."
Abstract

Cited by 27 (1 self)
 Add to MetaCart
Coinduction is an important tool for reasoning about unbounded structures. This tutorial explains the foundations of coinduction, and shows how it justifies intuitive arguments about lazy streams, of central importance to lazy functional programmers. We explain from first principles a theory based on a new formulation of bisimilarity for functional programs, which coincides exactly with Morrisstyle contextual equivalence. We show how to prove properties of lazy streams by coinduction and derive Bird and Wadler's Take Lemma, a wellknown proof technique for lazy streams.
Hidden Coinduction: Behavioral Correctness Proofs for Objects
 Mathematical Structures in Computer Science
, 1999
"... This paper unveils and motivates an ambitious programme of hidden algebraic research in software engineering, beginning with our general goals, continuing with an overview of results, and including some future plans. The main contribution is powerful hidden coinduction techniques for proving behavio ..."
Abstract

Cited by 24 (8 self)
 Add to MetaCart
This paper unveils and motivates an ambitious programme of hidden algebraic research in software engineering, beginning with our general goals, continuing with an overview of results, and including some future plans. The main contribution is powerful hidden coinduction techniques for proving behavioral correctness of concurrent systems; several mechanical proofs are given using OBJ3. We also show how modularization, bisimulation, transition systems, concurrency and combinations of the functional, constraint, logic and object paradigms fit into hidden algebra. 1. Introduction
A Fully Abstract Semantics for a Concurrent Functional Language With Monadic Types
, 1995
"... This paper presents a typed higherorder concurrent functional programming language, based on Moggi's monadic metalanguage and Reppy's Concurrent ML. We present an operational semantics for the language, and show that a higherorder variant of the traces model is fully abstract for maytesting. This p ..."
Abstract

Cited by 21 (4 self)
 Add to MetaCart
This paper presents a typed higherorder concurrent functional programming language, based on Moggi's monadic metalanguage and Reppy's Concurrent ML. We present an operational semantics for the language, and show that a higherorder variant of the traces model is fully abstract for maytesting. This proof uses a program logic based on HennessyMilner logic and Abramsky's domain theory in logical form.