Results 1  10
of
16
Statedependent representation independence
 In Proceedings of the 36th ACM SIGPLANSIGACT Symposium on Principles of Programming Languages
, 2009
"... Mitchell’s notion of representation independence is a particularly useful application of Reynolds ’ relational parametricity — two different implementations of an abstract data type can be shown contextually equivalent so long as there exists a relation between their type representations that is pre ..."
Abstract

Cited by 63 (19 self)
 Add to MetaCart
Mitchell’s notion of representation independence is a particularly useful application of Reynolds ’ relational parametricity — two different implementations of an abstract data type can be shown contextually equivalent so long as there exists a relation between their type representations that is preserved by their operations. There have been a number of methods proposed for proving representation independence in various pure extensions of System F (where data abstraction is achieved through existential typing), as well as in Algol or Javalike languages (where data abstraction is achieved through the use of local mutable state). However, none of these approaches addresses the interaction of existential type abstraction and local state. In particular, none allows one to prove representation independence results for generative ADTs — i.e., ADTs that both maintain some local state and define abstract types whose internal
Biorthogonality, StepIndexing and Compiler Correctness
, 2009
"... We define logical relations between the denotational semantics of a simply typed functional language with recursion and the operational behaviour of lowlevel programs in a variant SECD machine. The relations, which are defined using biorthogonality and stepindexing, capture what it means for a piec ..."
Abstract

Cited by 24 (10 self)
 Add to MetaCart
We define logical relations between the denotational semantics of a simply typed functional language with recursion and the operational behaviour of lowlevel programs in a variant SECD machine. The relations, which are defined using biorthogonality and stepindexing, capture what it means for a piece of lowlevel code to implement a mathematical, domaintheoretic function and are used to prove correctness of a simple compiler. The results have been formalized in the Coq proof assistant.
Compiling functional types to relational specifications for low level imperative code
 In TLDI
, 2009
"... We describe a semantic type soundness result, formalized in the Coq proof assistant, for a compiler from a simple functional language into an idealized assembly language. Types in the highlevel language are interpreted as binary relations, built using both secondorder quantification and separation, ..."
Abstract

Cited by 15 (5 self)
 Add to MetaCart
We describe a semantic type soundness result, formalized in the Coq proof assistant, for a compiler from a simple functional language into an idealized assembly language. Types in the highlevel language are interpreted as binary relations, built using both secondorder quantification and separation, over stores and values in the lowlevel machine. Categories and Subject Descriptors F.3.1 [Logics and meanings of programs]: Specifying and Verifying and Reasoning about
Nonparametric Parametricity
 UNDER CONSIDERATION FOR PUBLICATION IN J. FUNCTIONAL PROGRAMMING
, 2010
"... Type abstraction and intensional type analysis are features seemingly at odds—type abstraction is intended to guarantee parametricity and representation independence, while type analysis is inherently nonparametric. Recently, however, several researchers have proposed and implemented “dynamic type, ..."
Abstract

Cited by 12 (3 self)
 Add to MetaCart
Type abstraction and intensional type analysis are features seemingly at odds—type abstraction is intended to guarantee parametricity and representation independence, while type analysis is inherently nonparametric. Recently, however, several researchers have proposed and implemented “dynamic type, one should also be able to generate at run time a fresh type name, which may be used as a dynamic representative of the abstract type for purposes of type analysis. The question remains: in a language with nonparametric polymorphism, does dynamic type generation provide us with the same kinds of abstraction guarantees that we get from parametric polymorphism? Our goal is to provide a rigorous answer to this question. We define a stepindexed Kripke logical relation for a language with both nonparametric polymorphism (in the form of typesafe cast) and dynamic type generation. Our logical relation enables us to establish parametricity and representation independence results, even in a nonparametric setting, by attaching arbitrary relational interpretations to dynamicallygenerated type names. In addition, we explore how programs that are provably equivalent in a more traditional parametric logical relation may be “wrapped” systematically to produce terms that are related by our nonparametric relation, and vice versa. This leads us to a novel “polarized” form of our logical relation, which enables us to distinguish formally between positive and negative notions of parametricity.
Fully Abstract Compilation to JavaScript
"... Many tools allow programmers to develop applications in highlevel languages and deploy them in web browsers via compilation to JavaScript. While practical and widely used, these compilers are ad hoc: no guarantee is provided on their correctness for whole programs, nor their security for programs ex ..."
Abstract

Cited by 11 (3 self)
 Add to MetaCart
Many tools allow programmers to develop applications in highlevel languages and deploy them in web browsers via compilation to JavaScript. While practical and widely used, these compilers are ad hoc: no guarantee is provided on their correctness for whole programs, nor their security for programs executed within arbitrary JavaScript contexts. This paper presents a compiler with such guarantees. We compile an MLlike language with higherorder functions and references to JavaScript, while preserving all source program properties. Relying on typebased invariants and applicative bisimilarity, we show full abstraction: two programs are equivalent in all source contexts if and only if their wrapped translations are equivalent in all JavaScript contexts. We evaluate our compiler on sample programs, including a series of secure libraries.
The Effects of
 Artificial Sources of Water on Rangeland Biodiversity. Environment Australia and CSIRO
, 1997
"... “Turing hoped that his abstractedpapertape model was so simple, so transparent and well defined, that it would not depend on any assumptions about physics that could conceivably be falsified, and therefore that it could become the basis of an abstract theory of computation that was independent of ..."
Abstract

Cited by 9 (5 self)
 Add to MetaCart
“Turing hoped that his abstractedpapertape model was so simple, so transparent and well defined, that it would not depend on any assumptions about physics that could conceivably be falsified, and therefore that it could become the basis of an abstract theory of computation that was independent of the underlying physics. ‘He thought, ’ as Feynman once put it, ‘that he understood paper. ’ But he was mistaken. Real, quantummechanical paper is wildly different from the abstract stuff that the Turing machine uses. The Turing machine is entirely classical...”
Semantic foundations for typed assembly languages
 Prog. Languages and Systems (TOPLAS
, 2008
"... Typed Assembly Languages (TALs) are used to validate the safety of machinelanguage programs. The Foundational ProofCarrying Code project seeks to verify the soundness of TALs using the smallest possible set of axioms—the axioms of a suitably expressive logic plus a specification of machine semanti ..."
Abstract

Cited by 7 (2 self)
 Add to MetaCart
Typed Assembly Languages (TALs) are used to validate the safety of machinelanguage programs. The Foundational ProofCarrying Code project seeks to verify the soundness of TALs using the smallest possible set of axioms—the axioms of a suitably expressive logic plus a specification of machine semantics. This paper proposes general semantic foundations that permit modular proofs of the soundness of TALs. These semantic foundations include Typed Machine Language (TML), a type theory for specifying properties of lowlevel data with powerful and orthogonal type constructors, and Lc, a compositional logic for specifying properties of machine instructions with simplified reasoning about unstructured control flow. Both of these components, whose semantics we specify using higherorder logic, are useful for proving the soundness of TALs. We demonstrate this by using TML and Lc to verify the soundness of a lowlevel, typed assembly language, LTAL, which is the target of our coreMLtosparc compiler. To prove the soundness of the TML type system we have successfully applied a new approach, that of stepindexed logical relations. This approach provides the first semantic model for a type system with updatable references to values of impredicative quantified types. Both impredicative polymorphism and mutable references are essential when representing function closures in compilers with typed closure conversion, or when compiling objects to simpler typed primitives.
An EquivalencePreserving CPS Translation via MultiLanguage Semantics (Technical Appendix)
"... the complete set of technical definitions (Sections 3 to 7), and the proofs (Sections 8 to 13). In particular, in Section 1.3, we adopt System F without the CPS restriction as our target language and present the changes needed—to the backtranslation and the proofs—to establish full abstraction in t ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
the complete set of technical definitions (Sections 3 to 7), and the proofs (Sections 8 to 13). In particular, in Section 1.3, we adopt System F without the CPS restriction as our target language and present the changes needed—to the backtranslation and the proofs—to establish full abstraction in this setting.
Syntactic proofs of compositional compiler correctness
, 2009
"... Abstract. Semantic preservation by compilers for higherorder languages can be verified using simple syntactic methods. At the heart of classic techniques are relations between sourcelevel and targetlevel values. Unfortunately, these relations are specific to particular compilers, leading to corre ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Abstract. Semantic preservation by compilers for higherorder languages can be verified using simple syntactic methods. At the heart of classic techniques are relations between sourcelevel and targetlevel values. Unfortunately, these relations are specific to particular compilers, leading to correctness theorems that have nothing to say about linking programs with functions compiled by other compilers or written by hand in the target language. Theorems based on logical relations manage to avoid this problem, but at a cost: standard logical relations do not apply directly to programs with nontermination or impurity, and extensions to handle those features are relatively complicated, compared to the classical compiler verification literature. In this paper, we present a new approach to “open ” compiler correctness theorems that is “syntactic ” in the sense that the core relations do not refer to semantics. Though the technique is much more elementary than previous proposals, it scales up nicely to realistic languages. In particular, untyped and impure programs may be handled simply, while previous work has addressed neither in this context. Our approach is based on the observation that it is an unnecessary handicap to consider proofs as black boxes. We identify some theoremspecific proof skeletons, such that we can define an algebra of nondeterministic compilations and their proofs, and we can compose any two compilations to produce a correctbyconstruction result. We have prototyped these ideas with a Coq implementation of multiple CPS translations for an untyped MiniML source language with recursive functions, sums, products, mutable references, and exceptions. 1
Relating stepindexed logical relations and bisimulations
, 2009
"... Operational logical relations and bisimulations are two particularly successful syntactic techniques for reasoning about program equivalence. Although both techniques seem to have common intuitions, their basis is on different mathematical principles: induction for the former, and coinduction for t ..."
Abstract
 Add to MetaCart
Operational logical relations and bisimulations are two particularly successful syntactic techniques for reasoning about program equivalence. Although both techniques seem to have common intuitions, their basis is on different mathematical principles: induction for the former, and coinduction for the latter. The intuitive understanding of the two techniques seems more common, but their mathematical connection more ambitious, when each is combined with stepbased reasoning, such as in the case of AppelMcAllesterAhmed stepindexed (SI) logical relations [5, 4] and KoutavasWand (KW) bisimulations [12, 11]. In this paper we give an alternative formulation of a SI logical relation in the style of AppelMcAllesterAhmed. We derive this from a definition that is parametric on the indexing scheme by requiring it to satisfy the desirable properties of a SI logical relation. We then argue that SI logical relations and KW bisimulations approximate the same relation each in a distinct way. Finally we prove a somewhat surprising commutation theorem between unions and intersections that may be used as a new proof technique. 1