Results 1  10
of
66
Engineering formal metatheory
 In ACM SIGPLANSIGACT Symposium on Principles of Programming Languages
, 2008
"... Machinechecked proofs of properties of programming languages have become a critical need, both for increased confidence in large and complex designs and as a foundation for technologies such as proofcarrying code. However, constructing these proofs remains a black art, involving many choices in th ..."
Abstract

Cited by 116 (11 self)
 Add to MetaCart
Machinechecked proofs of properties of programming languages have become a critical need, both for increased confidence in large and complex designs and as a foundation for technologies such as proofcarrying code. However, constructing these proofs remains a black art, involving many choices in the formulation of definitions and theorems that make a huge cumulative difference in the difficulty of carrying out large formal developments. The representation and manipulation of terms with variable binding is a key issue. We propose a novel style for formalizing metatheory, combining locally nameless representation of terms and cofinite quantification of free variable names in inductive definitions of relations on terms (typing, reduction,...). The key technical insight is that our use of cofinite quantification obviates the need for reasoning about equivariance (the fact that free names can be renamed in derivations); in particular, the structural induction principles of relations
Modal Types for Mobile Code
, 2008
"... In this dissertation I argue that modal type systems provide an elegant and practical means for controlling local resources in spatially distributed computer programs. A distributed program is one that executes in multiple physical or logical places. It usually does so because those places have loca ..."
Abstract

Cited by 27 (0 self)
 Add to MetaCart
In this dissertation I argue that modal type systems provide an elegant and practical means for controlling local resources in spatially distributed computer programs. A distributed program is one that executes in multiple physical or logical places. It usually does so because those places have local resources that can only be used in those locations. Such resources can include processing power, proximity to data, hardware, or the physical presence of a user. Programmers that write distributed applications therefore need to be able to reason about the places in which their programs will execute. This work provides an elegant and practical way to think about such programs in the form of a type system derived from modal logic. Modal logic allows for reasoning about truth from multiple simultaneous perspectives. These perspectives, called "worlds," are identified with the locations in the distributed program. This enables the programming language to be simultaneously aware of the various hosts involved in a program, their
Distributed programming with distributed authorization
, 2009
"... We propose a programming language, called PCML5, for building distributed applications with distributed access control. Target applications include webbased systems in which programs must compute with stipulated resources at different sites. In such a setting, access control policies are decentrali ..."
Abstract

Cited by 23 (2 self)
 Add to MetaCart
We propose a programming language, called PCML5, for building distributed applications with distributed access control. Target applications include webbased systems in which programs must compute with stipulated resources at different sites. In such a setting, access control policies are decentralized (each site may impose restrictions on access to its resources without the knowledge of or cooperation with other sites) and spatially distributed (each site may store its policies locally). To enforce such policies PCML5 employs a distributed proofcarrying authorization framework in which sensitive resources are governed by reference monitors that authenticate principals and demand logical proofs of compliance with sitespecific access control policies. The language provides primitive operations for authentication, and acquisition of proofs from local policies. The type system of PCML5 enforces locality restrictions on resources, ensuring that they can only be accessed from the site at which they reside, and enforces the authentication and authorization obligations required to comply with local access control policies. This ensures that a welltyped PCML5 program cannot incur a runtime access control violation at a reference monitor for a controlled resource.
Syntax for free: Representing syntax with binding using parametricity
 OF LECTURE NOTES IN COMPUTER SCIENCE
, 2009
"... We show that, in a parametric model of polymorphism, the type ∀α.((α → α) → α) → (α → α → α) → α is isomorphic to closed de Bruijn terms. That is, the type of closed higherorder abstract syntax terms is isomorphic to a concrete representation. To demonstrate the proof we have constructed a mode ..."
Abstract

Cited by 17 (5 self)
 Add to MetaCart
(Show Context)
We show that, in a parametric model of polymorphism, the type ∀α.((α → α) → α) → (α → α → α) → α is isomorphic to closed de Bruijn terms. That is, the type of closed higherorder abstract syntax terms is isomorphic to a concrete representation. To demonstrate the proof we have constructed a model of parametric polymorphism inside the Coq proof assistant. The proof of the theorem requires parametricity over Kripke relations. We also investigate some variants of this representation.
A sound semantics for OCamllight
 In: Programming Languages and Systems, 17th European Symposium on Programming, ESOP 2008, Lecture Notes in Computer Science
, 2008
"... Abstract. Few programming languages have a mathematically rigorous definition or metatheory—in part because they are perceived as too large and complex to work with. This paper demonstrates the feasibility of such undertakings: we formalize a substantial portion of the semantics of Objective Caml’s ..."
Abstract

Cited by 17 (4 self)
 Add to MetaCart
(Show Context)
Abstract. Few programming languages have a mathematically rigorous definition or metatheory—in part because they are perceived as too large and complex to work with. This paper demonstrates the feasibility of such undertakings: we formalize a substantial portion of the semantics of Objective Caml’s core language (which had not previously been given a formal semantics), and we develop a mechanized type soundness proof in HOL. We also develop an executable version of the operational semantics, verify that it coincides with our semantic definition, and use it to test conformance between the semantics and the OCaml implementation. We intend our semantics to be a suitable substrate for the verification of OCaml programs. 1 Mechanizing Metatheory Researchers in programming languages and program verification routinely develop their ideas in the context of core calculi and idealized models. The advantage of the core calculus approach comes from the efficacy of pencilandpaper mathematics, both for specification and proof; however, these techniques do not scale well. Usable programming
Mechanizing the Metatheory of LF
, 2008
"... LF is a dependent type theory in which many other formal systems can be conveniently embedded. However, correct use of LF relies on nontrivial metatheoretic developments such as proofs of correctness of decision procedures for LF’s judgments. Although detailed informal proofs of these properties hav ..."
Abstract

Cited by 16 (7 self)
 Add to MetaCart
LF is a dependent type theory in which many other formal systems can be conveniently embedded. However, correct use of LF relies on nontrivial metatheoretic developments such as proofs of correctness of decision procedures for LF’s judgments. Although detailed informal proofs of these properties have been published, they have not been formally verified in a theorem prover. We have formalized these properties within Isabelle/HOL using the Nominal Datatype Package, closely following a recent article by Harper and Pfenning. In the process, we identified and resolved a gap in one of the proofs and a small number of minor lacunae in others. Besides its intrinsic interest, our formalization provides a foundation for studying the adequacy of LF encodings, the correctness of Twelfstyle metatheoretic reasoning, and the metatheory of extensions to LF.
A Bidirectional Refinement Type System for LF
, 2007
"... We present a system of refinement types for LF in the style of recent formulations where only canonical forms are welltyped. Both the usual LF rules and the rules for type refinements are bidirectional, leading to a straightforward proof of decidability of typechecking even in the presence of inte ..."
Abstract

Cited by 13 (5 self)
 Add to MetaCart
(Show Context)
We present a system of refinement types for LF in the style of recent formulations where only canonical forms are welltyped. Both the usual LF rules and the rules for type refinements are bidirectional, leading to a straightforward proof of decidability of typechecking even in the presence of intersection types. Because we insist on canonical forms, structural rules for subtyping can now be derived rather than being assumed as primitive. We illustrate the expressive power of our system with several examples in the domain of logics and programming languages.
Proof pearl: The power of higherorder encodings in the logical framework LF
 In International Conference on Theorem Proving in Higher Order Logics (TPHOLs). Lecture Notes in Computer Science
"... Abstract. In this proof pearl, we demonstrate the power of higherorder encodings in the logical framework Twelf[PS99] by investigating proofs about an algorithmic specification of bounded subtype polymorphism, a problem from the POPLmark challenge [ABF + 05]. Our encoding and representation of the p ..."
Abstract

Cited by 10 (1 self)
 Add to MetaCart
(Show Context)
Abstract. In this proof pearl, we demonstrate the power of higherorder encodings in the logical framework Twelf[PS99] by investigating proofs about an algorithmic specification of bounded subtype polymorphism, a problem from the POPLmark challenge [ABF + 05]. Our encoding and representation of the problem plays to the strengths of the logical framework LF. Higherorder abstract syntax is used to deal with issues of bound variables. More importantly, we exploit the full advantage of parametric and higherorder judgments. As a key benefit we get a tedious narrowing lemma, which must normally be proven separately, for free. Consequently, we obtain an extremely compact and elegant encoding of the admissibility of general transitivity and other metatheoretic properties. 1
Reasoning with HigherOrder Abstract Syntax and Contexts: A Comparison
"... Abstract. A variety of logical frameworks support the use of higherorder abstract syntax (HOAS) in representing formal systems given via axioms and inference rules and reasoning about them. In such frameworks, objectlevel binding is encoded directly using metalevel binding. Although these systems ..."
Abstract

Cited by 10 (5 self)
 Add to MetaCart
(Show Context)
Abstract. A variety of logical frameworks support the use of higherorder abstract syntax (HOAS) in representing formal systems given via axioms and inference rules and reasoning about them. In such frameworks, objectlevel binding is encoded directly using metalevel binding. Although these systems seem superficially the same, they differ in a variety of ways; for example, in how they handle a context of assumptions and in what theorems about a given formal system can be expressed and proven. In this paper, we present several case studies which highlight a variety of different aspects of reasoning using HOAS, with the intention of providing a basis for comparison of different systems. We then carry out such a comparison among three systems: Twelf, Beluga, and Hybrid. We also develop a general set of criteria for comparing such systems. We hope that others will implement these challenge problems, apply these criteria, and further our understanding of the tradeoffs involved in choosing one system over another for this kind of reasoning. 1