Results 1  10
of
11
Resource Usage Analysis
, 2002
"... program accesses resources in a valid manner. For example, a memory region that has been allocated should be eventually deallocated, and after the deallocation, the region should no longer be accessed. A file that has been opened should be eventually closed. So far, most of the methods to analyze th ..."
Abstract

Cited by 85 (6 self)
 Add to MetaCart
program accesses resources in a valid manner. For example, a memory region that has been allocated should be eventually deallocated, and after the deallocation, the region should no longer be accessed. A file that has been opened should be eventually closed. So far, most of the methods to analyze this kind of property have been proposed in rather specific contexts (like studies of memory management and verification of usage of lock primitives), and it was not so clear what is the essence of those methods or how methods proposed for individual problems are related. To remedy this situation, we formalize a general problem of analyzing resource usage as a resource usage analysis problem, and propose a typebased method as a solution to the problem.
An Effective Theory of Type Refinements
, 2002
"... We develop an explicit two level system that allows programmers to reason about the behavior of effectful programs. The first level is an ordinary MLstyle type system, which confers standard properties on program behavior. The second level is a conservative extension of the first that uses a logic ..."
Abstract

Cited by 62 (5 self)
 Add to MetaCart
We develop an explicit two level system that allows programmers to reason about the behavior of effectful programs. The first level is an ordinary MLstyle type system, which confers standard properties on program behavior. The second level is a conservative extension of the first that uses a logic of type refinements to check more precise properties of program behavior. Our logic is a fragment of intuitionistic linear logic, which gives programmers the ability to reason locally about changes of program state. We provide a generic resource semantics for our logic as well as a sound, decidable, syntactic refinementchecking system. We also prove that refinements give rise to an optimization principle for programs. Finally, we illustrate the power of our system through a number of examples.
Reasoning about Hierarchical Storage
, 2003
"... can encode invariants necessary for reasoning about hierarchical storage. We show how the logic can be used to describe the layout of bits in a memory word, the layout of memory words in a region, the layout of regions in an address space, or even the layout of address spaces in a multiprocessing e ..."
Abstract

Cited by 25 (8 self)
 Add to MetaCart
can encode invariants necessary for reasoning about hierarchical storage. We show how the logic can be used to describe the layout of bits in a memory word, the layout of memory words in a region, the layout of regions in an address space, or even the layout of address spaces in a multiprocessing environment. We provide a semantics for our formulas and then apply the semantics and logic to the task of developing a type system for MiniKAM, a simplified version of the abstract machine used in the ML Kit with regions.
Linear Logic and Imperative Programming
, 2008
"... One of the most important and enduring problems in programming languages research involves verification of programs that construct, manipulate and dispose of complex heapallocated data structures. Over the last several years, great progress has been made on this problem by using substructural logics ..."
Abstract

Cited by 6 (1 self)
 Add to MetaCart
One of the most important and enduring problems in programming languages research involves verification of programs that construct, manipulate and dispose of complex heapallocated data structures. Over the last several years, great progress has been made on this problem by using substructural logics to specify the shape of heapallocated data structures. These logics can capture aliasing properties in a concise notation. In this dissertation, we present our work on using an extension of Girard’s intuitionistic linear logic (a substructural logic) with classical constraints as the base logic to reason about the memory safety and shape invariants of programs that manipulate complex heapallocated data structures. To be more precise, we have defined formal proof rules for an intuitionistic linear logic with constraints, ILC, which modularly combines substructural reasoning with general constraintbased reasoning. We have also defined a formal semantics for our logic – program heaps – with recursively defined predicates. Next, we developed verification systems using different fragments of ILC to verify pointer programs. In particular, we developed a set of sound verification generation
On Regions and Linear Types (Extended Abstract)
 In Proceedings of the sixth ACM SIGPLAN international conference on Functional programming
, 2001
"... We explore how two different mechanisms for reasoning about state, linear typing and the type, region and effect discipline, complement one another in the design of a strongly typed functional programming language. The basis for our language is a simple lambda calculus containing firstclass memory ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
We explore how two different mechanisms for reasoning about state, linear typing and the type, region and effect discipline, complement one another in the design of a strongly typed functional programming language. The basis for our language is a simple lambda calculus containing firstclass memory regions, which are explicitly passed as arguments to functions, returned as results and stored in userdefined data structures. In order to ensure appropriate memory safety properties, we draw upon the literature on linear type systems to help control access to and deallocation of regions. In fact, we use two different interpretations of linear types, one in which multipleuse values are freely copied and discarded and one in which multipleuse values are explicitly referencecounted, and show that both interpretations give rise to interesting invariants for manipulating regions. We also explore new programming paradigms that arise by mixing firstclass regions and conventional linear data structures.
Termination
"... proof. Let us examine why. ; #M 1 :A 2#A 1 2 :A 2 #E. M 2 :A 1 We can make the following inferences. V 1 = #x:A 2 .M # 1 By type preservation and inversion At this point we cannot proceed: we need a derivation of [V 2 /x]M # 1 ## V for some V to complete the derivation of M 1 ..."
Abstract
 Add to MetaCart
proof. Let us examine why. ; #M 1 :A 2#A 1 2 :A 2 #E. M 2 :A 1 We can make the following inferences. V 1 = #x:A 2 .M # 1 By type preservation and inversion At this point we cannot proceed: we need a derivation of [V 2 /x]M # 1 ## V for some V to complete the derivation of M 1 M 2 ## V . Unfortunately, the induction hypothesis does not tell us anything about [V 2 /x]M # 1 . Basically, we need to extend it so it makes a statement about the result of evaluation ( #x:A 2 .M # 1 ,inthis case). Sticking to the case of linear application for the moment, we call a term M "good" if it evaluates to a "good" value V .AvalueVis "good" if it is a function #x:A 2 .M # 1 and if substituting a "good" value V 2 for x in M # 1 results in a "good" term. Note that this is not a proper definition, since to see if V is "good" we may need to substitute any "good" value V 2 into it, possibly including V itself. We can make this definition inductive if we observe that the value
Linear Type Checking
"... but ag it to indicate that it may not be exact, but that some of these linear hypotheses may be absorbed if necessary. In other words, in the judgment any of the remaining hypotheses in O need not be consumed in the other branches of the typing derivation. On the other hand, the judgment ; I n O ` ..."
Abstract
 Add to MetaCart
but ag it to indicate that it may not be exact, but that some of these linear hypotheses may be absorbed if necessary. In other words, in the judgment any of the remaining hypotheses in O need not be consumed in the other branches of the typing derivation. On the other hand, the judgment ; I n O ` 0 M : A indicates the M uses exactly the variables in I O . When we think of the judgment ; I n O ` i M : A as describing an algorithm, we think of , I and M as given, and O and the slack indicator i as part of the result of the computation. The type A may or may not be givenin one case it is synthesized, in the other case checked. This re nes our view as computation being described as the bottomup construction of a derivation to include parts of the judgment in dierent roles (as input, output, or bidirectional components). In logic programming, which is based on the notion of computationasproofsearch, these roles of the syntactic constituents of a judgment are called
Chapter 6 Linear Calculus
"... roofs in intuitionistic propositional natural deduction and simplytyped terms. A related observation on proof in combinatory logic had been made previously by Curry [CF58]. A generalization of this observation to include quanti ers gives rise to the rich eld of type theory, which we will analyz ..."
Abstract
 Add to MetaCart
roofs in intuitionistic propositional natural deduction and simplytyped terms. A related observation on proof in combinatory logic had been made previously by Curry [CF58]. A generalization of this observation to include quanti ers gives rise to the rich eld of type theory, which we will analyze in Chapter ??. Here we study the basic correspondence, extended to the case of linear logic. A linear calculus of proof terms will be useful for us in various circumstances. First of all, it gives a compact and faithful representation of proofs as terms. Proof checking is reduced to typechecking in a calculus. For example, if we do not trust the implementation of our theorem prover, we can instrument it to generate proof terms which can be veri ed independently. In this scenario we are just exploiting that validity of proof terms is an analytic judgment. Secondly, the terms in the calculus provide the core of a functional language with an expressive type system, in which statemen
Chapter 7 Linear Type Theory
"... itives j A B j !A Exponentials We now reconsider the quanti ers, 8x: A and 9x: A. In the rstorder linear logic we developed, the quanti ers range over a single (unspeci ed) domain. We may thus think of rstorder logic as the study of quanti cation independently of any particular domain. Thi ..."
Abstract
 Add to MetaCart
itives j A B j !A Exponentials We now reconsider the quanti ers, 8x: A and 9x: A. In the rstorder linear logic we developed, the quanti ers range over a single (unspeci ed) domain. We may thus think of rstorder logic as the study of quanti cation independently of any particular domain. This is accomplished by not making any assumptions about the domain of quanti cation. In contrast, rstorder arithmetic arises if we introduce natural numbers and allow quanti ers to range speci cally over natural numbers. This suggests to generalize the quanti ers to 8x:: A and 9x:: A, where is a type. In type theory, we may identify types with propositions. Therefore, we may label a quanti er with A instead of inventing a new syntactic category of types. Data types, such as the natural numbers, then have to be introduced as new types A together with their introduction and elimination rules. We postpone the discussion of numbers and other data types to Section ??. Here, we are mo
Chapter 6 Linear λCalculus
, 2001
"... proofs in intuitionistic propositional natural deduction and simplytyped #terms. A related observation on proof in combinatory logic had been made previously by Curry [CF58]. A generalization of this observation to include quantifiers gives rise to the rich field of type theory, which we will ana ..."
Abstract
 Add to MetaCart
proofs in intuitionistic propositional natural deduction and simplytyped #terms. A related observation on proof in combinatory logic had been made previously by Curry [CF58]. A generalization of this observation to include quantifiers gives rise to the rich field of type theory, which we will analyze in Chapter ??. Here we study the basic correspondence, extended to the case of linear logic. A linear #calculus of proof terms will be useful for us in various circumstances. First of all, it gives a compact and faithful representation of proofs as terms. Proof checking is reduced to typechecking in a #calculus. For example, if we do not trust the implementation of our theorem prover, we can instrument it to generate proof terms which can be verified independently. In this scenario we are just exploiting that validity of proof terms is an analytic judgment. Secondly, the terms in the #calculus provide the core of a functional language with an expressive type system, in which statem