Results 11  20
of
24
Predicate Transformer Semantics of a Higher Order Imperative Language With . . .
 SCIENCE OF COMPUTER PROGRAMMING
, 1998
"... Using a settheoretic model of predicate transformers and ordered data types, we give a totalcorrectness semantics for a typed higherorder imperative programming language that includes record extension, local variables, and proceduretype variables and parameters. The language includes infeasibl ..."
Abstract

Cited by 19 (9 self)
 Add to MetaCart
Using a settheoretic model of predicate transformers and ordered data types, we give a totalcorrectness semantics for a typed higherorder imperative programming language that includes record extension, local variables, and proceduretype variables and parameters. The language includes infeasible speci cation constructs, for a calculus of re nement. Procedures may have global variables, subject to mild syntactic restrictions to avoid the semantic complications of Algollike languages. The semantics is used to validate simple proof rules for noninterference, type extension, and calls of procedure variables and constants.
Reasoning about Functions with Effects
 See Gordon and Pitts
, 1997
"... ing and using (Lunif) we have that any two lambdas that are everywhere undefined are equivalent. The classic example of an everywhere undefined lambda is Bot 4 = x:app(x:app(x; x); x:app(x; x)) In f , another example of an everywhere undefined lambda is the "doforever" loop. Do 4 = f:Yv(Dox ..."
Abstract

Cited by 13 (1 self)
 Add to MetaCart
ing and using (Lunif) we have that any two lambdas that are everywhere undefined are equivalent. The classic example of an everywhere undefined lambda is Bot 4 = x:app(x:app(x; x); x:app(x; x)) In f , another example of an everywhere undefined lambda is the "doforever" loop. Do 4 = f:Yv(Dox:Do(f(x)) By the recursive definition, for any lambda ' and value v Do(')(v) \Gamma!Ø Do(')('(v)) Reasoning about Functions with Effects 21 In f , either '(v) \Gamma!Ø v 0 for some v 0 or '(v) is undefined. In the latter case the computation is undefined since the redex is undefined. In the former case, the computation reduces to Do(')(v 0 ) and on we go. The argument for undefinedness of Bot relies only on the (app) rule and will be valid in any uniform semantics. In contrast the argument for undefinedness of Do(') relies on the (fred.isdef) property of f . Functional Streams We now illustrate the use of (Lunifsim) computation to reason about streams represented as functions ...
Logical reasoning for higherorder functions with local state
 In Foundations of Software Science and Computation Structure
"... ABSTRACT. We introduce an extension of Hoare logic for callbyvalue higherorder functions with MLlike local reference generation. Local references may be generated dynamically and exported outside their scope, may store higherorder functions and may be used to construct complex mutable data stru ..."
Abstract

Cited by 13 (4 self)
 Add to MetaCart
ABSTRACT. We introduce an extension of Hoare logic for callbyvalue higherorder functions with MLlike local reference generation. Local references may be generated dynamically and exported outside their scope, may store higherorder functions and may be used to construct complex mutable data structures. This primitive is captured logically using a predicate asserting reachability of a reference name from a possibly higherorder datum and quantifiers over hidden references. We explore the logic’s descriptive and reasoning power with nontrivial programming examples combining higherorder procedures and dynamically generated local state. Axioms for reachability and local invariant play a central role for reasoning about the examples.
Soundness of Data Refinement for a Higher Order Imperative Language
, 1999
"... Using a settheoretic model of predicate transformers and ordered data types, we give a semantics for an Oberonlike higher order imperative language with record subtyping and proceduretype variables and parameters. Data refinement is shown to be sound for this language: It implies algorithmic refi ..."
Abstract

Cited by 9 (4 self)
 Add to MetaCart
Using a settheoretic model of predicate transformers and ordered data types, we give a semantics for an Oberonlike higher order imperative language with record subtyping and proceduretype variables and parameters. Data refinement is shown to be sound for this language: It implies algorithmic refinement when suitably localized. And all constructs are shown to preserve simulation, so data refinement can be carried out piecewise.
Assertionbased encapsulation, object invariants and simulations
 In FMCO postproceedings
, 2005
"... Abstract. In objectoriented programming, reentrant method invocations and shared references make it difficult to achieve adequate encapsulation for sound modular reasoning. This tutorial paper surveys recent progress using auxiliary state (ghost fields) to describe and achieve encapsulation. Encaps ..."
Abstract

Cited by 7 (3 self)
 Add to MetaCart
Abstract. In objectoriented programming, reentrant method invocations and shared references make it difficult to achieve adequate encapsulation for sound modular reasoning. This tutorial paper surveys recent progress using auxiliary state (ghost fields) to describe and achieve encapsulation. Encapsulation is assessed in terms of modular reasoning about invariants and simulations. 1
Local state in hoare logic for imperative higherorder functions
 in Appendix A.1. [A [Abs] x ∧C]M :m [C ′ ] [A]λx.M :u [∀x.[C] u • x = m [C ′ ]] [Deref ] − [C[!x/u]]!x :u [C] [App] [C]M :m [C0] [C0]N :n [C1 ∧ [C1] m • n = u [C ′ ]] [C]MN :u [C ′ ] [Assign] [C]M :m [C ′ [m/!x][()/u]] [C]x := M :u [C ′ ] [ConseqKleyman
, 2007
"... Abstract. We introduce an extension of Hoare logic for imperative higherorder functions with local state. Local state may be generated dynamically and exported outside its scope, may store higherorder functions, and may be used to construct complex shared mutable data structures. The induced behav ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
Abstract. We introduce an extension of Hoare logic for imperative higherorder functions with local state. Local state may be generated dynamically and exported outside its scope, may store higherorder functions, and may be used to construct complex shared mutable data structures. The induced behaviour is captured with a first order predicate which asserts reachability of reference names. The logic enjoys a strong match with the semantics of programs, in the sense that valid assertions characterise the standard contextual congruence. We explore the logic’s descriptive and reasoning power with nontrivial programming examples manipulating dynamically generated local state. Axioms for reachability play a central role for reasoning about the examples.
A πcalculus process semantics of concurrent idealised ALGOL
 In Proc. FOSSACS'99, volume 1578 of LNCS
, 1999
"... We study the use of the πcalculus for semantical descriptions of languages such as Concurrent Idealised ALGOL (CIA), combining imperative, functional and concurrent features. We first present an operational semantics for CIA, given by SOS rules and a contextual form of behavioural equivalence; th ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
We study the use of the πcalculus for semantical descriptions of languages such as Concurrent Idealised ALGOL (CIA), combining imperative, functional and concurrent features. We first present an operational semantics for CIA, given by SOS rules and a contextual form of behavioural equivalence; then a πcalculus semantics. As behavioural equivalence on πcalculus processes we choose the standard (weak early) bisimilarity. We compare the two semantics, demonstrating that there is a close operational correspondence between them and that the πcalculus semantics is sound. This allows for applying thecalculus theory in proving behavioural properties of CIA phrases. We discuss laws and examples which have served as benchmarks to various semantics, and a more complex example involving procedures of higher order.
Bisimilarity for the region calculus
 HigherOrder and Symbolic Computation
"... Abstract. A region calculus is a programming language calculus with explicit instrumentation for memory management. Every value is annotated with a region in which it is stored and regions are allocated and deallocated in a stacklike fashion. The annotations can be statically inferred by a type and ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
Abstract. A region calculus is a programming language calculus with explicit instrumentation for memory management. Every value is annotated with a region in which it is stored and regions are allocated and deallocated in a stacklike fashion. The annotations can be statically inferred by a type and effect system, making a region calculus suitable as an intermediate language for a compiler of statically typed programming languages. Although a lot of attention has been paid to type soundness properties of different flavors of region calculi, it seems that little effort has been made to develop a semantic framework. In this paper, we present a theory based on bisimulation, which serves as a coinductive proof principle for showing equivalences of polymorphically regionannotated terms. Our notion of bisimilarity is reminiscent of open bisimilarity for the πcalculus and we prove it sound and complete with respect to Morrisstyle contextual equivalence. As an application, we formulate a syntactic equational theory, which is used elsewhere to prove the soundness of a specializer based on region inference. We use our bisimulation framework to show that the equational theory is sound with respect to contextual equivalence.
On the observational theory of the CPScalculus ∗
"... We study the observational theory of Thielecke’s CPScalculus, a distillation of the target language of ContinuationPassing Style transforms. We define a labelled transition system for the CPScalculus from which we derive a (weak) labelled bisimilarity that completely characterises Morris ’ contex ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
We study the observational theory of Thielecke’s CPScalculus, a distillation of the target language of ContinuationPassing Style transforms. We define a labelled transition system for the CPScalculus from which we derive a (weak) labelled bisimilarity that completely characterises Morris ’ contextequivalence. We prove a context lemma showing that Morris ’ contextequivalence coincides with a simpler contextequivalence closed under a smaller class of contexts. Then we profit of the determinism of the CPScalculus to give a simpler labelled characterisation of Morris ’ equivalence, in the style of Abramsky’s applicative bisimilarity. We enhance our bisimulation proofmethods with upto bisimilarity and upto context proof techniques. We use our bisimulation proof techniques to investigate a few algebraic properties on diverging terms that cannot be proved using the original axiomatic semantics of the CPScalculus. Finally, we prove the full abstraction of Thielecke’s encoding of the CPScalculus into a fragment of Fournet and Gonthier’s Joincalculus with single pattern definitions. 1
Applications of Game Semantics: From Program Analysis to Hardware Synthesis
"... After informally reviewing the main concepts from game semantics and placing the development of the field in a historical context we examine its main applications. We focus in particular on finite state model checking, higher order model checking and more recent developments in hardware design. 1. C ..."
Abstract

Cited by 2 (2 self)
 Add to MetaCart
After informally reviewing the main concepts from game semantics and placing the development of the field in a historical context we examine its main applications. We focus in particular on finite state model checking, higher order model checking and more recent developments in hardware design. 1. Chronology, methodology, ideology Game Semantics is a denotational semantics in the conventional sense: for any term, it assigns a certain mathematical object as its meaning, which is constructed compositionally from the meanings of its subterms in a way that is independent of the operational semantics of the object language. What makes Game Semantics particular, peculiar maybe, is that the mathematical objects it operates with