Results 11  20
of
112
Proof Principles for Datatypes with Iterated Recursion
, 1997
"... . Data types like trees which are finitely branching and of (possibly) infinite depth are described by iterating initial algebras and terminal coalgebras. We study proof principles for such data types in the context of categorical logic, following and extending the approach of [14, 15]. The technica ..."
Abstract

Cited by 16 (3 self)
 Add to MetaCart
. Data types like trees which are finitely branching and of (possibly) infinite depth are described by iterating initial algebras and terminal coalgebras. We study proof principles for such data types in the context of categorical logic, following and extending the approach of [14, 15]. The technical contribution of this paper involves a description of initial algebras and terminal coalgebras in total categories of fibrations for lifted "datafunctors". These lifted functors are used to formulate our proof principles. We test these principles by proving some elementary results for four kinds of trees (with finite or infinite breadth or depth) using the proof tool pvs. 1 Introduction Algebras and coalgebras are of wellestablished importance in computer science, notably in the theory of datatypes, where especially initial algebras and terminal coalgebras play a distinguished role. Over the past decade there is more and more interest in the logic associated with initial algebras and ter...
Ats: A language that combines programming with theorem proving
 of Lecture Notes in Computer Science
, 2005
"... Abstract. ATS is a language with a highly expressive type system that supports a restricted form of dependent types in which programs are not allowed to appear in type expressions. The language is separated into two components: a proof language in which (inductive) proofs can be encoded as (total re ..."
Abstract

Cited by 16 (0 self)
 Add to MetaCart
(Show Context)
Abstract. ATS is a language with a highly expressive type system that supports a restricted form of dependent types in which programs are not allowed to appear in type expressions. The language is separated into two components: a proof language in which (inductive) proofs can be encoded as (total recursive) functions that are erased before execution, and a programming language for constructing programs to be evaluated. This separation enables a paradigm that combines programming with theorem proving. In this paper, we illustrate by example how this programming paradigm is supported in ATS.
Semicontinuous sized types and termination
 In Zoltán Ésik, editor, Computer Science Logic, 20th International Workshop, CSL 2006, 15th Annual Conference of the EACSL
"... Abstract. Some typebased approaches to termination use sized types: an ordinal bound for the size of a data structure is stored in its type. A recursive function over a sized type is accepted if it is visible in the type system that recursive calls occur just at a smaller size. This approach is onl ..."
Abstract

Cited by 16 (6 self)
 Add to MetaCart
(Show Context)
Abstract. Some typebased approaches to termination use sized types: an ordinal bound for the size of a data structure is stored in its type. A recursive function over a sized type is accepted if it is visible in the type system that recursive calls occur just at a smaller size. This approach is only sound if the type of the recursive function is admissible, i.e., depends on the size index in a certain way. To explore the space of admissible functions in the presence of higherkinded data types and impredicative polymorphism, a semantics is developed where sized types are interpreted as functions from ordinals into sets of strongly normalizing terms. It is shown that upper semicontinuity of such functions is a sufficient semantic criterion for admissibility. To provide a syntactical criterion, a calculus for semicontinuous functions is developed. 1.
The marriage of bisimulations and Kripke logical relations
 In POPL
, 2012
"... There has been great progress in recent years on developing effective techniques for reasoning about program equivalence in MLlike languages—that is, languages that combine features like higherorder functions, recursive types, abstract types, and general mutable references. Two of the most promine ..."
Abstract

Cited by 13 (9 self)
 Add to MetaCart
(Show Context)
There has been great progress in recent years on developing effective techniques for reasoning about program equivalence in MLlike languages—that is, languages that combine features like higherorder functions, recursive types, abstract types, and general mutable references. Two of the most prominent types of techniques to have emerged are bisimulations and Kripke logical relations (KLRs). While both approaches are powerful, their complementary advantages have led us and other researchers to wonder whether there is an essential tradeoff between them. Furthermore, both approaches seem to suffer from fundamental limitations if one is interested in scaling them to interlanguage reasoning. In this paper, we propose relation transition systems (RTSs), which marry together some of the most appealing aspects of KLRs and bisimulations. In particular, RTSs show how bisimulations’ support for reasoning about recursive features via coinduction can be synthesized with KLRs ’ support for reasoning about local state via state transition systems. Moreover, we have designed RTSs to avoid the limitations of KLRs and bisimulations that preclude their generalization to interlanguage reasoning. Notably, unlike KLRs, RTSs are transitively composable.
Union and intersection types for secure protocol implementations
"... We present a new type system for verifying the security of cryptographic protocol implementations. The type system combines prior work on refinement types, with union, intersection, and polymorphic types, and with the novel ability to reason statically about the disjointness of types. The increased ..."
Abstract

Cited by 13 (3 self)
 Add to MetaCart
We present a new type system for verifying the security of cryptographic protocol implementations. The type system combines prior work on refinement types, with union, intersection, and polymorphic types, and with the novel ability to reason statically about the disjointness of types. The increased expressivity enables the analysis of important protocol classes that were previously out of scope for the typebased analyses of protocol implementations. In particular, our types can statically characterize: (i) more usages of asymmetric cryptography, such as signatures of private data and encryptions of authenticated data; (ii) authenticity and integrity properties achieved by showing knowledge of secret data; (iii) applications based on zeroknowledge proofs. The type system comes with a mechanized proof of correctness and an efficient typechecker.
Implementing a Normalizer Using Sized Heterogeneous Types
 Journal of Functional Programming, MSFP’06 special issue
"... In the simplytyped lambdacalculus, a hereditary substitution replaces a free variable in a normal form r by another normal form s of type a, removing freshly created redexes on the fly. It can be defined by lexicographic induction on a and r, thus, giving rise to a structurally recursive normalize ..."
Abstract

Cited by 13 (2 self)
 Add to MetaCart
(Show Context)
In the simplytyped lambdacalculus, a hereditary substitution replaces a free variable in a normal form r by another normal form s of type a, removing freshly created redexes on the fly. It can be defined by lexicographic induction on a and r, thus, giving rise to a structurally recursive normalizer for the simplytyped lambdacalculus. We generalize this scheme to simultaneous substitutions, preserving its simple termination argument. We further implement hereditary simultaneous substitutions in a functional programming language with sized heterogeneous inductive types, Fωb, arriving at an interpreter whose termination can be tracked by the type system of its host programming language.
Programming With Types
 CORNELL UNIVERSITY
, 2002
"... Runtime type analysis is an increasingly important linguistic mechanism in modern programming languages. Language runtime systems use it to implement services such as accurate garbage collection, serialization, cloning and structural equality. Component frameworks rely on it to provide reflection m ..."
Abstract

Cited by 13 (2 self)
 Add to MetaCart
(Show Context)
Runtime type analysis is an increasingly important linguistic mechanism in modern programming languages. Language runtime systems use it to implement services such as accurate garbage collection, serialization, cloning and structural equality. Component frameworks rely on it to provide reflection mechanisms so they may discover and interact with program interfaces dynamically. Runtime type analysis is also crucial for large, distributed systems that must be dynamically extended, because it allows those systems to check program invariants when new code and new forms of data are added. Finally, many generic userlevel algorithms for iteration, pattern matching, and unification can be defined through type analysis mechanisms. However, existing frameworks for runtime type analysis were designed for simple type systems. They do not scale well to the sophisticated type systems of modern and nextgeneration programming languages that include complex constructs such as firstclass abstract types, recursive types, objects, and type parameterization. In addition, facilities to support type analysis often require complicated
The Power of Parameterization in Coinductive Proof
"... Coinduction is one of the most basic concepts in computer science. It is therefore surprising that the commonlyknown latticetheoretic accounts of the principles underlying coinductive proofs are lacking in two key respects: they do not support compositional reasoning (i.e., breaking proofs into se ..."
Abstract

Cited by 12 (5 self)
 Add to MetaCart
(Show Context)
Coinduction is one of the most basic concepts in computer science. It is therefore surprising that the commonlyknown latticetheoretic accounts of the principles underlying coinductive proofs are lacking in two key respects: they do not support compositional reasoning (i.e., breaking proofs into separate pieces that can be developed in isolation), and they do not support incremental reasoning (i.e., developing proofs interactively by starting from the goal and generalizing the coinduction hypothesis repeatedly as necessary). In this paper, we show how to support coinductive proofs that are both compositional and incremental, using a dead simple construction we call the parameterized greatest fixed point. The basic idea is to parameterize the greatest fixed point of interest over the accumulated knowledge of “the proof so far”. While this idea has been proposed before, by Winskel in 1989 and by Moss in 2001, neither of the previous accounts suggests its general applicability to improving the state of the art in interactive coinductive proof. In addition to presenting the latticetheoretic foundations of parameterized coinduction, demonstrating its utility on representative examples, and studying its composition with “upto ” techniques, we also explore its mechanization in proof assistants like Coq and Isabelle. Unlike traditional approaches to mechanizing coinduction (e.g., Coq’s cofix), which employ syntactic “guardedness checking”, parameterized coinduction offers a semantic account of guardedness. This leads to faster and more robust proof development, as we demonstrate using our new Coq library, Paco.
Principles and Applications of Refinement Types
, 2009
"... A refinement type {x: T  C} is the subset of the type T consisting of the values x to satisfy the formula C. In this tutorial article we explain the principles of refinement types by developing from first principles a concurrent λcalculus whose type system supports refinement types. Moreover, we ..."
Abstract

Cited by 11 (4 self)
 Add to MetaCart
A refinement type {x: T  C} is the subset of the type T consisting of the values x to satisfy the formula C. In this tutorial article we explain the principles of refinement types by developing from first principles a concurrent λcalculus whose type system supports refinement types. Moreover, we describe a series of applications of our refined type theory and of related systems.
Monotone Inductive and Coinductive Constructors of Rank 2
 Proceedings of CSL 2001
, 2001
"... A generalization of positive inductive and coinductive types to monotone inductive and coinductive constructors of rank 1 and rank 2 is described. The motivation is taken from initial algebras and nal coalgebras in a functor category and the CurryHowardcorrespondence. The denition of the system as ..."
Abstract

Cited by 10 (4 self)
 Add to MetaCart
A generalization of positive inductive and coinductive types to monotone inductive and coinductive constructors of rank 1 and rank 2 is described. The motivation is taken from initial algebras and nal coalgebras in a functor category and the CurryHowardcorrespondence. The denition of the system as a calculus requires an appropriate denition of monotonicity to overcome subtle problems, most notably to ensure that the (co)inductive constructors introduced via monotonicity of the underlying constructor of rank 2 are also monotone as constructors of rank 1. The problem is solved, strong normalization shown, and the notion proven to be wide enough to cover even highly complex datatypes. 1