Results 1  10
of
16
The impact of higherorder state and control effects on local relational reasoning
, 2010
"... Reasoning about program equivalence is one of the oldest problems in semantics. In recent years, useful techniques have been developed, based on bisimulations and logical relations, for reasoning about equivalence in the setting of increasingly realistic languages—languages nearly as complex as ML o ..."
Abstract

Cited by 31 (13 self)
 Add to MetaCart
Reasoning about program equivalence is one of the oldest problems in semantics. In recent years, useful techniques have been developed, based on bisimulations and logical relations, for reasoning about equivalence in the setting of increasingly realistic languages—languages nearly as complex as ML or Haskell. Much of the recent work in this direction has considered the interesting representation independence principles enabled by the use of local state, but it is also important to understand the principles that powerful features like higherorder state and control effects disable. This latter topic has been broached extensively within the framework of game semantics, resulting in what Abramsky dubbed the “semantic cube”: fully abstract gamesemantic characterizations of various axes in the design space of MLlike languages. But when it comes to reasoning about many actual examples, game semantics does not yet supply a useful technique for proving equivalences. In this paper, we marry the aspirations of the semantic cube to the powerful proof method of stepindexed Kripke logical relations. Building on recent work of Ahmed, Dreyer, and Rossberg, we define the first fully abstract logical relation for an MLlike language with recursive types, abstract types, general references and call/cc. We then show how, under orthogonal restrictions to the expressive power of our language—namely, the restriction to firstorder state and/or the removal of call/cc—we can enhance the proving power of our possibleworlds model in correspondingly orthogonal ways, and we demonstrate this proving power on a range of interesting examples. Central to our story is the use of state transition systems to model the way in which properties of local state evolve over time.
A Relational Modal Logic for HigherOrder Stateful ADTs
"... The method of logical relations is a classic technique for proving the equivalence of higherorder programs that implement the same observable behavior but employ different internal data representations. Although it was originally studied for pure, strongly normalizing languages like System F, it ha ..."
Abstract

Cited by 19 (11 self)
 Add to MetaCart
The method of logical relations is a classic technique for proving the equivalence of higherorder programs that implement the same observable behavior but employ different internal data representations. Although it was originally studied for pure, strongly normalizing languages like System F, it has been extended over the past two decades to reason about increasingly realistic languages. In particular, Appel and McAllester’s idea of stepindexing has been used recently to develop syntactic Kripke logical relations for MLlike languages that mix functional and imperative forms of data abstraction. However, while stepindexed models are powerful tools, reasoning with them directly is quite painful, as one is forced to engage in tedious stepindex arithmetic to derive even simple results. In this paper, we propose a logic LADR for equational reasoning about higherorder programs in the presence of existential type abstraction, general recursive types, and higherorder mutable state. LADR exhibits a novel synthesis of features from PlotkinAbadi logic, GödelLöb logic, S4 modal logic, and relational separation logic. Our model of LADR is based on Ahmed, Dreyer, and Rossberg’s stateoftheart stepindexed Kripke logical relation, which was designed to facilitate proofs of representation independence for “statedependent ” ADTs. LADR enables one to express such proofs at a much higher level, without counting steps or reasoning about the subtle, stepstratified construction of possible worlds.
Stepindexed Kripke models over recursive worlds
 In Proc. of POPL
, 2011
"... Over the last decade, there has been extensive research on modelling challenging features in programming languages and program logics, such as higherorder store and storable resource invariants. A recent line of work has identified a common solution to some of these challenges: Kripke models over w ..."
Abstract

Cited by 18 (9 self)
 Add to MetaCart
Over the last decade, there has been extensive research on modelling challenging features in programming languages and program logics, such as higherorder store and storable resource invariants. A recent line of work has identified a common solution to some of these challenges: Kripke models over worlds that are recursively defined in a category of metric spaces. In this paper, we broaden the scope of this technique from the original domaintheoretic setting to an elementary, operational one based on step indexing. The resulting method is widely applicable and leads to simple, succinct models of complicated language features, as we demonstrate in our semantics of Charguéraud and Pottier’s typeandcapability system for an MLlike higherorder language. Moreover, the method provides a highlevel understanding of the essence of recent approaches based on step indexing. 1.
Logical StepIndexed Logical Relations
"... We show how to reason about “stepindexed ” logical relations in an abstract way, avoiding the tedious, errorprone, and proofobscuring stepindex arithmetic that seems superficially to be an essential element of the method. Specifically, we define a logic LSLR, which is inspired by Plotkin and Aba ..."
Abstract

Cited by 15 (6 self)
 Add to MetaCart
We show how to reason about “stepindexed ” logical relations in an abstract way, avoiding the tedious, errorprone, and proofobscuring stepindex arithmetic that seems superficially to be an essential element of the method. Specifically, we define a logic LSLR, which is inspired by Plotkin and Abadi’s logic for parametricity, but also supports recursively defined relations by means of the modal “later ” operator from Appel et al.’s “very modal model” paper. We encode in LSLR a logical relation for reasoning (in)equationally about programs in callbyvalue System F extended with recursive types. Using this logical relation, we derive a useful set of rules with which we can prove contextual (in)equivalences without mentioning step indices. 1
The essence of monotonic state
, 2009
"... We extend a static typeandcapability system with new mechanisms for expressing the promise that a certain abstract value evolves monotonically with time; for enforcing this promise; and for taking advantage of this promise to establish nontrivial properties of programs. These mechanisms are inde ..."
Abstract

Cited by 14 (4 self)
 Add to MetaCart
We extend a static typeandcapability system with new mechanisms for expressing the promise that a certain abstract value evolves monotonically with time; for enforcing this promise; and for taking advantage of this promise to establish nontrivial properties of programs. These mechanisms are independent of the treatment of mutable state, but combine with it to offer a flexible account of “monotonic state”. To demonstrate their use, we present a simple yet challenging example, namely monotonic integer counters. We then show how an implementation of thunks in terms of references can be assigned types that reflect time complexity properties, in the style of Danielsson (2008). This offers a foundational explanation of Danielsson’s system and, at the same time, extends it to a calculus with mutable state. Last, we sketch an application to hashconsing.
Generalizing the higherorder frame and antiframe rules. Unpublished
, 2009
"... This informal note presents generalized versions of the higherorder frame and antiframe rules. The main insights reside in two successive generalizations of the “tensor ” operator ⊗. In the first step, a form of “local invariant”, which allows implicit reasoning about “wellbracketed state changes” ..."
Abstract

Cited by 10 (6 self)
 Add to MetaCart
This informal note presents generalized versions of the higherorder frame and antiframe rules. The main insights reside in two successive generalizations of the “tensor ” operator ⊗. In the first step, a form of “local invariant”, which allows implicit reasoning about “wellbracketed state changes”, is introduced. In the second step, a form of “local monotonicity ” is added. 1.
A Kripke Logical Relation Between ML and Assembly
"... There has recently been great progress in proving the correctness of compilers for increasingly realistic languages with increasingly realistic runtime systems. Most work on this problem has focused on proving the correctness of a particular compiler, leaving open the question of how to verify the c ..."
Abstract

Cited by 8 (5 self)
 Add to MetaCart
There has recently been great progress in proving the correctness of compilers for increasingly realistic languages with increasingly realistic runtime systems. Most work on this problem has focused on proving the correctness of a particular compiler, leaving open the question of how to verify the correctness of assembly code that is handoptimized or linked together from the output of multiple compilers. This has led Benton and other researchers to propose more abstract, compositional notions of when a lowlevel program correctly realizes a highlevel one. However, the state of the art in socalled “compositional compiler correctness ” has only considered relatively simple highlevel and lowlevel languages. In this paper, we propose a novel, extensional, compilerindependent notion of equivalence between highlevel programs in an expressive, impure MLlike λcalculus and lowlevel programs in an (only slightly) idealized assembly language. We define this equivalence by means of a biorthogonal, stepindexed, Kripke logical relation, which enables us to reason quite flexibly about assembly code that uses local state in a different manner than the highlevel code it implements (e.g., selfmodifying code). In contrast to prior work, we factor our relation in a symmetric, languagegeneric fashion, which helps to simplify and clarify the formal presentation, and we also show how to account for the presence of a garbage collector. Our approach relies on recent developments in Kripke logical relations for MLlike languages, in particular the idea of possible worlds as state transition systems. 1.
The marriage of bisimulations and Kripke logical relations
 In POPL
, 2012
"... There has been great progress in recent years on developing effective techniques for reasoning about program equivalence in MLlike languages—that is, languages that combine features like higherorder functions, recursive types, abstract types, and general mutable references. Two of the most promine ..."
Abstract

Cited by 7 (5 self)
 Add to MetaCart
There has been great progress in recent years on developing effective techniques for reasoning about program equivalence in MLlike languages—that is, languages that combine features like higherorder functions, recursive types, abstract types, and general mutable references. Two of the most prominent types of techniques to have emerged are bisimulations and Kripke logical relations (KLRs). While both approaches are powerful, their complementary advantages have led us and other researchers to wonder whether there is an essential tradeoff between them. Furthermore, both approaches seem to suffer from fundamental limitations if one is interested in scaling them to interlanguage reasoning. In this paper, we propose relation transition systems (RTSs), which marry together some of the most appealing aspects of KLRs and bisimulations. In particular, RTSs show how bisimulations’ support for reasoning about recursive features via coinduction can be synthesized with KLRs ’ support for reasoning about local state via state transition systems. Moreover, we have designed RTSs to avoid the limitations of KLRs and bisimulations that preclude their generalization to interlanguage reasoning. Notably, unlike KLRs, RTSs are transitively composable.
A Generic Operational Metatheory for Algebraic Effects ∗
"... We provide a syntactic analysis of contextual preorder and equivalence for a polymorphic programming language with effects. Our approach applies uniformly to arbitrary algebraic effects, and thus incorporates, as instances: errors, input/output, global state, nondeterminism, probabilistic choice, an ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
We provide a syntactic analysis of contextual preorder and equivalence for a polymorphic programming language with effects. Our approach applies uniformly to arbitrary algebraic effects, and thus incorporates, as instances: errors, input/output, global state, nondeterminism, probabilistic choice, and combinations thereof. Our approach is to extend Plotkin and Power’s structural operational semantics for algebraic effects (FoSSaCS 2001) with a primitive “basic preorder ” on ground type computation trees. The basic preorder is used to derive notions of contextual preorder and equivalence on program terms. Under mild assumptions on this relation, we prove fundamental properties of contextual preorder (hence equivalence) including extensionality properties, a characterisation via applicative contexts, and machinery for reasoning about polymorphism using relational parametricity. 1.
Completeness for algebraic theories of local state
"... Abstract. Every algebraic theory gives rise to a monad, and monads allow a metalanguage which is a basic programming language with sideeffects. Equations in the algebraic theory give rise to equations between programs in the metalanguage. An interesting question is this: to what extent can we put ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
Abstract. Every algebraic theory gives rise to a monad, and monads allow a metalanguage which is a basic programming language with sideeffects. Equations in the algebraic theory give rise to equations between programs in the metalanguage. An interesting question is this: to what extent can we put equational reasoning for programs into the algebraic theory for the monad? In this paper I focus on local state, where programs can allocate, update and read the store. Plotkin and Power (FoSSaCS’02) have proposed an algebraic theory of local state, and they conjectured that the theory is complete, in the sense that every consistent equation is already derivable. The central contribution of this paper is to confirm this conjecture. To establish the completeness theorem, it is necessary to reformulate the informal theory of Plotkin and Power as an enriched algebraic theory in the sense of Kelly and Power (JPAA, 89:163–179). The new presentation can be read as 14 program assertions about three effects. The completeness theorem for local state is dependent on certain conditions on the type of storable values. When the set of storable values is finite, there is a subtle additional axiom regarding quotient types. 1