Results 1  10
of
11
Hereditary substitutions for simple types, formalized
 In Proceedings of the third ACM SIGPLAN workshop on Mathematically structured functional programming, MSFP ’10
, 2010
"... We analyze a normalization function for the simply typed λcalculus based on hereditary substitutions, a technique developed by Pfenning et al. The normalizer is implemented in Agda, a total language where all programs terminate. It requires no termination proof since it is structurally recursive wh ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
(Show Context)
We analyze a normalization function for the simply typed λcalculus based on hereditary substitutions, a technique developed by Pfenning et al. The normalizer is implemented in Agda, a total language where all programs terminate. It requires no termination proof since it is structurally recursive which is recognized by Agda’s termination checker. Using Agda as an interactive theorem prover we establish that our normalization function precisely identifies βηequivalent terms and hence can be used to decide βηequality. An interesting feature of this approach is that it is clear from the construction that βηequality is primitive recursive.
Towards Formal Verification of TLS Network Packet Processing Written in C
"... TLS is such a widespread security protocol that errors in its implementation can have disastrous consequences. This responsibility is mostly borne by programmers, caught between specifications with the ambiguities of natural language and errorprone lowlevel parsing of network packets. We provide n ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
(Show Context)
TLS is such a widespread security protocol that errors in its implementation can have disastrous consequences. This responsibility is mostly borne by programmers, caught between specifications with the ambiguities of natural language and errorprone lowlevel parsing of network packets. We provide new Coq libraries for the formal verification of TLS packet processing written in C. The originality of our encoding of the core subset of C is its use of dependent types to guarantee statically wellformedness of datatypes and correct typing. We further equip this encoding with a Separation logic that enables bytelevel reasoning and also provide a logical view of data structures. We also formalize a significant part of the RFC for TLS, again using dependent types to capture succinctly constraints that are left implicit in the prose document. Finally, we apply the above framework to an existing implementation of TLS of which we specify and verify a parsing function for network packets. Though not yet completed, this experiment already led us to spot correctness issues with the RFC and the C source code.
Formalizing Domains, Ultrametric Spaces and Semantics of Programming Languages
 UNDER CONSIDERATION FOR PUBLICATION IN MATH. STRUCT. IN COMP. SCIENCE
, 2010
"... We describe a Coq formalization of constructive ωcpos, ultrametric spaces and ultrametricenriched categories, up to and including the inverselimit construction of solutions to mixedvariance recursive equations in both categories enriched over ωcppos and categories enriched over ultrametric spac ..."
Abstract

Cited by 3 (2 self)
 Add to MetaCart
We describe a Coq formalization of constructive ωcpos, ultrametric spaces and ultrametricenriched categories, up to and including the inverselimit construction of solutions to mixedvariance recursive equations in both categories enriched over ωcppos and categories enriched over ultrametric spaces. We show how these mathematical structures may be used in formalizing semantics for three representative programming languages. Specifically, we give operational and denotational semantics for both a simplytyped CBV language with recursion and an untyped CBV language, establishing soundness and adequacy results in each case, and then use a Kripke logical relation over a recursivelydefined metric space of worlds to give an interpretation of types over a stepcounting operational semantics for a language with recursive types and general references.
Coq: The world’s best macro assembler?
"... We describe a Coq formalization of a subset of the x86 architecture. One emphasis of the model is brevity: using dependent types, type classes and notation we give the x86 semantics a makeover that counters its reputation for baroqueness. We model bits, bytes, and memory concretely using functions t ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
(Show Context)
We describe a Coq formalization of a subset of the x86 architecture. One emphasis of the model is brevity: using dependent types, type classes and notation we give the x86 semantics a makeover that counters its reputation for baroqueness. We model bits, bytes, and memory concretely using functions that can be computed inside Coq itself; concrete representations are mapped across to mathematical objects in the SSREFLECT library (naturals, and integers modulo 2 n) to prove theorems. Finally, we use notation to support conventional assembly code syntax inside Coq, including lexicallyscoped labels. Ordinary Coq definitions serve as a powerful “macro ” feature for everything from simple conditionals and loops to stackallocated local variables and procedures with parameters. Assembly code can be assembled within Coq, producing a sequence of hex bytes. The assembler enjoys a correctness theorem relating machine code in memory to a separationlogic formula suitable for program verification. 1.
Abstraction and Invariance for Algebraically Indexed Types
"... Reynolds ’ relational parametricity provides a powerful way to reason about programs in terms of invariance under changes of data representation. A dazzling array of applications of Reynolds ’ theory exists, exploiting invariance to yield “free theorems”, noninhabitation results, and encodings of al ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
Reynolds ’ relational parametricity provides a powerful way to reason about programs in terms of invariance under changes of data representation. A dazzling array of applications of Reynolds ’ theory exists, exploiting invariance to yield “free theorems”, noninhabitation results, and encodings of algebraic datatypes. Outside computer science, invariance is a common theme running through many areas of mathematics and physics. For example, the area of a triangle is unaltered by rotation or flipping. If we scale a triangle, then we scale its area, maintaining an invariant relationship between the two. The transformations under which properties are invariant are often organised into groups, with the algebraic structure reflecting the composability and invertibility of transformations. In this paper, we investigate programming languages whose types are indexed by algebraic structures such as groups of geometric transformations. Other examples include types indexed by principals–for information flow security–and types indexed by distances–for analysis of analytic uniform continuity properties. Following Reynolds, we prove a general Abstraction Theorem that covers all these instances. Consequences of our Abstraction Theorem include free theorems expressing invariance properties of programs, type isomorphisms based on invariance properties, and nondefinability results indicating when certain algebraically indexed types are uninhabited or only inhabited by trivial programs. We have fully formalised our framework and most examples in Coq.
Multiversal polymorphic algebraic theories
 Proc. LICS
, 2013
"... Abstract—We formalise and study the notion of polymorphic algebraic theory, as understood in the mathematical vernacular as a theory presented by equations between polymorphicallytyped terms with both type and term variable binding. The prototypical example of a polymorphic algebraic theory is Syst ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
Abstract—We formalise and study the notion of polymorphic algebraic theory, as understood in the mathematical vernacular as a theory presented by equations between polymorphicallytyped terms with both type and term variable binding. The prototypical example of a polymorphic algebraic theory is System F, but our framework applies more widely. The extra generality stems from a mathematical analysis that has led to a unified theory of polymorphic algebraic theories with the following ingredients: polymorphic signatures that specify arbitrary polymorphic operators (e.g. as in extended λcalculi and algebraic effects); metavariables, both for types and terms, that enable the generic description of metatheories; multiple type universes that allow a notion of translation between theories that is parametric over different type universes; polymorphic structures that provide a general notion of algebraic model (including the PLcategory semantics of System F); a Polymorphic Equational Logic that constitutes a sound and complete logical framework for equational reasoning. Our work is semantically driven, being based on a hierarchical twolevelled algebraic modelling of abstract syntax with variable binding. Index Terms—polymorphism, equational logic, presheaves, categorical semantics, the Grothendieck construction
Embedding F
, 2012
"... This millennium has seen a great deal of research into embedded domainspecific languages. Primarily, such languages are simplytyped. Focusing on System F, we demonstrate how to embed polymorphic domain specific languages in Haskell and OCaml. We exploit recent language extensions including kind po ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
This millennium has seen a great deal of research into embedded domainspecific languages. Primarily, such languages are simplytyped. Focusing on System F, we demonstrate how to embed polymorphic domain specific languages in Haskell and OCaml. We exploit recent language extensions including kind polymorphism and firstclass modules.
The Confinement Problem in the Presence of Faults ⋆
"... Abstract. In this paper, we establish a semantic foundation for the safe execution of untrusted code. Our approach extends Moggi’s computational λcalculus in two dimensions with operations for asynchronous concurrency, shared state and software faults and with an effect type system à la Wadler prov ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. In this paper, we establish a semantic foundation for the safe execution of untrusted code. Our approach extends Moggi’s computational λcalculus in two dimensions with operations for asynchronous concurrency, shared state and software faults and with an effect type system à la Wadler providing finegrained control of effects. An equational system for fault isolation is exhibited and its soundness demonstrated with a semantics based on monad transformers. Our formalization of the equational system in the Coq theorem prover is discussed. We argue that the approach may be generalized to capture other safety properties, including information flow security. 1
Formal Verification of Hardware Synthesis
, 2013
"... Abstract. We report on the implementation of a certified compiler for a highlevel hardware description language (HDL) called FeSi (FEatherweight SynthesIs). FeSi is a simplified version of Bluespec, an HDL based on a notion of guarded atomic actions. FeSi is defined as a dependently typed deep e ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. We report on the implementation of a certified compiler for a highlevel hardware description language (HDL) called FeSi (FEatherweight SynthesIs). FeSi is a simplified version of Bluespec, an HDL based on a notion of guarded atomic actions. FeSi is defined as a dependently typed deep embedding in Coq. The target language of the compiler corresponds to a synthesisable subset of Verilog or VHDL. A key aspect of our approach is that input programs to the compiler can be defined and proved correct inside Coq. Then, we use extraction and a Verilog backend (written in OCaml) to get a certified version of a hardware design.