Results 1 - 10
of
11
Hereditary substitutions for simple types, formalized
- In Proceedings of the third ACM SIGPLAN workshop on Mathematically structured functional programming, MSFP ’10
, 2010
"... We analyze a normalization function for the simply typed λ-calculus based on hereditary substitutions, a technique developed by Pfenning et al. The normalizer is implemented in Agda, a total language where all programs terminate. It requires no termination proof since it is structurally recursive wh ..."
Abstract
-
Cited by 3 (0 self)
- Add to MetaCart
(Show Context)
We analyze a normalization function for the simply typed λ-calculus based on hereditary substitutions, a technique developed by Pfenning et al. The normalizer is implemented in Agda, a total language where all programs terminate. It requires no termination proof since it is structurally recursive which is recognized by Agda’s termination checker. Using Agda as an interactive theorem prover we establish that our normalization function precisely identifies βη-equivalent terms and hence can be used to decide βηequality. An interesting feature of this approach is that it is clear from the construction that βη-equality is primitive recursive.
Towards Formal Verification of TLS Network Packet Processing Written in C
"... TLS is such a widespread security protocol that errors in its implementation can have disastrous consequences. This responsibility is mostly borne by programmers, caught between specifications with the ambiguities of natural language and error-prone low-level parsing of network packets. We provide n ..."
Abstract
-
Cited by 3 (1 self)
- Add to MetaCart
(Show Context)
TLS is such a widespread security protocol that errors in its implementation can have disastrous consequences. This responsibility is mostly borne by programmers, caught between specifications with the ambiguities of natural language and error-prone low-level parsing of network packets. We provide new Coq libraries for the formal verification of TLS packet processing written in C. The originality of our encoding of the core subset of C is its use of dependent types to guarantee statically well-formedness of datatypes and correct typing. We further equip this encoding with a Separation logic that enables byte-level reasoning and also provide a logical view of data structures. We also formalize a significant part of the RFC for TLS, again using dependent types to capture succinctly constraints that are left implicit in the prose document. Finally, we apply the above framework to an existing implementation of TLS of which we specify and verify a parsing function for network packets. Though not yet completed, this experiment already led us to spot correctness issues with the RFC and the C source code.
Formalizing Domains, Ultrametric Spaces and Semantics of Programming Languages
- UNDER CONSIDERATION FOR PUBLICATION IN MATH. STRUCT. IN COMP. SCIENCE
, 2010
"... We describe a Coq formalization of constructive ω-cpos, ultrametric spaces and ultrametric-enriched categories, up to and including the inverse-limit construction of solutions to mixed-variance recursive equations in both categories enriched over ω-cppos and categories enriched over ultrametric spac ..."
Abstract
-
Cited by 3 (2 self)
- Add to MetaCart
We describe a Coq formalization of constructive ω-cpos, ultrametric spaces and ultrametric-enriched categories, up to and including the inverse-limit construction of solutions to mixed-variance recursive equations in both categories enriched over ω-cppos and categories enriched over ultrametric spaces. We show how these mathematical structures may be used in formalizing semantics for three representative programming languages. Specifically, we give operational and denotational semantics for both a simply-typed CBV language with recursion and an untyped CBV language, establishing soundness and adequacy results in each case, and then use a Kripke logical relation over a recursively-defined metric space of worlds to give an interpretation of types over a step-counting operational semantics for a language with recursive types and general references.
Coq: The world’s best macro assembler?
"... We describe a Coq formalization of a subset of the x86 architecture. One emphasis of the model is brevity: using dependent types, type classes and notation we give the x86 semantics a makeover that counters its reputation for baroqueness. We model bits, bytes, and memory concretely using functions t ..."
Abstract
-
Cited by 2 (0 self)
- Add to MetaCart
(Show Context)
We describe a Coq formalization of a subset of the x86 architecture. One emphasis of the model is brevity: using dependent types, type classes and notation we give the x86 semantics a makeover that counters its reputation for baroqueness. We model bits, bytes, and memory concretely using functions that can be computed inside Coq itself; concrete representations are mapped across to mathematical objects in the SSREFLECT library (naturals, and integers modulo 2 n) to prove theorems. Finally, we use notation to support conventional assembly code syntax inside Coq, including lexically-scoped labels. Ordinary Coq definitions serve as a powerful “macro ” feature for everything from simple conditionals and loops to stack-allocated local variables and procedures with parameters. Assembly code can be assembled within Coq, producing a sequence of hex bytes. The assembler enjoys a correctness theorem relating machine code in memory to a separation-logic formula suitable for program verification. 1.
Abstraction and Invariance for Algebraically Indexed Types
"... Reynolds ’ relational parametricity provides a powerful way to reason about programs in terms of invariance under changes of data representation. A dazzling array of applications of Reynolds ’ theory exists, exploiting invariance to yield “free theorems”, noninhabitation results, and encodings of al ..."
Abstract
-
Cited by 1 (0 self)
- Add to MetaCart
(Show Context)
Reynolds ’ relational parametricity provides a powerful way to reason about programs in terms of invariance under changes of data representation. A dazzling array of applications of Reynolds ’ theory exists, exploiting invariance to yield “free theorems”, noninhabitation results, and encodings of algebraic datatypes. Outside computer science, invariance is a common theme running through many areas of mathematics and physics. For example, the area of a triangle is unaltered by rotation or flipping. If we scale a triangle, then we scale its area, maintaining an invariant relationship between the two. The transformations under which properties are invariant are often organised into groups, with the algebraic structure reflecting the composability and invertibility of transformations. In this paper, we investigate programming languages whose types are indexed by algebraic structures such as groups of geometric transformations. Other examples include types indexed by principals–for information flow security–and types indexed by distances–for analysis of analytic uniform continuity properties. Following Reynolds, we prove a general Abstraction Theorem that covers all these instances. Consequences of our Abstraction Theorem include free theorems expressing invariance properties of programs, type isomorphisms based on invariance properties, and nondefinability results indicating when certain algebraically indexed types are uninhabited or only inhabited by trivial programs. We have fully formalised our framework and most examples in Coq.
Multiversal polymorphic algebraic theories
- Proc. LICS
, 2013
"... Abstract—We formalise and study the notion of polymorphic algebraic theory, as understood in the mathematical vernacular as a theory presented by equations between polymorphically-typed terms with both type and term variable binding. The prototypical example of a polymorphic algebraic theory is Syst ..."
Abstract
-
Cited by 1 (0 self)
- Add to MetaCart
(Show Context)
Abstract—We formalise and study the notion of polymorphic algebraic theory, as understood in the mathematical vernacular as a theory presented by equations between polymorphically-typed terms with both type and term variable binding. The prototypical example of a polymorphic algebraic theory is System F, but our framework applies more widely. The extra generality stems from a mathematical analysis that has led to a unified theory of polymorphic algebraic theories with the following ingredients:- polymorphic signatures that specify arbitrary polymorphic operators (e.g. as in extended λ-calculi and algebraic effects);- metavariables, both for types and terms, that enable the generic description of meta-theories;- multiple type universes that allow a notion of translation be-tween theories that is parametric over different type universes;- polymorphic structures that provide a general notion of alge-braic model (including the PL-category semantics of System F);- a Polymorphic Equational Logic that constitutes a sound and complete logical framework for equational reasoning. Our work is semantically driven, being based on a hierarchical two-levelled algebraic modelling of abstract syntax with variable binding. Index Terms—polymorphism, equational logic, presheaves, cat-egorical semantics, the Grothendieck construction
Embedding F
, 2012
"... This millennium has seen a great deal of research into embedded domain-specific languages. Primarily, such languages are simply-typed. Focusing on System F, we demonstrate how to embed polymorphic domain specific languages in Haskell and OCaml. We exploit recent language extensions including kind po ..."
Abstract
-
Cited by 1 (0 self)
- Add to MetaCart
This millennium has seen a great deal of research into embedded domain-specific languages. Primarily, such languages are simply-typed. Focusing on System F, we demonstrate how to embed polymorphic domain specific languages in Haskell and OCaml. We exploit recent language extensions including kind polymorphism and first-class modules.
The Confinement Problem in the Presence of Faults ⋆
"... Abstract. In this paper, we establish a semantic foundation for the safe execution of untrusted code. Our approach extends Moggi’s computational λ-calculus in two dimensions with operations for asynchronous concurrency, shared state and software faults and with an effect type system à la Wadler prov ..."
Abstract
- Add to MetaCart
(Show Context)
Abstract. In this paper, we establish a semantic foundation for the safe execution of untrusted code. Our approach extends Moggi’s computational λ-calculus in two dimensions with operations for asynchronous concurrency, shared state and software faults and with an effect type system à la Wadler providing fine-grained control of effects. An equational system for fault isolation is exhibited and its soundness demonstrated with a semantics based on monad transformers. Our formalization of the equational system in the Coq theorem prover is discussed. We argue that the approach may be generalized to capture other safety properties, including information flow security. 1
Formal Verification of Hardware Synthesis
, 2013
"... Abstract. We report on the implementation of a certified compiler for a high-level hardware description language (HDL) called Fe-Si (FEatherweight SynthesIs). Fe-Si is a simplified version of Bluespec, an HDL based on a notion of guarded atomic actions. Fe-Si is defined as a dependently typed deep e ..."
Abstract
- Add to MetaCart
(Show Context)
Abstract. We report on the implementation of a certified compiler for a high-level hardware description language (HDL) called Fe-Si (FEatherweight SynthesIs). Fe-Si is a simplified version of Bluespec, an HDL based on a notion of guarded atomic actions. Fe-Si is defined as a dependently typed deep embedding in Coq. The target language of the compiler corresponds to a synthesisable subset of Verilog or VHDL. A key aspect of our approach is that input programs to the compiler can be defined and proved correct inside Coq. Then, we use extraction and a Verilog back-end (written in OCaml) to get a certified version of a hardware design.
