Results 11  20
of
58
Implicit Coercions in Type Systems
 In Selected Papers from the International Workshop TYPES '95
, 1995
"... . We propose a notion of pure type system with implicit coercions. In our framework, judgements are extended with a context of coercions \Delta and the application rule is modified so as to allow coercions to be left implicit. The setting supports multiple inheritance and can be applied to all type ..."
Abstract

Cited by 15 (1 self)
 Add to MetaCart
. We propose a notion of pure type system with implicit coercions. In our framework, judgements are extended with a context of coercions \Delta and the application rule is modified so as to allow coercions to be left implicit. The setting supports multiple inheritance and can be applied to all type theories with \Pitypes. One originality of our work is to propose a computational interpretation for implicit coercions. In this paper, we demonstrate how this interpretation allows a strict control on the logical properties of pure type systems with implicit coecions. 1 Introduction The increasing importance of mathematical software has been accompanied by a drift of mainstream mathematics towards mathematical logic and the foundations of mathematics. Before mathematical software, formal systems were generally seen both by logicians and mathematicians as safe heavens into which mathematics could theoretically be embedded. With powerful mathematical software, there is now a genuine interes...
A bidirectional refinement type system for LF
 Electronic Notes in Theoretical Computer Science, 196:113–128, January 2008. [NPP07] [Pfe92] [Pfe93] [Pfe01] Aleksandar Nanevski, Frank Pfenning, and Brigitte
"... We present a system of refinement types for LF in the style of recent formulations where only canonical forms are welltyped. Both the usual LF rules and the rules for type refinements are bidirectional, leading to a straightforward proof of decidability of typechecking even in the presence of inter ..."
Abstract

Cited by 14 (8 self)
 Add to MetaCart
We present a system of refinement types for LF in the style of recent formulations where only canonical forms are welltyped. Both the usual LF rules and the rules for type refinements are bidirectional, leading to a straightforward proof of decidability of typechecking even in the presence of intersection types. Because we insist on canonical forms, structural rules for subtyping can now be derived rather than being assumed as primitive. We illustrate the expressive power of our system with several examples in the domain of logics and programming languages.
A Weakest Precondition Semantics for Refinement of ObjectOriented Programs
, 2000
"... We define a predicatetransformer semantics for an objectoriented language that includes specification constructs from refinement calculi. The language includes recursive classes, visibility control, dynamic binding, and recursive methods. Using the semantics, we formulate notions of refinement. Su ..."
Abstract

Cited by 13 (3 self)
 Add to MetaCart
We define a predicatetransformer semantics for an objectoriented language that includes specification constructs from refinement calculi. The language includes recursive classes, visibility control, dynamic binding, and recursive methods. Using the semantics, we formulate notions of refinement. Such results are a first step towards a refinement calculus.
A proof of strong normalisation using domain theory
 In LICS’06
, 2006
"... U. Berger, [11] significantly simplified Tait’s normalisation proof for bar recursion [27], see also [9], replacing Tait’s introduction of infinite terms by the construction of a domain having the property that a term is strongly normalizing if its semantics is. The goal of this paper is to show tha ..."
Abstract

Cited by 13 (1 self)
 Add to MetaCart
U. Berger, [11] significantly simplified Tait’s normalisation proof for bar recursion [27], see also [9], replacing Tait’s introduction of infinite terms by the construction of a domain having the property that a term is strongly normalizing if its semantics is. The goal of this paper is to show that, using ideas from the theory of intersection types [2, 6, 7, 21] and MartinLöf’s domain interpretation of type theory [18], we can in turn simplify U. Berger’s argument in the construction of such a domain model. We think that our domain model can be used to give modular proofs of strong normalization for various type theory. As an example, we show in some details how it can be used to prove strong normalization for MartinLöf dependent type theory extended with bar recursion, and with some form of proofirrelevance. 1
Typed Multiset Rewriting Specifications of Security Protocols
, 2001
"... The language MSR has successfully been used in the past to prove undecidability results about security protocols modeled according to the DolevYao abstraction. In this paper, we revise this formalism into a flexible specification framework for complex cryptoprotocols. More specifically, we equip i ..."
Abstract

Cited by 12 (7 self)
 Add to MetaCart
The language MSR has successfully been used in the past to prove undecidability results about security protocols modeled according to the DolevYao abstraction. In this paper, we revise this formalism into a flexible specification framework for complex cryptoprotocols. More specifically, we equip it with an extensible typing infrastructure based on dependent types with subsorting, which elegantly captures and enforces basic relations among objects, such as between a public key and its inverse. We also introduce the notion of memory predicate, where principals can store information that survives role termination. These predicates allow specifying complex protocols structured into a coordinated collection of subprotocols. Moreover, they permit describing different attacker models using the same syntax as any other role. We demonstrate this possibility and the precision of our type system by presenting two formalizations of the DolevYao intruder. We discuss two execution models for this revised version of MSR, one sequential and one parallel, and prove that the latter can be simulated by the former.
M.: Lightweight family polymorphism
 J. Funct. Program
, 2008
"... Abstract. Family polymorphism has been proposed for objectoriented languages as a solution to supporting reusable yet typesafe mutually recursive classes. A key idea of family polymorphism is the notion of families, which are used to group mutually recursive classes. In the original proposal, due ..."
Abstract

Cited by 12 (0 self)
 Add to MetaCart
Abstract. Family polymorphism has been proposed for objectoriented languages as a solution to supporting reusable yet typesafe mutually recursive classes. A key idea of family polymorphism is the notion of families, which are used to group mutually recursive classes. In the original proposal, due to the design decision that families are represented by objects, dependent types had to be introduced, resulting in a rather complex type system. In this paper, we propose a simpler solution of lightweight family polymorphism, based on the idea that families are represented by classes rather than objects. This change makes the type system significantly simpler without losing much expressibility of the language. Moreover, “familypolymorphic ” methods now take a form of parametric methods; thus it is easy to apply the Javastyle type inference. To rigorously show that our approach is safe, we formalize the set of language features on top of Featherweight Java and prove the type system is sound. An algorithm of type inference for familypolymorphic method invocations is also formalized and proved to be correct.
Typed operational semantics for higher order subtyping
, 1997
"... Bounded operator abstraction is a language construct relevant to object oriented programming languages and to ML2000, the successor to Standard ML. In this paper, we introduce F!^, a variant of F!!: with this feature and with Cardelli and Wegner's kernel Fun rule for quantifiers. We define a typed ..."
Abstract

Cited by 12 (4 self)
 Add to MetaCart
Bounded operator abstraction is a language construct relevant to object oriented programming languages and to ML2000, the successor to Standard ML. In this paper, we introduce F!^, a variant of F!!: with this feature and with Cardelli and Wegner's kernel Fun rule for quantifiers. We define a typed operational semantics with subtyping and prove that it is equivalent with F!^, using a Kripke model to prove soundness. The typed operational semantics provides a powerful tool to establish the metatheoretic properties of F!^, such as ChurchRosser, subject reduction, the admissibility of structural rules, and the equivalence with the algorithmic presentation of the system.
Game Semantics and Subtyping
 In Proceedings of the fifteenth annual IEEE symposium on Logic in Computer Science
, 1999
"... While Game Semantics has been remarkably successful at modelling, often in a fully abstract manner, a wide range of features of programming languages, there has to date been no attempt at applying it to subtyping. We show how the simple device of explicitly introducing error values in the syntax of ..."
Abstract

Cited by 11 (1 self)
 Add to MetaCart
While Game Semantics has been remarkably successful at modelling, often in a fully abstract manner, a wide range of features of programming languages, there has to date been no attempt at applying it to subtyping. We show how the simple device of explicitly introducing error values in the syntax of the calculus leads to a notion of subtyping for game semantics. We construct an interpretation of a simple calculus with subtyping and show how the range of the interpretation of types is a complete lattice thus yielding an interpretation of bounded quantification.
Data access specification and the most powerful symbolic attacker in MSR
 In ISSS ’02, volume 2609 of LNCS
, 2003
"... Most systems designed for the symbolic verification of security protocols operate under the unproved assumption that an attack can only result from the combination of a fixed number of message transformations, which altogether constitute the capabilities of the socalled DolevYao intruder. In this ..."
Abstract

Cited by 11 (2 self)
 Add to MetaCart
Most systems designed for the symbolic verification of security protocols operate under the unproved assumption that an attack can only result from the combination of a fixed number of message transformations, which altogether constitute the capabilities of the socalled DolevYao intruder. In this paper, we show that the DolevYao intruder can indeed emulate the actions of an arbitrary symbolic adversary. In order to do so, we extend MSR, a flexible specification framework for security protocols based on typed multiset rewriting, with a static check called data access specification and aimed at catching specification errors such as a principal trying to use a key that she is not entitled to access. 1
Refinement Types for Specification
 IFIP Working Conference on Programming Concepts and Methods (PROCOMET ’98), Shelter Island
, 1998
"... We develop a theory of program specification using the notion of refinement type. This provides a notion of structured specification, useful for verification and program development. We axiomatise the satisfaction of specifications by programs as a generalised typing relation and give rules for refi ..."
Abstract

Cited by 9 (2 self)
 Add to MetaCart
We develop a theory of program specification using the notion of refinement type. This provides a notion of structured specification, useful for verification and program development. We axiomatise the satisfaction of specifications by programs as a generalised typing relation and give rules for refining specifications. A per semantics based on Henkin models is given, for which the system is proven to be sound and complete. Keywords Specification, refinement, verification, type theory, Henkin models 1