Results 1  10
of
43
A Linear Logical Framework
, 1996
"... We present the linear type theory LLF as the forAppeared in the proceedings of the Eleventh Annual IEEE Symposium on Logic in Computer Science  LICS'96 (E. Clarke editor), pp. 264275, New Brunswick, NJ, July 2730 1996. mal basis for a conservative extension of the LF logical framework. ..."
Abstract

Cited by 222 (45 self)
 Add to MetaCart
We present the linear type theory LLF as the forAppeared in the proceedings of the Eleventh Annual IEEE Symposium on Logic in Computer Science  LICS'96 (E. Clarke editor), pp. 264275, New Brunswick, NJ, July 2730 1996. mal basis for a conservative extension of the LF logical framework. LLF combines the expressive power of dependent types with linear logic to permit the natural and concise representation of a whole new class of deductive systems, namely those dealing with state. As an example we encode a version of MiniML with references including its type system, its operational semantics, and a proof of type preservation. Another example is the encoding of a sequent calculus for classical linear logic and its cut elimination theorem. LLF can also be given an operational interpretation as a logic programming language under which the representations above can be used for type inference, evaluation and cutelimination. 1 Introduction A logical framework is a formal system desig...
On Equivalence and Canonical Forms in the LF Type Theory
 ACM Transactions on Computational Logic
, 2001
"... Decidability of definitional equality and conversion of terms into canonical form play a central role in the metatheory of a typetheoretic logical framework. Most studies of definitional equality are based on a confluent, stronglynormalizing notion of reduction. Coquand has considered a different ..."
Abstract

Cited by 89 (20 self)
 Add to MetaCart
Decidability of definitional equality and conversion of terms into canonical form play a central role in the metatheory of a typetheoretic logical framework. Most studies of definitional equality are based on a confluent, stronglynormalizing notion of reduction. Coquand has considered a different approach, directly proving the correctness of a practical equivalence algorithm based on the shape of terms. Neither approach appears to scale well to richer languages with unit types or subtyping, and neither directly addresses the problem of conversion to canonical form.
Subtyping Dependent Types
, 2000
"... The need for subtyping in typesystems with dependent types has been realized for some years. But it is hard to prove that systems combining the two features have fundamental properties such as subject reduction. Here we investigate a subtyping extension of the system *P, which is an abstract versio ..."
Abstract

Cited by 70 (6 self)
 Add to MetaCart
The need for subtyping in typesystems with dependent types has been realized for some years. But it is hard to prove that systems combining the two features have fundamental properties such as subject reduction. Here we investigate a subtyping extension of the system *P, which is an abstract version of the type system of the Edinburgh Logical Framework LF. By using an equivalent formulation, we establish some important properties of the new system *P^, including subject reduction. Our analysis culminates in a complete and terminating algorithm which establishes the decidability of typechecking.
Typed MSR: Syntax and Examples
 FIRST INTERNATIONAL WORKSHOP ON MATHEMATICAL METHODS, MODELS AND ARCHITECTURES FOR COMPUTER NETWORKS SECURITY — MMM’01
, 2001
"... Many design flaws and incorrect analyses of cryptographic protocols can be traced to inadequate specification languages for message components, environment assumptions, and goals. In this paper, we present MSR, a strongly typed specification language for security protocols, which is intended to ..."
Abstract

Cited by 41 (24 self)
 Add to MetaCart
Many design flaws and incorrect analyses of cryptographic protocols can be traced to inadequate specification languages for message components, environment assumptions, and goals. In this paper, we present MSR, a strongly typed specification language for security protocols, which is intended to address the first two issues. Its typing infrastructure, based on the theory of dependent types with subsorting, yields elegant and precise formalizations, and supports a useful array of static check that include typechecking and access control validation. It uses multiset rewriting rules to express the actions of the protocol. The availability of memory predicates enable it to faithfully encode systems consisting of a collection of coordinated subprotocols, and constraints allow tackling objects belonging to complex interpretation domains, e.g. time stamps, in an abstract and modular way. We apply MSR to the specification of several examples.
Practical RefinementType Checking
, 1997
"... Refinement types allow many more properties of programs to be expressed and statically checked than conventional type systems. We present a practical algorithm for refinementtype checking in a calculus enriched with refinementtype annotations. We prove that our basic algorithm is sound and comple ..."
Abstract

Cited by 38 (1 self)
 Add to MetaCart
Refinement types allow many more properties of programs to be expressed and statically checked than conventional type systems. We present a practical algorithm for refinementtype checking in a calculus enriched with refinementtype annotations. We prove that our basic algorithm is sound and complete, and show that every term which has a refinement type can be annotated as required by our algorithm. Our positive experience with an implementation of an extension of this algorithm to the full core language of Standard ML demonstrates that refinement types can be a practical program development tool in a realistic programming language. The required refinement type definitions and annotations are not much of a burden and serve as formal, machinechecked explanations of code invariants which otherwise would remain implicit. 1 Introduction The advantages of staticallytyped programming languages are well known, and have been described many times (e.g. see [Car97]). However, conventional ty...
Mode and Termination Checking for HigherOrder Logic Programs
 In Hanne Riis Nielson, editor, Proceedings of the European Symposium on Programming
, 1996
"... . We consider how mode (such as input and output) and termination properties of typed higherorder constraint logic programming languages may be declared and checked effectively. The systems that we present have been validated through an implementation and numerous case studies. 1 Introduction Jus ..."
Abstract

Cited by 37 (11 self)
 Add to MetaCart
(Show Context)
. We consider how mode (such as input and output) and termination properties of typed higherorder constraint logic programming languages may be declared and checked effectively. The systems that we present have been validated through an implementation and numerous case studies. 1 Introduction Just like other paradigms logic programming benefits tremendously from types. Perhaps most importantly, types allow the early detection of errors when a program is checked against a type specification. With some notable exceptions most type systems proposed for logic programming languages to date (see [18]) are concerned with the declarative semantics of programs, for example, in terms of manysorted, ordersorted, or higherorder logic. Operational properties of logic programs which are vital for their correctness can thus neither be expressed nor checked and errors will remain undetected. In this paper we consider how the declaration and checking of mode (such as input and output) and termina...
Coercive Subtyping in Type Theory
 Proc. of CSL'96, the 1996 Annual Conference of the European Association for Computer Science Logic, Utrecht. LNCS 1258
, 1996
"... We propose and study coercive subtyping, a formal extension with subtyping of dependent type theories such as MartinLof's type theory [NPS90] and the type theory UTT [Luo94]. In this approach, subtyping with specified implicit coercions is treated as a feature at the level of the logical frame ..."
Abstract

Cited by 27 (14 self)
 Add to MetaCart
(Show Context)
We propose and study coercive subtyping, a formal extension with subtyping of dependent type theories such as MartinLof's type theory [NPS90] and the type theory UTT [Luo94]. In this approach, subtyping with specified implicit coercions is treated as a feature at the level of the logical framework; in particular, subsumption and coercion are combined in such a way that the meaning of an object being in a supertype is given by coercive definition rules for the definitional equality. It is shown that this provides a conceptually simple and uniform framework to understand subtyping and coercion relations in type theories with sophisticated type structures such as inductive types and universes. The use of coercive subtyping in formal development and in reasoning about subsets of objects is discussed in the context of computerassisted formal reasoning. 1 Introduction A type in type theory is often intuitively thought of as a set. For example, types in MartinLof's type theory [ML84, NPS90...
A Specification Language for CryptoProtocols based on Multiset Rewriting, Dependent Types and Subsorting
, 2001
"... MSR is an unambiguous, flexible, powerful and relatively simple specification framework for cryptoprotocols. It uses multiset rewriting rules over firstorder atomic formulas to express protocol actions and relies on a form of existential quantification to symbolically model the generation of no ..."
Abstract

Cited by 24 (14 self)
 Add to MetaCart
(Show Context)
MSR is an unambiguous, flexible, powerful and relatively simple specification framework for cryptoprotocols. It uses multiset rewriting rules over firstorder atomic formulas to express protocol actions and relies on a form of existential quantification to symbolically model the generation of nonces and other fresh data. It supports an array of useful static checks that include typechecking and data access verification. In this paper, we give a detailed presentation of the typing infrastructure of MSR, which is based on the theory of dependent types with subsorting. We prove that typechecking protocol specifications is decidable and show that execution preserves welltyping. We illustrate these features by formalizing a wellknown protocol in MSR.
Implicit Coercions in Type Systems
 In Selected Papers from the International Workshop TYPES '95
, 1995
"... . We propose a notion of pure type system with implicit coercions. In our framework, judgements are extended with a context of coercions \Delta and the application rule is modified so as to allow coercions to be left implicit. The setting supports multiple inheritance and can be applied to all type ..."
Abstract

Cited by 17 (1 self)
 Add to MetaCart
(Show Context)
. We propose a notion of pure type system with implicit coercions. In our framework, judgements are extended with a context of coercions \Delta and the application rule is modified so as to allow coercions to be left implicit. The setting supports multiple inheritance and can be applied to all type theories with \Pitypes. One originality of our work is to propose a computational interpretation for implicit coercions. In this paper, we demonstrate how this interpretation allows a strict control on the logical properties of pure type systems with implicit coecions. 1 Introduction The increasing importance of mathematical software has been accompanied by a drift of mainstream mathematics towards mathematical logic and the foundations of mathematics. Before mathematical software, formal systems were generally seen both by logicians and mathematicians as safe heavens into which mathematics could theoretically be embedded. With powerful mathematical software, there is now a genuine interes...