Results 1  10
of
22
Semantics of Types for Mutable State
, 2004
"... Proofcarrying code (PCC) is a framework for mechanically verifying the safety of machine language programs. A program that is successfully verified by a PCC system is guaranteed to be safe to execute, but this safety guarantee is contingent upon the correctness of various trusted components. For in ..."
Abstract

Cited by 55 (5 self)
 Add to MetaCart
Proofcarrying code (PCC) is a framework for mechanically verifying the safety of machine language programs. A program that is successfully verified by a PCC system is guaranteed to be safe to execute, but this safety guarantee is contingent upon the correctness of various trusted components. For instance, in traditional PCC systems the trusted computing base includes a large set of lowlevel typing rules. Foundational PCC systems seek to minimize the size of the trusted computing base. In particular, they eliminate the need to trust complex, lowlevel type systems by providing machinecheckable proofs of type soundness for real machine languages. In this thesis, I demonstrate the use of logical relations for proving the soundness of type systems for mutable state. Specifically, I focus on type systems that ensure the safe allocation, update, and reuse of memory. For each type in the language, I define logical relations that explain the meaning of the type in terms of the operational semantics of the language. Using this model of types, I prove each typing rule as a lemma. The major contribution is a model of System F with general references — that is, mutable cells that can hold values of any closed type including other references, functions, recursive types, and impredicative quantified types. The model is based on ideas from both possible worlds and the indexed model of Appel and McAllester. I show how the model of mutable references is encoded in higherorder logic. I also show how to construct an indexed possibleworlds model for a von Neumann machine. The latter is used in the Princeton Foundational PCC system to prove type safety for a fullfledged lowlevel typed assembly language. Finally, I present a semantic model for a region calculus that supports typeinvariant references as well as memory reuse. iii
The troublesome probabilistic powerdomain
 Proceedings of the Third Workshop on Computation and Approximation
, 1998
"... In [12] it is shown that the probabilistic powerdomain of a continuous domain is again continuous. The category of continuous domains, however, is not cartesian closed, and one has to look at subcategories such as RB, the retracts of bifinite domains. [8] offers a proof that the probabilistic powerd ..."
Abstract

Cited by 42 (5 self)
 Add to MetaCart
In [12] it is shown that the probabilistic powerdomain of a continuous domain is again continuous. The category of continuous domains, however, is not cartesian closed, and one has to look at subcategories such as RB, the retracts of bifinite domains. [8] offers a proof that the probabilistic powerdomain construction can be restricted to RB. Inthispaper, wegiveacounterexampletoGraham’sproofanddescribe our own attempts at proving a closure result for the probabilistic powerdomain construction. We have positive results for finite trees and finite reversed trees. These illustrate the difficulties we face, rather than being a satisfying answer to the question of whether the probabilistic powerdomain and function spaces can be reconciled. We are more successful with coherent or Lawsoncompact domains. These form a category with many pleasing properties but they fall short of supporting function spaces. Along the way, we give a new proof of Jones ’ Splitting Lemma. 1
Relational Reasoning about Functions and Nondeterminism
, 1998
"... Reproduction of all or part of this work is permitted for educational or research use on condition that this copyright notice is included in any copy. See back inner page for a list of recent BRICS Dissertation Series publications. Copies may be obtained by contacting: BRICS ..."
Abstract

Cited by 31 (4 self)
 Add to MetaCart
Reproduction of all or part of this work is permitted for educational or research use on condition that this copyright notice is included in any copy. See back inner page for a list of recent BRICS Dissertation Series publications. Copies may be obtained by contacting: BRICS
Games and full abstraction for nondeterministic languages
, 1999
"... Abstract Nondeterminism is a pervasive phenomenon in computation. Often it arises as an emergent property of a complex system, typically as the result of contention for access to shared resources. In such circumstances, we cannot always know, in advance, exactly what will happen. In other circumstan ..."
Abstract

Cited by 31 (3 self)
 Add to MetaCart
Abstract Nondeterminism is a pervasive phenomenon in computation. Often it arises as an emergent property of a complex system, typically as the result of contention for access to shared resources. In such circumstances, we cannot always know, in advance, exactly what will happen. In other circumstances, nondeterminism is explicitly introduced as a means of abstracting away from implementation details such as precise command scheduling and control flow. However, the kind of behaviours exhibited by nondeterministic computations can be extremely subtle in comparison to those of their deterministic counterparts and reasoning about such programs is notoriously tricky as a result. It is therefore important to develop semantic tools to improve our understanding of, and aid our reasoning about, such nondeterministic programs. In this thesis, we extend the framework of game semantics to encompass nondeterministic computation. Game semantics is a relatively recent development in denotational semantics; its main novelty is that it views a computation not as a static entity, but rather as a dynamic process of interaction. This perspective makes the theory wellsuited to modelling many aspects of computational processes: the original use of game semantics in modelling the simple functional language PCF has subsequently been extended to handle more complex control structures such as references and continuations.
A Stratified Semantics of General References Embeddable in HigherOrder Logic (Extended Abstract)
, 2002
"... Amal J. Ahmed Andrew W. Appel # Roberto Virga Princeton University {amal,appel,rvirga}@cs.princeton.edu Abstract We demonstrate a semantic model of general references  that is, mutable memory cells that may contain values of any (staticallychecked) closed type, including other references. Our mo ..."
Abstract

Cited by 31 (8 self)
 Add to MetaCart
Amal J. Ahmed Andrew W. Appel # Roberto Virga Princeton University {amal,appel,rvirga}@cs.princeton.edu Abstract We demonstrate a semantic model of general references  that is, mutable memory cells that may contain values of any (staticallychecked) closed type, including other references. Our model is in terms of execution sequences on a von Neumann machine
An Extension of Models of Axiomatic Domain Theory to Models of Synthetic Domain Theory
 In Proceedings of CSL 96
, 1997
"... . We relate certain models of Axiomatic Domain Theory (ADT) and Synthetic Domain Theory (SDT). On the one hand, we introduce a class of nonelementary models of SDT and show that the domains in them yield models of ADT. On the other hand, for each model of ADT in a wide class we construct a model of ..."
Abstract

Cited by 17 (6 self)
 Add to MetaCart
. We relate certain models of Axiomatic Domain Theory (ADT) and Synthetic Domain Theory (SDT). On the one hand, we introduce a class of nonelementary models of SDT and show that the domains in them yield models of ADT. On the other hand, for each model of ADT in a wide class we construct a model of SDT such that the domains in it provide a model of ADT which conservatively extends the original model. Introduction The aim of Axiomatic Domain Theory (ADT) is to axiomatise the structure needed on a category so that its objects can be considered to be domains (see [11, x Axiomatic Domain Theory]). Models of axiomatic domain theory are given with respect to an enrichment base provided by a model of intuitionistic linear type theory [2, 3]. These enrichment structures consist of a monoidal adjunction C \Gamma! ? /\Gamma D between a cartesian closed category C and a symmetric monoidal closed category with finite products D, as well as with an !inductive fixedpoint object (Definition 1...
An Indexed Model of Impredicative Polymorphism and Mutable References
, 2003
"... We present a semantic model of the polymorphic lambda calculus augmented with a higherorder store, allowing the storage of values of any type, including impredicative quantified types, mutable references, recursive types, and functions. Our model provides the first denotational semantics for a type ..."
Abstract

Cited by 17 (6 self)
 Add to MetaCart
We present a semantic model of the polymorphic lambda calculus augmented with a higherorder store, allowing the storage of values of any type, including impredicative quantified types, mutable references, recursive types, and functions. Our model provides the first denotational semantics for a type system with updatable references to values of impredicative quantified types. The central idea behind our semantics is that instead of tracking the exact type of a mutable reference in a possible world our model keeps track of the approximate type. While highlevel languages like ML and Java do not themselves support storage of impredicative existential packages in mutable cells, this feature is essential when representing ML function closures, that is, in a target language for typed closure conversion of ML programs.
Complete Cuboidal Sets in Axiomatic Domain Theory (Extended Abstract)
 In Proceedings of 12th Annual Symposium on Logic in Computer Science
, 1997
"... ) Marcelo Fiore !mf@dcs.ed.ac.uk? Gordon Plotkin y !gdp@dcs.ed.ac.uk? John Power !ajp@dcs.ed.ac.uk? Department of Computer Science Laboratory for Foundations of Computer Science University of Edinburgh, The King's Buildings Edinburgh EH9 3JZ, Scotland Abstract We study the enrichment of ..."
Abstract

Cited by 16 (4 self)
 Add to MetaCart
) Marcelo Fiore !mf@dcs.ed.ac.uk? Gordon Plotkin y !gdp@dcs.ed.ac.uk? John Power !ajp@dcs.ed.ac.uk? Department of Computer Science Laboratory for Foundations of Computer Science University of Edinburgh, The King's Buildings Edinburgh EH9 3JZ, Scotland Abstract We study the enrichment of models of axiomatic domain theory. To this end, we introduce a new and broader notion of domain, viz. that of complete cuboidal set, that complies with the axiomatic requirements. We show that the category of complete cuboidal sets provides a general notion of enrichment for a wide class of axiomatic domaintheoretic structures. Introduction The aim of Axiomatic Domain Theory (ADT) is to provide a conceptual understanding of why domains are adequate as mathematical models of computation. (For a discussion see [12, x Axiomatic Domain Theory ].) The approach taken is to axiomatise the structure needed on a category so that its objects can be considered as domains, and its maps as continuous...
When Do Datatypes Commute?
 Category Theory and Computer Science, 7th International Conference, volume 1290 of LNCS
, 1997
"... Polytypic programs are programs that are parameterised by type constructors (like List), unlike polymorphic programs which are parameterised by types (like Int). In this paper we formulate precisely the polytypic programming problem of "commuting " two datatypes. The precise formulation involves ..."
Abstract

Cited by 15 (3 self)
 Add to MetaCart
Polytypic programs are programs that are parameterised by type constructors (like List), unlike polymorphic programs which are parameterised by types (like Int). In this paper we formulate precisely the polytypic programming problem of "commuting " two datatypes. The precise formulation involves a novel notion of higher order polymorphism. We demonstrate via a number of examples the relevance and interest of the problem, and we show that all "regular datatypes" (the sort of datatypes that one can define in a functional programming language) do indeed commute according to our specification. The framework we use is the theory of allegories, a combination of category theory with the pointfree relation calculus. 1 Polytypism The ability to abstract is vital to success in computer programming. At the macro level of requirements engineering the successful designer is the one able to abstract from the particular wishes of a few clients a general purpose product that can capture a l...
A Relational Account of CallbyValue Sequentiality
 IN: PROC. 12TH SYMP. LOGIC IN COMPUTER SCIENCE
, 1999
"... We construct a model for FPC, a purely functional, sequential, callbyvalue language. The model is built from partial continuous functions, in the style of Plotkin, further constrained to be uniform with respect to a class of logical relations. We prove that the model is fully abstract. ..."
Abstract

Cited by 13 (2 self)
 Add to MetaCart
We construct a model for FPC, a purely functional, sequential, callbyvalue language. The model is built from partial continuous functions, in the style of Plotkin, further constrained to be uniform with respect to a class of logical relations. We prove that the model is fully abstract.