## Step-indexed Kripke models over recursive worlds (2011)

### Cached

### Download Links

Venue: | In Proc. of POPL |

Citations: | 18 - 9 self |

### BibTeX

@INPROCEEDINGS{Birkedal11step-indexedkripke,

author = {Lars Birkedal and Bernhard Reus and Kristian Støvring and Jacob Thamsborg and Hongseok Yang},

title = {Step-indexed Kripke models over recursive worlds},

booktitle = {In Proc. of POPL},

year = {2011}

}

### OpenURL

### Abstract

Over the last decade, there has been extensive research on modelling challenging features in programming languages and program logics, such as higher-order store and storable resource invariants. A recent line of work has identified a common solution to some of these challenges: Kripke models over worlds that are recursively defined in a category of metric spaces. In this paper, we broaden the scope of this technique from the original domain-theoretic setting to an elementary, operational one based on step indexing. The resulting method is widely applicable and leads to simple, succinct models of complicated language features, as we demonstrate in our semantics of Charguéraud and Pottier’s type-and-capability system for an ML-like higher-order language. Moreover, the method provides a high-level understanding of the essence of recent approaches based on step indexing. 1.

### Citations

712 | Separation logic: A logic for shared mutable data objects
- Reynolds
- 2002
(Show Context)
Citation Context ...j, h·h ′ ) ∈ q The unit for ∗ is given by I = N × Heap = ⊤. Up to the natural number indexing, this is just the standard intuitionistic (in the sense that it is not “tight”) model of separation logic =-=[40]-=-. Since the worlds are to represent invariants (for instance, describing the shape of data structures laid out in the heap) and since the language of Section 3.1 has general references (so these invar... |

711 |
Types and Programming Languages
- Pierce
- 2002
(Show Context)
Citation Context ...e polymorphism and general ML-like references, i.e., an extension of the call-byvalue polymorphic lambda calculus with higher-order store. We do not give the syntax of this language as it is standard =-=[36]-=- but point out that we use ... |

195 | Typed memory management in a calculus of capabilities
- Crary, Walker, et al.
- 1999
(Show Context)
Citation Context ..., and often involves the need to track aliasing information. A particular line of work that has been proposed to this end are substructural type systems with regions, capabilities and singleton types =-=[3, 24, 26]-=-. In this section, we give a step-indexed model for a substantial fragment 4 of Charguéraud and Pottier’s capability calculus [24]. Our model provides an alternative soundness proof to the translation... |

134 | An indexed model of recursive types for foundational proof-carrying code
- APPEL, MCALLESTER
(Show Context)
Citation Context ... aim. Methods based on classical domain theory provide techniques for constructing recursive structures, but they require non-trivial mathematical knowledge from users. Methods based on step indexing =-=[2, 4, 6, 11, 12]-=-, on the other hand, do not require sophisticated mathematics from the users; usually, the prerequisite is just familiarity with standard operational semantics of programs. However, the step-indexed m... |

127 |
An Ideal Model for Recursive Polymorphic Types
- MacQueen, Plotkin, et al.
- 1983
(Show Context)
Citation Context ...e set Pred(V ) can be viewed as a metric space in CBUltne, by giving it an appropriate distance function along the lines of earlier work on interpreting recursive types and impredicative polymorphism =-=[1, 7, 8, 23, 32]-=-. Now, by simply following the recipe from the given ingredients (i.e. parameters V and Pred(V )) one obtains metric spaces T for semantic types and W for possible worlds, respectively. With this inde... |

110 | Operational reasoning in functions with local state
- Pitts, Stark
- 1998
(Show Context)
Citation Context ...rparts of the projection functions one obtains from solutions to recursive domain equations. As far as we know, this technique has not been developed for languages with store. Second, biorthogonality =-=[13, 30, 34]-=- is based on syntactically defined closure operators on relations. Biorthogonality has been developed for a language with integer store [34], but not (without also using step indexing) for languages w... |

69 | Step-indexed syntactic logical relations for recursive and quantified types
- Ahmed
- 2006
(Show Context)
Citation Context ...ation is simply that the syntactic types in values and expressions do not influence the computation; indeed, we could equally well have worked with a language without type-decorations as, e.g., Ahmed =-=[3]-=- does. �Ξ ⊢ Γ� ... |

68 |
Solving reflexive domain equations in a category of complete metric spaces
- America, Rutten
- 1989
(Show Context)
Citation Context ...aces we refer to [43]. It is well-known that one can solve recursive domain equations in CBUltne by an adaptation of the inverse-limit method from classical domain theory: Theorem 2.1 (America-Rutten =-=[9]-=-). Let F : CBUlt op ne ×CBUltne → CBUltne be a locally contractive functor. Then there exists a unique (up to isomorphism) (X, d) ∈ CBUltne such that (X, d) ∼ = F ((X, d), (X, d)). All the metric spac... |

64 | Polymorphism and separation in Hoare Type Theory
- Nanevski, Morrisett, et al.
- 2006
(Show Context)
Citation Context ...m equivalences. The latter modal logic has been derived from the step-indexed model. Even with this development, it is still a challenge to develop relational step-indexed models of Hoare Type Theory =-=[33]-=- and its new developments. It would be interesting to see whether the step-indexed metric space approach can be used to address this challenge. Formalization. An often mentioned advantage of the tradi... |

62 | A per model of polymorphism and recursive types
- Abadi, Plotkin
- 1990
(Show Context)
Citation Context ...asic facts on the metric spaces, which will be used in the models. A 1-bounded ultrametric space (X, d) is a metric space where the distance function d : X × X → R takes values in the closed interval =-=[0, 1]-=- and satisfies the strong triangle inequality d(x, y) ≤ max{d(x, z), d(z, y)}. An (ultra-)metric space is complete if every Cauchy sequence has a limit. A function f : X1 → X2 between metric spaces (X... |

62 | State-dependent representation independence
- Ahmed, Dreyer, et al.
- 2009
(Show Context)
Citation Context ... aim. Methods based on classical domain theory provide techniques for constructing recursive structures, but they require non-trivial mathematical knowledge from users. Methods based on step indexing =-=[2, 4, 6, 11, 12]-=-, on the other hand, do not require sophisticated mathematics from the users; usually, the prerequisite is just familiarity with standard operational semantics of programs. However, the step-indexed m... |

59 | Oracle semantics for concurrent separation logic
- Hobor, Appel, et al.
- 2008
(Show Context)
Citation Context ...g features in programming languages, type systems and program logics, such as higher-order store and storable resource invariants, where modelling involves constructing recursively defined structures =-=[15, 22, 28, 31, 38, 39]-=-. One of the main aims of this research has been to develop a method for building semantic models such that (1) the method is simple enough to be understood by the designers of a type system or a prog... |

58 | Semantics of separation-logic typing and higher-order frame rules
- Birkedal, Torp-Smith, et al.
- 2005
(Show Context)
Citation Context ...d preservation results in [24, 36], and allows for the analysis of soundness of extensions. We illustrate this latter point by proving sound an extension of the language with higher-order frame rules =-=[19, 41]-=-, and establish an explicit connection with models of separation logic qua our model, which shows that capabilities can be understood semantically as separation logic predicates, i.e., as predicates o... |

57 | Relational reasoning in a nominal semantics for storage
- Benton, Leperchley
- 2005
(Show Context)
Citation Context ...however, we need to extend this approach, because the language includes dynamic allocation of general references. Following earlier work on the semantics of dynamic allocation of simple integer cells =-=[14, 31, 37, 44]-=-, we use an extension with Kripke-style possible worlds. In this extension, a type is interpreted as a predicate on values parameterized over worlds, and a world describes the type for each allocated ... |

55 | Semantics of Types for Mutable State
- Ahmed
- 2004
(Show Context)
Citation Context ... aim. Methods based on classical domain theory provide techniques for constructing recursive structures, but they require non-trivial mathematical knowledge from users. Methods based on step indexing =-=[2, 4, 6, 11, 12]-=-, on the other hand, do not require sophisticated mathematics from the users; usually, the prerequisite is just familiarity with standard operational semantics of programs. However, the step-indexed m... |

55 | Bi-hyperdoctrines, higher-order separation logic, and abstraction
- Biering, Birkedal, et al.
(Show Context)
Citation Context ...ere the set Val is replaced by the set of value substitutions, Env, and by the set of expressions, Exp. On UPred ↑ (Heap), ordered by subset inclusion, we have a complete Heyting BI algebra structure =-=[17]-=-. Meets and joins are given by set-theoretic intersections and unions, resp., and implication, separating conjunction and separating implication are given by (k, h) ∈ p → q ⇔ ∀j ≤ k. ∀h ′ ⊒ h. (j, h ′... |

48 |
Recursion over realizability structures
- Amadio
- 1991
(Show Context)
Citation Context ...e set Pred(V ) can be viewed as a metric space in CBUltne, by giving it an appropriate distance function along the lines of earlier work on interpreting recursive types and impredicative polymorphism =-=[1, 7, 8, 23, 32]-=-. Now, by simply following the recipe from the given ingredients (i.e. parameters V and Pred(V )) one obtains metric spaces T for semantic types and W for possible worlds, respectively. With this inde... |

39 | Categorical models for local names
- Stark
- 1996
(Show Context)
Citation Context ...however, we need to extend this approach, because the language includes dynamic allocation of general references. Following earlier work on the semantics of dynamic allocation of simple integer cells =-=[14, 31, 37, 44]-=-, we use an extension with Kripke-style possible worlds. In this extension, a type is interpreted as a predicate on values parameterized over worlds, and a world describes the type for each allocated ... |

37 |
A very modal model of a modern, major, general type system
- Appel, Mellies, et al.
- 2007
(Show Context)
Citation Context |

35 |
Relational semantics for recursive types and bounded quantification
- Cardone
- 1989
(Show Context)
Citation Context ...e set Pred(V ) can be viewed as a metric space in CBUltne, by giving it an appropriate distance function along the lines of earlier work on interpreting recursive types and impredicative polymorphism =-=[1, 7, 8, 23, 32]-=-. Now, by simply following the recipe from the given ingredients (i.e. parameters V and Pred(V )) one obtains metric spaces T for semantic types and W for possible worlds, respectively. With this inde... |

30 |
Possible world semantics for general storage in call-by-value
- Levy
(Show Context)
Citation Context ...g features in programming languages, type systems and program logics, such as higher-order store and storable resource invariants, where modelling involves constructing recursively defined structures =-=[15, 22, 28, 31, 38, 39]-=-. One of the main aims of this research has been to develop a method for building semantic models such that (1) the method is simple enough to be understood by the designers of a type system or a prog... |

28 | Nested Hoare triples and frame rules for higher-order store
- Schwinghammer, Birkedal, et al.
- 2009
(Show Context)
Citation Context ...satisfy the approximate equations. We point out that solving the original recursive equations is crucial in some applications, such as the semantics of various higher-order frame and anti-frame rules =-=[41, 42]-=-. Hence, in those applications, only domain-theoretic models, not step-indexed ones, have been developed. In this paper, we propose a new method that brings together the benefits of both domain-theore... |

27 |
Syntactic logical relations for polymorphic and recursive types
- Crary, Harper
(Show Context)
Citation Context ...her operational techniques. We briefly mention two techniques other than step indexing that can be used to define logical relations based on operational semantics. First, syntactic minimal invariance =-=[18, 25]-=- is based on operational counterparts of the projection functions one obtains from solutions to recursive domain equations. As far as we know, this technique has not been developed for languages with ... |

24 | Biorthogonality, step-indexing and compiler correctness, in
- Benton, Hur
- 2009
(Show Context)
Citation Context ...rparts of the projection functions one obtains from solutions to recursive domain equations. As far as we know, this technique has not been developed for languages with store. Second, biorthogonality =-=[13, 30, 34]-=- is based on syntactically defined closure operators on relations. Biorthogonality has been developed for a language with integer store [34], but not (without also using step indexing) for languages w... |

24 | Relational reasoning for recursive types and references
- Bohr, Birkedal
- 2006
(Show Context)
Citation Context ...g features in programming languages, type systems and program logics, such as higher-order store and storable resource invariants, where modelling involves constructing recursively defined structures =-=[15, 22, 28, 31, 38, 39]-=-. One of the main aims of this research has been to develop a method for building semantic models such that (1) the method is simple enough to be understood by the designers of a type system or a prog... |

23 | L3: A linear language with locations
- Ahmed, Fluet, et al.
(Show Context)
Citation Context ..., and often involves the need to track aliasing information. A particular line of work that has been proposed to this end are substructural type systems with regions, capabilities and singleton types =-=[3, 24, 26]-=-. In this section, we give a step-indexed model for a substantial fragment 4 of Charguéraud and Pottier’s capability calculus [24]. Our model provides an alternative soundness proof to the translation... |

23 |
Hiding local state in direct style: a higher-order anti-frame rule
- Pottier
- 2008
(Show Context)
Citation Context ...model for a substantial fragment 4 of Charguéraud and Pottier’s capability calculus [24]. Our model provides an alternative soundness proof to the translation and progress and preservation results in =-=[24, 36]-=-, and allows for the analysis of soundness of extensions. We illustrate this latter point by proving sound an extension of the language with higher-order frame rules [19, 41], and establish an explici... |

23 | Semantic types: A fresh look at the ideal model for types
- Vouillon, Melliès
(Show Context)
Citation Context ...hogonality has been developed for a language with integer store [34], but not (without also using step indexing) for languages with general recursive types or higher-order store. Voullion and Melliès =-=[46]-=- give an axiomatic setup that incorporates both of these techniques (for a language without store). As an alternative to logical relations, techniques based on bisimulation can be used to show context... |

22 | Correctness of data representations involving heap data structures
- Reddy, Yang
- 2003
(Show Context)
Citation Context ...however, we need to extend this approach, because the language includes dynamic allocation of general references. Following earlier work on the semantics of dynamic allocation of simple integer cells =-=[14, 31, 37, 44]-=-, we use an extension with Kripke-style possible worlds. In this extension, a type is interpreted as a predicate on values parameterized over worlds, and a world describes the type for each allocated ... |

22 | Recursive polymorphic types and parametricity in an operational framework
- Melliès, Vouillon
- 2005
(Show Context)
Citation Context ... indexing) for languages with general recursive types or higher-order store. Voullion and Melliès [50] give an axiomatic setup that incorporates both techniques for a language without store. See also =-=[34]-=- by the same authors. As an alternative to logical relations, techniques based on bisimulation can be used to show contextual equivalences for languages with store [49]. However, such techniques do no... |

21 | Functional translation of a calculus of capabilities
- Charguéraud, Pottier
- 2008
(Show Context)
Citation Context ... proper, i.e., we solve the equation up to isomorphism. In the paper, we demonstrate the benefits of our method by presenting the first semantic model of Charguéraud and Pottier’s capability calculus =-=[24]-=-. This calculus is a substructural type system for a higherorder ML-like language with state, and imposes a nontrivial soundness issue, because a model needs to involve a recursively defined operation... |

19 | Realizability semantics of parametric polymorphism, general references, and recursive types
- Birkedal, Støvring, et al.
- 2009
(Show Context)
Citation Context ...line of work where challenging features of programming languages and logics are modelled using a common solution: Kripke models over worlds that are recursively defined in a category of metric spaces =-=[21, 41, 42]-=-. This method transfers those worlds from the original domain-theoretic setup to an elementary, operational one based on step indexing. Although our method does involve a modicum of metric space theor... |

19 | A relational modal logic for higher-order stateful ADTs
- Dreyer, Neis, et al.
- 2010
(Show Context)
Citation Context ...s. In the rest of this section, we use these domains and model the programming language with impredicative polymorphism and ML references. For concreteness, we consider a language as in Dreyer et al. =-=[27]-=-, except that we do not consider recursive types and we split the context for type variables and term variables in two. Term judgments take the form Ξ; Γ; Σ ⊢ M : τ where Ξ is a context of type variab... |

18 |
Relational semantics for effect-based program transformations: higher-order store
- Benton, Kennedy, et al.
(Show Context)
Citation Context |

18 | The category-theoretic solution of recursive metric-space quations
- Birkedal, Støvring, et al.
- 2009
(Show Context)
Citation Context ...f semantic types, and we then define worlds in terms of semantic types. It is also possible to obtain W directly, as a solution of a recursive equation in a category of pre-ordered ultrametric spaces =-=[20]-=-. The latter technique is more general, but for this paper we do not need such pre-ordered spaces. 3 2010/10/13�Ξ ⊢ τ� η : W →mon UPred(Val) �Ξ ⊢ 1� η w = {(k, ()) | k ∈ N} �Ξ ⊢ ref τ� η w = {(k, l) ... |

16 | Appel.A Theory of Indirection via Approximation
- Hobor, Dockins, et al.
- 2010
(Show Context)
Citation Context ...ovides a high-level understanding of the essence of step-indexed models. In particular, we show that the method can be specialized to Hobor et al.’s recent abstract description of step-indexed models =-=[29]-=-, and explain the benefits of taking the metric viewpoint we suggest. The remainder of the paper is organized as follows. In Section 2, we give an extensive introduction of our method, by developing a... |

16 | Separation logic for higher-order store
- Reus, Schwinghammer
- 2006
(Show Context)
Citation Context |

16 | A complete characterization of observational equivalence in polymorphic λ-calculus with general references
- Sumii
- 2009
(Show Context)
Citation Context ... both of these techniques (for a language without store). As an alternative to logical relations, techniques based on bisimulation can be used to show contextual equivalences for languages with store =-=[45]-=-. However, such techniques do not seem helpful for modelling expressive type systems such as the one considered in Section 3. 6. Conclusion In this paper, we have argued that recursive features of pro... |

15 | A semantic foundation for hidden state
- Schwinghammer, Yang, et al.
- 2010
(Show Context)
Citation Context ...ts on itself, via the isomorphism ι between W and Cap. This operation plays a key role in explaining the higherorder frame (and also anti-frame) inference rules and the associated distribution axioms =-=[41, 42]-=-. Moreover, due to the shrinking factor δ = 1 , this action is contractive in its right-hand side: for all p, r ∈ 2 Cap, the assignment r ↦→ p⊗ι(r) is a contractive endomap on Cap. This observation ex... |

13 | Semantics and logic of object calculi
- Reus, Streicher
(Show Context)
Citation Context |

12 |
Constructing interpretations of recursive types in an operational setting
- Birkedal, Harper
- 1999
(Show Context)
Citation Context ...her operational techniques. We briefly mention two techniques other than step indexing that can be used to define logical relations based on operational semantics. First, syntactic minimal invariance =-=[18, 25]-=- is based on operational counterparts of the projection functions one obtains from solutions to recursive domain equations. As far as we know, this technique has not been developed for languages with ... |

10 | Generalizing the higher-order frame and anti-frame rules. Unpublished note
- Pottier
- 2009
(Show Context)
Citation Context ... over time but types need to be invariant (monotone) with respect to this growth. Further extensions will address, for instance, frame rules for more general (parameterized) invariants on local state =-=[35]-=-. Other operational techniques. We briefly mention two techniques other than step indexing that can be used to define logical relations based on operational semantics. First, syntactic minimal invaria... |

9 | Oracle Semantics
- Hobor
- 2008
(Show Context)
Citation Context ...ossibly be pushed through either with hand-built approximate worlds as employed by Ahmed et al. [6], with the indirection theory of Hobor et al. [30] or the higher order ... |

9 | A step-indexed kripke model of hidden state via recursive properties on recursively defined metric spaces - Schwinghammer, Birkedal, et al. - 2011 |

5 | A family of syntactic logical relations for the semantics of Haskell-like languages
- Johann, Voigtländer
- 2002
(Show Context)
Citation Context ...rparts of the projection functions one obtains from solutions to recursive domain equations. As far as we know, this technique has not been developed for languages with store. Second, biorthogonality =-=[13, 30, 34]-=- is based on syntactically defined closure operators on relations. Biorthogonality has been developed for a language with integer store [34], but not (without also using step indexing) for languages w... |

3 | Formalizing domains, ultrametric spaces and semantics of programming languages
- Benton, Birkedal, et al.
- 2010
(Show Context)
Citation Context ...er our proposed metric approach hinders formalizations. It does not. Following the treatment in [20], Varming et. al. have recently formalized the solutions of recursive metric-space equations in Coq =-=[16]-=- and the step-indexed model of ML references from Section 2.3. Capabilities. In [3], Ahmed et al. presented a step-indexed model of a substructural type system, which is similar to the capability calc... |

2 |
A stratified semantics of general references
- Ahmed, Appel, et al.
- 2002
(Show Context)
Citation Context |

2 |
Mechanized semantic library. http://msl.cs.princeton.edu
- Appel, Dockins, et al.
- 2009
(Show Context)
Citation Context ...mentioned advantage of the traditional step-indexed approach is that it lends itself well to formalization in theorem provers. Indeed, impressive formalization work has been carried out in, e.g., Coq =-=[10]-=-. Thus, one may wonder whether our proposed metric approach hinders formalizations. It does not. Following the treatment in [20], Varming et. al. have recently formalized the solutions of recursive me... |