Results 1 - 10
of
23
Translating Dependency into Parametricity
- In: ACM International Conference on Functional Programming
"... Abadi et al. introduced the dependency core calculus (DCC) as a unifying framework to study many important program analyses such as binding time, information flow, slicing, and function call tracking. DCC uses a lattice of monads and a nonstandard typing rule for their associated bind operations to ..."
Abstract
-
Cited by 32 (3 self)
- Add to MetaCart
(Show Context)
Abadi et al. introduced the dependency core calculus (DCC) as a unifying framework to study many important program analyses such as binding time, information flow, slicing, and function call tracking. DCC uses a lattice of monads and a nonstandard typing rule for their associated bind operations to describe the dependency of computations in a program. Abadi et al. proved a noninterference theorem that establishes the correctness of DCC’s type system and thus the correctness of the type systems for the analyses above. In this paper, we study the relationship between DCC and the Girard-Reynolds polymorphic lambda calculus (System F). We encode the recursion-free fragment of DCC into F via a type-directed translation. Our main theoretical result is that, following from the correctness of the translation, the parametricity theorem for F implies the noninterference theorem for DCC. In addition, the translation provides insights into DCC’s type system and suggests implementation strategies of dependency calculi in polymorphic languages.
Permission-Based Ownership: Encapsulating State in Higher-Order Typed Languages
- PLDI’05, JUNE 12–15, 2005, CHICAGO, ILLINOIS, USA
, 2005
"... Today's module systems do not effectively support information hiding in the presence of shared mutable objects, causing serious problems in the development and evolution of large software systems. Ownership types have been proposed as a solution to this problem, but current systems have ad-hoc ..."
Abstract
-
Cited by 27 (0 self)
- Add to MetaCart
Today's module systems do not effectively support information hiding in the presence of shared mutable objects, causing serious problems in the development and evolution of large software systems. Ownership types have been proposed as a solution to this problem, but current systems have ad-hoc access restrictions and are limited to Java-like languages.In this paper, we describe System F
own, an extension of
System F with references and ownership. Our design shows
both how ownership fits into standard type theory and the
encapsulation benefits it can provide in languages with first-class functions, abstract data types, and parametric polymorphism. By looking at ownership in the setting of System F, we
were able to develop a design that is more principled and
flexible than previous ownership type systems, while also
providing stronger encapsulation guarantees.
Linear Regions Are All You Need
- In Proc. ESOP’06
, 2006
"... The type-and-e#ects system of the Tofte-Talpin region calculus makes it possible to safely reclaim objects without a garbage collector. ..."
Abstract
-
Cited by 14 (1 self)
- Add to MetaCart
(Show Context)
The type-and-e#ects system of the Tofte-Talpin region calculus makes it possible to safely reclaim objects without a garbage collector.
Correctness of effect-based program transformations
- Formal Logical Methods for System Security and Correctness
, 2008
"... Abstract. We consider a type system capable of tracking reading, writing and allocation in a higher-order language with dynamically allocated references. We give a denotational semantics to this type system which allows us to validate a number of effect-dependent program equivalences in the sense of ..."
Abstract
-
Cited by 4 (1 self)
- Add to MetaCart
(Show Context)
Abstract. We consider a type system capable of tracking reading, writing and allocation in a higher-order language with dynamically allocated references. We give a denotational semantics to this type system which allows us to validate a number of effect-dependent program equivalences in the sense of observational equivalence. An example is the following: x = e; y = e; e ′ (x, y) is equivalent to x = e; e ′ (x, x) provided that e does not read from memory regions that it writes to and moreover does not allocate memory that is encapsulated in the values of x and y. Here x can be a higher-order function or a reference or a combination of both. The two sides of the above equivalence turn out to be related in the denotational semantics which implies that they are observationally equivalent, ie can be replaced by one another in any (well-typed) program. On the way we learn popular techniques such as parametrised logical relations, regions, admissible relations, etc., which belong to the toolbox of researchers in principles of programming languages.
Linear types for aliased resources
, 2005
"... Type systems that track aliasing can verify state-dependent program properties. For example, such systems can verify that a program does not access a resource after deallocating the resource. The simplest way to track aliasing is to use linear types, which on the surface appear to ban the aliasing o ..."
Abstract
-
Cited by 4 (0 self)
- Add to MetaCart
Type systems that track aliasing can verify state-dependent program properties. For example, such systems can verify that a program does not access a resource after deallocating the resource. The simplest way to track aliasing is to use linear types, which on the surface appear to ban the aliasing of linear resources entirely. Since banning aliasing is considered too draconian for many practical programs, researchers have proposed type systems that allow limited forms of aliasing, without losing total control over state-dependent properties. This paper describes how to encode one such system, the capability calculus, using a type system based on plain linear types with no special support for aliasing. Given well-typed capability calculus source programs, the encodings produce well-typed target programs based on linear types. These encodings demonstrate that, contrary to common expectations, linear type systems can express aliasing of linear resources.
Completeness of global evaluation logic
- IN MFCS 06, LNCS 4162
, 2006
"... Monads serve the abstract encapsulation of side effects in semantics and functional programming. Various monad-based specification languages have been introduced in order to express requirements on generic side-effecting programs. A basic role is played here by global evaluation logic, concerned wit ..."
Abstract
-
Cited by 2 (1 self)
- Add to MetaCart
(Show Context)
Monads serve the abstract encapsulation of side effects in semantics and functional programming. Various monad-based specification languages have been introduced in order to express requirements on generic side-effecting programs. A basic role is played here by global evaluation logic, concerned with formulae which may be thought of as being universally quantified over the state space; this formalism is the fundament of more advanced logics such as monad-based Hoare logic or dynamic logic. We prove completeness of global evaluation logic for models in cartesian categories with a distinguished Heyting algebra object.
Dynamic Space Limits for Haskell
"... ns iste nt * Complete * W ell D ocumented*Easyto ..."
(Show Context)
Safe and Effective Contracts
, 2011
"... This dissertation introduces a framework enabling the dynamic verification of expressive specifications. Inspired by formal verification methods, this framework supports assertion, framing, and separation contracts. Assertion contracts specify what code should do, whereas framing contracts specify w ..."
Abstract
-
Cited by 1 (0 self)
- Add to MetaCart
This dissertation introduces a framework enabling the dynamic verification of expressive specifications. Inspired by formal verification methods, this framework supports assertion, framing, and separation contracts. Assertion contracts specify what code should do, whereas framing contracts specify what code must not do. Separation contracts, inspired by separation logic, combine an explicit assertion contract with an implicit framing contract. In addition to supporting these expressive contracts, this framework also enables assertions to call existing code with side effects while ensuring that successful assertions do not affect the rest of the program. Contracts are guaranteed safe while remaining easy to write. This dissertation introduces a single interface, the delimited checkpoint, that supports all of the contracts listed above. Similar to previous work on equipping a programming language with first class stores, checkpoints represent a state in time. Computations can be run with memory restored to a checkpoint state. Checkpoints augment existing work with a novel family of difference operations that compare two checkpoints, revealing how the intervening computation interacted with memory. Additionally, checkpoints are delimited:
