Results 1  10
of
1,275
LanguageBased InformationFlow Security
 IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS
, 2003
"... Current standard security practices do not provide substantial assurance that the endtoend behavior of a computing system satisfies important security policies such as confidentiality. An endtoend confidentiality policy might assert that secret input data cannot be inferred by an attacker throug ..."
Abstract

Cited by 827 (57 self)
 Add to MetaCart
Current standard security practices do not provide substantial assurance that the endtoend behavior of a computing system satisfies important security policies such as confidentiality. An endtoend confidentiality policy might assert that secret input data cannot be inferred by an attacker through the attacker's observations of system output; this policy regulates information flow.
InductiveDataType Systems
, 2002
"... In a previous work ("Abstract Data Type Systems", TCS 173(2), 1997), the leI two authors presented a combined lmbined made of a (strongl normal3zG9 alrmal rewrite system and a typed #calA#Ik enriched by patternmatching definitions folnitio a certain format,calat the "General Schem ..."
Abstract

Cited by 821 (23 self)
 Add to MetaCart
In a previous work ("Abstract Data Type Systems", TCS 173(2), 1997), the leI two authors presented a combined lmbined made of a (strongl normal3zG9 alrmal rewrite system and a typed #calA#Ik enriched by patternmatching definitions folnitio a certain format,calat the "General Schema", whichgeneral39I theusual recursor definitions fornatural numbers and simil9 "basic inductive types". This combined lmbined was shown to bestrongl normalIk39f The purpose of this paper is toreformul33 and extend theGeneral Schema in order to make it easil extensibl3 to capture a more general cler of inductive types, cals, "strictly positive", and to ease the strong normalgAg9Ik proof of theresulGGg system. Thisresul provides a computation model for the combination of anal"DAfGI specification language based on abstract data types and of astrongl typed functional language with strictly positive inductive types.
A Syntactic Approach to Type Soundness
 INFORMATION AND COMPUTATION
, 1992
"... We present a new approach to proving type soundness for Hindley/Milnerstyle polymorphic type systems. The keys to our approach are (1) an adaptation of subject reduction theorems from combinatory logic to programming languages, and (2) the use of rewriting techniques for the specification of the la ..."
Abstract

Cited by 629 (22 self)
 Add to MetaCart
(Show Context)
We present a new approach to proving type soundness for Hindley/Milnerstyle polymorphic type systems. The keys to our approach are (1) an adaptation of subject reduction theorems from combinatory logic to programming languages, and (2) the use of rewriting techniques for the specification of the language semantics. The approach easily extends from polymorphic functional languages to imperative languages that provide references, exceptions, continuations, and similar features. We illustrate the technique with a type soundness theorem for the core of Standard ML, which includes the first type soundness proof for polymorphic exceptions and continuations.
Computational LambdaCalculus and Monads
, 1988
"... The λcalculus is considered an useful mathematical tool in the study of programming languages, since programs can be identified with λterms. However, if one goes further and uses fijconversion to prove equivalence of programs, then a gross simplification is introduced, that may jeopardise the ap ..."
Abstract

Cited by 501 (6 self)
 Add to MetaCart
(Show Context)
The λcalculus is considered an useful mathematical tool in the study of programming languages, since programs can be identified with λterms. However, if one goes further and uses fijconversion to prove equivalence of programs, then a gross simplification is introduced, that may jeopardise the applicability of theoretical results to real situations. In this paper we introduce a new calculus based on a categorical semantics for computations. This calculus provides a correct basis for proving equivalence of programs, independent from any specific computational model.
Explicit substitutions
, 1996
"... The λσcalculus is a refinement of the λcalculus where substitutions are manipulated explicitly. The λσcalculus provides a setting for studying the theory of substitutions, with pleasant mathematical properties. It is also a useful bridge between the classical λcalculus and concrete implementatio ..."
Abstract

Cited by 438 (15 self)
 Add to MetaCart
(Show Context)
The λσcalculus is a refinement of the λcalculus where substitutions are manipulated explicitly. The λσcalculus provides a setting for studying the theory of substitutions, with pleasant mathematical properties. It is also a useful bridge between the classical λcalculus and concrete implementations.
A Tutorial on (Co)Algebras and (Co)Induction
 EATCS Bulletin
, 1997
"... . Algebraic structures which are generated by a collection of constructors like natural numbers (generated by a zero and a successor) or finite lists and trees are of wellestablished importance in computer science. Formally, they are initial algebras. Induction is used both as a definition pr ..."
Abstract

Cited by 271 (36 self)
 Add to MetaCart
(Show Context)
. Algebraic structures which are generated by a collection of constructors like natural numbers (generated by a zero and a successor) or finite lists and trees are of wellestablished importance in computer science. Formally, they are initial algebras. Induction is used both as a definition principle, and as a proof principle for such structures. But there are also important dual "coalgebraic" structures, which do not come equipped with constructor operations but with what are sometimes called "destructor" operations (also called observers, accessors, transition maps, or mutators). Spaces of infinite data (including, for example, infinite lists, and nonwellfounded sets) are generally of this kind. In general, dynamical systems with a hidden, blackbox state space, to which a user only has limited access via specified (observer or mutator) operations, are coalgebras of various kinds. Such coalgebraic systems are common in computer science. And "coinduction" is the appropriate te...
A Linear Logical Framework
, 1996
"... We present the linear type theory LLF as the forAppeared in the proceedings of the Eleventh Annual IEEE Symposium on Logic in Computer Science  LICS'96 (E. Clarke editor), pp. 264275, New Brunswick, NJ, July 2730 1996. mal basis for a conservative extension of the LF logical framework. ..."
Abstract

Cited by 234 (48 self)
 Add to MetaCart
We present the linear type theory LLF as the forAppeared in the proceedings of the Eleventh Annual IEEE Symposium on Logic in Computer Science  LICS'96 (E. Clarke editor), pp. 264275, New Brunswick, NJ, July 2730 1996. mal basis for a conservative extension of the LF logical framework. LLF combines the expressive power of dependent types with linear logic to permit the natural and concise representation of a whole new class of deductive systems, namely those dealing with state. As an example we encode a version of MiniML with references including its type system, its operational semantics, and a proof of type preservation. Another example is the encoding of a sequent calculus for classical linear logic and its cut elimination theorem. LLF can also be given an operational interpretation as a logic programming language under which the representations above can be used for type inference, evaluation and cutelimination. 1 Introduction A logical framework is a formal system desig...
Typedirected partial evaluation
 Proceedings of the TwentyThird Annual ACM Symposium on Principles of Programming Languages
, 1996
"... Abstract. Typedirected partial evaluation stems from the residualization of arbitrary static values in dynamic contexts, given their type. Its algorithm coincides with the one for coercing asubtype value into a supertype value, which itself coincides with the one of normalization in thecalculus. T ..."
Abstract

Cited by 219 (38 self)
 Add to MetaCart
(Show Context)
Abstract. Typedirected partial evaluation stems from the residualization of arbitrary static values in dynamic contexts, given their type. Its algorithm coincides with the one for coercing asubtype value into a supertype value, which itself coincides with the one of normalization in thecalculus. Typedirected partial evaluation is thus used to specialize compiled, closed programs, given their type. Since Similix, letinsertion is a cornerstone of partial evaluators for callbyvalue procedural programs with computational e ects. It prevents the duplication of residual computations, and more generally maintains the order of dynamic side e ects in residual programs. This article describes the extension of typedirected partial evaluation to insert residual let expressions. This extension requires the userto annotate arrowtypes with e ect information. It is achieved by delimiting and abstracting control, comparably to continuationbased specialization in direct style. It enables typedirected partial evaluation of e ectful programs (e.g.,ade nitional lambdainterpreter for an imperative language) that are in direct style. The residual programs are in Anormal form. 1
ParameterPassing and the Lambda Calculus
, 1991
"... The choice of a parameterpassing technique is an important decision in the design of a highlevel programming language. To clarify some of the semantic aspects of the decision, we develop, analyze, and compare modifications of the calculus for the most common parameterpassing techniques, i.e., ca ..."
Abstract

Cited by 214 (23 self)
 Add to MetaCart
(Show Context)
The choice of a parameterpassing technique is an important decision in the design of a highlevel programming language. To clarify some of the semantic aspects of the decision, we develop, analyze, and compare modifications of the calculus for the most common parameterpassing techniques, i.e., callbyvalue and callbyname combined with passbyworth and passby reference, respectively. More specifically, for each parameterpassing technique we provide 1. a program rewriting semantics for a language with sideeffects and firstclass procedures based on the respective parameterpassing technique; 2. an equational theory that is derived from the rewriting semantics in a uniform manner; 3. a formal analysis of the correspondence between the calculus and the semantics; and 4. a strong normalization theorem for the imperative fragment of the theory (when applicable). A comparison of the various systems reveals that Algol's callbyname indeed satisfies the wellknown fi rule of the orig...