Results 1  10
of
86
Types for Modules
, 1998
"... The programming language Standard ML is an amalgam of two, largely orthogonal, languages. The Core language expresses details of algorithms and data structures. The Modules language expresses the modular architecture of a software system. Both languages are statically typed, with their static and dy ..."
Abstract

Cited by 77 (13 self)
 Add to MetaCart
The programming language Standard ML is an amalgam of two, largely orthogonal, languages. The Core language expresses details of algorithms and data structures. The Modules language expresses the modular architecture of a software system. Both languages are statically typed, with their static and dynamic semantics specified by a formal definition.
The impact of higherorder state and control effects on local relational reasoning
, 2010
"... Reasoning about program equivalence is one of the oldest problems in semantics. In recent years, useful techniques have been developed, based on bisimulations and logical relations, for reasoning about equivalence in the setting of increasingly realistic languages—languages nearly as complex as ML o ..."
Abstract

Cited by 54 (17 self)
 Add to MetaCart
(Show Context)
Reasoning about program equivalence is one of the oldest problems in semantics. In recent years, useful techniques have been developed, based on bisimulations and logical relations, for reasoning about equivalence in the setting of increasingly realistic languages—languages nearly as complex as ML or Haskell. Much of the recent work in this direction has considered the interesting representation independence principles enabled by the use of local state, but it is also important to understand the principles that powerful features like higherorder state and control effects disable. This latter topic has been broached extensively within the framework of game semantics, resulting in what Abramsky dubbed the “semantic cube”: fully abstract gamesemantic characterizations of various axes in the design space of MLlike languages. But when it comes to reasoning about many actual examples, game semantics does not yet supply a useful technique for proving equivalences. In this paper, we marry the aspirations of the semantic cube to the powerful proof method of stepindexed Kripke logical relations. Building on recent work of Ahmed, Dreyer, and Rossberg, we define the first fully abstract logical relation for an MLlike language with recursive types, abstract types, general references and call/cc. We then show how, under orthogonal restrictions to the expressive power of our language—namely, the restriction to firstorder state and/or the removal of call/cc—we can enhance the proving power of our possibleworlds model in correspondingly orthogonal ways, and we demonstrate this proving power on a range of interesting examples. Central to our story is the use of state transition systems to model the way in which properties of local state evolve over time.
Biorthogonality, StepIndexing and Compiler Correctness
, 2009
"... We define logical relations between the denotational semantics of a simply typed functional language with recursion and the operational behaviour of lowlevel programs in a variant SECD machine. The relations, which are defined using biorthogonality and stepindexing, capture what it means for a piec ..."
Abstract

Cited by 35 (14 self)
 Add to MetaCart
(Show Context)
We define logical relations between the denotational semantics of a simply typed functional language with recursion and the operational behaviour of lowlevel programs in a variant SECD machine. The relations, which are defined using biorthogonality and stepindexing, capture what it means for a piece of lowlevel code to implement a mathematical, domaintheoretic function and are used to prove correctness of a simple compiler. The results have been formalized in the Coq proof assistant.
Stepindexed Kripke models over recursive worlds
 In Proc. of POPL
, 2011
"... Over the last decade, there has been extensive research on modelling challenging features in programming languages and program logics, such as higherorder store and storable resource invariants. A recent line of work has identified a common solution to some of these challenges: Kripke models over w ..."
Abstract

Cited by 29 (14 self)
 Add to MetaCart
(Show Context)
Over the last decade, there has been extensive research on modelling challenging features in programming languages and program logics, such as higherorder store and storable resource invariants. A recent line of work has identified a common solution to some of these challenges: Kripke models over worlds that are recursively defined in a category of metric spaces. In this paper, we broaden the scope of this technique from the original domaintheoretic setting to an elementary, operational one based on step indexing. The resulting method is widely applicable and leads to simple, succinct models of complicated language features, as we demonstrate in our semantics of Charguéraud and Pottier’s typeandcapability system for an MLlike higherorder language. Moreover, the method provides a highlevel understanding of the essence of recent approaches based on step indexing. 1.
Logical StepIndexed Logical Relations
"... We show how to reason about “stepindexed ” logical relations in an abstract way, avoiding the tedious, errorprone, and proofobscuring stepindex arithmetic that seems superficially to be an essential element of the method. Specifically, we define a logic LSLR, which is inspired by Plotkin and Aba ..."
Abstract

Cited by 26 (9 self)
 Add to MetaCart
(Show Context)
We show how to reason about “stepindexed ” logical relations in an abstract way, avoiding the tedious, errorprone, and proofobscuring stepindex arithmetic that seems superficially to be an essential element of the method. Specifically, we define a logic LSLR, which is inspired by Plotkin and Abadi’s logic for parametricity, but also supports recursively defined relations by means of the modal “later ” operator from Appel et al.’s “very modal model” paper. We encode in LSLR a logical relation for reasoning (in)equationally about programs in callbyvalue System F extended with recursive types. Using this logical relation, we derive a useful set of rules with which we can prove contextual (in)equivalences without mentioning step indices. 1
A Kripke Logical Relation Between ML and Assembly
"... There has recently been great progress in proving the correctness of compilers for increasingly realistic languages with increasingly realistic runtime systems. Most work on this problem has focused on proving the correctness of a particular compiler, leaving open the question of how to verify the c ..."
Abstract

Cited by 25 (9 self)
 Add to MetaCart
(Show Context)
There has recently been great progress in proving the correctness of compilers for increasingly realistic languages with increasingly realistic runtime systems. Most work on this problem has focused on proving the correctness of a particular compiler, leaving open the question of how to verify the correctness of assembly code that is handoptimized or linked together from the output of multiple compilers. This has led Benton and other researchers to propose more abstract, compositional notions of when a lowlevel program correctly realizes a highlevel one. However, the state of the art in socalled “compositional compiler correctness ” has only considered relatively simple highlevel and lowlevel languages. In this paper, we propose a novel, extensional, compilerindependent notion of equivalence between highlevel programs in an expressive, impure MLlike λcalculus and lowlevel programs in an (only slightly) idealized assembly language. We define this equivalence by means of a biorthogonal, stepindexed, Kripke logical relation, which enables us to reason quite flexibly about assembly code that uses local state in a different manner than the highlevel code it implements (e.g., selfmodifying code). In contrast to prior work, we factor our relation in a symmetric, languagegeneric fashion, which helps to simplify and clarify the formal presentation, and we also show how to account for the presence of a garbage collector. Our approach relies on recent developments in Kripke logical relations for MLlike languages, in particular the idea of possible worlds as state transition systems. 1.
Verification of information flow and access control policies with dependent types
, 2011
"... We present Relational Hoare Type Theory (RHTT), a novel language and verification system capable of expressing and verifying rich information flow and access control policies via dependent types. We show that a number of security policies which have been formalized separately in the literature can a ..."
Abstract

Cited by 22 (4 self)
 Add to MetaCart
(Show Context)
We present Relational Hoare Type Theory (RHTT), a novel language and verification system capable of expressing and verifying rich information flow and access control policies via dependent types. We show that a number of security policies which have been formalized separately in the literature can all be expressed in RHTT using only standard typetheoretic types, abstract predicates, and modules. Example security policies include conditional declassification, information erasure, and statedependent information flow and access control. RHTT can reason about such policies in the presence of dynamic memory allocation, deallocation, pointer aliasing and arithmetic. The system, theorems and examples have all been formalized in Coq.
Realizability semantics of parametric polymorphism, general references, and recursive types
, 2010
"... Abstract. We present a realizability model for a callbyvalue, higherorder programming language with parametric polymorphism, general firstclass references, and recursive types. The main novelty is a relational interpretation of open types (as needed for parametricity reasoning) that include gener ..."
Abstract

Cited by 21 (15 self)
 Add to MetaCart
(Show Context)
Abstract. We present a realizability model for a callbyvalue, higherorder programming language with parametric polymorphism, general firstclass references, and recursive types. The main novelty is a relational interpretation of open types (as needed for parametricity reasoning) that include general reference types. The interpretation uses a new approach to modeling references. The universe of semantic types consists of worldindexed families of logical relations over a universal predomain. In order to model general reference types, worlds are finite maps from locations to semantic types: this introduces a circularity between semantic types and worlds that precludes a direct definition of either. Our solution is to solve a recursive equation in an appropriate category of metric spaces. In effect, types are interpreted using a Kripke logical relation over a recursively defined set of worlds. We illustrate how the model can be used to prove simple equivalences between different implementations of imperative abstract data types. 1
A Relational Modal Logic for HigherOrder Stateful ADTs
"... The method of logical relations is a classic technique for proving the equivalence of higherorder programs that implement the same observable behavior but employ different internal data representations. Although it was originally studied for pure, strongly normalizing languages like System F, it ha ..."
Abstract

Cited by 21 (12 self)
 Add to MetaCart
(Show Context)
The method of logical relations is a classic technique for proving the equivalence of higherorder programs that implement the same observable behavior but employ different internal data representations. Although it was originally studied for pure, strongly normalizing languages like System F, it has been extended over the past two decades to reason about increasingly realistic languages. In particular, Appel and McAllester’s idea of stepindexing has been used recently to develop syntactic Kripke logical relations for MLlike languages that mix functional and imperative forms of data abstraction. However, while stepindexed models are powerful tools, reasoning with them directly is quite painful, as one is forced to engage in tedious stepindex arithmetic to derive even simple results. In this paper, we propose a logic LADR for equational reasoning about higherorder programs in the presence of existential type abstraction, general recursive types, and higherorder mutable state. LADR exhibits a novel synthesis of features from PlotkinAbadi logic, GödelLöb logic, S4 modal logic, and relational separation logic. Our model of LADR is based on Ahmed, Dreyer, and Rossberg’s stateoftheart stepindexed Kripke logical relation, which was designed to facilitate proofs of representation independence for “statedependent ” ADTs. LADR enables one to express such proofs at a much higher level, without counting steps or reasoning about the subtle, stepstratified construction of possible worlds.