First steps in synthetic guarded domain theory: step-indexing in the topos of trees

Birkedal, Lars; Møgelberg, Rasmus Ejlers; Schwinghammer, Jan; Støvring, Kristian

doi:10.2168/lmcs-8(4:1)2012

Cited by 57 publications

(42 citation statements)

References 33 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It is likely that we will need to implement complex set reasoning heuristics in JSIL Verify. Higher-order reasoning is known to be difficult for separation logic, involving the topos of trees of Birkedal et al [2012]. Our current plan is to encode JSIL Logic in Iris [Jung et al 2015], obtaining soundness for free.…”

Section: :4mentioning

confidence: 99%

JaVerT: JavaScript verification toolchain

Santos

Maksimovic

Naudžiūnienė

et al. 2017

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

The dynamic nature of JavaScript and its complex semantics make it a difficult target for logic-based verification. We introduce JaVerT, a semi-automatic JavaScript Verification Toolchain, based on separation logic and aimed at the specialist developer wanting rich, mechanically verified specifications of critical JavaScript code. To specify JavaScript programs, we design abstractions that capture its key heap structures (for example, prototype chains and function closures), allowing the developer to write clear and succinct specifications with minimal knowledge of the JavaScript internals. To verify JavaScript programs, we develop JaVerT, a verification pipeline consisting of: JS-2-JSIL, a well-tested compiler from JavaScript to JSIL, an intermediate goto language capturing the fundamental dynamic features of JavaScript; JSIL Verify, a semi-automatic verification tool based on a sound JSIL separation logic; and verified axiomatic specifications of the JavaScript internal functions. Using JaVerT, we verify functional correctness properties of: data-structure libraries (key-value map, priority queue) written in an object-oriented style; operations on data structures such as binary search trees (BSTs) and lists; examples illustrating function closures; and test cases from the official ECMAScript test suite. The verification times suggest that reasoning about larger, more complex code using JaVerT is feasible. INTRODUCTIONSeparation logic was developed in order to reason about programs that manipulate data structures in the heap. The reasoning has been shown to be tractable, with compositional techniques that scale [Reynolds 2002] and properly engineered tools applied to real-world code. In particular, separation logic has been used to reason about programs written in static languages: for example, the semi-automatic verification tool Verifast [Jacobs et al. 2011] for reasoning about C and Java Authors' addresses: José Fragoso Santos, Imperial College London, UK, jose.fragoso.santos@imperial.ac.uk; Petar Maksimović, Imperial College London, UK, petar.maksimovic@imperial.ac.uk, Mathematical Institute SASA, Serbia; Daiva Naudžiūnienė, Imperial College London, UK, daiva.naudziuniene@imperial.ac.uk; Thomas Wood, Imperial College London, UK, thomas.wood@imperial.ac.uk; Philippa Gardner, Imperial College London, UK, p.gardner@imperial.ac.uk.Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the owner/author(s). 50:2 J. Fragoso Santos, P. Maksimović, D. Naudžiūnienė, T. Wood, P. Gardner programs; the automatic verification tool Infer [Calcagno et al. 2015], being developed at Facebook, for reasoning about C, Java, C++ and Objective C programs; and the interactive Coq development for reasoning about, f...

show abstract

Section: :4mentioning

confidence: 99%

JaVerT: JavaScript verification toolchain

Santos

Maksimovic

Naudžiūnienė

et al. 2017

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

show abstract

“…Birkedal et al [3] model guarded recursion by the topos of trees. The topos of trees is the category S = Set N op , where N is the category of the ordered set ( , ≤).…”

Section: Related Workmentioning

confidence: 99%

Categorical Semantics for Functional Reactive Programming with Temporal Recursion and Corecursion

Jeltsch¹

2014

Electron. Proc. Theor. Comput. Sci.

View full text Add to dashboard Cite

Functional reactive programming (FRP) makes it possible to express temporal aspects of computations in a declarative way. Recently we developed two kinds of categorical models of FRP: abstract process categories (APCs) and concrete process categories (CPCs). Furthermore we showed that APCs generalize CPCs. In this paper, we extend APCs with additional structure. This structure models recursion and corecursion operators that are related to time. We show that the resulting categorical models generalize those CPCs that impose an additional constraint on time scales. This constraint boils down to ruling out ω-supertasks, which are closely related to Zeno's paradox of Achilles and the tortoise. IntroductionFunctional reactive programming (FRP) makes it possible to express temporal aspects of computations in a declarative way. Traditional FRP is based on behaviors and events, which denote time-varying values and values attached to times, respectively. There is a Curry-Howard correspondence between traditional FRP and an intuitionistic temporal logic with "always" and "eventually" modalities [6,5]. Thereby the type constructor for behaviors corresponds to "always," and the type constructor for events corresponds to "eventually."Extending the temporal logic with "until" operators leads to an extended variant of FRP. Thereby proofs of "until" propositions correspond to a new class of FRP constructs, which we call processes. Processes in the FRP sense combine continuous and discrete aspects and generalize behaviors and events [7, Section 2]. We give an introduction to FRP with processes in Section 2.We have developed two kinds of models of FRP with processes, which can also be used to model temporal logic with "until:" Abstract process categories (APCs) [8] are defined purely axiomatically. They are an extension of temporal categories [6], which in turn build on categorical models of intuitionistic S4 [9, 2].Concrete process categories (CPCs) [7] are not defined in a purely axiomatic manner, but use concrete constructions to express time-dependence of type inhabitance and causality of FRP operations.Abstract process categories generalize concrete process categories. We describe APCs in Section 3 and CPCs in Section 5. The aim of this paper is to extend APCs and CPCs in order to model recursion and corecursion on processes. We make the following contributions:• In Section 4, we develop APCs with recursion and corecursion (R-APCs). R-APCs extend APCs with recursive comonad and completely iterative monad structures that model recursion and corecursion on processes. The extensions to APCs arise naturally as extensions of ideal comonad and ideal monad structures that APCs already contain.The FRP dialect described above corresponds to an intuitionistic temporal logic via a Curry-Howard isomorphism. Thereby time-dependent type inhabitance is related to time-dependent trueness of temporal propositions. The type constructors 0 and 1 correspond to the strong and weak "until" operators U and W from linear-time temporal logic (LTL), a...

show abstract

“…It is an interesting fact that all our derivations require no more than Assumption 2.1. For more on the connection with the setting of [9], see Proposition 2.6 below.…”

Section: Definition and Examples Of Guarded Fixpoint Operatorsmentioning

confidence: 99%

“…Birkedal et al [9] provide a general setting for topos-theoretic examples like (4) and (5) (the latter restricted to the case of Set-presheaves) by defining a notion of a model of guarded recursive terms and showing that sheaves over complete Heyting algebras with a well-founded basis proposed by [12] are instances of this notion. The difference between Definition 6.1 in [9] and our Definition 2.3 is that in the former a) the delay endofunctor is also assumed to preserve finite limits. On other hand b) our equality (2.1) is only postulated in the case when Y is the terminal object, i.e., only non-parametrized fixpoint identity is assumed but c) the dagger in this less general version of (2.1) is assumed to be unique.…”

Section: Definition and Examples Of Guarded Fixpoint Operatorsmentioning

confidence: 99%

“…For example, in the case of complete metric spaces can be an endofunctor scaling the metric of any given space by a fixed factor 0 < r < 1 so that non-expansive maps of type X → X are precisely contractive maps with a contraction factor of at most r. This allows to define a guarded (parametrized) fixpoint operator on all morphisms of type X × Y → X of the model. So far various models allowing the interpretation of a typed language including a guarded fixpoint operator have been studied: complete metric spaces, the "topos of trees", i.e., presheaves on ω op [9] or, more generally, sheaves on complete Heyting algebras with a well-founded basis [12,9]. This paper initiates the study of the essential properties of guarded fixpoint operators.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Guard Your Daggers and Traces: On The Equational Properties of Guarded (Co-)recursion

Milius¹,

Litak²

2013

Electron. Proc. Theor. Comput. Sci.

View full text Add to dashboard Cite

Motivated by the recent interest in models of guarded (co-)recursion we study its equational properties. We formulate axioms for guarded fixpoint operators generalizing the axioms of iteration theories of Bloom and Esik. Models of these axioms include both standard (e.g., cpo-based) models of iteration theories and models of guarded recursion such as complete metric spaces or the topos of trees studied by Birkedal et al. We show that the standard result on the satisfaction of all Conway axioms by a unique dagger operation generalizes to the guarded setting. We also introduce the notion of guarded trace operator on a category, and we prove that guarded trace and guarded fixpoint operators are in one-to-one correspondence. Our results are intended as first steps leading to the description of classifying theories for guarded recursion and hence completeness results involving our axioms of guarded fixpoint operators in future work

show abstract

First steps in synthetic guarded domain theory: step-indexing in the topos of trees

Cited by 57 publications

References 33 publications

JaVerT: JavaScript verification toolchain

JaVerT: JavaScript verification toolchain

Categorical Semantics for Functional Reactive Programming with Temporal Recursion and Corecursion

Guard Your Daggers and Traces: On The Equational Properties of Guarded (Co-)recursion

Contact Info

Product

Resources

About