Type soundness proofs with definitional interpreters

Amin, Nada; Rompf, Tiark

doi:10.1145/3093333.3009866

Cited by 25 publications

(23 citation statements)

References 54 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Several aspects of the formalization are standard: intrinsically typed abstract syntax with de Bruijn indexing [Benton et al 2012;Poulsen et al 2018;Wadler 2018], type-indexed values, and gas-driven evaluation [Amin and Rompf 2017;Owens et al 2016; Siek 2013]. In addition, we address the following key challenges.…”

Section: Challenges Of the Formalizationmentioning

confidence: 99%

“…The use of indexing to tame potential nontermination can be traced back to Appel and McAllester [2001]. It has been rejuvenated in the context of big-step semantics by Siek [2013] and Owens et al [2016], in proving type soundness with definitional interpreters [Amin and Rompf 2017], and in definitional interpretation for imperative languages [Poulsen et al 2018]. As these interpreters are universally quantified over gas, the respective properties hold for all terminating and nonterminating computations.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Intrinsically-Typed Mechanized Semantics for Session Types

Thiemann

2019

Proceedings of the 21st International Symposium on Principles and Practice of Declarative Programming

View full text Add to dashboard Cite

Session types have emerged as a powerful paradigm for structuring communication-based programs. They guarantee type soundness and session fidelity for concurrent programs with sophisticated communication protocols. As type soundness proofs for languages with session types are tedious and technically involved, it is rare to see mechanized soundness proofs for these systems.We present an executable intrinsically typed small-step semantics for a realistic functional session type calculus. The calculus includes linearity, recursion, and recursive sessions with subtyping. Asynchronous communication is modeled with an encoding.The semantics is implemented in Agda as an intrinsically typed, interruptible CEK machine. This implementation proves type preservation and a particular notion of progress by construction. CCS CONCEPTS• Software and its engineering → Concurrent programming structures; Semantics; • Theory of computation → Process calculi.

show abstract

Section: Challenges Of the Formalizationmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Intrinsically-Typed Mechanized Semantics for Session Types

Thiemann

2019

Proceedings of the 21st International Symposium on Principles and Practice of Declarative Programming

View full text Add to dashboard Cite

show abstract

“…We will say that the evaluation of e occurred "at step n", or simply "at n" following the intuition that n is a Kripke world. Another intuition is that this judgment describes an interpreter receiving a certain amount n of "fuel" which controls how many times recursive definitions have to be unrolled [1].…”

Section: Operational Semanticsmentioning

confidence: 99%

A Generalized Modality for Recursion

Guatto

2018

Proceedings of the 33rd Annual ACM/IEEE Symposium on Logic in Computer Science

View full text Add to dashboard Cite

Nakano's later modality allows types to express that the output of a function does not immediately depend on its input, and thus that computing its fixpoint is safe. This idea, guarded recursion, has proved useful in various contexts, from functional programming with infinite data structures to formulations of step-indexing internal to type theory. Categorical models have revealed that the later modality corresponds in essence to a simple reindexing of the discrete time scale.Unfortunately, existing guarded type theories suffer from significant limitations for programming purposes. These limitations stem from the fact that the later modality is not expressive enough to capture precise input-output dependencies of functions. As a consequence, guarded type theories reject many productive definitions.Combining insights from guarded type theories and synchronous programming languages, we propose a new modality for guarded recursion. This modality can apply any well-behaved reindexing of the time scale to a type. We call such reindexings time warps. Several modalities from the literature, including later, correspond to fixed time warps, and thus arise as special cases of ours.

show abstract

“…We could then reason about the partial correctness of a program declared in this effect or to prove its termination after its definition. Going back to the while interpreter from §5.1, we could forget about the decreasing metric and use either Bove and Capretta's 2005 termination witnesses or step-indexing as in §3.3 (Amin and Rompf 2017;Owens et al 2016), proving, for example, noninterference of reachable states of an interactive non-terminating program. Observational purity Another desirable feature would be to hide the effect of a term if it is proven observationally pure, e.g., in §6.1 this would provide the ability to replace the original pure code by its equivalent memoized variant.…”

Section: Future Workmentioning

confidence: 99%

A monadic framework for relational verification: applied to information security, program equivalence, and optimizations

Grimm

Maillard

Fournet

et al. 2018

Proceedings of the 7th ACM SIGPLAN International Conference on Certified Programs and Proofs

View full text Add to dashboard Cite

Relational properties describe multiple runs of one or more programs. They characterize many useful notions of security, program refinement, and equivalence for programs with diverse computational effects, and they have received much attention in the recent literature. Rather than developing separate tools for special classes of effects and relational properties, we advocate using a general purpose proof assistant as a unifying framework for the relational verification of effectful programs. The essence of our approach is to model effectful computations using monads and to prove relational properties on their monadic representations, making the most of existing support for reasoning about pure programs.We apply this method in F ⋆ and evaluate it by encoding a variety of relational program analyses, including information flow control, semantic declassification, program equivalence and refinement at higher order, correctness of program optimizations and game-based cryptographic security. By relying on SMT-based automation, unary weakest preconditions, user-defined effects, and monadic reification, we show that, compared to unary properties, verifying relational properties requires little additional effort from the F ⋆ programmer.

show abstract

Type soundness proofs with definitional interpreters

Cited by 25 publications

References 54 publications

Intrinsically-Typed Mechanized Semantics for Session Types

Intrinsically-Typed Mechanized Semantics for Session Types

A Generalized Modality for Recursion

A monadic framework for relational verification: applied to information security, program equivalence, and optimizations

Contact Info

Product

Resources

About