{"title":"Embedding a logical theory of constructions in Agda","authors":"Ana Bove, P. Dybjer, Andrés Sicard-Ramírez","doi":"10.1145/1481848.1481857","DOIUrl":"https://doi.org/10.1145/1481848.1481857","url":null,"abstract":"We propose a new way to reason about general recursive functional programs in the dependently typed programming language Agda, which is based on Martin-Löf's intuitionistic type theory. We show how to embed an external programming logic, Aczel's Logical Theory of Constructions (LTC) inside Agda. To this end we postulate the existence of a domain of untyped functional programs and the conversion rules for these programs. Furthermore, we represent the inductive notions in LTC (intuitionistic predicate logic with equality, and totality predicates) as inductive notions in Agda. To illustrate our approach we specify an LTC-style logic for PCF, and show how to prove the termination and correctness of a general recursive algorithm for computing the greatest common divisor of two numbers.","PeriodicalId":153056,"journal":{"name":"Programming Languages meets Program Verification","volume":"462 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-01-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125815788","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Aaron Stump, Morgan Deters, Adam Petcher, Todd W. Schiller, T. Simpson
{"title":"Verified programming in Guru","authors":"Aaron Stump, Morgan Deters, Adam Petcher, Todd W. Schiller, T. Simpson","doi":"10.1145/1481848.1481856","DOIUrl":"https://doi.org/10.1145/1481848.1481856","url":null,"abstract":"Operational Type Theory (OpTT) is a type theory allowing possibly diverging programs while retaining decidability of type checking and a consistent logic. This is done by distinguishing proofs and (program) terms, as well as formulas and types. The theory features propositional equality on type-free terms, which facilitates reasoning about dependently typed programs. OpTT has been implemented in the Guru verified programming language, which includes a type- and proof-checker, and a compiler to efficient C code. In addition to the core OpTT, Guru implements a number of extensions, including ones for verification of programs using mutable state and input/output. This paper gives an introduction to verified programming in Guru.","PeriodicalId":153056,"journal":{"name":"Programming Languages meets Program Verification","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-01-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124614513","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Positively dependent types","authors":"Daniel R. Licata, R. Harper","doi":"10.1145/1481848.1481851","DOIUrl":"https://doi.org/10.1145/1481848.1481851","url":null,"abstract":"This paper is part of a line of work on using the logical techniques of polarity and focusing to design a dependent programming language, with particular emphasis on programming with deductive systems such as programming languages and proof theories. Polarity emphasizes the distinction between positive types, which classify data, and negative types, which classify computation. In previous work, we showed how to use Zeilberger's higher-order formulation of focusing to integrate a positive function space for representing variable binding, an essential tool for specifying logical systems, with a standard negative computational function space. However, our previous work considers only a simply-typed language. The central technical contribution of the present paper is to extend higher-order focusing with a form of dependency that we call positively dependent types: We allow dependency on positive data, but not negative computation. Additionally, we present the syntax of dependent pair and function types using an iterated inductive definition, mapping positive data to types, which gives an account of type-level computation. We construct our language inside the dependently typed programming language Agda 2, making essential use of coinductive types and induction-recursion.","PeriodicalId":153056,"journal":{"name":"Programming Languages meets Program Verification","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-01-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122389260","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
T. Schrijvers, Louis-Julien Guillemette, Stefan Monnier
{"title":"Type invariants for Haskell","authors":"T. Schrijvers, Louis-Julien Guillemette, Stefan Monnier","doi":"10.1145/1481848.1481855","DOIUrl":"https://doi.org/10.1145/1481848.1481855","url":null,"abstract":"Multi-parameter type classes, functional dependencies, and recently GADTs and open type families open up opportunities to use complex type-level programming to let GHC's type checker verify various properties of your programs. But type-level code is special in that its correctness is crucial to the safety of the program; so except in those cases simple enough for the type checker to see trivially that the code is correct (or harmless), type-level programs need to come with a specification of their properties together with their proof.\u0000 In this article, we propose an extension to Haskell that allows the specification of invariants for type classes and open type families, together with accompanying evidence that those invariants hold. To accommodate the open nature of type classes and type families, the evidence itself needs to be open and every subcase of the proof can be provided independently from the others.","PeriodicalId":153056,"journal":{"name":"Programming Languages meets Program Verification","volume":"102 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-01-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115568456","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Language-agnostic specification and verification: invited talk","authors":"Manuel Fähndrich","doi":"10.1145/1481848.1481849","DOIUrl":"https://doi.org/10.1145/1481848.1481849","url":null,"abstract":"Over the last few years we have been working on bringing simple and pragmatic program specification and verification to programming languages targeting the Microsoft .NET platform. In this talk I will discuss the motivation and trade-offs influencing our design.\u0000 The specifications and static verification are targeted at the general developer, not the verification enthusiast. It is thus important to us to use a single form of specifications that meets three simultaneous goals:\u0000 1. Specifications serve as documentation. They must be as readable as possible.\u0000 2. Specifications should be executable. This motivates writing specifications for testing and immediate perceived benefit, without consideration of static verification.\u0000 3. Finally, specifications should be usable in static verification.\u0000 Our specification approach is language-agnostic in that we use idiomatic code written in the developer's source language to express pre-conditions and post-conditions. Preconditions and postconditions are expressed as calls to the static methods. Special dummy methods are used to refer to the method result value as well as referring to the old value of an expression, meaning the value of the expression on method entry.","PeriodicalId":153056,"journal":{"name":"Programming Languages meets Program Verification","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-01-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131243803","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Refinement types and computational duality","authors":"N. Zeilberger","doi":"10.1145/1481848.1481852","DOIUrl":"https://doi.org/10.1145/1481848.1481852","url":null,"abstract":"One lesson learned painfully over the past twenty years is the perilous interaction of Curry-style typing with evaluation order and side-effects. This led eventually to the value restriction on polymorphism in ML, as well as, more recently, to similar artifacts in type systems for ML with intersection and union refinement types. For example, some of the traditional subtyping laws for unions and intersections are unsound in the presence of effects, while union-elimination requires an evaluation context restriction in addition to the value restriction on intersection-introduction.\u0000 Our aim is to show that rather than being ad hoc artifacts, phenomena such as the value and evaluation context restrictions arise naturally in type systems for effectful languages, out of principles of duality. Beginning with a review of recent work on the Curry-Howard interpretation of focusing proofs as pattern-matching programs, we explain how to interpret intersection and union refinements on these programs, and how to logically derive the subtyping relationship via an identity coercion interpretation. The value restriction, etc., emerge out of this analysis. However, this abstract account does not immediately yield a decidable type system, essentially because the syntax is infinitary--both \"infinitely wide\" and \"infinitely deep\". We show how to mechanically construct a finitary syntax by applying two well-known PL techniques--pattern-compilation and defunctionalization--and conclude by giving this finitary syntax an algorithmic refinement type system. Parallel to the text, we describe an embedding in the dependently-typed functional language Agda, both for the sake of clarifying these ideas, and also because formalization was an important guide in developing them. As one example, the Agda encoding split very naturally into an intrinsic (\"Church\") view of well-typed programs, and an extrinsic (\"Curry\") view of refinement typing for those programs.","PeriodicalId":153056,"journal":{"name":"Programming Languages meets Program Verification","volume":"2012 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-01-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128070666","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Compositional reasoning and decidable checking for dependent contract types","authors":"Kenneth Knowles, C. Flanagan","doi":"10.1145/1481848.1481853","DOIUrl":"https://doi.org/10.1145/1481848.1481853","url":null,"abstract":"Simple type systems perform compositional reasoning in that the type of a term depends only on the types of its subterms, and not on their semantics. Contracts offer more expressive abstractions, but static contract checking systems typically violate those abstractions and base their reasoning directly upon the semantics of terms. Pragmatically, this noncompositionality makes the decidability of static checking unpredictable.\u0000 We first show how compositional reasoning may be restored using standard type-theoretic techniques, namely existential types and subtyping. Despite its compositional nature, our type system is exact, in that the type of a term can completely capture its semantics, hence demonstrating that precision and compositionality are compatible. We then address predictability of static checking for contract types by giving a type-checking algorithm for an important class of programs with contract predicates drawn from a decidable theory. Our algorithm relies crucially on the fact that the type of a term depends only the types of its subterms (which fall into the decidable theory) and not their semantics (which will not, in general).","PeriodicalId":153056,"journal":{"name":"Programming Languages meets Program Verification","volume":"115 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-01-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128116678","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Challenge proposal: verification of refactorings","authors":"Max Schäfer, Torbjörn Ekman, O. Moor","doi":"10.1145/1481848.1481859","DOIUrl":"https://doi.org/10.1145/1481848.1481859","url":null,"abstract":"Automated refactoring tools are an essential part of a software developer's toolbox. They are most useful for gradually improving large existing code bases and it is essential that they work reliably, since even a simple refactoring may affect many different parts of a program, and the programmer should not have to inspect every individual change to ensure that the transformation went as expected. Even extensively tested industrial-strength refactoring engines, however, are fraught with many bugs that lead to incorrect, non-behaviour preserving transformations. We argue that software refactoring tools are a prime candidate for mechanical verification, offering significant challenges but also the prospect of tangible benefits for real-world software development.","PeriodicalId":153056,"journal":{"name":"Programming Languages meets Program Verification","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-01-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121771384","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"The swiss coercion","authors":"Stefan Monnier","doi":"10.1145/1292597.1292604","DOIUrl":"https://doi.org/10.1145/1292597.1292604","url":null,"abstract":"Recent type systems allow the programmer to use types that describe more precisely the invariants on which the program relies. But in order to satisfy the type system, it often becomes necessary to help the type checker with extra annotations that justify why a piece of code is indeed well-formed. Such annotations take the form of term-level type manipulations, such as type abstractions, type applications, existential package packing and opening, as well as coercions, or casts. While those operations have no direct runtime cost, they tend to introduce extra runtime operations equivalent to n-redexes or even empty loops in order to get to the point where we can apply that supposedly free operation. We show a coercion that is like a pacific Swiss army knife of coercions: it cannot cut but it can instantiate, open, pack, abstract, analyze, or do any combination thereof, reducing the need for extra surrounding runtime operations. And all that, of course, for the price of a single coercion, which still costs absolutely nothing at runtime. This new coercion is derived from Karl Crary's coercion calculus [Crary, 2000], but can also replace Crary and Weirich's vcase [Crary and Weirich, 1999]. It additionally happens to come in handy to work around some limitations of value polymorphism. It is presented in the context of Shao et al.'s Type System for Certified Binaries [Shao et al., 2002]. Other than the coercion itself, another interesting aspect of this work is a slightly unusual proof technique to show soundness of the type erasure using a pure type assignment language, making the no-op nature of our cast more obvious.","PeriodicalId":153056,"journal":{"name":"Programming Languages meets Program Verification","volume":"88 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-10-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115647264","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
