A step-indexed Kripke model of hidden state

@article{Schwinghammer2012ASK,
  title={A step-indexed Kripke model of hidden state},
  author={Jan Schwinghammer and Lars Birkedal and François Pottier and Bernhard Reus and Kristian St{\o}vring and Hongseok Yang},
  journal={Mathematical Structures in Computer Science},
  year={2012},
  volume={23},
  pages={1 - 54}
}
Frame and anti-frame rules have been proposed as proof rules for modular reasoning about programs. Frame rules allow the hiding of irrelevant parts of the state during verification, whereas the anti-frame rule allows the hiding of local state from the context. We discuss the semantic foundations of frame and anti-frame rules, and present the first sound model for Charguéraud and Pottier's type and capability system including both of these rules. The model is a possible worlds model based on the… Expand
Syntactic soundness proof of a type-and-capability system with hidden state
TLDR
This paper presents a formal definition and machine-checked soundness proof for a very expressive type-and-capability system, that is, a low-level type system that keeps precise track of ownership and side effects, and offers evidence that this relatively simple-minded proof technique can scale up to systems of this complexity. Expand
The impact of higher-order state and control effects on local relational reasoning
TLDR
The first fully abstract logical relation for an ML-like language with recursive types, abstract types, general references and call/cc is defined, and it is shown how the proving power of this model can be enhanced under orthogonal restrictions to the expressive power of the language. Expand
The impact of higher-order state and control effects on local relational reasoning
TLDR
This paper defines the first fully abstract logical relation for an ML-like language with recursive types, abstract types, general references and call/cc, and shows how it can enhance the proving power of the possible-worlds model in correspondingly orthogonal ways. Expand
Specifying concurrent programs in separation logic: morphisms and simulations
TLDR
A novel notion of resource morphism is introduced, i.e. structure-preserving function on resources, and it is shown how to effectively integrate it into separation logic, using an associated notion of morphism-specific simulation. Expand
Semantic Foundations for F ?
  • 2016
F [23] is a verification system for ML programs developed collaboratively by Inria and Microsoft Research. ML types are extended with logical predicates that can conveniently express preciseExpand
Superficially substructural types
TLDR
A simple and flexible way of enabling any module in a program to create its own custom type of splittable resource, thus providing fine-grained control over how the module's private state is shared with its clients. Expand
The Formal Semantics and Evolution of the F ? Verification System October 11 , 2018
  • 2018
F [2, 3, 17, 34] is a general-purpose functional programming language with effects aimed at program verification. It puts together the automation of an SMT-backed deductive verification tool with theExpand
Evolution , Semantics , and Engineering of the F ? Verification System May 19 , 2019
  • 2019
F [2, 3, 18, 32] is a general-purpose functional programming language with effects aimed at program verification. It puts together the automation of an SMT-backed deductive verification tool with theExpand

References

SHOWING 1-10 OF 47 REFERENCES
A Step-Indexed Kripke Model of Hidden State via Recursive Properties on Recursively Defined Metric Spaces
TLDR
The first sound model for Chargueraud and Pottier's type and capability system including both frame and anti-frame rules is given, which enables reasoning about some well-bracketed as well as (locally) monotonic uses of local state. Expand
Nested Hoare Triples and Frame Rules for Higher-order Store
TLDR
This work investigates the compatibility of nested Hoare triples with several variations of higher-order frame rules, finding a particular combination of rules can be shown consistent by means of a Kripke model where worlds live in a recursively defined ultrametric space. Expand
Hiding Local State in Direct Style: A Higher-Order Anti-Frame Rule
  • F. Pottier
  • Computer Science
  • 2008 23rd Annual IEEE Symposium on Logic in Computer Science
  • 2008
TLDR
This work introduces a higher-order anti-frame rule, which permits hiding local state in direct style in the setting of a type system, equipped with linear capabilities, for an ML-like programming language, and proves type soundness via a syntactic argument. Expand
Syntactic soundness proof of a type-and-capability system with hidden state
TLDR
This paper presents a formal definition and machine-checked soundness proof for a very expressive type-and-capability system, that is, a low-level type system that keeps precise track of ownership and side effects, and offers evidence that this relatively simple-minded proof technique can scale up to systems of this complexity. Expand
Step-indexed kripke models over recursive worlds
TLDR
The semantics of Charguéraud and Pottier's type-and-capability system for an ML-like higher-order language is demonstrated and the method provides a high-level understanding of the essence of recent approaches based on step indexing. Expand
Abstract Predicates and Mutable ADTs in Hoare Type Theory
TLDR
This paper extends HTT with quantification over abstract predicates, thus embedding into HTT the Extended Calculus of Constructions, and demonstrates this power by sketching a number of abstract data types that demand ownership of mutable memory, including an idealized custom memory manager. Expand
An indexed model of recursive types for foundational proof-carrying code
TLDR
The proofs of foundational PCC explicitly define all required types and explicitly prove all the required properties of those types assuming only a fixed foundation of mathematics such as higher-order logic. Expand
The impact of higher-order state and control effects on local relational reasoning
TLDR
This paper defines the first fully abstract logical relation for an ML-like language with recursive types, abstract types, general references and call/cc, and shows how it can enhance the proving power of the possible-worlds model in correspondingly orthogonal ways. Expand
Functional translation of a calculus of capabilities
TLDR
A type system designed for a high-level calculus with higher-order functions, algebraic data structures, and references, and a translation of this imperative calculus into a pure calculus is exhibited, which offers deep insight about the inner workings and soundness of the type system. Expand
Possible World Semantics for General Storage in Call-By-Value
We describe a simple denotational semantics, using possible worlds, for a call-by-value language with ML-like storage facilities, allowing the storage of values of any type, and the generation of newExpand
...
1
2
3
4
5
...