Syntactic Type Soundness Results for the Region Calculus

The region calculus of Tofte and Talpin is a polymorphically typed lambda calculus with annotations that make memory allocation and deallocation explicit. It is intended as an intermediate language for implementing Hindley-Milner typed functional languages such as ML without traditional trace-based garbage collection. Static region and effect inference can be used to annotate a statically typed ML program with memory management primitives. Soundness of the calculus with respect to the region and effect system is crucial to guarantee safe deallocation of regions, i.e., deallocation should only take place for objects which are provably dead. The original soundness proof by Tofte and Talpin requires a complex co-inductive safety relation. In this paper, we present two small-step operational semantics for the region calculus and prove their type soundness with respect to the region and effect system. Following the standard syntactic approach of Wright, Felleisen, and Harper, we obtain simple inductive proofs. The first semantics is store-less. It is simple and elegant and gives rise to perspicuous proofs. The second semantics provides a store-based model for the region calculus. Albeit slightly more complicated, its additional expressiveness allows us to model operations on references with destructive update. A pure fragment of both small-step semantics is then proven equivalent to the original big-step operational approach of Tofte and Talpin. This leads to an alternative soundness proof for their evaluation-style formulation.     

A Polymorphic Environment Calculus and its Type-Inference Algorithm

The polymorphic environment calculus is a polymorphic lambda calculus which enables us to treat environments as first-class citizens. In the calculus, environments are formalized as explicit substitutions, and the substitutions are included in the set of terms of the calculus. First, we introduce an untyped environment calculus, and we present a semantics of the calculus as a translation into the lambda calculus. Second, we propose a polymorphic type system for the environment calculus based on Damas-Milner's ML-polymorphic type system. In ML, polymorphism is allowed only in let-expressions; in the polymorphic environment calculus, polymorphism is provided with environment compositions. We prove a subject-reduction theorem for the type system. Third, a type-inference algorithm is given to the polymorphic environment calculus, and we establish its soundness, termination, and principal-typing theorem.     

Two-level languages for program optimization

Two-level languages incorporate binding time information inside types, that is, whether a piece of code is completely known at compile-time, or needs some more inputs and can be evaluated only at run-time. We consider the use of 2-level languages in the framework of partial evaluation, and use a 2-level version of the simply typed lambda calculus with recursion. We give an operational semantics, an equational theory and a denotational semantics, that give an account of the distinction between compilation and execution phases. An adequacy theorem is given to relate the two semantics, showing in particular how they agree on non-termination at compile time. We finally give a more refined model using functor categories.     

Action Language verifier: an infinite-state model checker for reactive software specifications

Action Language is a specification language for reactive software systems. In this paper, we present the syntax and the semantics of the Action Language and we also present an infinite-state symbolic model checker called Action Language Verifier (ALV) that verifies (or falsifies) CTL properties of Action Language specifications. ALV is built on top of the Composite Symbolic Library, which is a symbolic manipulator that combines multiple symbolic representations. ALV is a polymorphic model checker that can use different combinations of the symbolic representations implemented in the Composite Symbolic Library. We describe the heuristics implemented in ALV for computing fixpoints using the composite symbolic representation. Since Action Language specifications allow declaration of unbounded integer variables and parameterized integer constants, verification of Action Language specifications is undecidable. ALV uses several heuristics to conservatively approximate the fixpoint computations. ALV also implements an automated abstraction technique that enables parameterized verification of a concurrent system with an arbitrary number of identical processes.     

Design and development of EASEL: a portable UIMS tool

EASEL is a layout and graphical editor which allows users to describe graphically the appearance of objects which are to be manipulated at run-time by the UIMS and the application. Objects may have multiple representations and users may manipulate and change these representations using the EASEL system. Different graphical user interfaces can be easily generated and evaluated at run-time with no need for recompilation. This paper describes the design and development of the EASEL system.     

Language-Theoretic and Finite Relation Models for the (Full) Lambek Calculus

We prove completeness for some language-theoretic models of the full Lambek calculus and its various fragments. First we consider syntactic concepts and syntactic concepts over regular languages, which provide a complete semantics for the full Lambek calculus \({\mathbf {FL}}_\perp \). We present a new semantics we call automata-theoretic, which combines languages and relations via closure operators which are based on automaton transitions. We establish the completeness of this semantics for the full Lambek calculus via an isomorphism theorem for the syntactic concepts lattice of a language and a construction for the universal automaton recognizing the same language. Finally, we use automata-theoretic semantics to prove completeness of relation models of binary relations and finite relation models for the Lambek calculus without and with empty antecedents (henceforth: \(\mathbf L \) and \(\mathbf L1 \)), thus solving a problem left open by Pentus (Ann Pure Appl Log 75:179–213, 1995).     

Inter-deriving semantic artifacts for object-oriented programming

We present a new abstract machine for Abadi and Cardelli's untyped non-imperative calculus of objects. This abstract machine mechanically corresponds to both the reduction semantics (i.e., small-step operational semantics) and the natural semantics (i.e., big-step operational semantics) specified in Abadi and Cardelli's monograph. To move closer to actual implementations, which use environments rather than actual substitutions, we then represent methods as closures and we present three new semantic artifacts for a version of Abadi and Cardelli's calculus with explicit substitutions: a reduction semantics, an environment-based abstract machine, and a natural semantics (i.e., an interpreter) with environments. These three new semantic artifacts mechanically correspond to each other, and the two abstract machines are bisimilar. Their significance lies in the fact that they have not been designed from scratch and then proved correct; instead, they have been inter-derived.To illustrate the inter-derivation and to make this article stand-alone, we also comprehensively treat the example of negational normalization over Boolean formulas, in appendix.     

Syntactic Calculus with Dependent Types

The aim of this study is to look at the the syntactic calculus of Bar-Hillel and Lambek, including semantic interpretation, from the point of view of constructive type theory. The syntactic calculus is given a formalization that makes it possible to implement it in a type-theoretical proof editor. Such an implementation combines formal syntax and formal semantics, and makes the type-theoretical tools of automatic and interactive reasoning available in grammar.In the formalization, the use of the dependent types of constructive type theory is essential. Dependent types are already needed in the semantics of ordinary Lambek calculus. But they also suggest some natural extensions of the calculus, which are applied to the treatment of morphosyntactic dependencies and to an analysis of selectional restrictions. Finally, directed dependent function types are introduced, corresponding to the types of constructive type theory.Two alternative formalizations are given: one using syntax trees, like Montague grammar, and one dispensing with them, like the theory called minimalistic by Morrill. The syntax tree approach is presented as the main alternative, because it makes it possible to embed the calculus in a more extensive Montague-style grammar.     

Alias types for “environment-aware” computations

In previous work with Bono we introduced a calculus for modelling “environment-aware” computations, that is computations that adapt their behavior according to the capabilities of the environment. The calculus is an imperative, object-based language (with extensible objects and primitives for discriminating the presence or absence of attributes of objects) equipped with a small-step operational semantics.In this paper we define a type and effect system for the calculus. The typing judgements specify, via constraints, the shape of environments which guarantees the correct execution of expressions and the typing rules track the effect of expression evaluation on the environment. The type and effect system is sound w.r.t. the operational semantics of the language.     

Linear-Time Self-Interpretation of the Pure Lambda Calculus

We show that linear-time self-interpretation of the pure untyped lambda calculus is possible, in the sense that interpretation has a constant overhead compared to direct execution under various execution models. The present paper shows this result for reduction to weak head normal form under call-by-name, call-by-value and call-by-need.We use a self-interpreter based on previous work on self-interpretation and partial evaluation of the pure untyped lambda calculus.We use operational semantics to define each reduction strategy. For each of these we show a simulation lemma that states that each inference step in the evaluation of a term by the operational semantics is simulated by a sequence of steps in evaluation of the self-interpreter applied to the term (using the same operational semantics).By assigning costs to the inference rules in the operational semantics, we can compare the cost of normal evaluation and self-interpretation. Three different cost-measures are used: number of beta-reductions, cost of a substitution-based implementation (similar to graph reduction) and cost of an environment-based implementation.For call-by-need we use a non-deterministic semantics, which simplifies the proof considerably.     

Subtyping for session types in the pi calculus

Extending the pi calculus with the session types proposed by Honda et al. allows high-level specifications of structured patterns of communication, such as client-server protocols, to be expressed as types and verified by static typechecking. We define a notion of subtyping for session types, which allows protocol specifications to be extended in order to describe richer behaviour; for example, an implemented server can be refined without invalidating type-correctness of an overall system. We formalize the syntax, operational semantics and typing rules of an extended pi calculus, prove that typability guarantees absence of run-time communication errors, and show that the typing rules can be transformed into a practical typechecking algorithm. Malcolm Hole died on 28th February 2004, a few weeks after the original submission of this paper.     

Finite Integer Computations: An Algebraic Foundation for Their Correctness

Even though computations on finite integer representations are as old as computers themselves, there is one problem that has been inexcusably neglected: integer computations in programming languages do not operate on the ring of integer numbers but only on finite subsets of it. Changing the size of integer representations may change the results of operations performed on them in unexpected ways. In particular, increasing the representation size of intermediate results during computation may lead to incorrect final results. In this paper, we develop an algebraic foundation for integer arithmetic under changing representation sizes and, in particular, a criterion for safely replacing one finite integer arithmetic by another. This safety criterion has also been verified in the theorem prover Isabelle/HOL. Based on this formal development, we not only reveal and explain an inconsistency in the Java Card integer arithmetic but also propose an optimization for Java Card integer expressions and their safe transformation into Java Card bytecode. We also discuss the application of this safety criterion to constant folding, a standard compiler optimization, for Java and C compilers. Received August 2004 Revised January 2006 Accepted February 2006 by C. B. Jones     

Safe locking for multi-threaded Java with exceptions

There are many mechanisms for concurrency control in high-level programming languages. In Java, the original mechanism for concurrency control, based on synchronized blocks, is lexically scoped. For more flexible control, Java 5 introduced non-lexical lock primitives on re-entrant locks.These operators may lead to run-time errors and unwanted behavior; e.g., taking a lock without releasing it, which could lead to a deadlock, or trying to release a lock without owning it. This paper develops a static type and effect system to prevent the mentioned lock errors for a formal, object-oriented calculus which supports non-lexical lock handling and exceptions.Based on an operational semantics, we prove soundness of the effect type analysis. Challenges in the design of the effect type system are dynamic creation of threads, objects, and especially of locks, aliasing of lock references, passing of lock references between threads, and reentrant locks as found in Java. Furthermore, the exception handling mechanism complicates the control-flow and thus the analysis.     

A concurrent lambda calculus with futures

We introduce a new lambda calculus with futures, λ(fut)$\lambda (\mathsf{fut})$, that models the operational semantics of concurrent statically typed functional programming languages with mixed eager and lazy threads such as Alice ML, a concurrent extension of Standard ML. λ(fut)$\lambda (\mathsf{fut})$ is a minimalist extension of the call-by-value λ$\lambda$-calculus that is sufficiently expressive to define and combine a variety of standard concurrency abstractions, such as channels, semaphores, and ports. Despite its minimality, the basic machinery of λ(fut)$\lambda (\mathsf{fut})$ is sufficiently powerful to support explicit recursion and call-by-need evaluation.     

A pattern-based object calculus

Several object-oriented database management systems have been implemented without an accompanying theoretical foundation for constraint, query specification, and processing. The pattern-based object calculus presented in this article provides such a theoretical foundation for describing and processing objectoriented databases. We view an object-oriented database as a network of interrelated classes (i.e., the intension) and a collection of time-varying object association patterns (i.e., the extension). The object calculus is based on first-order logic. It provides the formalism for interpreting precisely and uniformly the semantics of queries and integrity constraints in object-oriented databases. The power of the object calculus is shown in four aspects. First, associations among objects are expressed explicitly in an object-oriented database. Second, the nonassociation operator is included in the object calculus. Third, set-oriented operations can be performed on both homogeneous and heterogeneous object association patterns. Fourth, our approach does not assume a specific form of database schema. A proposed formalism is also applied to the design of high-level object-oriented query and constraint languages.     

A strict functional language with cyclic recursive data

The paper proposes a strict functional language to program with cyclic recursive data structures. In the language, each recursive datum is represented by a system of equations. Cyclic structures are naturally expressed by this representation, and the language provides a general mechanism that transforms several such systems of equations into a single new system of equations. An operational semantics and a polymorphic type system for the language are given, and a type soundness proof is sketched. Finally, it is also shown that the language can be implemented in a data-parallel fashion.     

OCL 1.4/5 vs. 2.0 Expressions Formal semantics and expressiveness

A type inference system and a big-step operational semantics for expressions of the Object Constraint Language (OCL), the declarative and navigational constraint language for the Unified Modeling Language (UML), are provided; the account is mainly based on OCL 1.4/5, but also includes the main features of OCL 2.0. The formal systems are parameterised in terms of UML static structures and UML object models, which are treated abstractly. It is proved that the operational semantics satisfies a subject reduction property with respect to the type inference system. Proceeding from the operational semantics and providing a denotational semantics, pure OCL 2.0 expressions are shown to exactly represent the primitive recursive functions, whereas pure OCL 1.4/5 expressions are Turing complete.     

Generic programming in 3D

Support for generic programming consists of three essential ingredients: support for overloaded functions, a run-time type representation, and a generic view on data. Different approaches to datatype-generic programming occupy different points in this design space. In this article, we revisit the “Scrap your boilerplate” approach and identify its location within the three-dimensional design space. The characteristic features of “Scrap your boilerplate” are its two generic views, the ‘spine’ view for consuming and transforming data, and the ‘type-spine’ view for producing data. We show how to combine these views with different overloading mechanisms and type representations.     

基于多元Pi演算的Web服务形式化描述模型及其验证*

Web服务组合在运行时多发生由于类型不匹配而产生的错误,为了有效地避免这种错误,在多元Pi-演算的基础上提出了Web服务形式化描述模型。通过基本类型定义、语法定义和判定规则说明单个Web服务的类型良好性,通过操作语义说明Web服务发生组合时的类型良好性;给出Web服务可替换性定义,并在此定义基础上说明如何进行Web服务组合的功能验证。提出的类型化Web服务形式化描述模型,准确说明了Web服务组合运行时的类型良好性,以及Web服务组合的功能验证方法。最后通过例子说明,提出的定义和判断方法的有效性。