The Type and Effect Discipline

The type and effect discipline is a new framework for reconstructing the principal type and the minimal effect of expressions in implicitly typed polymorphic functional languages that support imperative constructs. The type and effect discipline outperforms other polymorphic type systems. Just as types abstract collections of concrete values, effects denote imperative operations on regions. Regions abstract sets of possibly aliased memory locations. Effects are used to control type generalization in the presence of imperative constructs while regions delimit observable side-effects. The observable effects of an expression range over the regions that are free in its type environment and its type; effects related to local data structures can be discarded during type reconstruction. The type of an expression can be generalized with respect to the type variables that are not free in the type environment or in the observable effect. Introducing the type and effect discipline, we define both a dynamic and a static semantics for an ML-like language and prove that they are consistently related. We present a reconstruction algorithm that computes the principal type and the minimal observable effect of expressions. We prove its correctness with respect to the static semantics.     

Non-deterministic data types: models and implementations

Summary The model theoretic basis for (abstract) data types is generalized from algebras to multi-algebr as in order to cope with non-deterministic operations. A programming oriented definition and a model theoretic criterion (called simulation) for implementation of data types are given. To justify the criterion w.r.t. the definition, an abstract framework linking denotational semantics of programming languages and model theory of data types is set up. A set of constraints on a programming language semantics are derived which guarantee that simulation implies implementation. It is argued that any language supporting data abstraction does fulfill these constraints. As an example a simple but expressive language L is defined and it is formally proved that L does conform to these restrictions.     

Executable structural operational semantics in Maude

This paper describes in detail how to bridge the gap between theory and practice when implementing in Maude structural operational semantics described in rewriting logic, where transitions become rewrites and inference rules become conditional rewrite rules with rewrites in the conditions, as made possible by the new features in Maude 2. We validate this technique using it in several case studies: a functional language Fpl (evaluation and computation semantics), an imperative language WhileL (evaluation and computation semantics), Kahn’s functional language Mini-ML (evaluation or natural semantics), Milner’s CCS (with strong and weak transitions), and Full LOTOS (including ACT ONE data type specifications). In addition, on top of CCS we develop an implementation of the Hennessy–Milner modal logic for describing local capabilities of processes, and for LOTOS we build an entire tool where Full LOTOS specifications can be entered and executed (without user knowledge of the underlying implementation of the semantics). We also compare this method based on transitions as rewrites with another one based on transitions as judgements.     

Rule Formats for Timed Processes

Building on previous work (15,8), this paper describes two syntactic ways of defining ‘well-behaved’ operational semantics for timed processes. In both cases, the semantic rules are derived from abstract operational rules for behaviour comonads and thus ensure congruence results. The first of them, a light-weight attempt using schematic rules, is shown to be sound, i.e., to indeed induce abstract rules as introduced in [8]. Then a second format, based on a new and very general kind of abstract rules, comonadic SOS (CSOS), is presented which uses meta rules and is also complete, i.e., it characterises all possible CSOS rules for timed processes.     

Hybrid

Combining higher-order abstract syntax and (co)-induction in a logical framework is well known to be problematic. We describe the theory and the practice of a tool called Hybrid, within Isabelle/HOL and Coq, which aims to address many of these difficulties. It allows object logics to be represented using higher-order abstract syntax, and reasoned about using tactical theorem proving and principles of (co)induction. Moreover, it is definitional, which guarantees consistency within a classical type theory. The idea is to have a de Bruijn representation of λ-terms providing a definitional layer that allows the user to represent object languages using higher-order abstract syntax, while offering tools for reasoning about them at the higher level. In this paper we describe how to use Hybrid in a multi-level reasoning fashion, similar in spirit to other systems such as Twelf and Abella. By explicitly referencing provability in a middle layer called a specification logic, we solve the problem of reasoning by (co)induction in the presence of non-stratifiable hypothetical judgments, which allow very elegant and succinct specifications of object logic inference rules. We first demonstrate the method on a simple example, formally proving type soundness (subject reduction) for a fragment of a pure functional language, using a minimal intuitionistic logic as the specification logic. We then prove an analogous result for a continuation-machine presentation of the operational semantics of the same language, encoded this time in an ordered linear logic that serves as the specification layer. This example demonstrates the ease with which we can incorporate new specification logics, and also illustrates a significantly more complex object logic whose encoding is elegantly expressed using features of the new specification logic.     

Defining the abstract syntax of visual languages with advanced graph grammars—A case study based on behavior trees

Diagrammatic visual languages can increase the ability of engineers to model and understand complex systems. However, to effectively use visual models, the syntax and semantics of these languages should be defined precisely. Since most diagrammatic visual models that are currently used to specify systems can be described as (directed) typed graphs, graph grammars have been identified as a suitable formalism to describe the abstract syntax of visual modeling languages. In this article, we investigate how advanced graph-transformation techniques, such as conditional, structure-generic and type-generic graph-transformation rules, can help to improve and simplify the specification of the abstract syntax of a visual modeling language. To demonstrate the practicability of an approach that unifies these advanced graph-transformation techniques, we define the abstract syntax of behavior trees (BTs), a graphical specification language for functional requirements. Additionally, we provide a translational semantics of BTs by formalizing a translation scheme to the input language of the SAL model checking tool for each of the graph-transformation rules.     

Verifying BPEL-like programs with Hoare logic

The WS-BPEL language has recently become a de facto standard for modeling Web-based business processes. One of its essential features is the fully programmable compensation mechanism. To understand it better, many recent works have mainly focused on formal semantic models for WS-BPEL. In this paper, we make one step forward by investigating the verification problem for business processes written in BPEL-like languages. We propose a set of proof rules in Hoare-logic style as an axiomatic verification system for a BPEL-like core language containing key features such as data states, fault and compensation handling. We also propose a big-step operational semantics which incorporates all these key features. Our verification rules are proven sound with respect to this underlying semantics. The application of the verification rules is illustrated via the proof search process for a nontrivial example.     

Can LCF be topped? Flat lattice models of typed λ-calculus

Plotkin ((1977) Theoret. Comput. Sci. 5: 223–256) examines the denotational semantics of PCF (essentially typed λ-calculus with arithmetic and looping). The standard Scott semantics V is computationally adequate but not fully abstract; with the addition of some parallel facilities, it becomes fully abstract, and with the addition of an existential operator, denotationally universal. We consider carrying out the same program for , the Scott models built from flat lattices rather than flat cpo's. Surprisingly, no computable extension of PCF can be denotationally universal; perfectly reasonable semantic values such as supremum and Plotkin's “parallel or” cannot be definable. There is an unenlightening fully abstract extension _A (approx), based on Gödel numbering and syntactic analysis. Unfortunately, this is the best we can do; operators defined by PCF-style rules cannot give a fully abstract language. (There is a natural and desirable property, operational extensionality, which prevents full abstraction with respect to .) However, we show that Plotkin's program can be carried out for a nonconfluent evaluator.     

Testing for refinement in <Emphasis FontCategory="SansSerif" Type="Italic">Circus</Emphasis>

Circus combines constructs to define complex data operations and interactions; it integrates Z and CSP, and, distinctively, it is a language for refinement that can describe programs as well as specification and design models. The semantics is based on the unifying theories of programming (UTP). Most importantly, Circus is representative of a class of refinement-oriented languages that combines facilities to specify abstract data types in a model-based style and patterns of interaction. What we present here is the Circus testing theory; this work is relevant as a foundation for sound test-generation techniques for a plethora of state-rich reactive languages. To cater for data operations, we define symbolic tests and exhaustive test sets. They are the basis for test-generation techniques that can combine coverage criteria for data and transition models. The notion of correctness is Circus refinement, a UTP-based generalisation of failures-divergences refinement that considers data modelling. Proof of exhaustivity exploits the correspondence between the operational and denotational semantics.     

Towards a semantics-based information theory

We develop a formal framework to give computer programs an abstract interpretation as information transformers. Then the quantitative relation between input and output information is investigated. Our theory is based oninformation domains, a refinement of the classical domains used in denotational semantics, and on the theory of abstract interpretation of functional languages.     

Logical approximation for program analysis

The abstract interpretation of programs relates the exact semantics of a programming language to a finite approximation of those semantics. In this article, we describe an approach to abstract interpretation that is based in logic and logic programming. Our approach consists of faithfully representing a transition system within logic and then manipulating this initial specification to create a logical approximation of the original specification. The objective is to derive a logical approximation that can be interpreted as a terminating forward-chaining logic program; this ensures that the approximation is finite and that, furthermore, an appropriate logic programming interpreter can implement the derived approximation. We are particularly interested in the specification of the operational semantics of programming languages in ordered logic, a technique we call substructural operational semantics (SSOS). We show that manifestly sound control flow and alias analyses can be derived as logical approximations of the substructural operational semantics of relevant languages.     

Formal Semantics for Composite Temporal Events in Active Database Rules

A major thrust of current research in active databases focuses on allowing complex patterns of temporal events to serve as preconditions for rule triggering. Currently, there is no common formalism for specifying the semantics of composite event languages. Different systems have used an assortment of different techniques, including Finite State Automata, Petri Nets and Event Graphs. In this paper, we propose a unifying approach, based on a syntax-directed translation of composite event expressions into Datalog _1S rules, whose formal semantics defines the meaning of the original expressions. We demonstrate our method by providing a formal specification of the Event Pattern Language (EPL) developed at UCLA. This method overcomes problems and limitations affecting previous approaches and is applicable to other languages such as ODE, SNOOP and SAMOS—thus, allowing a more direct comparison across different systems.     

View Transformation in Visual Environments applied to Algebraic High-Level Nets

Graph transformation systems are a well-founded and adequate technique to describe the syntax of visual modeling languages and to formalize their semantics. Moreover, graph transformation tools support visual model specification, simulation and analysis on the basis of the rich underlying theory.Despite the benefits of model validation by simulation, sometimes it is preferable for users to see the model's behavior not in the abstract layout of the formal model, but as scenarios presented in the layout of the specific application domain. Hence, we propose the integration of a domain-oriented animation view with the model transformation system. An animation view allows to define scenario animations in a systematic way based on the formal model. The specification of the well-known Dining Philosophers system as algebraic high-level Petri net serves as running example for the extension of the model by an animation view and the derivation of animation rules from the model transformation system. A scenario animation then is obtained as transformation by applying the animation rules to model states. This visualizes the behavior of the model in the layout of philosophers sitting around a table and eating with chopsticks. A prototypical implementation of the concepts in GenGED, a visual language environment, is presented.     

fsh—A functional unix command interpreter

Command interpreters under the UNIX operating system typically employ the syntax and semantics of imperative programming languages. Many of the advantages that functional programming languages hold over imperative languages can be incorporated in a functional command interpreter. Unfortunately, functional command interpreters to date have used the syntax of Backus's FP. The advantages of command expressiveness and composition have not been appreciated. A powerful functional command interpreter, fsh, that overcomes many of the deterrents of previous functional command interpreters is presented. Much of the unnecessary complexity of existing UNIX command interpreters is avoided by following the functional paradigm. fsh has been implemented under the UNIX 4.2BSD and System V operating systems.     

Agent Programming in 3APL

An intriguing and relatively new metaphor in the programming community is that of an intelligent agent. The idea is to view programs as intelligent agents acting on our behalf. By using the metaphor of intelligent agents the programmer views programs as entities which have a mental state consisting of beliefs and goals. The computational behaviour of an agent is explained in terms of the decisions the agent makes on the basis of its mental state. It is assumed that this way of looking at programs may enhance the design and development of complex computational systems.To support this new style of programming, we propose the agent programming language 3APL. 3APL has a clear and formally defined semantics. The operational semantics of the language is defined by means of transition systems. 3APL is a combination of imperative and logic programming. From imperative programming the language inherits the full range of regular programming constructs, including recursive procedures, and a notion of state-based computation. States of agents, however, are belief or knowledge bases, which are different from the usual variable assignments of imperative programming. From logic programming, the language inherits the proof as computation model as a basic means of computation for querying the belief base of an agent. These features are well-understood and provide a solid basis for a structured agent programming language. Moreover, on top of that 3APL agents use so-called practical reasoning rules which extend the familiar recursive rules of imperative programming in several ways. Practical reasoning rules can be used to monitor and revise the goals of an agent, and provide an agent with reflective capabilities.Applying the metaphor of intelligent agents means taking a design stance. From this perspective, a program is taken as an entity with a mental state, which acts pro-actively and reactively, and has reflective capabilities. We illustrate how the metaphor of intelligent agents is supported by the programming language. We also discuss the design of control structures for rule-based agent languages. A control structure provides a solution to the problem of which goals and which rules an agent should select. We provide a concrete and intuitive ordering on the practical reasoning rules on which such a selection mechanism can be based. The ordering is based on the metaphor of intelligent agents. Furthermore, we provide a language with a formal semantics for programming control structures. The main idea is not to integrate this language into the agent language itself, but to provide the facilities for programming control structures at a meta level. The operational semantics is accordingly specified at the meta level, by means of a meta transition system.     

An Operational Approach to the Semantics of Classes: Application to Type Checking

This paper presents a simple and natural semantics for object-oriented languages with classes and multiple inheritance. The model, called the Formal Class model, is an intermediate level between the algebraic specification of data type, and the implementation within an object-oriented language. Our model is equipped with an operational semantics based on conditional term rewriting. One important characteristic is the use of conditional selectors. It allows one to define a type with a flat or an ordered design. In this context, we define a safe and simple type system with single dispatch and simply covariant methods. This type system is extended to some practical aspects, such as abstract classes, abstract methods, protected methods, and super methods. We describe and compare flat and ordered designs and prove that the latter is finer than the former one. We also look at multicovariant methods and show ways to fix type-checking problems using single dispatch. We describe the least pessimistic solution. Lastly, we discuss the extension of our type checking to multiple dispatch and side effects. This paper synthesizes several practical results, their proofs, and algorithms.     

Abstract Interpretation for Proving Secrecy Properties in Security Protocols

A cryptographic protocol is a distributed program that can be executed by several actors. Since several runs of the protocol within the same execution are allowed, models of cryptoprotocols are often infinite. Sometimes, for verification purposes, only a finite and approximated model is needed. For this, we consider the problem of computing such an approximation and we propose to simulate the required partial execution in an abstract level. More precisely, we define an abstract finite category G ^a as an abstract game semantics for the SPC calculus, a dedicated calculus for security protocols. The abstract semantics is then used to build a decision procedure for secrecy correctness in security protocols.     

Incremental database rule processing in PARADISER

Rule-based systems have been used extensively by the AI community in implementing knowledge-based expert systems. A current trend in the database community is to use rules for the purpose of providing inferential capabilities for large database applications. However, in the database context, performance of rule-program processing has proved to be a major stumbling block particularly in data-intensive and real-time applications. Similar work in the AI community has demonstrated the same problems mainly due to the predominantly sequential semantics of the underlying rule languages. In a previous paper, we presented an incremental evaluation algorithm forDatalog ^* programs. We show the general applicability of the incremental evaluation algorithm to a broad class ofDatalog-style rule languages with varying operational semantics, denoted byDatalog** to emphasize this generality. We present the proof of correctness of the algorithm within the Datalog^** frame work, and its extension for the PARULEL rule language, a principle component of the PARADISER (PARAllel and DIStributed Environment for Rules) rule processing environment for databases. We discuss the meta-rule formalism of PARULEL and argue that it provides a means for programmable operational semantics which separates control from the base logic of a rule program. This allows the realization of a wide range of operational semantics including those of Datalog and OPS5.     

A formal introduction to the compilation of Java

The term abstract machine is widely accepted to denote intermediate target languages and related architectures which serve as an intermediate stage in compiling programming languages. In this paper we explain how a considerable subset of Java is translated into Byte-Code for the Java Virtual Machine, an abstract machine used as a target for Java compilation. Using formal and precise notation we present the language concepts, the related byte-code instructions and the compilation schemes. Hitherto none of the existing literature on the JVM^1,2 describes how compilation is done, but present the JVM in isolation. © 1998 John Wiley & Sons, Ltd.