Can you Trust your Data?

A new program analysis is presented, and two compile time methods for this analysis are given. The analysis attempts to answer the question: “Given some trustworthy and some untrustworthy input, can we trust the value of a given variable after execution of some code”. The analyses are based on an abstract interpretation framework and a constraint generationframework, respectively. The analyses are proved safe with respect to an instrumented semantics. We explicitly deal with a language with pointers and possible aliasing problems.The constraint based analysis is related directly to the abstract interpretation and therefore indirectly to the instrumented semantics

Abstract State Machines 1988-1998: Commented ASM Bibliography

An annotated bibliography of papers which deal with or use Abstract State Machines (ASMs), as of January 1998.Comment: Also maintained as a BibTeX file at http://www.eecs.umich.edu/gasm

CoFI: The Common Framework Initiative for Algebraic Specification and Development

An open collaborative effort has been initiated: to design acommon framework for algebraic specification and development of software. The rationale behind this initiative is that the lack of such a common framework greatly hinders the dissemination and application of researchresults in algebraic specification. In particular, the proliferationof specification languages, some differing in only quite minor ways from each other, is a considerable obstacle for the use of algebraic methods in industrial contexts, making it difficult to exploit standard examples, case studies and training material. A common framework with widespread acceptancethroughout the research community is urgently needed.The aim is to base the common framework as much as possible on a critical selection of features that have already been explored in various contexts. The common framework will provide a family of specificationlanguages at different levels: a central, reasonably expressive language, called CASL, for specifying (requirements, design, and architecture of) conventional software; restrictions of CASL to simpler languages, for use primarily in connection with prototyping and verification tools; and extensionsof CASL, oriented towards particular programming paradigms,such as reactive systems and object-based systems. It should also be possibleto embed many existing algebraic specification languages in members of the CASL family. A tentative design for CASL has already been proposed. Task groupsare studying its formal semantics, tool support, methodology, and other aspects, in preparation for the finalization of the design

A Simple Solution to Type Specialization

Partial evaluation specializes terms, but traditionally thisspecialization does not apply to the type of these terms. As a result, specializing, e.g., an interpreter written in a typed language, which requires a "universal" type to encode expressible values, yields residual programs with type tags all over. Neil Jones has stated that getting rid of these type tags was an open problem, despite possible solutions such as Torben Mogensen's "constructor specialization." To solve this problem, John Hughes has proposed a new paradigm for partial evaluation, "Type Specialization," based on type inference instead of being based on symbolic interpretation. Type Specialization is very elegant in principle but it also appears non-trivial in practice. Stating the problem in terms of types instead of in terms of type encodings suggests a very simple type-directed solution, namely, to use a projection from the universal type to the specific type of the residual program. Standard partial evaluation then yields a residual programwithout type tags, simply and efficiently

Automata for the mu-calculus and Related Results

The propositional mu-calculus as introduced by Kozen in [4] isconsidered. The notion of disjunctive formula is defined and it is shownthat every formula is semantically equivalent to a disjunctive formula.For these formulas many difficulties encountered in the general case maybe avoided. For instance, satisfiability checking is linear for disjunctiveformulas. This kind of formula gives rise to a new notion of finite automatonwhich characterizes the expressive power of the mu-calculus overall transition systems

Higher-Order Beta Matching with Solutions in Long Beta-Eta Normal Form

Higher-order matching is a special case of unification of simply-typed lambda-terms: in a matching equation, one of the two sides contains no unification variables. Loader has recently shown that higher-order matching up to beta equivalence is undecidable, but decidability of higher-order matching up to beta-eta equivalence is a long-standing open problem. We show that higher-order matching up to beta-eta equivalence is decidable if and only if a restricted form of higher-order matching up to beta equivalence is decidable: the restriction is that solutions must be in long beta-eta normal form

An n log n Algorithm for Online BDD Refinement

Binary Decision Diagrams are in widespread use in verification systemsfor the canonical representation of Boolean functions. A BDD representinga function phi : B^nu -> N can easily be reduced to its canonical form inlinear time.In this paper, we consider a natural online BDD refinement problemand show that it can be solved in O(n log n) if n bounds the size of theBDD and the total size of update operations.We argue that BDDs in an algebraic framework should be understoodas minimal fixed points superimposed on maximal fixed points. We proposea technique of controlled growth of equivalence classes to make theminimal fixed point calculations be carried out efficiently. Our algorithmis based on a new understanding of the interplay between the splittingand growing of classes of nodes.We apply our algorithm to show that automata with exponentiallylarge, but implicitly represented alphabets, can be minimized in timeO(n log n), where n is the total number of BDD nodes representing theautomaton

Some Lambda Calculus and Type Theory Formalized

"This paper is about our hobby." That is the first sentence of [MP93], the first report on our formal development of lambda calculus and type theory, written in autumn 1992. We have continued to pursue this hobby on and off ever since, and have developed a substantial body of formal knowledge, including Church-Rosser and standardizationtheorems for beta reduction, and the basic theory ofPure Type Systems (PTS) leading to the strengthening theorem and type checking algorithms for PTS. Some of this work is reported in [MP93, vBJMP94, Pol94b, Pol95]. In the present paper we survey this work, including some new proofs, and point out what we feel has been learned about the general issues of formalizing mathematics. On the technical side, we describe an abstract, and simplified, proof of standardization for beta reduction, not previously published, that doesnot mention redex positions or residuals. On the general issues, we emphasize the search for formal definitions that are convenient for formal proof and convincingly represent the intended informal concepts. The LEGO Proof Development System [LP92] was used to check the work in an implementation of the Extended Calculus of Constructions(ECC) with inductive types [Luo94]. LEGO is a refinement styleproof checker, publicly available by ftp and WWW, with a User's Manual [LP92] and a large collection of examples. Section 1.3 contains information on accessing the formal development described in this paper. Other interesting examples formalized in LEGO include program specification and data refinement [Luo91], strong normalization of System F [Alt93], synthetic domain theory [Reu95, Reu96], and operational semantics for imperative programs [Sch97]

A Rational Deconstruction of Landin's SECD Machine with the J Operator

Landin's SECD machine was the first abstract machine for applicative expressions, i.e., functional programs. Landin's J operator was the first control operator for functional languages, and was specified by an extension of the SECD machine. We present a family of evaluation functions corresponding to this extension of the SECD machine, using a series of elementary transformations (transformation into continu-ation-passing style (CPS) and defunctionalization, chiefly) and their left inverses (transformation into direct style and refunctionalization). To this end, we modernize the SECD machine into a bisimilar one that operates in lockstep with the original one but that (1) does not use a data stack and (2) uses the caller-save rather than the callee-save convention for environments. We also identify that the dump component of the SECD machine is managed in a callee-save way. The caller-save counterpart of the modernized SECD machine precisely corresponds to Thielecke's double-barrelled continuations and to Felleisen's encoding of J in terms of call/cc. We then variously characterize the J operator in terms of CPS and in terms of delimited-control operators in the CPS hierarchy. As a byproduct, we also present several reduction semantics for applicative expressions with the J operator, based on Curien's original calculus of explicit substitutions. These reduction semantics mechanically correspond to the modernized versions of the SECD machine and to the best of our knowledge, they provide the first syntactic theories of applicative expressions with the J operator