Condition/Decision Duality and the Internal Logic of Extensive Restriction Categories

In flowchart languages, predicates play an interesting double role. In the textual representation, they are often presented as conditions, i.e., expressions which are easily combined with other conditions (often via Boolean combinators) to form new conditions, though they only play a supporting role in aiding branching statements choose a branch to follow. On the other hand, in the graphical representation they are typically presented as decisions, intrinsically capable of directing control flow yet mostly oblivious to Boolean combination. While categorical treatments of flowchart languages are abundant, none of them provide a treatment of this dual nature of predicates. In the present paper, we argue that extensive restriction categories are precisely categories that capture such a condition/decision duality, by means of morphisms which, coincidentally, are also called decisions. Further, we show that having these categorical decisions amounts to having an internal logic: Analogous to how subobjects of an object in a topos form a Heyting algebra, we show that decisions on an object in an extensive restriction category form a De Morgan quasilattice, the algebraic structure associated with the (three-valued) weak Kleene logic $\mathbf{K}^w_3$. Full classical propositional logic can be recovered by restricting to total decisions, yielding extensive categories in the usual sense, and confirming (from a different direction) a result from effectus theory that predicates on objects in extensive categories form Boolean algebras. As an application, since (categorical) decisions are partial isomorphisms, this approach provides naturally reversible models of classical propositional logic and weak Kleene logic.Comment: 19 pages, including 6 page appendix of proofs. Accepted for MFPS XXX

On the Use of Underspecified Data-Type Semantics for Type Safety in Low-Level Code

In recent projects on operating-system verification, C and C++ data types are often formalized using a semantics that does not fully specify the precise byte encoding of objects. It is well-known that such an underspecified data-type semantics can be used to detect certain kinds of type errors. In general, however, underspecified data-type semantics are unsound: they assign well-defined meaning to programs that have undefined behavior according to the C and C++ language standards. A precise characterization of the type-correctness properties that can be enforced with underspecified data-type semantics is still missing. In this paper, we identify strengths and weaknesses of underspecified data-type semantics for ensuring type safety of low-level systems code. We prove sufficient conditions to detect certain classes of type errors and, finally, identify a trade-off between the complexity of underspecified data-type semantics and their type-checking capabilities.Comment: In Proceedings SSV 2012, arXiv:1211.587

Mechanized semantics

The goal of this lecture is to show how modern theorem provers---in this case, the Coq proof assistant---can be used to mechanize the specification of programming languages and their semantics, and to reason over individual programs and over generic program transformations, as typically found in compilers. The topics covered include: operational semantics (small-step, big-step, definitional interpreters); a simple form of denotational semantics; axiomatic semantics and Hoare logic; generation of verification conditions, with application to program proof; compilation to virtual machine code and its proof of correctness; an example of an optimizing program transformation (dead code elimination) and its proof of correctness

Matching Logic

This paper presents matching logic, a first-order logic (FOL) variant for specifying and reasoning about structure by means of patterns and pattern matching. Its sentences, the patterns, are constructed using variables, symbols, connectives and quantifiers, but no difference is made between function and predicate symbols. In models, a pattern evaluates into a power-set domain (the set of values that match it), in contrast to FOL where functions and predicates map into a regular domain. Matching logic uniformly generalizes several logical frameworks important for program analysis, such as: propositional logic, algebraic specification, FOL with equality, modal logic, and separation logic. Patterns can specify separation requirements at any level in any program configuration, not only in the heaps or stores, without any special logical constructs for that: the very nature of pattern matching is that if two structures are matched as part of a pattern, then they can only be spatially separated. Like FOL, matching logic can also be translated into pure predicate logic with equality, at the same time admitting its own sound and complete proof system. A practical aspect of matching logic is that FOL reasoning with equality remains sound, so off-the-shelf provers and SMT solvers can be used for matching logic reasoning. Matching logic is particularly well-suited for reasoning about programs in programming languages that have an operational semantics, but it is not limited to this