19 research outputs found
Fully Abstract Translations Between Functional Languages
We examine the problem of finding fully abstract translations between programming languages, i.e., translations that preserve code equivalence and nonequivalence. We present three examples of fully abstract translations: one from call-by-value to lazy PCF, one from call-by name to call-by-value PCF, and one from lazy to call-by-value PCF. The translations yield upper and lower bounds on decision procedures for proving equivalences of code. We finally define a notion of functional translation that captures the essence of the proofs of full abstraction, and show that some languages cannot be translated into others
Adequacy of compositional translations for observational semantics
We investigate methods and tools for analysing translations between programming languages with respect to observational semantics. The behaviour of programs is observed in terms of may- and must-convergence in arbitrary contexts, and adequacy of translations, i.e., the reflection of program equivalence, is taken to be the fundamental correctness condition. For compositional translations we propose a notion of convergence equivalence as a means for proving adequacy. This technique avoids explicit reasoning about contexts, and is able to deal with the subtle role of typing in implementations of language extension
Analysing and Comparing Encodability Criteria
Encodings or the proof of their absence are the main way to compare process
calculi. To analyse the quality of encodings and to rule out trivial or
meaningless encodings, they are augmented with quality criteria. There exists a
bunch of different criteria and different variants of criteria in order to
reason in different settings. This leads to incomparable results. Moreover it
is not always clear whether the criteria used to obtain a result in a
particular setting do indeed fit to this setting. We show how to formally
reason about and compare encodability criteria by mapping them on requirements
on a relation between source and target terms that is induced by the encoding
function. In particular we analyse the common criteria full abstraction,
operational correspondence, divergence reflection, success sensitiveness, and
respect of barbs; e.g. we analyse the exact nature of the simulation relation
(coupled simulation versus bisimulation) that is induced by different variants
of operational correspondence. This way we reduce the problem of analysing or
comparing encodability criteria to the better understood problem of comparing
relations on processes.Comment: In Proceedings EXPRESS/SOS 2015, arXiv:1508.06347. The Isabelle/HOL
source files, and a full proof document, are available in the Archive of
Formal Proofs, at
http://afp.sourceforge.net/entries/Encodability_Process_Calculi.shtm
On proving the equivalence of concurrency primitives
Various concurrency primitives have been added to sequential programming languages, in order to turn them concurrent. Prominent examples are concurrent buffers for Haskell, channels in Concurrent ML, joins in JoCaml, and handled futures in Alice ML. Even though one might conjecture that all these primitives provide the same expressiveness, proving this equivalence is an open challenge in the area of program semantics. In this paper, we establish a first instance of this conjecture. We show that concurrent buffers can be encoded in the lambda calculus with futures underlying Alice ML. Our correctness proof results from a systematic method, based on observational semantics with respect to may and must convergence
Full abstraction for expressiveness: history, myths and facts
Dieser Beitrag ist mit Zustimmung des Rechteinhabers aufgrund einer (DFG geförderten) Allianz- bzw. Nationallizenz frei zugänglich.This publication is with permission of the rights owner freely accessible due to an Alliance licence and a national licence (funded by the DFG, German Research Foundation) respectively.What does it mean that an encoding is fully abstract? What does it not mean? In this position paper, we want to help the reader to evaluate the real benefits of using such a notion when studying the expressiveness of programming languages. Several examples and counterexamples are given. In some cases, we work at a very abstract level; in other cases, we give concrete samples taken from the field of process calculi, where the theory of expressiveness has been mostly developed in the last years
Modular, Fully-abstract Compilation by Approximate Back-translation
A compiler is fully-abstract if the compilation from source language programs
to target language programs reflects and preserves behavioural equivalence.
Such compilers have important security benefits, as they limit the power of an
attacker interacting with the program in the target language to that of an
attacker interacting with the program in the source language. Proving compiler
full-abstraction is, however, rather complicated. A common proof technique is
based on the back-translation of target-level program contexts to
behaviourally-equivalent source-level contexts. However, constructing such a
back- translation is problematic when the source language is not strong enough
to embed an encoding of the target language. For instance, when compiling from
STLC to ULC, the lack of recursive types in the former prevents such a
back-translation.
We propose a general and elegant solution for this problem. The key insight
is that it suffices to construct an approximate back-translation. The
approximation is only accurate up to a certain number of steps and conservative
beyond that, in the sense that the context generated by the back-translation
may diverge when the original would not, but not vice versa. Based on this
insight, we describe a general technique for proving compiler full-abstraction
and demonstrate it on a compiler from STLC to ULC. The proof uses asymmetric
cross-language logical relations and makes innovative use of step-indexing to
express the relation between a context and its approximate back-translation.
The proof extends easily to common compiler patterns such as modular
compilation and it, to the best of our knowledge, it is the first compiler full
abstraction proof to have been fully mechanised in Coq. We believe this proof
technique can scale to challenging settings and enable simpler, more scalable
proofs of compiler full-abstraction
Bisimilarity as a Theory of Functional Programming
AbstractMorris-style contextual equivalence — invariance of termination under any context of ground type — is the usual notion of operational equivalence for deterministic functional languages such as FPC (PCF plus sums, products and recursive types). Contextual equivalence is hard to establish directly. Instead we define a labelled transition system for call-by-name FPC (and variants) and prove that CCS-style bisimilarity equals contextual equivalence — a form of operational extensionality. Using co-induction we establish equational laws for FPC. By considering variations of Milner's ‘bisimulations up to ∼’ we obtain a second co-inductive characterisation of contextual equivalence in terms of reduction behaviour and production of values. Hence we use co-inductive proofs to establish contextual equivalence in a series of stream-processing examples. Finally, we consider a form of Milner's original context lemma for FPC, but conclude that our form of bisimilarity supports simpler co-inductive proofs
Statman\u27s 1-Section Theorem
Statman\u27s 1-Section Theorem [17] is an important but little-known result in the model theory of the simply-typed λ-calculus. The λ-Section Theorem states a necessary and sufficient condition on models of the simply-typed λ-calculus for determining whether βη-equational reasoning is complete for proving equations that hold in a model. We review the statement of the theorem, give a detailed proof, and discuss its significance
On correctness of buffer implementations in a concurrent lambda calculus with futures
Motivated by the question of correctness of a specific implementation of concurrent buffers in the lambda calculus with futures underlying Alice ML, we prove that concurrent buffers and handled futures can correctly encode each other. Correctness means that our encodings preserve and reflect the observations of may- and must-convergence. This also shows correctness wrt. program semantics, since the encodings are adequate translations wrt. contextual semantics. While these translations encode blocking into queuing and waiting, we also provide an adequate encoding of buffers in a calculus without handles, which is more low-level and uses busy-waiting instead of blocking. Furthermore we demonstrate that our correctness concept applies to the whole compilation process from high-level to low-level concurrent languages, by translating the calculus with buffers, handled futures and data constructors into a small core language without those constructs