Proving Noninterference by a Fully Complete Translation to the Simply Typed lambda-calculus

Tse and Zdancewic have formalized the notion of noninterference for Abadi et al.'s DCC in terms of logical relations and given a proof of noninterference by reduction to parametricity of System F. Unfortunately, their proof contains errors in a key lemma that their translation from DCC to System F preserves the logical relations defined for both calculi. In fact, we have found a counterexample for it. In this article, instead of DCC, we prove noninterference for sealing calculus, a new variant of DCC, by reduction to the basic lemma of a logical relation for the simply typed lambda-calculus, using a fully complete translation to the simply typed lambda-calculus. Full completeness plays an important role in showing preservation of the two logical relations through the translation. Also, we investigate relationship among sealing calculus, DCC, and an extension of DCC by Tse and Zdancewic and show that the first and the last of the three are equivalent.Comment: 31 page

The Meaning of Types From Intrinsic to Extrinsic Semantics

A definition of a typed language is said to be "intrinsic" if it assignsmeanings to typings rather than arbitrary phrases, so that ill-typedphrases are meaningless. In contrast, a definition is said to be "extrinsic"if all phrases have meanings that are independent of their typings,while typings represent properties of these meanings.For a simply typed lambda calculus, extended with recursion, subtypes,and named products, we give an intrinsic denotational semanticsand a denotational semantics of the underlying untyped language. Wethen establish a logical relations theorem between these two semantics,and show that the logical relations can be "bracketed" by retractionsbetween the domains of the two semantics. From these results, wederive an extrinsic semantics that uses partial equivalence relations

Syntactically and semantically regular languages of lambda-terms coincide through logical relations

A fundamental theme in automata theory is regular languages of words and trees, and their many equivalent definitions. Salvati has proposed a generalization to regular languages of simply typed $\lambda$-terms, defined using denotational semantics in finite sets. We provide here some evidence for its robustness. First, we give an equivalent syntactic characterization that naturally extends the seminal work of Hillebrand and Kanellakis connecting regular languages of words and syntactic $\lambda$-definability. Second, we show that any finitary extensional model of the simply typed $\lambda$-calculus, when used in Salvati's definition, recognizes exactly the same class of languages of $\lambda$-terms as the category of finite sets does. The proofs of these two results rely on logical relations and can be seen as instances of a more general construction of a categorical nature, inspired by previous categorical accounts of logical relations using the gluing construction.Comment: The proofs on "finitely pointable" CCCs in versions 1 and 2 were wrong; we now make slightly weaker claims on well-pointed locally finite CCCs. New in this version: added reference [3] and official DOI (proceedings of CSL 2024

Differential Logical Relations, Part I: The Simply-Typed Case

We introduce a new form of logical relation which, in the spirit of metric relations, allows us to assign each pair of programs a quantity measuring their distance, rather than a boolean value standing for their being equivalent. The novelty of differential logical relations consists in measuring the distance between terms not (necessarily) by a numerical value, but by a mathematical object which somehow reflects the interactive complexity, i.e. the type, of the compared terms. We exemplify this concept in the simply-typed lambda-calculus, and show a form of soundness theorem. We also see how ordinary logical relations and metric relations can be seen as instances of differential logical relations. Finally, we show that differential logical relations can be organised in a cartesian closed category, contrarily to metric relations, which are well-known not to have such a structure, but only that of a monoidal closed category

Lambda Definability with Sums via Grothendieck Logical Relations

. We introduce a notion of Grothendieck logical relation and use it to characterise the definability of morphisms in stable bicartesian closed categories by terms of the simply-typed lambda calculus with finite products and finite sums. Our techniques are based on concepts from topos theory, however our exposition is elementary. Introduction The use of logical relations as a tool for characterising the -definable elements in a model of the simply-typed -calculus originated in the work of Plotkin [10], who obtained such a characterisation of the definable elements in the full type hierarchy using a notion of Kripke logical relation. Subsequently, the more general notion of a Kripke logical relation of varying arity was developed by Jung and Tiuryn, and shown to characterise the definable elements in any Henkin model [4]. Although not emphasised in [4], relations of varying arity are powerful enough to characterise relative definability with respect to any given set of elements consider..

Logical relations for coherence of effect subtyping

A coercion semantics of a programming language with subtyping is typically defined on typing derivations rather than on typing judgments. To avoid semantic ambiguity, such a semantics is expected to be coherent, i.e., independent of the typing derivation for a given typing judgment. In this article we present heterogeneous, biorthogonal, step-indexed logical relations for establishing the coherence of coercion semantics of programming languages with subtyping. To illustrate the effectiveness of the proof method, we develop a proof of coherence of a type-directed, selective CPS translation from a typed call-by-value lambda calculus with delimited continuations and control-effect subtyping. The article is accompanied by a Coq formalization that relies on a novel shallow embedding of a logic for reasoning about step-indexing

A Normalizing Intuitionistic Set Theory with Inaccessible Sets

We propose a set theory strong enough to interpret powerful type theories underlying proof assistants such as LEGO and also possibly Coq, which at the same time enables program extraction from its constructive proofs. For this purpose, we axiomatize an impredicative constructive version of Zermelo-Fraenkel set theory IZF with Replacement and $\omega$-many inaccessibles, which we call \izfio. Our axiomatization utilizes set terms, an inductive definition of inaccessible sets and the mutually recursive nature of equality and membership relations. It allows us to define a weakly-normalizing typed lambda calculus corresponding to proofs in \izfio according to the Curry-Howard isomorphism principle. We use realizability to prove the normalization theorem, which provides a basis for program extraction capability.Comment: To be published in Logical Methods in Computer Scienc

Adequate encodings of logical systems in UTT

In this paper, we present an existing and formalized type theory (UTT) as a logical framework. We compare the resulting framework with LF and give the representation of two significant type systems in the framework: the typed lambda calculus which is closely related to higher-order logic and a linear type system which is not possible to encode in LF.Postprint (published version