Subtyping and Parametricity

In this paper we study the interaction of subtyping and parametricity. We describe a logic for a programming language with parametric polymorphism and subtyping. The logic supports the formal definition and use of relational parametricity. We give two models for it, and compare it with other formal systems for the same language. In particular, we examine the "Penn interpretation" of subtyping as implicit coercion. Without subtyping, parametricity yields, for example, an encoding of abstract types and of initial algebras, with the corresponding proof principles of simulation and induction. With subtyping, we obtain partially abstract types and certain initial order-sorted algebras, and may derive proof principles for them. 1 Introduction A function is polymorphic if it works on inputs of several types. We may distinguish various notions of polymorphism, particularly parametric polymorphism (e.g. [Rey83]) and subtype polymorphism (e.g. [CW85]). These may exist in isolation, as in ML [MT..

Subtyping and Parametricity

In this paper we study the interaction of subtyping and parametricity. We describe a logic for a programming language with parametric polymorphism and subtyping. The logic supports the formal definition and use of relational parametricity. We give two models for it, and compare it with other formal systems for the same language. In particular, we examine the “Penn interpretation” of subtyping as implicit coercion. Without subtyping, parametricity yields, for example, an encoding of abstract types and of initial algebras, with the corresponding proof principles of simulation and induction. With subtyping, we obtain partially abstract types and certain initial order-sorted algebras, and may derive proof principles for them

On Verifying Complex Properties using Symbolic Shape Analysis

One of the main challenges in the verification of software systems is the analysis of unbounded data structures with dynamic memory allocation, such as linked data structures and arrays. We describe Bohne, a new analysis for verifying data structures. Bohne verifies data structure operations and shows that 1) the operations preserve data structure invariants and 2) the operations satisfy their specifications expressed in terms of changes to the set of objects stored in the data structure. During the analysis, Bohne infers loop invariants in the form of disjunctions of universally quantified Boolean combinations of formulas. To synthesize loop invariants of this form, Bohne uses a combination of decision procedures for Monadic Second-Order Logic over trees, SMT-LIB decision procedures (currently CVC Lite), and an automated reasoner within the Isabelle interactive theorem prover. This architecture shows that synthesized loop invariants can serve as a useful communication mechanism between different decision procedures. Using Bohne, we have verified operations on data structures such as linked lists with iterators and back pointers, trees with and without parent pointers, two-level skip lists, array data structures, and sorted lists. We have deployed Bohne in the Hob and Jahob data structure analysis systems, enabling us to combine Bohne with analyses of data structure clients and apply it in the context of larger programs. This report describes the Bohne algorithm as well as techniques that Bohne uses to reduce the ammount of annotations and the running time of the analysis

What's Decidable About Sequences?

We present a first-order theory of sequences with integer elements, Presburger arithmetic, and regular constraints, which can model significant properties of data structures such as arrays and lists. We give a decision procedure for the quantifier-free fragment, based on an encoding into the first-order theory of concatenation; the procedure has PSPACE complexity. The quantifier-free fragment of the theory of sequences can express properties such as sortedness and injectivity, as well as Boolean combinations of periodic and arithmetic facts relating the elements of the sequence and their positions (e.g., "for all even i's, the element at position i has value i+3 or 2i"). The resulting expressive power is orthogonal to that of the most expressive decidable logics for arrays. Some examples demonstrate that the fragment is also suitable to reason about sequence-manipulating programs within the standard framework of axiomatic semantics.Comment: Fixed a few lapses in the Mergesort exampl

Notions of Computation and Monads

The i.-calculus is considered a useful mathematical tool in the study of programming languages, since programs can be identified with I-terms. However, if one goes further and uses bn-conversion to prove equivalence of programs, then a gross simplification is introduced (programs are identified with total functions from calues to values) that may jeopardise the applicability of theoretical results, In this paper we introduce calculi. based on a categorical semantics for computations, that provide a correct basis for proving equivalence of programs for a wide range of notions of computation