1,260 research outputs found
Meta-F*: Proof Automation with SMT, Tactics, and Metaprograms
We introduce Meta-F*, a tactics and metaprogramming framework for the F*
program verifier. The main novelty of Meta-F* is allowing the use of tactics
and metaprogramming to discharge assertions not solvable by SMT, or to just
simplify them into well-behaved SMT fragments. Plus, Meta-F* can be used to
generate verified code automatically.
Meta-F* is implemented as an F* effect, which, given the powerful effect
system of F*, heavily increases code reuse and even enables the lightweight
verification of metaprograms. Metaprograms can be either interpreted, or
compiled to efficient native code that can be dynamically loaded into the F*
type-checker and can interoperate with interpreted code. Evaluation on
realistic case studies shows that Meta-F* provides substantial gains in proof
development, efficiency, and robustness.Comment: Full version of ESOP'19 pape
A Java-like calculus with heterogeneous coeffects
We propose a Java-like calculus where declared variables can be annotated by coeffects specifying constraints on their use, e.g., affinity or privacy levels. Such coeffects are heterogeneous, in the sense that different kinds of coeffects can be used in the same program; combining coeffects of different kinds leads to the trivial coeffect. We prove subject reduction, which includes preservation of coeffects, and show several examples. In a Java-like language, coeffects can be expressed in the language itself, as expressions of user-defined classes
Automated verification of shape, size and bag properties.
In recent years, separation logic has emerged as a contender for formal reasoning of heap-manipulating imperative programs. Recent works have focused on specialised provers that are mostly based on fixed sets of predicates. To improve expressivity, we have proposed a prover that can automatically handle user-defined predicates. These shape predicates allow programmers to describe a wide range of data structures with their associated size properties. In the current work, we shall enhance this prover by providing support for a new type of constraints, namely bag (multi-set) constraints. With this extension, we can capture the reachable nodes (or values) inside a heap predicate as a bag constraint. Consequently, we are able to prove properties about the actual values stored inside a data structure
Multi-graded Featherweight Java
Resource-aware type systems statically approximate not only the expected
result type of a program, but also the way external resources are used, e.g.,
how many times the value of a variable is needed. We extend the type system of
Featherweight Java to be resource-aware, parametrically on an arbitrary grade
algebra modeling a specific usage of resources. We prove that this type system
is sound with respect to a resource-aware version of reduction, that is, a
well-typed program has a reduction sequence which does not get stuck due to
resource consumption. Moreover, we show that the available grades can be
heterogeneous, that is, obtained by combining grades of different kinds, via a
minimal collection of homomorphisms from one kind to another. Finally, we show
how grade algebras and homomorphisms can be specified as Java classes, so that
grade annotations in types can be written in the language itself
Certified Computer Algebra on top of an Interactive Theorem Prover
Contains fulltext :
35027.pdf (publisher's version ) (Open Access
Stratified Type Theory
To exploit the expressivity of being able to refer to the type of types, such
as for large elimination, dependent type systems will either employ a universe
hierarchy or else contend with an inconsistent type-in-type rule. However,
these are not be the only possible options. Taking inspiration from Stratified
System F, we introduce Stratified Type Theory (StraTT), where rather than
stratifying universes by levels, we stratify typing judgements and restrict the
domain of dependent function types to some fixed level strictly lower than that
of the overall type. Even in the presence of type-in-type, this restriction
suffices to enforce consistency of the system.
We explore the expressivity of several extensions atop this design. First,
the subsystem subStraTT employs McBride's crude-but-effective stratification
(also known as displacement) as a simple form of level polymorphism where
top-level definitions can be displaced uniformly to any higher level as needed,
which is valid due to level cumulativity and plays well with stratified
judgements. Second, to recover some expressivity lost due to the restriction on
dependent function domains, the full StraTT system includes a separate
nondependent function type with floating domains, whose level instead matches
that of the overall type. Finally, we have implemented a prototype type checker
for StraTT extended with datatypes along with a small type checked core
library.
While it's possible to show that the subsystem is consistent, showing
consistency for the full system with floating nondependent functions remains
open. Nevertheless, we believe that the full system is also consistent and have
mechanized a syntactic proof of subject reduction. Furthermore, we use our
implementation to investigate various well-known type-theoretic type-in-type
paradoxes. These examples all fail to type check in expected ways as evidence
towards consistency.Comment: 14 pages, 3 figures, submitted to CPP 202
- …