316 research outputs found
Untyped Recursion Schemes and Infinite Intersection Types
Abstract. A new framework for higher-order program verification has been recently proposed, in which higher-order functional programs are modelled as higher-order recursion schemes and then model-checked. As recursion schemes are essentially terms of the simply-typed lambda-calculus with recursion and tree constructors, however, it was not clear how the new framework applies to programs written in languages with more advanced type systems. To circumvent the limitation, this paper introduces an untyped version of recursion schemes and develops an in-finite intersection type system that is equivalent to the model checking of untyped recursion schemes, so that the model checking can be re-duced to type checking as in recent work by Kobayashi and Ong for typed recursion schemes. The type system is undecidable but we can obtain decidable subsets of the type system by restricting the shapes of intersection types, yielding a sound (but incomplete in general) model checking algorithm.
Soft Contract Verification
Behavioral software contracts are a widely used mechanism for governing the
flow of values between components. However, run-time monitoring and enforcement
of contracts imposes significant overhead and delays discovery of faulty
components to run-time.
To overcome these issues, we present soft contract verification, which aims
to statically prove either complete or partial contract correctness of
components, written in an untyped, higher-order language with first-class
contracts. Our approach uses higher-order symbolic execution, leveraging
contracts as a source of symbolic values including unknown behavioral values,
and employs an updatable heap of contract invariants to reason about
flow-sensitive facts. We prove the symbolic execution soundly approximates the
dynamic semantics and that verified programs can't be blamed.
The approach is able to analyze first-class contracts, recursive data
structures, unknown functions, and control-flow-sensitive refinements of
values, which are all idiomatic in dynamic languages. It makes effective use of
an off-the-shelf solver to decide problems without heavy encodings. The
approach is competitive with a wide range of existing tools---including type
systems, flow analyzers, and model checkers---on their own benchmarks.Comment: ICFP '14, September 1-6, 2014, Gothenburg, Swede
Strong normalisation for applied lambda calculi
We consider the untyped lambda calculus with constructors and recursively
defined constants. We construct a domain-theoretic model such that any term not
denoting bottom is strongly normalising provided all its `stratified
approximations' are. From this we derive a general normalisation theorem for
applied typed lambda-calculi: If all constants have a total value, then all
typeable terms are strongly normalising. We apply this result to extensions of
G\"odel's system T and system F extended by various forms of bar recursion for
which strong normalisation was hitherto unknown.Comment: 14 pages, paper acceptet at electronic journal LMC
Intersection types and (positive) almost-sure termination
Randomized higher-order computation can be seen as being captured by a λ-calculus endowed with a single algebraic operation, namely a construct for binary probabilistic choice. What matters about such computations is the probability of obtaining any given result, rather than the possibility or the necessity of obtaining it, like in (non)deterministic computation. Termination, arguably the simplest kind of reachability problem, can be spelled out in at least two ways, depending on whether it talks about the probability of convergence or about the expected evaluation time, the second one providing a stronger guarantee. In this paper, we show that intersection types are capable of precisely characterizing both notions of termination inside a single system of types: the probability of convergence of any λ-term can be underapproximated by its type, while the underlying derivation's weight gives a lower bound to the term's expected number of steps to normal form. Noticeably, both approximations are tight-not only soundness but also completeness holds. The crucial ingredient is non-idempotency, without which it would be impossible to reason on the expected number of reduction steps which are necessary to completely evaluate any term. Besides, the kind of approximation we obtain is proved to be optimal recursion theoretically: no recursively enumerable formal system can do better than that
Intersection Types and (Positive) Almost-Sure Termination
Randomized higher-order computation can be seen as being captured by a lambda
calculus endowed with a single algebraic operation, namely a construct for
binary probabilistic choice. What matters about such computations is the
probability of obtaining any given result, rather than the possibility or the
necessity of obtaining it, like in (non)deterministic computation. Termination,
arguably the simplest kind of reachability problem, can be spelled out in at
least two ways, depending on whether it talks about the probability of
convergence or about the expected evaluation time, the second one providing a
stronger guarantee. In this paper, we show that intersection types are capable
of precisely characterizing both notions of termination inside a single system
of types: the probability of convergence of any lambda-term can be
underapproximated by its type, while the underlying derivation's weight gives a
lower bound to the term's expected number of steps to normal form. Noticeably,
both approximations are tight -- not only soundness but also completeness
holds. The crucial ingredient is non-idempotency, without which it would be
impossible to reason on the expected number of reduction steps which are
necessary to completely evaluate any term. Besides, the kind of approximation
we obtain is proved to be optimal recursion theoretically: no recursively
enumerable formal system can do better than that
A Simple Semantics for ML Polymorphism
We give a framework for denotational semantics for the polymorphic core of the programming language ML. This framework requires no more semantic material than what is needed for modeling the simple type discipline. In our view, the terms of ML are pairs consisting of a raw (untyped) lambda term and a type-scheme that ML\u27s type inference system can derive for the raw term. We interpret type-schemes as sets of simple types. Then, given any model M of the simply typed lambda calculus, the meaning of an ML term will be a set of pairs, each consisting of a simple type τ and an element of M of type τ.
Hence, there is no need to interpret all raw terms, as was done in Milner\u27s original semantic framework. In comparison to Mitchell and Harper\u27s analysis, we avoid having to provide a very large type universe in which generic type-schemes are interpreted. Also, we show how to give meaning to ML terms rather than to derivations in the ML type inference system (which can be several for the same term).
We give an axiomatization for the equational theory that corresponds to our semantic framework and prove the analogs of the compeleteness theorems that Friedman proved for the simply typed lambda calculus. The framework can be extended to languages with constants, type constructors and recursive types (via regular trees). For the extended language, we prove a theorem that allows the transfer of certain full abstraction results from languages based on the typed lambda calculus to ML-like languages
- …