State and Event-based renement

From 3 February to 8 February 2008, the Dagstuhl Seminar 08061 Types, Logics and Semantics for State was held in the International Conference and Research Center (IBFI), Schloss Dagstuhl. During the seminar, several participants presented their current research, and ongoing work and open problems were discussed. Abstracts of the presentations given during the seminar as well as abstracts of seminar results and ideas are put together in this paper. The rst section describes the seminar topics and goals in general. Links to extended abstracts or full papers are provided, if available. and Semantics for State was held in the International Conference and Research Center (IBFI), Schloss Dagstuhl. 45 researchers, with interests and expertise in many dierent aspects of modelling and reasoning about mutable state, met to present their current work and discuss ongoing projects and open problems.

1996

Abstract This paper describes three object-oriented design patterns-local serialization, global serialization and recovery-and their integration to support atomic objects. The paper emphasizes the policies each pattern offers and the heterogeneity of policies resulting from their integration. The policies supported by the patterns include: pessimistic and optimistic serialization; static, dynamic and hybrid global serialization policies; redo, undo, copy and compensating recovery policies.

arXiv (Cornell University), 2012

Integrating formal methods into industrial practice is a challenging task. Often, different kinds of expertise are required within the same development. On the one hand, there are domain engineers who have specific knowledge of the system under development. On the other hand, there are formal methods experts who have experience in rigorously specifying and reasoning about formal systems. Coordination between these groups is important for taking advantage of their expertise. In this paper, we describe our approach of using generic instantiation to facilitate this coordination. In particular, generic instantiation enables a separation of concerns between the different parties involved in developing formal systems.

Theoretical Computer Science, 1997

A concrete dynamic-data type is just a partial algebra with predicates such that for some of the sorts there is a special predicate defining a transition relation.

Princeton University, Princeton, NJ, 2004

Proof-carrying code (PCC) is a framework for mechanically verifying the safety of machine language programs. A program that is successfully verified by a PCC system is guaranteed to be safe to execute, but this safety guarantee is contingent upon the correctness of various trusted components. For instance, in traditional PCC systems the trusted computing base includes a large set of low-level typing rules. Foundational PCC systems seek to minimize the size of the trusted computing base. In particular, they eliminate the need to trust complex, low-level type systems by providing machine-checkable proofs of type soundness for real machine languages. In this thesis, I demonstrate the use of logical relations for proving the soundness of type systems for mutable state. Specifically, I focus on type systems that ensure the safe allocation, update, and reuse of memory. For each type in the language, I define logical relations that explain the meaning of the type in terms of the operational semantics of the language. Using this model of types, I prove each typing rule as a lemma. The major contribution is a model of System F with general references-that is, mutable cells that can hold values of any closed type including other references, functions, recursive types, and impredicative quantified types. The model is based on ideas from both possible worlds and the indexed model of Appel and McAllester. I show how the model of mutable references is encoded in higher-order logic. I also show how to construct an indexed possible-worlds model for a von Neumann machine. The latter is used in the Princeton Foundational PCC system to prove type safety for a full-fledged low-level typed assembly language. Finally, I present a semantic model for a region calculus that supports type-invariant references as well as memory reuse.

Nordic Journal of Computing, 1995

The use of nondeterminism in speci cations, as distinct from underspeci cation, is motivated by an example in the context of data re nement. A simple formalism for specifying nondeterministic data types is introduced. Its semantics is given in terms of the existing formalisms of relations, multialgebras, sets of functions and oracles by means of appropriate translation rules. Nondeterministic data re nement is studied from the syntactic and semantic perspective, and the correctness of the suggested proof obligations is proved. More general, the implementation relation and parameterisation of nondeterministic data types are discussed and the standard theorems of vertical and horizontal composition are generalized to the nondeterministic case.

Theoretical Computer Science, 1995

We introduce yet another event-based formalism, that of event automata, which unifies various concepts to be found in the literature. A characteristic property of these automata is that every state bears information about the events which have happened, and every state change coincides with the happening of an event. With configurations being reachable states, we show that other formalisms, such as (prime or flow) event structures and geometric automata, can be embedded in our model. Various constructions on event automata, such as the partially synchronous products, specialize to those of other formalisms.

Lecture Notes in Computer Science, 1997

We present a new type system for TyCO, a name-passing calculus of concurrent objects. The system captures dynamic aspects of the behaviour of objects, namely non-uniform service availability. The notion of processes without errors is loosened, demanding only weak fairness in the treatment of messages.

Birthday ..., 2008

We recall the contribution of Montanari’s paper [GGM76] and sketch a framework for observable behaviour specification that blends some of these early ideas, seen from a more modern perspective, with our own approach.

CONCUR'98 Concurrency …, 1998

We recast dataflow in a modern categorical light using profunctors as a generalisation of relations. The well known causal anomalies associated with relational semantics of indeterminate dataflow are avoided, but still we preserve much of the intuitions of a relational model. The development fits with the view of categories of models for concurrency and the general treatment of bisimulation they provide. In particular it fits with the recent categorical formulation of feedback using traced monoidal categories. The payoffs are: (1) explicit relations to existing models and semantics, especially the usual axioms of monotone IO automata are read off from the definition of profunctors, (2) a new definition of bisimulation for dataflow, the proof of the congruence of which benefits from the preservation properties associated with open maps and (3) a treatment of higher-order dataflow as a biproduct, essentially by following the geometry of interaction programme.