A Formally Specified Program Logic for Higher-Order Procedural Variables and non-local Jumps

We formally specified a program logic for higher-order procedural variables and non-local jumps with Ott and Twelf. Moreover, the dependent type systems and the translation are both executable specifications thanks to Twelf’s logic programming engine. In particular, relying on Filinski’s encoding of shift/reset using callcc/throw and a global meta-continuation (simulated in state passing style), we have mechanically checked the correctness of a few examples (all source files are available on request).

💡 Research Summary

The paper presents a fully formalized program logic that simultaneously supports higher‑order procedural variables and non‑local jumps. The authors use Ott to write a precise, machine‑readable specification of the source language’s syntax, typing rules, and operational semantics, and then translate this specification into Twelf’s logical framework (LF). Twelf’s built‑in logic‑programming engine is leveraged to turn the dependent type system and the translation into executable specifications, allowing automatic checking of type soundness and logical consistency.

A central technical contribution is the adaptation of Filinski’s encoding of shift/reset using call/cc and throw. The authors extend Filinski’s idea by introducing a global meta‑continuation that is simulated via state‑passing style. In this model, call/cc captures the current continuation and stores it in a distinguished meta‑continuation variable; throw retrieves the stored continuation and resumes execution. This approach enables the representation of non‑local jumps within a pure functional setting while keeping the continuation as an explicit first‑class value that can be reasoned about in the type system.

The dependent type system is designed to capture the intricate relationships between procedural variables and the continuations they may capture. Procedural variables are given types that include the expected type of the continuation they close over, and jump commands are only well‑typed when the target continuation’s type matches the expected one. This tight coupling ensures that many classes of jump‑related errors are ruled out at compile time.

The paper defines a systematic translation from the high‑level source language to a target language consisting of the λ‑calculus enriched with call/cc, throw, and a single state variable representing the meta‑continuation. The translation is compositional: higher‑order functions become closures, procedural variables are mapped to closure values, and each non‑local jump is compiled into a call/cc/throw pair that manipulates the meta‑continuation state. The authors prove a type‑preservation theorem for this translation, and the proof is fully mechanized in Twelf: every case of the translation is checked automatically, leaving no room for human oversight.

To demonstrate the practicality of their approach, the authors mechanize three representative examples. The first example shows a higher‑order function that captures its own continuation and later invokes it from a different context, illustrating the interaction between procedural variables and captured continuations. The second example builds a chain of nested non‑local jumps that skip multiple stack frames, confirming that the logic correctly handles complex control flow without violating type safety. The third example implements shift/reset operators using the call/cc/throw encoding and verifies that the behavior matches the standard semantics of delimited continuations. For each example, Twelf scripts automatically verify that the program satisfies the defined program logic and that the translation preserves types.

The authors discuss related work on program logics for first‑order control operators, on mechanized semantics using Twelf, and on Filinski’s original encoding. They argue that prior work either handled higher‑order procedural variables or non‑local jumps in isolation, but not both together within a single, mechanized logical framework. By integrating Ott and Twelf, the paper provides a reproducible pipeline from language specification to machine‑checked proofs, which can be extended to other advanced control constructs.

In conclusion, the paper demonstrates that a combination of Ott for high‑level specification and Twelf for executable verification can yield a robust, mechanically checked program logic for languages featuring both higher‑order procedural variables and non‑local jumps. The work opens avenues for future research, such as supporting multiple meta‑continuations, integrating concurrency, or applying the methodology to real‑world language implementations where safety of advanced control flow is paramount.