# index.bib

@inproceedings{fse17,
author = {Tim Nelson and Natasha Danas and Daniel J. Dougherty
and Shriram Krishnamurthi},
title = {The power of "why" and "why not": enriching scenario
exploration with provenance},
abstract = {Scenario-finding tools like the Alloy Analyzer are
widely used in numerous concrete domains like
security, network analysis, UML analysis, and so
on. They can help to verify properties and, more
generally, aid in exploring a system’s behavior.
While scenario finders are valuable for their
ability to produce concrete examples, individual
scenarios only give insight into what is possible,
leaving the user to make their own conclusions about
what might be necessary. This paper enriches
scenario finding by allowing users to ask “why?” and
“why not?”  questions about the examples they are
given. We show how to distinguish parts of an
example that cannot be consistently removed (or
changed) from those that merely reflect
underconstraint in the specification. In the former
case we show how to determine which elements of the
specification and which other components of the
example together explain the presence of such facts.
This paper formalizes the act of computing
provenance in scenario-finding. We present Amalgam,
an extension of the popular Alloy scenario-finder,
which implements these foundations and provides
interactive exploration of examples. We also
evaluate Amalgam’s algorithmics on a variety of both
textbook and real-world examples.  },
booktitle = {Proceedings of the 2017 11th Joint Meeting on
Foundations of Software Engineering, {ESEC/FSE}
2017, Paderborn, Germany, September 4-8, 2017},
pages = {106--116},
year = 2017,
url = {http://doi.acm.org/10.1145/3106237.3106272},
pdf = {fse17.pdf},
timestamp = {Wed, 16 Aug 2017 08:10:24 +0200},
biburl = {http://dblp.uni-trier.de/rec/bib/conf/sigsoft/NelsonDDK17},
bibsource = {dblp computer science bibliography, http://dblp.org}
}

@inproceedings{sefm17,
author = {Natasha Danas and Tim Nelson and Lane Harrison and
Shriram Krishnamurthi and Daniel J. Dougherty},
title = {User Studies of Principled Model Finder Output},
abstract = { Model-finders such as SAT-solvers are attractive
for producing concrete models, either as sample
instances or as counterexamples when properties
fail. However, the generated model is arbitrary. To
address this, several research efforts have proposed
principled forms of output from model-finders. These
include minimal and maximal models, unsat cores, and
proof-based provenance of facts.  While these
methods enjoy elegant mathematical foundations, they
have not been subjected to rigorous evaluation on
users to assess their utility. This paper presents
user studies of these three forms of output
performed on advanced students. We find that most of
the output forms fail to be effective, and in some
cases even actively mislead users. To make such
studies feasible to run frequently and at scale, we
also show how we can pose such studies on the
crowdsourcing site Mechanical Turk.  },
booktitle = {Software Engineering and Formal Methods - 15th
International Conference, {SEFM} 2017, Trento,
Italy, September 4-8, 2017, Proceedings},
pages = {168--184},
year = 2017,
url = {https://doi.org/10.1007/978-3-319-66197-1_11},
pdf = {sefm17},
timestamp = {Thu, 24 Aug 2017 12:31:20 +0200},
biburl = {http://dblp.uni-trier.de/rec/bib/conf/sefm/DanasNHKD17},
bibsource = {dblp computer science bibliography, http://dblp.org}
}

@inproceedings{edbt17,
author = {Olga Poppe and Chuan Lei and Elke A. Rundensteiner
and Daniel J. Dougherty and Goutham Deva and
Nicholas Fajardo and James Owens and Thomas Schweich
and MaryAnn Van Valkenburg and Sarun
Paisarnsrisomsuk and Pitchaya Wiratchotisatian and
George Gettel and Robert Hollinger and Devin Roberts
and Daniel Tocco},
title = {{CAESAR:} Context-Aware Event Stream Analytics for
Urban Transportation Services},
abstract = { We demonstrate the first full-fledged context-aware
event processing solution, called CAESAR, that
supports applica- tion contexts as first class
citizens. CAESAR offers human-readable specification
of context-aware application seman- tics composed of
context derivation and context processing. Both
classes of queries are only relevant during their
respective contexts. They are suspended otherwise to
save resources and to speed up the system
responsiveness to the current
situation. Furthermore, we demonstrate the context-
driven optimization techniques including context
window push-down and query workload sharing among
overlapping context windows. We illustrate the
usability and performance gain of our CAESAR system
by a use case scenario for urban transportation
services using real data sets.  },
booktitle = {Proceedings of the 20th International Conference on
Extending Database Technology, {EDBT} 2017, Venice,
Italy, March 21-24, 2017.},
pages = {590--593},
year = 2017,
url = {https://doi.org/10.5441/002/edbt.2017.77},
pdf = {edbt17.pdf},
timestamp = {Sun, 21 May 2017 00:19:15 +0200},
biburl = {http://dblp.uni-trier.de/rec/bib/conf/edbt/PoppeLRDDFOSVPW17},
bibsource = {dblp computer science bibliography, http://dblp.org}
}

@inproceedings{aplas16,
author = {Daniel J. Dougherty and Ugo de'Liguoro and Luigi
Liquori and Claude Stolze},
title = {A Realizability Interpretation for Intersection and
Union Types},
booktitle = {Programming Languages and Systems - 14th Asian
Symposium, {APLAS} 2016, Hanoi, Vietnam, November
21-23, 2016, Proceedings},
pages = {187--205},
year = 2016,
abstract = { {Proof-functional} logical connectives allow
reasoning about the structure of logical proofs, in
this way giving to the latter the status of
{first-class} objects. This is in contrast to
classical {truth-functional} connectives where
the meaning of a compound formula is dependent only
on the truth value of its subformulas.  In this
paper we present a typed lambda calculus, enriched
with products, coproducts, and a related
proof-functional logic. This calculus, directly
derived from a typed calculus previously defined by
two of the current authors, has been proved
isomorphic to the well-known
Barbanera-Dezani-Ciancaglini-de'Liguoro type
assignment system. We present a logic L
featuring two proof-functional connectives, namely
strong conjunction and strong disjunction.  We prove
the typed calculus to be isomorphic to the logic
L and we give a realizability semantics
using {Mints' realizers} \cite{Mints89} and a
completeness theorem.  A prototype implementation is
also described.  },
url = {http://dx.doi.org/10.1007/978-3-319-47958-3_11},
doi = {10.1007/978-3-319-47958-3_11},
timestamp = {Mon, 10 Oct 2016 15:12:54 +0200},
biburl = {http://dblp.uni-trier.de/rec/bib/conf/aplas/DoughertydLS16},
bibsource = {dblp computer science bibliography, http://dblp.org},
pdf = {aplas16.pdf}
}

@inproceedings{edbt16,
author = {Olga Poppe and Chuan Lei and Elke A. Rundensteiner
and Daniel J. Dougherty},
title = {Context-Aware Event Stream Analytics},
booktitle = {Proceedings of the 19th International Conference on
Extending Database Technology, {EDBT} 2016,
Bordeaux, France, March 15-16, 2016, Bordeaux,
France, March 15-16, 2016.},
pages = {413--424},
year = {2016},
abstract = {Complex event processing is a popular technology for
continuously monitoring high-volume event streams
from health care to traffic management to detect
complex compositions of events. These event
compositions signify critical application contexts
from hygiene violations to traffic
accidents. Certain event queries are only
appropriate in particular contexts. Yet
state-of-the-art streaming engines tend to execute
all event queries continuously regardless of the
current application context. This wastes
tremendous processing resources and thus leads to
delayed reactions to critical situations. We have
developed the first context-aware event process- ing
solution, called CAESAR, which features the
following key innovations. (1) The CAESAR model
supports applica- tion contexts as first class
citizens and associates appropriate event queries
with them. (2) The CAESAR optimizer em- ploys
context-aware optimization strategies including con-
text window push-down strategy and query workload
shar- ing among overlapping contexts. (3) The CAESAR
infras- tructure allows for lightweight event query
suspension and activation driven by context
windows. Our experimental study utilizing both the
Linear Road stream benchmark as well as real-world
data sets demonstrates that the context- aware event
stream analytics consistently outperforms the
state-of-the-art strategies by factor of 8 on
average.},
url = {http://dx.doi.org/10.5441/002/edbt.2016.38},
doi = {10.5441/002/edbt.2016.38},
timestamp = {Tue, 22 Mar 2016 18:14:55 +0100},
biburl = {http://dblp.uni-trier.de/rec/bib/conf/edbt/PoppeLRD16},
bibsource = {dblp computer science bibliography, http://dblp.org}
}

@inproceedings{cade15,
author = {Salman Saghafi and
Ryan Danas and
Daniel J. Dougherty},
title = {Exploring Theories with a Model-Finding Assistant},
booktitle = {Automated Deduction - {CADE-25} - 25th International Conference on
Automated Deduction, Berlin, Germany, August 1-7, 2015, Proceedings},
editor = {Amy P. Felty and
Aart Middeldorp},
series = {Lecture Notes in Computer Science},
volume = {9195},
publisher = {Springer},
pages = {434--449},
year = {2015},
doi = {10.1007/978-3-319-21401-6_30},
timestamp = {Fri, 31 Jul 2015 13:18:27 +0200},
bibsource = {dblp computer science bibliography, http://dblp.org},
abstract = {We present an approach to understanding first-order
theories by exploring their models.  A typical use
case is the analysis of artifacts such as policies,
protocols, configurations, and software designs.
For the analyses we offer, users are not required to
frame formal properties or construct derivations.
Rather, they can explore examples of their designs,
confirming the expected instances and perhaps
recognizing bugs inherent in surprising instances.
Key foundational ideas include: the information
preorder on models given by homomorphism, an
inductively-defined refinement of the Herbrand base
of a theory, and a notion of provenance for elements
and facts in models.  The implementation makes use
of SMT-solving and an algorithm for minimization
with respect to the information preorder on models.
Our approach is embodied in a tool, Razor, that is
complete for finite satisfiability and provides a
read-eval-print loop used to navigate the set of
finite models of a theory and to display
provenance.},
}

@inproceedings{csf14,
author = {Daniel J. Dougherty and
Joshua D. Guttman},
title = {Decidability for Lightweight {Diffie-Hellman} Protocols},
booktitle = {{IEEE} 27th Computer Security Foundations Symposium, {CSF} 2014, Vienna,
Austria, 19-22 July, 2014},
pages = {217--231},
year = {2014},
biburl = {http://dblp.uni-trier.de/rec/bib/conf/csfw/DoughertyG14},
bibsource = {dblp computer science bibliography, http://dblp.org},
abstract = {Many protocols use Diffie-Hellman key agreement,
combined with certified long-term values or digital
signatures for authentication.  These protocols aim
at security goals such as key secrecy, forward
secrecy, resistance to key compromise attacks, and
various flavors of authentication.  However, these
protocols are challenging to analyze, both in
computational and symbolic models.  An obstacle in
the symbolic model is the undecidability of
unification in many theories in the signature of
rings.  In this paper, we develop an algebraic
version of the symbolic approach, working directly
within finite fields, the natural structures for the
protocols.  The adversary, in giving an attack on a
protocol goal in a finite field, may rely on any
identity in that field.  He defeats the protocol if
there are attacks in infinitely many finite fields.
We prove that, even for this strong adversary,
security goals for a wide class of protocols are
decidable.  },
url = {csf14.pdf}
}

@inproceedings{paar14,
author = {Salman Saghafi and Daniel J. Dougherty},
title = {Razor: Provenance and Exploration in Model-Finding},
booktitle = {4th Workshop on Practical Aspects of Automated
Reasoning {(PAAR)}},
year = 2014,
abstract = { Razor is a model-finder for first-order theories
presented geometric form; geometric logic is a
variant of first-order logic that focuses on
"observable" properties. An important guiding
principle of Razor is that it be accessible to users
who are not necessarily expert in formal methods;
application areas include software design, analysis
of security protocols and policies, and
configuration management.  A core functionality of
the tool is that it supports exploration of the
space of models of a given input theory, as well as
presentation of provenance information about the
elements and facts of a model.  The crucial
mathematical tool is the ordering relation on models
determined by homomorphism, and Razor prefers models
that are minimal with respect to this
homomorphism-ordering.},
url = {paar14.pdf}
}

@inproceedings{fcs14,
author = {John D.~Ramsdell and Daniel J.~Dougherty and
Joshua D.~Guttman and Paul D.~Rowe},
title = {A Hybrid Analysis for Security Protocols with State},
booktitle = {Joint Workshop on Foundations of Computer Security
and Formal and Computational Cryptography
{(FCS/FCC)}},
year = 2014,
abstract = {Cryptographic protocols rely on message-passing to
coordinate activity among principals.  Each
principal maintains local state in individual local
sessions only as needed to complete that session.
However, in some protocols a principal also uses
state to coordinate its different local sessions.
Sometimes the non-local, mutable state is used as a
means, for example with smart cards or Trusted
Platform Modules.  Sometimes it is the purpose of
running the protocol, for example in commercial
transactions.  Many richly developed tools and
techniques, based on well-understood foundations,
are available for design and analysis of pure
message-passing protocols.  But the presence of
cross-session state poses difficulties for these
techniques.  In this paper we provide a framework
for modeling stateful protocols.  We define a hybrid
analysis method.  It leverages theorem-proving---in
this instance, the PVS prover---for reasoning about
computations over state.  It combines that with an
enrich-by-need'' approach---embodied by
CPSA---that focuses on the message-passing part.  As
a case study we give a full analysis of the Envelope
Protocol, due to Mark Ryan.},
url = {fcs14.pdf}
}

@inproceedings{hotsdn13,
author = {Tim Nelson and Arjun Guha and Daniel J. Dougherty
and Kathi Fisler and Shriram Krishnamurthi},
title = {A Balance of Power: Expressive, Analyzable
Controller Programming},
booktitle = {ACM SIGCOMM Workshop on Workshop on Hot Topics in
Software Defined Networks},
year = 2013,
abstract = {Configuration languages for traditional network
hardware are often fairly limited and hence easy to
analyze. Programmable controllers for
software-defined networks are far more flexible, but
this flexibility results in more opportunities for
mis-configuration and greatly complicates
analyses. We propose a new network-programming
paradigm that strikes a balance between expressive
power and analysis, providing a highly analyzable
core language while allowing the re-use of
pre-existing code written in more complex production
languages.  As the first step we have created
FlowLog, a declarative language for programming SDN
controllers. We show that FlowLog is expressive
enough to build some real controller programs. It is
also a finite-state language, and thus amenable to
many types of analysis, such as model-checking. In
this paper we present FlowLog, show examples of
controller programs, and discuss analyzing them.},
url = {hotsdn13.pdf}
}

@conference{nelson_ICSE13,
author = {Tim Nelson and Salman Saghafi and Daniel
J. Dougherty and Kathi Fisler and Shriram
Krishnamurthi},
title = {Aluminum: Principled Scenario Exploration through
Minimality},
booktitle = {35th International Conference on Software
Engineering (ICSE)},
year = 2013,
pages = {232--241},
abstract = {Scenario-finding tools such as Alloy are widely used
to understand the consequences of specifications,
with applications to software modeling, security
analysis, and verification. This paper focuses on
the exploration of scenarios: which scenarios are
presented first, and how to traverse them in a
well-defined way.  We present Aluminum, a
modification of Alloy that presents only minimal
scenarios: those that contain no more than is
necessary. Aluminum lets users explore the scenario
space by adding to scenarios and backtracking. It
also provides the ability to find what can
consistently be used to extend each scenario.  We
describe the semantic basis of Aluminum in terms of
minimal models of first-order logic formulas. We
show how this theory can be implemented atop
existing SAT-solvers and quantify both the benefits
of minimality and its small computational
overhead. Finally, we offer some qualitative
observations about scenario exploration in
Aluminum.},
url = {icse13-aluminum.pdf}
}

@conference{DG12,
author = {Daniel J. Dougherty and Joshua D. Guttman},
title = {An Algebra for Symbolic {Diffie-Hellman} Protocol
Analysis},
booktitle = {Proceedings of the 7th International Symposium on
Trustworthy Global Computing},
year = {2012},
abstract = {We study the algebra underlying symbolic protocol
analysis for protocols using Diffie-Hellman
operations. Diffie-Hellman operations act on a cyclic
group of prime order, together with an exponentiation
operator. The exponents form a finite field: this rich
algebraic structure has resisted previous symbolic
approaches.  We define an algebra that validates
precisely the equations that hold almost always as the
order of the cyclic group varies. We realize this
algebra as the set of normal forms of a particular
rewriting theory.  The normal forms allow us to define
our crucial notion of indicator, a vector of integers
that summarizes how many times each secret exponent
appears in a message. We prove that the adversary can
never construct a message with a new indicator in our
adversary model. Using this invariant, we prove the
main security goals achieved by UM, a protocol using
Diffie-Hellman for implicit authentication.},
url = {tgc12.pdf}
}

@article{DBLP:journals/corr/abs-1202-2168,
author = {Daniel J. Dougherty and Joshua D. Guttman},
title = {Symbolic Protocol Analysis for {Diffie-Hellman}},
journal = {CoRR},
volume = {abs/1202.2168},
year = {2012},
ee = {http://arxiv.org/abs/1202.2168},
bibsource = {DBLP, http://dblp.uni-trier.de},
abstract = {We extend symbolic protocol analysis to apply to
protocols using Diffie-Hellman
operations. Diffie-Hellman operations act on a cyclic
group of prime order, together with an exponentiation
operator. The exponents form a finite field. This rich
algebraic structure has resisted previous symbolic
approaches. We work in an algebra defined by the
normal forms of a rewriting theory (modulo
associativity and commutativity). These normal forms
allow us to define our crucial notion of indicator, a
vector of integers that summarizes how many times each
secret exponent appears in a message. We prove that
the adversary can never construct a message with a new
indicator in our adversary model. Using this
invariant, we prove the main security goals achieved
by several different protocols that use Diffie-Hellman
operators in subtle ways. We also give a
model-theoretic justification of our rewriting theory:
the theory proves all equations that are uniformly
true as the order of the cyclic group varies.},
}

@conference{nelson_abz,
author = {Timothy Nelson and Daniel J. Dougherty and Kathi
Fisler and Shriram Krishnamurthi},
title = {Toward a More Complete {Alloy}},
booktitle = {Abstract State Machines, Alloy, B, VDM, and Z -
Third International Conference, ABZ 2012, Pisa,
Italy, June 18-21, 2012. Proceedings},
publisher = {Springer},
series = {Lecture Notes in Computer Science},
volume = 7316,
year = 2012,
pages = {136-149},
ee = {http://dx.doi.org/10.1007/978-3-642-30885-7_10},
url = {abz12-more-complete-alloy.pdf},
abstract = {Many model-finding tools, such as Alloy, charge
users with providing bounds on the sizes of models.
It would be preferable to automatically compute
sufficient upper-bounds whenever possible.  The
Bernays-Sch\"onfinkel-Ramsey fragment of first-order
logic can relieve users of this burden in some
cases: its sentences are satisfiable iff they are
satisfied in a finite model, whose size is
computable from the input problem.  Researchers have
observed, however, that the class of sentences for
which such a theorem holds is richer in a
many-sorted framework---which Alloy inhabits---than
in the one-sorted case.  This paper studies this
phenomenon in the general setting of order-sorted
logic supporting overloading and empty sorts.  We
establish a syntactic condition generalizing the
Bernays-Sch\"onfinkel-Ramsey form that ensures the
Finite Model Property.  We give a linear-time
algorithm for deciding this condition and a
polynomial-time algorithm for computing the bound on
model sizes.  As a consequence, model-finding is a
complete decision procedure for sentences in this
class.  Our work has been incorporated into
Margrave, a tool for policy analysis, and applies in
real-world situations.}
}

@conference{edbt12,
author = {Mo Liu and Medhabi Ray and Dazhi Zhang and Elke
A. Rundensteiner and Daniel J. Dougherty and Chetan
Gupta and Song Wang and Ismail Ari},
title = {Realtime healthcare services via nested complex event
processing technology},
booktitle = {15th International Conference on Extending Database
Technology, EDBT '12, Berlin, Germany, March 27-30,
2012, Proceedings},
year = 2012,
pages = {622-625},
ee = {http://doi.acm.org/10.1145/2247596.2247681},
abstract = {Complex Event Processing (CEP) over event streams has
become increasingly important for real-time
applications ranging from healthcare to supply chain
management. In such applications, arbitrarily complex
sequence patterns as well as non existence of such
complex situations must be detected in real time. To
assure real-time responsiveness for detection of such
complex pattern over high volume high-speed streams,
efficient processing techniques must be
designed. Unfortunately the efficient processing of
complex sequence queries with negations remains a
largely open problem to date. To tackle this
shortcoming, we designed optimized strategies for
handling nested CEP query. In this demonstration, we
propose to showcase these techniques for processing
and optimizing nested pattern queries on streams. In
particular our demonstration showcases a platform for
specifying complex nested queries, and selecting one
of the alternative optimized techniques including
sub-expression sharing and intermediate result caching
to process them. We demonstrate the efficiency of our
optimized strategies by graphically comparing the
execution time of the optimized solution against that
of the default processing strategy of nested CEP
queries. We also demonstrate the usage of the proposed
technology in several healthcare services.}
}

@conference{DBLP:conf/icde/LiuRDGWAM11,
author = {Mo Liu and Elke A. Rundensteiner and Daniel
J. Dougherty and Chetan Gupta and Song Wang and Ismail
Ari and Abhay Mehta},
title = {High-performance nested {CEP} query processing over
event streams},
booktitle = {Proceedings of the 27th International Conference on
Data Engineering, ICDE 2011, April 11-16, 2011,
Hannover, Germany},
year = {2011},
pages = {123-134},
ee = {http://dx.doi.org/10.1109/ICDE.2011.5767839},
bibsource = {DBLP, http://dblp.uni-trier.de},
abstract = {Complex event processing (CEP) over event streams has
become increasingly important for real-time
applications ranging from health care, supply chain
management to business intelligence. These monitoring
applications submit complex queries to track sequences
of events that match a given pattern. As these systems
mature the need for increasingly complex nested
sequence query support arises, while the state-of-art
CEP systems mostly support the execution of flat
sequence queries only. To assure real-time
responsiveness and scalability for pattern detection
even on huge volume high-speed streams, efficient
processing techniques must be designed. In this paper,
we first analyze the prevailing nested pattern query
processing strategy and identify several serious
shortcomings. Not only are substantial subsequences
first constructed just to be subsequently discarded,
but also opportunities for shared execution of nested
subexpressions are overlooked. As foundation, we
introduce NEEL, a CEP query language for expressing
nested CEP pattern queries composed of sequence,
negation, AND and OR operators. To overcome
deficiencies, we design rewriting rules for pushing
negation into inner subexpressions. Next, we devise a
normalization procedure that employs these rules for
flattening a nested complex event expression. To
conserve CPU and memory consumption, we propose
several strategies for efficient shared processing of
groups of normalized NEEL subexpressions. These
strategies include prefix caching, suffix clustering
and customized "bit-marking" execution strategies. We
design an optimizer to partition the set of all CEP
subexpressions in a NEEL normal form into groups, each
of which can then be mapped to one of our shared
execution operators. Lastly, we evaluate our
technologies by conducting a performance study to
assess the CPU processing time using real-world stock
trades data. Our results confirm that our NEEL
execution in many cases performs 100 fold faster than
the traditional iterative nested execution strategy
for real stock market query workloads.},
url = {icde11.pdf}
}

@conference{DBLP:conf/icde/RayLRDGWMA11,
author = {Medhabi Ray and Mo Liu and Elke A. Rundensteiner and
Daniel J. Dougherty and Chetan Gupta and Song Wang
and Abhay Mehta and Ismail Ari},
title = {Optimizing complex sequence pattern extraction using
caching},
booktitle = {Workshops Proceedings of the 27th International
Conference on Data Engineering, ICDE 2011, April
11-16, 2011, Hannover, Germany},
editor = {Serge Abiteboul and Klemens B{\"o}hm and Christoph
Koch and Kian-Lee Tan},
year = {2011},
pages = {243-248},
isbn = {978-1-4244-9194-0},
ee = {http://dx.doi.org/10.1109/ICDEW.2011.5767641},
bibsource = {DBLP, http://dblp.uni-trier.de},
url = {icde-wkshp-11.pdf},
abstract = { Complex Event Processing (CEP) has become
increasingly important for tracking and monitoring
complex event anomalies and trends in event streams
emitted from business processes such as supply chain
management to online stores in e-commerce. These
monitoring applications submit complex event queries
to track sequences of events that match a given
pattern. The state-of-the-art CEP systems mostly
focus on the execution of flat sequence queries, we
instead support the execution of nested CEP queries
specified by our NEsted Event Language
NEEL. However, the iterative execution of nested CEP
expressions often results in the repeated
recomputation of the same or similar results for
nested subexpressions as the window slides over the
event stream. In this work we thus propose to
optimize NEEL execution performance by caching
intermediate results. In particular we design two
methods of applying selective caching of
intermediate results namely Object Caching and the
Interval-Driven Semantic Caching. Techniques for
cache content are described. Our experimental study
using real-world stock trades evaluates the
performance of our proposed caching strategies for
different query types.  }
}

@conference{nelson_margrave-tool,
author = {Timothy Nelson and Christopher Barratt and Daniel
J. Dougherty and Kathi Fisler and Shriram
Krishnamurthi},
booktitle = {Proceedings of the 24th USENIX Large Installation
System Administration Conference (LISA 2010)},
date-added = {2010-12-01 12:21:57 -0500},
date-modified = {2010-12-01 12:36:28 -0500},
title = {The {Margrave} Tool for Firewall Analysis},
year = {2010},
url = {lisa10.pdf},
abstract = {Writing and maintaining firewall configurations can be
challenging, even for experienced system
administrators. Tools that uncover the consequences of
configurations and edits to them can help sysadmins
prevent subtle yet serious errors.  Our tool,
Margrave, offers powerful features for firewall
analysis, including enumerating consequences of
configuration edits, detecting overlaps and conflicts
among rules, tracing firewall behavior to specific
rules, and verification against security goals.
Margrave differs from other firewall-analysis tools in
supporting queries at multiple levels (rules, filters,
firewalls, and networks of firewalls), comparing
separate firewalls in a single query, supporting
reflexive ALCs, and presenting exhaustive sets of
concrete scenarios that embody queries.  Margrave
supports real-world firewall-configuration languages,
decomposing them into multiple policies that capture
different aspects of firewall functionality.  We
present evaluation on networking-forum posts and on an
in-use enterprise firewall-configuration.}
}

@conference{c_lpar10,
author = {Daniel J./ Dougherty and Luigi Liquori},
title = {Logic and computation in a lambda calculus with
intersection and union types},
booktitle = {Proc. 16th International Conference on Logic for
Programming Artificial Intelligence and Reasoning
(LPAR)},
year = 2010,
abstract = {We present an explicitly typed lambda calculus a la
Church'' based on the union and intersection types
discipline; this system is the counterpart of the
standard type assignment calculus a la Curry.''  Our
typed calculus enjoys Subject Reduction and
confluence, and typed terms are strongly normalizing
when the universal type is omitted.  Moreover both
type checking and type reconstruction are decidable.
In contrast to other typed calculi, a system with
union types will fail to be coherent'' in the sense
of Tannen, Coquand, Gunter, and Scedrov: different
proofs of the same typing judgment will not
necessarily have the same meaning.  In response, we
introduce a decidable notion of equality on
type-assignment derivations inspired by the equational
theory of bicartesian-closed categories.
\\ \\
Some supplementary material can be found here:
\url{lpar10-appendix.pdf}, },
url = {lpar10.pdf}
}

@techreport{nelson_finite-model,
author = {Nelson, Timothy and Dougherty, Daniel J. and Fisler,
Kathi and Krishnamurthi, Shriram},
date-added = {2010-10-20 11:52:34 -0400},
date-modified = {2010-10-20 22:09:06 -0400},
institution = {Worcester Polytechnic Institute},
title = {On the Finite Model Property in Order-Sorted Logic},
year = 2010,
url = {finite-model-tr.pdf},
abstract = {The Schoenfinkel-Bernays-Ramsey class is a fragment
of first-order logic with the Finite Model Property: a
sentence in this class is satisfiable if and only if
it is satisfied in a finite model.  Since an upper
bound on the size of such a model is computable from
the sentence, the satisfiability problem for this
family is decidable.  Sentences in this form arise
naturally in a variety of application areas, and
several popular reasoning tools explicitly target this
class.  Others have observed that the class of
sentences for which such a finite model theorem holds
is richer in a many-sorted framework than in the
one-sorted case.  This paper makes a systematic study
of this phenomenon in the general setting of
sorts.  We establish a syntactic condition
generalizing the Schoenfinkel-Bernays-Ramsey form that
ensures the Finite Model Property.  We give a
linear-time algorithm for deciding this condition and
a polynomial-time algorithm for computing the bound on
model sizes.  As a consequence, model-finding is a
complete decision procedure for sentences in this
class.  Our algorithms have been incorporated into
Margrave, a tool for analysis of access-control and
firewall policies, and are available in a standalone
application suitable for analyzing input to the Alloy
model finder.}
}

@conference{DBLP:conf/sigsoft/FislerKD10,
author = {Kathi Fisler and Shriram Krishnamurthi and Daniel
J. Dougherty},
title = {Embracing policy engineering},
booktitle = {Proceedings of the Workshop on Future of Software
Engineering Research, FoSER 2010, at the 18th ACM
SIGSOFT International Symposium on Foundations of
Software Engineering, 2010, Santa Fe, NM, USA,
November 7-11, 2010},
year = {2010},
pages = {109-110},
ee = {http://doi.acm.org/10.1145/1882362.1882385},
bibsource = {DBLP, http://dblp.uni-trier.de},
url = {foser10.pdf},
abstract = {Declarative policies play a central role in many
modern software systems. Engineering policies and
their interactions with programs raises many
interesting open questions.}
}

@conference{DBLP:conf/dmsn/LiuRRDGWAM10,
author = {Mo Liu and Medhabi Ray and Elke A. Rundensteiner and
Daniel J. Dougherty and Chetan Gupta and Song Wang and
Ismail Ari and Abhay Mehta},
title = {Processing nested complex sequence pattern queries
over event streams},
booktitle = {Proceedings of the 7th Workshop on Data Management for
Sensor Networks, in conjunction with VLDB, DMSN 2010,
Singapore, September 13, 2010},
year = {2010},
pages = {14-19},
ee = {http://doi.acm.org/10.1145/1858158.1858164},
bibsource = {DBLP, http://dblp.uni-trier.de},
url = {dmsn10.pdf},
abstract = {Complex event processing (CEP) has become increasingly
important for tracking and monitoring applications
ranging from health care, supply chain management to
surveillance. These monitoring applications submit
complex event queries to track sequences of events
that match a given pattern. As these systems mature
the need for increasingly complex nested sequence
queries arises, while the state-of-the-art CEP systems
mostly focus on the execution of flat sequence queries
only. In this paper, we now introduce an iterative
execution strategy for nested CEP queries composed of
sequence, negation, AND and OR operators. Lastly we
have introduced the promising direction of applying
selective caching of intermediate results to optimize
the execution. Our experimental study using real-world
stock trades evaluates the performance of our proposed
iterative execution strategy for different query
types.}
}

@conference{DBLP:journals/corr/abs-1001-4427,
author = {Tony Bourdier and Horatiu Cirstea and Daniel
J. Dougherty and H{\'e}l{\e}ne Kirchner},
title = {Extensional and Intensional Strategies},
booktitle = {Proceedings Ninth International Workshop on Reduction
Strategies in Rewriting and Programming},
editor = {Maribel Fern{\'a}ndez},
year = 2009,
pages = {1-19},
series = {EPTCS},
volume = 15,
ee = {http://dx.doi.org/10.4204/EPTCS.15.1},
abstract = {This paper is a contribution to the theoretical
foundations of strategies. We first present a general
definition of abstract strategies which is extensional
in the sense that a strategy is defined explicitly as
a set of derivations of an abstract reduction
system. We then move to a more intensional definition
supporting the abstract view but more operational in
the sense that it describes a means for determin- ing
such a set. We characterize the class of extensional
strategies that can be defined intensionally. We also
give some hints towards a logical characterization of
intensional strategies and propose a few challenging
perspectives.},
url = {wrs09.pdf}
}

@conference{DBLP:conf/bncod/RaghavanZRD09,
author = {Venkatesh Raghavan and Yali Zhu and Elke
A. Rundensteiner and Daniel J. Dougherty},
title = {Multi-Join Continuous Query Optimization: Covering the
Spectrum of Linear, Acyclic, and Cyclic Queries},
booktitle = {Dataspace: The Final Frontier, 26th British National
Conference on Databases, BNCOD 26, Birmingham, UK,
July 7-9, 2009.  Proceedings},
year = 2009,
series = {Lecture Notes in Computer Science},
volume = {5588},
pages = {91-106},
ee = {http://dx.doi.org/10.1007/978-3-642-02843-4_11},
bibsource = {DBLP, http://dblp.uni-trier.de},
url = {bncod09.pdf},
abstract = {Traditional optimization algorithms that guarantee
optimal plans have exponential time complexity and are
thus not viable in streaming contexts. Continuous
query optimizers commonly adopt heuristic techniques
such as Adaptive Greedy to attain polynomial-time
execution. However, these techniques are known to
produce optimal plans only for linear and star shaped
join queries. Motivated by the prevalence of acyclic,
cyclic and even complete query shapes in stream
applications, we conduct an extensive experimental
study of the behavior of the state-of-the-art
algorithms. This study has revealed that
heuristic-based techniques tend to generate
sub-standard plans even for simple acyclic join
queries. For general acyclic join queries we extend
the classical IK approach to the streaming context to
define an algorithm TreeOpt that is guaranteed to find
an optimal plan in polynomial time. For the case of
cyclic queries, for which finding optimal plans is
known to be NP-complete, we present an algorithm FAB
which improves other heuristic-based techniques by (i)
increasing the likelihood of finding an optimal plan
and (ii) improving the effectiveness of finding a
near-optimal plan when an optimal plan cannot be found
in polynomial time. To handle the entire spectrum of
query shapes from acyclic to cyclic we propose a
Q-Aware approach that selects the optimization
algorithm used for generating the join order, based on
the shape of the query.}
}

@conference{w_rule09,
author = {Daniel J.\ Dougherty},
title = {An Improved Algorithm for Generating Database
Transactions from Relational Algebra Specifications},
booktitle = {Proc. 10th International Workshop on Rule-Based
Programming (RULE)},
year = 2009,
abstract = {Alloy is a lightweight modeling formalism based on
relational algebra.  In prior work with Fisler,
Giannakopoulos, Krishnamurthi, and Yoo, we have
presented a tool, Alchemy, that compiles Alloy
specifications into implementations that execute
against persistent databases.  The foundation of
Alchemy is an algorithm for rewriting relational
algebra formulas into code for database transactions.
In this paper we report on recent progress in
improving the robustness and efficiency of this
transformation.},
url = {rule09.pdf}
}

@conference{c_fm09,
author = {Theophilos Giannakopoulos and Daniel J.\ Dougherty and
Kathi Fisler and Shriram Krishnamurthi},
title = {Towards an Operational Semantics for {A}lloy},
booktitle = {Proc. 16th International Symposium on Formal Methods},
year = 2009,
pages = {483--498},
abstract = {The Alloy modeling language has a mathematically
rigorous denotational semantics based on relational
algebra.  Alloy specifications often represent
operations on a state, suggesting a transition-system
semantics.  Because Alloy does not intrinsically
provide a notion of state, however, this
interpretation is only implicit in the
relational-algebra semantics underlying the Alloy
Analyzer.  In this paper we demonstrate the subtlety
of representing state in Alloy specifications.  We
formalize a natural notion of transition semantics for
state-based specifications and show examples of
specifications in this class for which analysis based
on relational algebra can induce false confidence in
designs.  We characterize the class of facts that
guarantees that Alloy's analysis is sound for
state-transition systems, and offer a sufficient
syntactic condition for membership in this class.  We
offer some practical evaluation of the utility of this
syntactic discipline and show how it provides a
foundation for program synthesis from Alloy.},
url = {fm09.pdf}
}

@proceedings{e_secret08,
title = {Proceedings of the Third International Workshop on
Security and Rewriting Techniques (SecReT 2008)},
editor = {Daniel J. Dougherty and Santiago Escobar},
series = {Electronic Notes in Theoretical Computer Science},
volume = 234,
year = 2009,
pages = {1--2},
issn = {1571-0661}
}

@conference{c_fse08,
author = {Shriram Krishnamurthi and Daniel J. Dougherty and
Kathi Fisler and Daniel Yoo},
title = {Alchemy: Transmuting Base {A}lloy Specifications into
Implementations},
booktitle = {ACM SIGSOFT International Symposium on the Foundations
of Software Engineering},
year = 2008,
pages = {158--169},
abstract = { Alloy specifications are used to define lightweight
models of systems. We present Alchemy, which compiles
Alloy specifications into implementations that execute
against persistent databases. Alchemy translates a
subset of Alloy predicates into imperative update
operations, and it converts facts into database
integrity constraints that it maintains automatically
in the face of these imperative actions.  In addition
to presenting the semantics and an algorithm for this
compilation, we present the tool and outline its
application to a non-trivial specification. We also
discuss lessons learned about the relationship between
Alloy specifications and imperative implementations.},
url = {fse08.pdf}
}

@article{a_fest07,
author = {Daniel J. Dougherty and Silvia Ghilezan and Pierre
Lescanne},
title = {Characterizing strong normalization in the
{C}urien-{H}erbelin symmetric lambda calculus:
extending the {C}oppo-{D}ezani heritage},
journal = {Theor. Comput. Sci.},
volume = 398,
number = {1-3},
year = 2008,
issn = {0304-3975},
pages = {114--128},
publisher = {Elsevier Science Publishers Ltd.},
address = {Essex, UK},
abstract = {We develop an intersection type system for the
\lambda-\mu-\mu~ calculus of Curien and Herbelin.
This calculus provides a symmetric computational
interpretation of classical sequent style logic and
gives a simple account of call-by-name and
call-by-value.  The present system improves on earlier
type disciplines for the calculus: in addition to
characterizing the expressions that are strongly
normalizing under free (unrestricted) reduction, the
system enjoys the Subject Reduction and the Subject
Expansion properties.},
url = {CDR-festschrift.pdf}
}

@conference{c_dfk_esorics07,
author = {Daniel J. Dougherty and Kathi Fisler and Shriram
Krishnamurthi},
title = {Obligations and their Interaction with Programs},
booktitle = {12th European Symposium On Research In Computer
Security (ESORICS)},
series = {Lecture Notes in Computer Science},
volume = 4734,
year = 2007,
pages = {375--389},
abstract = {Obligations are pervasive in modern systems, often
linked to access control decisions.  We present a very
general model of obligations as objects with state,
and discuss its interaction with a program's
execution.  We describe several analyses that the
model enables, both static (for verification) and
dynamic (for monitoring).  This includes a systematic
approach to approximating obligations for enforcement.
We also discuss some extensions that would enable
practical policy notations.  Finally, we evaluate the
robustness of our model against standard definitions
from jurisprudence.},
url = {dfk-esorics07.pdf}
}

@conference{c_dkks_esorics07,
author = {Daniel J. Dougherty and Claude Kirchner and Helene
Kirchner and Anderson Santana de Oliveira},
title = {Modular Access Control via Strategic Rewriting},
booktitle = {12th European Symposium On Research In Computer
Security (ESORICS)},
series = {Lecture Notes in Computer Science},
volume = 4734,
year = 2007,
pages = {578--593},
abstract = {Security policies, in particular access control, are
fundamental elements of computer security. We address
the problem of authoring and analyzing policies in a
modular way using techniques developed in the field of
term rewriting, focusing especially on the use of
rewriting strategies.  Term rewriting supports a
formalization of access control with a clear
declarative semantics based on equational logic and an
operational semantics guided by strategies.
Well-established term rewriting techniques allow us to
check properties of policies such as the absence of
conflicts and the property of always returning a
decision.  A rich language for expressing rewriting
strategies is used to define a theory of modular
construction of policies in which we can better
understand the preservation of properties of policies
under composition.  The robustness of the approach is
illustrated on the composition operators of XACML.},
url = {dkks-esorics07.pdf}
}

@techreport{tr_07,
author = {Daniel J. Dougherty},
title = {Core {XACML} and Term Rewriting},
institution = {Worcester Polytechnic Iinstitute},
year = 2007,
number = {WPI-CS-TR-07-07},
abstract = {We define a notion of core'' XACML policies and show how
these can be represented as ground
associative-commutative term rewriting systems with
strategies.},
url = {xacml-and-trs.pdf}
}

@conference{c_wst07,
author = {Daniel J. Dougherty and Silvia Ghilezan and Pierre
Lescanne},
title = {A General Technique for Analyzing Termination in
Symmetric Proof Calculi},
booktitle = {9th International Workshop on Termination (WST)},
year = 2007,
abstract = {Proof-term calculi expressing a computational
interpretation of classical logic serve as tools for
extracting the constructive content of classical
proofs and at the same time can be seen as pure
programming languages with explicit representation of
control.  The inherent symmetry in the underlying
logic presents technical challenges to the study of
the reduction properties of these systems.  We explore
the use of intersection types for these calculi, note
some of the challenges inherent in applying
intersection types in a symmetric calculus, and show
how to overcome these difficulties.  The approach is
applicable to a variety of systems under active
investigation in the current literature; we apply our
techniques in a specific case study: characterizing
termination in the symmetric lambda-calculus of
Barbanera and Berardi.},
url = {wst07.pdf}
}

@conference{c_ijcar_06,
author = {Daniel J. Dougherty and Kathi Fisler and
Shriram Krishnamurthi},
title = {Specifying and Reasoning about Dynamic
Access-Control Policies},
booktitle = {3rd International Joint Conference on Automated
Reasoning (IJCAR)},
series = {Lecture Notes in Computer Science},
volume = 4130,
year = 2006,
pages = {632--646},
abstract = {Access-control policies have grown from simple
matrices to non-trivial specifications written
in sophisticated languages.  The increasing
complexity of these policies demands
correspondingly strong automated reasoning
techniques for understanding and debugging
them.  The need for these techniques is even
more pressing given the rich and dynamic nature
of the environments in which these policies
evaluate.  We define a framework to represent
the behavior of access-control policies in a
dynamic environment.  We then specify several
interesting, decidable analyses using
first-order temporal logic.  Our work
illustrates the subtle interplay between
logical and state-based methods, particularly
in the presence of three-valued policies.  We
also define a notion of policy equivalence that
is especially useful for modular reasoning. },
url = {ijcar06.pdf}
}

@article{a_mscs_06,
author = {Daniel J. Dougherty and Pierre Lescanne and
Luigi Liquori},
title = {Addressed Term Rewriting Systems: Application
to a Typed Object Calculus},
journal = {Mathematical Structures in Computer Science},
year = 2006,
volume = 16,
pages = {667--709},
abstract = {We present a formalism called \emph{Addressed
Term Rewriting Systems,} which can be used to
model implementations of theorem proving,
symbolic computation, and programming
languages, especially aspects of sharing,
recursive computations and cyclic data
structures.  Addressed Term Rewriting Systems
are therefore well suited for describing
object-based languages, and as an example we
present a language
incorporating both functional and object-based
features.  As a case study in how reasoning
about languages is supported in the ATRS
formalism a type system is defined
and a type soundness result is proved.},
url = {lambda-obj-mscs.pdf}
}

@article{a_sigmod06,
author = {Murali Mani and Song Wang and Daniel
J. Dougherty and Elke A. Rundensteiner},
title = { Join Minimization in {XML}-to-{SQL} Translation:
An Algebraic Approach.},
journal = {Bulletin of ACM SIGMOD},
volume = {35},
number = {1},
year = {2006},
abstract = {Consider an XML view defined over a relational
database, and a user query specified over this
view. This user XML query is typically
processed using the following steps: (a) our
translator maps the XML query to one or more
SQL queries, (b) the relational engine
translates an SQL query to a relational algebra
plan, (c) the relational engine executes the
algebra plan and returns SQL results, and (d)
our translator translates the SQL results back
to XML. However, a straightforward approach
produces a relational algebra plan after step
(b) that is inefficient and has redundant
joins. In this paper, we report on our
preliminary observations with respect to how
joins in such a relational algebra plan can be
minimized, while maintaining bag semantics. Our
approach works on the relational algebra plan
and optimizes it using novel rewrite rules that
consider pairs of joins in the plan and
determine whether one of them is redundant and
hence can be removed. Our study shows that
algebraic techniques achieve effective join
minimization, and such techniques are useful
and can be integrated into mainstream SQL
engines. },
url = {sigmod06.pdf}
}

@article{a_relations_tcs_06,
author = {Daniel J. Dougherty and Claudio Guti\'{e}rrez},
title = {Normal Forms and Reduction for Theories of
Binary Relations},
journal = {Theoretical Computer Science},
year = 2006,
abstract = {We consider the representable equational theory
of binary relations, in a language expressing
composition, converse, and lattice
operations. By working directly with a
presentation of relation expressions as graphs
we are able to define a notion of reduction
which is confluent and strongly normalizing and
induces a notion of computable normal form for
terms. This notion of reduction thus leads to a
computational interpretation of the
representable theory. },
volume = 360,
number = {1--3},
pages = {228--246},
doi = {10.1016/j.tcs.2006.03.023},
url = {relations-tcs.pdf}
}

@conference{c_rta00,
author = {Daniel J.\ Dougherty and Claudio Guti\'{e}rrez},
title = {Normal Forms and Reduction for Theories of Binary
Relations},
pages = {95--109},
year = 2000,
abstract = {},
booktitle = {Proc.\ Eleventh Intl.\ Conf.\ on Rewriting Techniques
and Applications (RTA)},
volume = 1833,
series = {Lecture Notes in Computer Science}
}

@conference{c_lpar_05,
author = {Daniel J. Dougherty and Silvia Ghilezan and
Silvia Likavec and Pierre Lescanne},
title = {Strong normalization of the dual classical
sequent calculus},
booktitle = {12th International Conference on Logic for
Programming, Artificial Intelligence and
Reasoning (LPAR)},
year = 2005,
abstract = {We investigate some syntactic properties of
Wadler's dual calculus, a term calculus which
corresponds to classical sequent logic in the
same way that Parigot's \lambda-\mu calculus
corresponds to classical natural deduction. Our
main result is strong normalization theorem for
reduction in the dual calculus; we also prove
some confluence results for the typed and
untyped versions of the system.},
url = {lpar05.pdf}
}

@article{a_entcs_05a,
author = {Daniel J. Dougherty and Pierre Lescanne and
Luigi Liquori and Frederic Lang},
title = {Addressed Term Rewriting Systems: Syntax,
Semantics, and Pragmatics: Extended Abstract.},
journal = {Electr. Notes Theor. Comput. Sci.},
volume = 127,
number = 5,
year = 2005,
pages = {57-82},
abstract = { We present a formalism called \emph{Addressed Term
Rewriting Systems,} which can be used to define
the operational semantics of programming
languages, especially those involving sharing,
recursive computations and cyclic data
structures.  Addressed Term Rewriting Systems
are therefore well suited for describing
object-based languages, as for instance the
family of languages called \lambda-Obja,
involving both functional and object-based
features.},
ee = {http://dx.doi.org/10.1016/j.entcs.2004.12.042},
url = {entcs05-termgraph.pdf}
}

@article{a_entcs_05b,
author = {Daniel J. Dougherty and Silvia Ghilezan and
Pierre Lescanne},
title = {Intersection and Union Types in the
\lambda-\mu-\mu~ calculus.},
journal = {Electr. Notes Theor. Comput. Sci.},
volume = 136,
year = 2005,
pages = {153-172},
abstract = {The original \lambda-\mu-\mu\; calculus of Curien
and Herbelin has a system of simple types,
based on sequent calculus, embodying a
Curry-Howard correspondence with classical
logic. We introduce and discuss three type
assignment systems that are extensions of
lambda-mu-mu~ with intersection and union
types. The intrinsic symmetry in the
lambda-mu-mu~ calculus leads to an essential
use of both intersection and union types.},
ee = {http://dx.doi.org/10.1016/j.entcs.2005.06.010},
url = {entcs05-ITRS.pdf}
}

@article{a_ipl04,
author = {Daniel J. Dougherty and Stanley M. Selkow},
title = {The complexity of the certification of
properties of Stable Marriage.},
journal = {Inf. Process. Lett.},
volume = {92},
number = {6},
year = {2004},
pages = {275-277},
ee = {http://dx.doi.org/10.1016/j.ipl.2004.09.006},
abstract = { We give some lower bounds on the certificate
complexity of some problems concerning stable
marriage, answering a question of Gusfield and
Irving.},
url = {ipl.pdf}
}

@conference{c_ppdp04,
author = {Daniel J. Dougherty and Silvia Ghilezan and
Pierre Lescanne},
title = {Characterizing strong normalization in a
language with control operators},
booktitle = {6th ACM-SIGPLAN International Conference on
Principles and Practice of Declarative
Programming (PPDP)},
year = 2004,
abstract = {We investigate some fundamental properties of
the reduction relation in the untyped term
calculus derived from Curien and Herbelin's
lambda-mu-mu~. The original lambda-mu-mu~ has a
system of simple types, based on sequent
calculus, embodying a Curry-Howard
correspondence with classical logic; the
significance of the untyped calculus of raw
terms is that it is a Turing-complete language
for computation with explicit representation of
control as well as code. We define a type
assignment system for the raw terms satisfying:
a term is typable if and only if it is strongly
normalizing. The
intrinsic symmetry in the calculus leads to an
essential use of both intersection and union
types; in contrast to other union-types systems
in the literature, our system enjoys the
Subject Reduction property.},
url = {ppdp04.pdf}
}

@conference{w_hor04,
author = {Daniel J. Dougherty and Carlos Martinez},
title = {Unification and matching modulo type
isomorphism},
booktitle = {2nd International Workshop on Higher-Order
Rewriting},
year = 2004,
url = {hor04.pdf},
abstract = {We present some initial results in an
investigation of higher-order unification and
matching in the presence of type isomorphism}
}

@article{a_iandc04,
author = {Stephane Lengrand and Pierre Lescanne and
Daniel J.\ Dougherty and Mariangiola
Dezani-Ciancaglini and Steffen van Bakel},
title = {Intersection types for explicit substitutions },
journal = {Information and Computation},
year = 2004,
volume = 189,
number = 1,
pages = {17--42},
abstract = {We present a new system of intersection types
for a composition-free calculus of explicit
substitutions with a rule for garbage
collection, and show that it characterizes
those terms which are strongly
normalizing. This system extends previous work
on the natural generalization of the classical
intersection types system, which characterized
head normalization and weak normalization, but
was not complete for strong normalization. An
important role is played by the notion of
available variable in a term, which is a
generalization of the classical notion of free
variable. },
url = {iandc04.pdf}
}

@article{a_mscs03,
author = {Daniel J.\ Dougherty and Pierre Lescanne},
title = {Reductions, intersection types, and explicit
substitutions},
journal = {Mathematical Structures in Computer Science},
year = 2003,
volume = 13,
number = 1,
pages = {55--85},
abstract = { This paper is part of a general programme of
treating explicit substitutions as the primary
lambda-calculi from the point of view of
foundations as well as applications. We work in
a composition-free calculus of explicit
substitutions and an augmented calculus
obtained by adding explicit garbage-collection,
and explore the relationship between
intersection-types and reduction. We show that
the terms which normalize by leftmost reduction
and the terms which normalize by head reduction
can each be characterized as the terms typable
in a certain system. The relationship between
typability and strong normalization is subtly
different from the classical case: we show that
typable terms are strongly normalizing but give
a counterexample to the converse. Our notions
of leftmost- and head-reduction are
non-deterministic, and our normalization
theorems apply to any computations obeying
these strategies. In this way we refine and
strengthen the classical normalization
theorems. The proofs require some new
techniques in the presence of reductions
involving explicit substitutions. Indeed, in
our proofs we do not rely on results from
classical lambda-calculus, which in our view is
subordinate to the calculus of explicit
substitution. },
url = {mscs03.pdf}
}

@conference{c_tcs02,
author = {Daniel J.\ Dougherty and Pierre Lescanne and
St\'ephane Lengrand},
title = {An improved system of intersection types for
explicit substitutions},
booktitle = {Proc. Conf. Foundations of Information
Technology in the Era of Network and Mobile
Computing},
pages = {511--524},
year = 2002,
organization = {2nd IFIP International Conference on
Theoretical Computer Science},
abstract = { We characterize those terms which are strongly
normalizing in a composition-free calculus of
explicit substitutions by defining a suitable
type system using intersection types. The key
idea is the notion of available variable in a
term, which is a generalization of the
classical notion of free variable. }
}

@conference{c_tlca01,
author = {Daniel J.\ Dougherty and Pierre Lescanne},
title = {Reductions, intersection types, and explicit
substitutions (extended abstract)},
pages = {121-135},
year = 2001,
booktitle = {Proc.\ 5th Int. Conf. on Typed Lambda Calculus
and Applications (TLCA)},
editor = {S. Abramsky},
volume = 2044,
series = {Lecture Notes in Computer Science},
address = {Krakow, Poland},
abstract = {},
url = {tlca01.pdf}
}

@conference{c_rta02,
author = {Daniel J.\ Dougherty and ToMasz Wierzbicki},
title = {A Decidable Variant of Higher Order Matching},
booktitle = {Proc.\ Thirteenth Intl.\ Conf.\ on Rewriting
Techniques and Applications (RTA)},
pages = {340--351},
year = 2002,
editor = {},
volume = 2378,
series = {Lecture Notes in Computer Science},
abstract = {A lambda term is k-duplicating if every
occurrence of a lambda abstractor binds at most
$k$ variable occurrences. We prove that the
problem of higher order matching where
solutions are required to be k-duplicating (but
with no constraints on the problem instance
itself) is decidable. We also show that the
problem of higher order matching in the affine
lambda calculus (where both the problem
instance and the solutions are constrained to
be 1-duplicating) is in NP, generalizing
de~Groote's result for the linear lambda
calculus. },
url = {rta02.pdf}
}

@conference{w_westapp01,
author = {F. Lang and P. Lescanne and L. Liquori and
Daniel J.\ Dougherty and K. Rose},
title = {Obj+a, a generic object-calculus based on
addressed term rewriting systems with modules },
booktitle = {WESTAPP 01: The Fourth International Workshop
on Explicit Substitutions: Theory and
Applications to Programs and Proofs },
abstract = {},
year = 2001
}

@article{a_iandc00,
author = {Daniel J.\ Dougherty and Ramesh Subrahmanyam},
title = {Equality between Functionals in the Presence of
Coproducts},
journal = {Information and Computation},
year = 2000,
volume = 157,
number = {1,2},
pages = {52--83},
abstract = {We consider the lambda-calculus obtained from
the simply-typed calculus by adding products,
coproducts, and a terminal type. We prove the
following theorem: The equations provable in
this calculus are precisely those true in any
set-theoretic model with an infinite base
type. },
url = {iandc00.pdf}
}

@conference{c_lics95,
title = {Equality between Functionals in the Presence of
Coproducts},
author = {Daniel J.\ Dougherty and Ramesh Subrahmanyam},
pages = {282--291},
booktitle = {Proc.\, Tenth Annual {IEEE} Symposium on Logic
in Computer Science},
year = 1995,
address = {San Diego, California},
organization = {IEEE Computer Society Press},
abstract = {}
}

@techreport{t_ldllr99,
author = {Frederic Lang and Daniel J. Dougherty and
Pierre Lescanne and Luigi Liquori and
Kristoffer Rose },
title = {Addressed term rewriting systems},
institution = {Ecole Normale Superieure de Lyon},
year = 1999,
number = {RR 1999-30},
abstract = {We propose Addressed Term Rewriting Systems
(ATRS) as a solution to the still-standing
problem of finding a simple yet formally useful
framework that can account for computation with
sharing, cycles, and side effects. ATRS are
characterised by the combination of three
features: they work with terms where structural
induction is useful, they use a minimal
back-pointer'' representation of cyclic data,
and they ensure a bounded complexity of rewrite
steps by eliminating implicit pointer
redirection. In the paper we develop this and
show how it is a very useful compromise between
less abstract term graph rewriting and the more
abstract equational rewriting. },
url = {ldlr99.pdf}
}

@techreport{t_llldr99,
author = {F. Lang and P. Lescanne and L. Liquori and
Daniel J.\ Dougherty and K. Rose},
title = {A {G}eneric {O}bject-{C}alculus {B}ased on
{A}ddressed {T}erm {R}ewriting {S}ystems},
abstract = {},
institution = {Laboratoire de l'Informatique et du
Parallelisme, ENS Lyon},
year = 1999,
number = {RR1999-54},
url = {llldr99.pdf}
}

@article{a_tcs98,
author = {Friedrich Otto and Paliath Narendran and Daniel
J.\ Dougherty},
title = {Equational unification, word unification,
and $2$nd-order equational unification},
journal = {Theoretical Computer Science},
volume = 198,
number = {1--2},
pages = {1--47},
day = 30,
year = 1998,
abstract = { For finite convergent term-rewriting systems
the equational unification problem is shown to
be recursively independent of the equational
matching problem, the word matching problem,
and the (simultaneous) 2nd-order equational
matching problem. We also present some new
decidability results for simultaneous
equational unification and 2nd-order equational
matching. },
url = {tcs98.pdf}
}

@conference{c_rta95,
author = {Friedrich Otto and Paliath Narendran and Daniel
J. Dougherty},
title = {Some independence results for equational
unification},
booktitle = {Proc. Sixth Intl. Conf. on Rewriting Techniques
and Applications (RTA 1995)},
pages = {367--381},
year = 1995,
volume = 914,
series = {Lecture Notes in Computer Science},
abstract = {}
}

@article{a_tcs95,
author = {Daniel J.\ Dougherty and Patricia Johann},
title = {A combinatory logic approach to higher-order
{$E$}-unification},
journal = {Theoretical Computer Science},
volume = {139},
number = {1--2},
pages = {207--242},
day = {06},
year = {1995},
issn = {0304-3975},
pubcountry = {Netherlands},
abstract = {Let E be a first-order equational theory. A
translation of typed higher-order E-unification
problems into a typed combinatory logic
framework is presented and justified. The case
in which E admits presentation as a convergent
term rewriting system is treated in detail: in
this situation, a modification of ordinary
narrowing is shown to be a complete method for
enumerating higher-order E-unifiers. In fact,
we treat a more general problem, in which the
types of terms contain type variables. },
url = {tcs95.pdf}
}

@conference{c_cade92,
author = {Daniel J.\ Dougherty and Patricia Johann},
title = {A Combinatory Logic Approach to Higher-Order
{{$E$}-Unification}},
pages = {79--93},
isbn = {3-540-55602-8},
editor = {Deepak Kapur},
booktitle = {Proc.\ 11th International Conference on
address = {Saratoga Springs, NY},
year = 1992,
series = {Lecture Notes in Artificial Intelligence},
volume = 607,
abstract = {}
}

@conference{c_rta93,
author = {Daniel J.\ Dougherty},
title = {Some lambda calculi with categorical sums and
products},
pages = {137--151},
isbn = {3-540-56868-9},
editor = {Claude Kirchner},
booktitle = {Proc.\ 5th International Conference on
Rewriting Techniques and Applications ({RTA})},
series = {Lecture Notes in Computer Science},
volume = 690,
publisher = {Springer-Verlag},
year = 1993,
abstract = { We consider the simply typed
$\lambda$-calculus with primitive recursion
operators and types corresponding to
categorical products and coproducts. The
standard equations corresponding to
extensionality and to surjectivity of pairing
and its dual are oriented as expansion
rules. Strong normalization and ground
(base-type) confluence is proved for the full
calculus; full confluence is proved for the
calculus omitting the rule for strong sums. In
the latter case, fixed-point constructors may
be added while retaining confluence. },
url = {rta93.pdf}
}

@article{a_ndjfl93,
title = {Closed Categories and Categorial Grammar},
author = {Daniel J.\ Dougherty},
pages = {36--49},
journal = {Notre Dame Journal of Formal Logic},
year = 1993,
volume = 34,
number = 1,
abstract = {Inspired by Lambek's work on categorial
grammar, we examine the proposal that the
theory of biclosed monoidal categories can
serve as a foundation for a formal theory of
natural language. The emphasis throughout is on
the derivation of the axioms for these
categories from linguistic intuitions. When
Montague's principle that there is a
homomorphism between syntax and semantics is
refined to the principle that meaning is a
functor between a syntax-category and a
semantics-category, the fundamental properties
of biclosed categories induce a rudimentary
computationally oriented theory of language. },
url = {ndjfl93.pdf}
}

@article{a_tcs93,
author = {Daniel J.\ Dougherty},
title = {Higher-order unification via combinators},
journal = {Theoretical Computer Science},
volume = 114,
number = 2,
pages = {273--298},
day = 21,
year = 1993,
abstract = {We present an algorithm for unification in the
simply typed lambda calculus which enumerates
complete sets of unifiers using a finitely
branching search space. In fact, the types of
terms may contain type-variables, so that a
solution may involve typesubstitution as well
as term-substitution. the problem is first
translated into the problem of unification with
respect to extensional equality in combinatory
logic, and the algorithm is defined in terms of
transformations on systems of combinatory
terms. These transformations are based on a new
method (itself based on systems) for deciding
extensional equality between typed combinatory
logic terms. },
url = {tcs93.pdf}
}

@article{a_jsc92,
author = {Daniel J.\ Dougherty and Patricia Johann},
title = {An improved general ${E}$-unification method},
journal = {Journal of Symbolic Computation},
volume = 14,
number = 4,
pages = {303--320},
year = 1992,
issn = {0747-7171},
abstract = {A generalization of Paramodulation is defined
and shown to lead to a complete E-unification
method for arbitrary equational theories E. The
method is defined in terms of transformations
on systems, building upon and refining results
of Gallier and Snyder. },
url = {jsc92.pdf}
}

@conference{c_cade90,
author = {Daniel J.\ Dougherty and Patricia Johann},
title = {An Improved General {$E$}-unification Method},
pages = {261--275},
booktitle = {Proc.\ 10th International Conference on
Automated Deduction, Kaiserslautern (Germany)},
year = {1990},
editor = {M. Stickel},
series = {Lecture Notes in Computer Science},
volume = {449},
abstract = {}
}

@article{a_iandc92,
title = {Adding Algebraic Rewriting to the Untyped
Lambda Calculus},
author = {Daniel J.\ Dougherty},
pages = {251--267},
journal = {Information and Computation},
year = 1992,
volume = 101,
number = 2,
abstract = {We investigate the system obtained by adding an
algebraic rewriting system R to an untyped
lambda calculus in which terms are formed using
the function symbols from $R$ as constants. On
certain classes of terms, called here \emph{stable},
we prove that the resulting calculus is
confluent if R is confluent, and terminating if
R is terminating. The termination result has
the corresponding theorems for several typed
calculi as corollaries. The proof of the
confluence result suggests a general method for
proving confluence of typed beta-reduction plus
rewriting; we sketch the application to the
polymorphic lambda calculus.},
url = {iandc92.pdf}
}

@conference{c_rta91,
author = {Daniel J.\ Dougherty},
title = {Adding Algebraic Rewriting to the Untyped
Lambda Calculus (Extended Abstract)},
year = 1991,
editor = {Ron Book},
booktitle = {Proc.\ of the Fourth International Conference
on Rewriting Techniques and Applications (Como,
Italy)},
pages = {37--48},
series = {Lecture Notes in Computer Science},
publisher = {},
volume = 488,
abstract = {}
}

@article{a_topapp91,
author = {Daniel J. Dougherty},
title = {A strong {B}aire category theorem for products},
journal = {Topology and Its Applications},
year = 1991,
volume = 39,
abstract = {},
pages = {105--112}
}

@article{a_jcta87,
author = {Daniel J. Dougherty},
title = {Decomposition of infinite matrices},
journal = {Journal of Combinatorial Theory (Series A)},
year = 1987,
volume = 45,
abstract = {},
pages = {277--289}
}

@article{a_jmaa87,
author = {Daniel J. Dougherty and R. M. Shortt and
R. N. Ball},
title = {Decomposition theorems for measures},
journal = {Journal of Mathematical Analysis and
Applications},
year = 1987,
volume = 128,
abstract = {},
pages = {561--580}
}

@article{a_ndjfl86,
author = {Daniel J. Dougherty},
title = {Gentzen systems, resolution, and literal trees},
journal = {Notre Dame Journal of Formal Logic},
year = 1986,
volume = 27,
abstract = {},
pages = {483--503}
}
`

This file was generated by bibtex2html 1.96.