We present a logic for algebraic effects, based on the algebraic representation of computational effects by operations and equations. We begin with the a-calculus, a minimal calculus which separates values, effects, and computations and thereby canonises the order of evaluation. This is extended to obtain the logic, which is a classical firstorder multi-sorted logic with higher-order value and computation types, as in Levy’s call-by-push-value, a principle of induction over computations, a free algebra principle, and predicate fixed points. This logic embraces Moggi’s computational λ-calculus, and also, via definable modalities, Hennessy-Milner logic, and evaluation logic, though Hoare logic presents difficulties. 1

We describe an axiomatic extension to the Coq proof assistant, that supports writing, reasoning about, and extracting higher-order, dependently-typed programs with side-effects. Coq already includes a powerful functional language that supports dependent types, but that language is limited to pure, total functions. The key contribution of our extension, which we call Ynot, is the added support for computations that may have effects such as non-termination, accessing a mutable store, and throwing/catching exceptions. The axioms of Ynot form a small trusted computing base which has been formally justified in our previous work on Hoare Type Theory (HTT). We show how these axioms can be combined with the powerful type and abstraction mechanisms of Coq to build higher-level reasoning mechanisms which in turn can be used to build realistic, verified software components. To substantiate this claim, we describe here a representative series of modules that implement imperative finite maps, including support for a higherorder (effectful) iterator. The implementations range from simple (e.g., association lists) to complex (e.g., hash tables) but share a common interface which abstracts the implementation details and ensures that the modules properly implement the finite map abstraction.

We give a semantics to a polymorphic effect analysis that tracks possibly-thrown exceptions and possible non-termination for a higher-order language. The semantics is defined using partial equivalence relations over a standard monadic, domain-theoretic model of the original language and establishes the correctness of both the analysis itself and of the contextual program transformations that it enables.

We describe an axiomatic extension to the Coq proof assistant, that supports writing, reasoning about, and extracting higher-order, dependently-typed programs with side-effects. Coq already includes a powerful functional language that supports dependent types, but that language is limited to pure, total functions. The key contribution of our extension, which we call Ynot, is the added support for computations that may have effects such as non-termination, accessing a mutable store, and throwing/catching exceptions. The axioms of Ynot form a small trusted computing base which has been formally justified in our previous work on Hoare Type Theory (HTT). We show how these axioms can be combined with the powerful type and abstraction mechanisms of Coq to build higher-level reasoning mechanisms which in turn can be used to build realistic, verified software components. To substantiate this claim, we describe here a representative series of modules that implement imperative finite maps, including support for a higherorder (effectful) iterator. The implementations range from simple (e.g., association lists) to complex (e.g., hash tables) but share a common interface which abstracts the implementation details and ensures that the modules properly implement the finite map abstraction.

Abstract. We propose ⊤⊤-lifting as a technique for extending operational predicates to Moggi’s monadic computation types, independent of the choice of monad. We demonstrate the method with an application to Girard-Tait reducibility, using this to prove strong normalisation for the computational metalanguage λml. The particular challenge with reducibility is to apply this semantic notion at computation types when the exact meaning of “computation ” (stateful, side-effecting, nondeterministic, etc.) is left unspecified. Our solution is to define reducibility for continuations and use that to support the jump from value types to computation types. The method appears robust: we apply it to show strong normalisation for the computational metalanguage extended with sums, and with exceptions. Based on these results, as well as previous work with local state, we suggest that this “leap-frog ” approach offers a general method for raising concepts defined at value types up to observable properties of computations. 1

Abstract. We present an algebraic treatment of exception handlers and, more generally, introduce handlers for other computational effects representable by an algebraic theory. These include nondeterminism, interactive input/output, concurrency, state, time, and their combinations; in all cases the computation monad is the free-model monad of the theory. Each such handler corresponds to a model of the theory for the effects at hand. The handling construct, which applies a handler to a computation, is based on the one introduced by Benton and Kennedy, and is interpreted using the homomorphism induced by the universal property of the free model. This general construct can be used to describe previously unrelated concepts from both theory and practice. 1

Abstract. Exceptions are an indispensable part of modern programming languages. They are, however, handled poorly, especially by higherorder languages such as Standard ML and Haskell: in both languages a well-typed program can unexpectedly fail due to an uncaught exception. In this paper, we propose a technique for type-safe exception handling. Our approach relies on representing exceptions as sums and assigning exception handlers polymorphic, extensible row types. Based on this representation, we describe an implicitly typed external language EL where well-typed programs do not raise any unhandled exceptions. EL relies on sums, extensible records, and polymorphism to represent exceptionhandling, and its type system is no more complicated than that for existing languages with polymorphic extensible records. EL is translated into an internal language IL that is a variant of System F extended with extensible records. The translation performs a CPS transformation to represent exception handlers as continuations. It also relies on duality to transform sums into records. (The details for this translation are given in an accompanying technical report.) We describe the implementation of a compiler for a concrete language based on EL. The compiler performs full type inference and translates EL-style source code to machine code. Type inference relieves the programmer from having to provide explicit exception annotations. We believe that this is the first practical proposal for integrating exceptions into the type system of a higher-order language. 1

In this paper, we look at two categorical accounts of computational effects (strong monad as a model of the monadic metalanguage, adjunction as a model of call-by-push-value with stacks), and we adapt them to incorporate global exceptions. In each case, we extend the calculus with a construct, due to Benton and Kennedy, that fuses exception handling with sequencing. This immediately gives us an equational theory, simply by adapting the equations for sequencing. We study the categorical semantics of the two equational theories. In the case of the monadic metalanguage, we see that a monad supporting exceptions is a coalgebra for a certain comonad. We further show, using Beck’s theorem, that, on a category with equalizers, the monad constructor for exceptions gives all such monads. In the case of call-by-push-value (CBPV) with stacks, we generalize the notion of CBPV adjunction so that a stack awaiting a value can deal both with a value being returned, and with an exception being raised. We see how to obtain a model of exceptions from a CBPV adjunction, and vice versa by restricting to those stacks that are homomorphic with respect to exception raising.

Mutual dependencies between objects arise frequently in programs, and programmers must typically resort to manually filling “initialization holes ” to help construct the corresponding object graphs, i.e. null values and/or explicitly mutable locations. This report describes a “base-line ” proposal for a generalized form of value recursion in an ML-like language called initialization graphs, where value recursion is given the simplistic semantics of a graph of lazy computations whose nodes are sequentially forced, with uses of recursive values checked for initialization-soundness at runtime. We then develop examples using this mechanism to show how problematic the issue of value recursion is for ML-like languages, and in particular how sophisticated reactive objects cannot be defined in the language without using initialization holes, and how this forces ML programmers to break abstraction boundaries. At the same time we show how OO languages rely extensively on null pointers during initialization. We propose that a general, semi-safe mechanism allows value recursion to be used in conjunction with existing sophisicated abstract APIs such GUI libraries, and allows freshly defined APIs to be both abstract and yet not require clients to use explicit initialization holes. We propose that the initialization mechanism permits more programs to be expressed in the mutation-free fragment of ML, though we do not formally prove this result. 1

Increasing degrees of reasoning about programs are being mechanized, and hence more formality is needed. Here we present an instance of this formalization in the form of a precise characterization of the range of the cps transformation using an ane type system. The point is that the range of cps is defined with a type system, that is, in a way quite accessible to tools.