Results 1  10
of
27
Functional pearl: Streams and unique fixed points
 In ICFP’08, Proceedings of the 2008 SIGPLAN International Conference on Functional Programming
, 2008
"... Streams, infinite sequences of elements, live in a coworld: they are given by a coinductive data type, operations on streams are implemented by corecursive programs, and proofs are conducted using coinduction. But there is more to it: suitably restricted, stream equations possess unique solutions, ..."
Abstract

Cited by 13 (0 self)
 Add to MetaCart
(Show Context)
Streams, infinite sequences of elements, live in a coworld: they are given by a coinductive data type, operations on streams are implemented by corecursive programs, and proofs are conducted using coinduction. But there is more to it: suitably restricted, stream equations possess unique solutions, a fact that is not very widely appreciated. We show that this property gives rise to a simple and attractive proof technique essentially bringing equational reasoning to the coworld. In fact, we redevelop the theory of recurrences, finite calculus and generating functions using streams and stream operators building on the cornerstone of unique solutions. The development is constructive: streams and stream operators are implemented in Haskell, usually by oneliners. The resulting calculus or library, if you wish, is elegant and fun to use. Finally, we rephrase the proof of uniqueness using generalised algebraic data types.
Beating the Productivity Checker Using Embedded Languages
"... Abstract. Some total languages, like Agda and Coq, allow the use of guarded corecursion to construct infinite values and proofs. Guarded corecursion is a form of recursion in which arbitrary recursive calls are allowed, as long as they are guarded by a coinductive constructor. Guardedness ensures th ..."
Abstract

Cited by 10 (3 self)
 Add to MetaCart
(Show Context)
Abstract. Some total languages, like Agda and Coq, allow the use of guarded corecursion to construct infinite values and proofs. Guarded corecursion is a form of recursion in which arbitrary recursive calls are allowed, as long as they are guarded by a coinductive constructor. Guardedness ensures that programs are productive, i.e. that every finite prefix of an infinite value can be computed in finite time. However, many productive programs are not guarded, and it can be nontrivial to put them in guarded form. This paper gives a method for turning a productive program into a guarded program. The method amounts to defining a problemspecific language as a data type, writing the program in the problemspecific language, and writing a guarded interpreter for this language. 1
Achieving information flow security through monadic control of effects
 JOURNAL OF COMPUTER SECURITY
, 2009
"... This paper advocates a novel approach to the construction of secure software: controlling information flow and maintaining integrity via monadic encapsulation of effects. This approach is constructive, relying on properties of monads and monad transformers to build, verify, and extend secure softwar ..."
Abstract

Cited by 9 (7 self)
 Add to MetaCart
(Show Context)
This paper advocates a novel approach to the construction of secure software: controlling information flow and maintaining integrity via monadic encapsulation of effects. This approach is constructive, relying on properties of monads and monad transformers to build, verify, and extend secure software systems. We illustrate this approach by construction of abstract operating systems called separation kernels. Starting from a mathematical model of sharedstate concurrency based on monads of resumptions and state, we outline the development by stepwise refinements of separation kernels supporting Unixlike system calls, interdomain communication, and a formally verified security policy (domain separation). Because monads may be easily and safely represented within any pure, higherorder, typed functional language, the resulting system models may be directly realized within a language such as Haskell.
HOLCF ’11: A Definitional Domain Theory for Verifying Functional Programs
, 2012
"... HOLCF is an interactive theorem proving system that uses the mathematics of domain theory to reason about programs written in functional programming languages. This thesis introduces HOLCF ’11, a thoroughly revised and extended version of HOLCF that advances the state of the art in program verificat ..."
Abstract

Cited by 7 (5 self)
 Add to MetaCart
HOLCF is an interactive theorem proving system that uses the mathematics of domain theory to reason about programs written in functional programming languages. This thesis introduces HOLCF ’11, a thoroughly revised and extended version of HOLCF that advances the state of the art in program verification: HOLCF ’11 can reason about many program definitions that are beyond the scope of other formal proof tools, while providing a high degree of proof automation. The soundness of the system is ensured by adhering to a definitional approach: New constants and types are defined in terms of previous concepts, without introducing new axioms. Major features of HOLCF ’11 include two highlevel definition packages: the Fixrec package for defining recursive functions, and the Domain package for defining recursive datatypes. Each of these uses the domaintheoretic concept of least fixed points to translate usersupplied recursive specifications into safe lowlevel definitions. Together, these tools make it easy for users to translate a wide variety of functional programs into the formalism of HOLCF. Theorems generated by the tools also make it easy for users to reason about their programs, with a very high level of confidence in the soundness of the results. As a case study, we present a fully mechanized verification of a model of concurrency based on powerdomains. The formalization depends on many features unique to HOLCF ’11, and is the first verification of such a model in a formal proof tool. ii ACKNOWLEDGMENTS I would like to thank my advisor, John Matthews, for having continued to devote so much time to working with me, even as a parttime professor; and for motivating me to keep studying domain theory (and enjoying it!) these past years. iii
Unfolding abstract datatypes
 In MPC’08: Proceedings of the 9th international conference on Mathematics of Program Construction
, 2008
"... ..."
(Show Context)
Eekelen. Induction and Coinduction in Sparkle
 In HansWolfgang Loidl, editor, Fifth Symposium on Trends in Functional Programming (TFP 2004
, 2004
"... Abstract: Sparkle is a proof assistant designed for the lazy evaluating functional programming language Clean. It is designed with the clear objective in mind that proofs of first order logical predicates on programs should be as easy as possible for programmers. Since recursion is at the heart of ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
(Show Context)
Abstract: Sparkle is a proof assistant designed for the lazy evaluating functional programming language Clean. It is designed with the clear objective in mind that proofs of first order logical predicates on programs should be as easy as possible for programmers. Since recursion is at the heart of functional languages, support for recursive reasoning should be as exhaustive as possible. Until now the induction tactic in Sparkle was rather basic. We have extended Sparkle with two standard techniques to perform inductive and coinductive reasoning about programs. By means of examples, we show from research papers how they benefit the programmer. More importantly, we propose a new technique to derive induction schemes for mutually recursive programs by using strongly connected components of complete call graphs to derive a well founded ordering and induction scheme. These induction schemes can be used to semiautomatically prove properties of programs out of reach of other automated proof techniques. Together this extends the realm of programs for which easy proofs in Sparkle can be constructed by the programmer. 1
An operational domaintheoretic treatment of recursive types
 in: TwentySecond Mathematical Foundations of Programming Semantics
, 2006
"... We develop a domain theory for treating recursive types with respect to contextual equivalence. The principal approach taken here deviates from classical domain theory in that we do not produce the recursive types via the usual inverse limits constructions we have it for free by working directly wi ..."
Abstract

Cited by 4 (3 self)
 Add to MetaCart
(Show Context)
We develop a domain theory for treating recursive types with respect to contextual equivalence. The principal approach taken here deviates from classical domain theory in that we do not produce the recursive types via the usual inverse limits constructions we have it for free by working directly with the operational semantics. By extending type expressions to endofunctors on a ‘syntactic ’ category, we establish algebraic compactness. To do this, we rely on an operational version of the minimal invariance property. In addition, we apply techniques developed herein to reason about FPC programs. Key words: Operational domain theory, recursive types, FPC, realisable functor, algebraic compactness, generic approximation lemma, denotational semantics 1
Streaming RepresentationChangers
 LNCS
, 2004
"... Unfolds generate data structures, and folds consume them. ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
(Show Context)
Unfolds generate data structures, and folds consume them.
Work It, Wrap It, Fix It, Fold It
, 2012
"... The worker/wrapper transformation is a generalpurpose technique for refactoring recursive programs to improve their performance, without compromising their correctness. The two previous approaches to formalising the technique were based upon different recursion operators, and different correctness ..."
Abstract

Cited by 2 (2 self)
 Add to MetaCart
The worker/wrapper transformation is a generalpurpose technique for refactoring recursive programs to improve their performance, without compromising their correctness. The two previous approaches to formalising the technique were based upon different recursion operators, and different correctness conditions. In this article we show how these two approaches can be generalised in a uniform manner by combining and extending their correctness conditions, and explore the benefits that result.
Subtyping, Declaratively An Exercise in Mixed Induction and Coinduction
"... Abstract. It is natural to present subtyping for recursive types coinductively. However, Gapeyev, Levin and Pierce have noted that there is a problem with coinductive definitions of nontrivial transitive inference systems: they cannot be “declarative”—as opposed to “algorithmic ” or syntaxdirected ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
Abstract. It is natural to present subtyping for recursive types coinductively. However, Gapeyev, Levin and Pierce have noted that there is a problem with coinductive definitions of nontrivial transitive inference systems: they cannot be “declarative”—as opposed to “algorithmic ” or syntaxdirected—because coinductive inference systems with an explicit rule of transitivity are trivial. We propose a solution to this problem. By using mixed induction and coinduction we define an inference system for subtyping which combines the advantages of coinduction with the convenience of an explicit rule of transitivity. The definition uses coinduction for the structural rules, and induction for the rule of transitivity. We also discuss under what conditions this technique can be used when defining other inference systems. The developments presented in the paper have been mechanised using Agda, a dependently typed programming language and proof assistant. 1