Results 1  10
of
14
Beating the Productivity Checker Using Embedded Languages
"... Abstract. Some total languages, like Agda and Coq, allow the use of guarded corecursion to construct infinite values and proofs. Guarded corecursion is a form of recursion in which arbitrary recursive calls are allowed, as long as they are guarded by a coinductive constructor. Guardedness ensures th ..."
Abstract

Cited by 6 (3 self)
 Add to MetaCart
Abstract. Some total languages, like Agda and Coq, allow the use of guarded corecursion to construct infinite values and proofs. Guarded corecursion is a form of recursion in which arbitrary recursive calls are allowed, as long as they are guarded by a coinductive constructor. Guardedness ensures that programs are productive, i.e. that every finite prefix of an infinite value can be computed in finite time. However, many productive programs are not guarded, and it can be nontrivial to put them in guarded form. This paper gives a method for turning a productive program into a guarded program. The method amounts to defining a problemspecific language as a data type, writing the program in the problemspecific language, and writing a guarded interpreter for this language. 1
Achieving information flow security through monadic control of effects
 JOURNAL OF COMPUTER SECURITY
, 2009
"... This paper advocates a novel approach to the construction of secure software: controlling information flow and maintaining integrity via monadic encapsulation of effects. This approach is constructive, relying on properties of monads and monad transformers to build, verify, and extend secure softwar ..."
Abstract

Cited by 6 (5 self)
 Add to MetaCart
This paper advocates a novel approach to the construction of secure software: controlling information flow and maintaining integrity via monadic encapsulation of effects. This approach is constructive, relying on properties of monads and monad transformers to build, verify, and extend secure software systems. We illustrate this approach by construction of abstract operating systems called separation kernels. Starting from a mathematical model of sharedstate concurrency based on monads of resumptions and state, we outline the development by stepwise refinements of separation kernels supporting Unixlike system calls, interdomain communication, and a formally verified security policy (domain separation). Because monads may be easily and safely represented within any pure, higherorder, typed functional language, the resulting system models may be directly realized within a language such as Haskell.
Unfolding abstract datatypes
 In MPC ’08: Proceedings of the 9th international conference on Mathematics of Program Construction
, 2008
"... Abstract. We argue that abstract datatypes — with public interfaces hiding private implementations — represent a form of codata rather than ordinary data, and hence that proof methods for corecursive programs are the appropriate techniques to use for reasoning with them. In particular, we show that ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
Abstract. We argue that abstract datatypes — with public interfaces hiding private implementations — represent a form of codata rather than ordinary data, and hence that proof methods for corecursive programs are the appropriate techniques to use for reasoning with them. In particular, we show that the universal properties of unfold operators are perfectly suited for the task. We illustrate with the solution to a problem in the recent literature. 1
Streaming RepresentationChangers
 LNCS
, 2004
"... Unfolds generate data structures, and folds consume them. ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
Unfolds generate data structures, and folds consume them.
HOLCF ’11: A Definitional Domain Theory for Verifying Functional Programs
, 2012
"... HOLCF is an interactive theorem proving system that uses the mathematics of domain theory to reason about programs written in functional programming languages. This thesis introduces HOLCF ’11, a thoroughly revised and extended version of HOLCF that advances the state of the art in program verificat ..."
Abstract

Cited by 3 (2 self)
 Add to MetaCart
HOLCF is an interactive theorem proving system that uses the mathematics of domain theory to reason about programs written in functional programming languages. This thesis introduces HOLCF ’11, a thoroughly revised and extended version of HOLCF that advances the state of the art in program verification: HOLCF ’11 can reason about many program definitions that are beyond the scope of other formal proof tools, while providing a high degree of proof automation. The soundness of the system is ensured by adhering to a definitional approach: New constants and types are defined in terms of previous concepts, without introducing new axioms. Major features of HOLCF ’11 include two highlevel definition packages: the Fixrec package for defining recursive functions, and the Domain package for defining recursive datatypes. Each of these uses the domaintheoretic concept of least fixed points to translate usersupplied recursive specifications into safe lowlevel definitions. Together, these tools make it easy for users to translate a wide variety of functional programs into the formalism of HOLCF. Theorems generated by the tools also make it easy for users to reason about their programs, with a very high level of confidence in the soundness of the results. As a case study, we present a fully mechanized verification of a model of concurrency based on powerdomains. The formalization depends on many features unique to HOLCF ’11, and is the first verification of such a model in a formal proof tool. ii ACKNOWLEDGMENTS I would like to thank my advisor, John Matthews, for having continued to devote so much time to working with me, even as a parttime professor; and for motivating me to keep studying domain theory (and enjoying it!) these past years. iii
An operational domaintheoretic treatment of recursive types
 in: TwentySecond Mathematical Foundations of Programming Semantics
, 2006
"... We develop a domain theory for treating recursive types with respect to contextual equivalence. The principal approach taken here deviates from classical domain theory in that we do not produce the recursive types via the usual inverse limits constructions we have it for free by working directly wi ..."
Abstract

Cited by 2 (2 self)
 Add to MetaCart
We develop a domain theory for treating recursive types with respect to contextual equivalence. The principal approach taken here deviates from classical domain theory in that we do not produce the recursive types via the usual inverse limits constructions we have it for free by working directly with the operational semantics. By extending type expressions to endofunctors on a ‘syntactic ’ category, we establish algebraic compactness. To do this, we rely on an operational version of the minimal invariance property. In addition, we apply techniques developed herein to reason about FPC programs. Key words: Operational domain theory, recursive types, FPC, realisable functor, algebraic compactness, generic approximation lemma, denotational semantics 1
Subtyping, Declaratively An Exercise in Mixed Induction and Coinduction
"... Abstract. It is natural to present subtyping for recursive types coinductively. However, Gapeyev, Levin and Pierce have noted that there is a problem with coinductive definitions of nontrivial transitive inference systems: they cannot be “declarative”—as opposed to “algorithmic ” or syntaxdirected ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Abstract. It is natural to present subtyping for recursive types coinductively. However, Gapeyev, Levin and Pierce have noted that there is a problem with coinductive definitions of nontrivial transitive inference systems: they cannot be “declarative”—as opposed to “algorithmic ” or syntaxdirected—because coinductive inference systems with an explicit rule of transitivity are trivial. We propose a solution to this problem. By using mixed induction and coinduction we define an inference system for subtyping which combines the advantages of coinduction with the convenience of an explicit rule of transitivity. The definition uses coinduction for the structural rules, and induction for the rule of transitivity. We also discuss under what conditions this technique can be used when defining other inference systems. The developments presented in the paper have been mechanised using Agda, a dependently typed programming language and proof assistant. 1
about Programs General Terms
"... This pearl develops a statement about parallel prefix computation in the spirit of Knuth’s 01Principle for oblivious sorting algorithms. It turns out that 01 is not quite enough here. The perfect hammer for the nails we are going to drive in is relational parametricity. Categories and Subject Des ..."
Abstract
 Add to MetaCart
This pearl develops a statement about parallel prefix computation in the spirit of Knuth’s 01Principle for oblivious sorting algorithms. It turns out that 01 is not quite enough here. The perfect hammer for the nails we are going to drive in is relational parametricity. Categories and Subject Descriptors D.1.1 [Programming Techniques]:
The Worker/Wrapper Transformation (Extended Version)
"... The worker/wrapper transformation is a technique for changing the type of a computation, usually with the aim of improving its performance. It has been used by compiler writers for many years, but the technique is littleknown in the wider functional programming community, and has never been describ ..."
Abstract
 Add to MetaCart
The worker/wrapper transformation is a technique for changing the type of a computation, usually with the aim of improving its performance. It has been used by compiler writers for many years, but the technique is littleknown in the wider functional programming community, and has never been described precisely. In this article we explain, formalise, and explore the generality of the worker/wrapper transformation. We also provide a systematic recipe for its use as an equational reasoning technique for improving the performance of programs, and illustrate the power of this recipe using a range of examples. 1
External Examiner
, 2006
"... The results reported in Part III consist of joint work with Martín Escardó [14]. All the other results reported in this thesis are due to the author, except for background results, which are clearly stated as such. Some of the results in Part IV have already appeared as [28]. Note This version of th ..."
Abstract
 Add to MetaCart
The results reported in Part III consist of joint work with Martín Escardó [14]. All the other results reported in this thesis are due to the author, except for background results, which are clearly stated as such. Some of the results in Part IV have already appeared as [28]. Note This version of the thesis, produced on October 31, 2006, is the result of completing all the minor modifications as suggested by both the examiners in the viva report (Ref: CLM/AC/497773). We develop an operational domain theory to reason about programs in sequential functional languages. The central idea is to export domaintheoretic techniques of the Scott denotational semantics directly to the study of contextual preorder and equivalence. We investigate to what extent this can be done for two deterministic functional programming languages: PCF (Programminglanguage for Computable Functionals) and FPC (Fixed Point Calculus).