Results 1  10
of
23
Achieving information flow security through monadic control of effects
 JOURNAL OF COMPUTER SECURITY
, 2009
"... This paper advocates a novel approach to the construction of secure software: controlling information flow and maintaining integrity via monadic encapsulation of effects. This approach is constructive, relying on properties of monads and monad transformers to build, verify, and extend secure softwar ..."
Abstract

Cited by 7 (6 self)
 Add to MetaCart
This paper advocates a novel approach to the construction of secure software: controlling information flow and maintaining integrity via monadic encapsulation of effects. This approach is constructive, relying on properties of monads and monad transformers to build, verify, and extend secure software systems. We illustrate this approach by construction of abstract operating systems called separation kernels. Starting from a mathematical model of sharedstate concurrency based on monads of resumptions and state, we outline the development by stepwise refinements of separation kernels supporting Unixlike system calls, interdomain communication, and a formally verified security policy (domain separation). Because monads may be easily and safely represented within any pure, higherorder, typed functional language, the resulting system models may be directly realized within a language such as Haskell.
Unfolding abstract datatypes
 In MPC’08: Proceedings of the 9th international conference on Mathematics of Program Construction
, 2008
"... ..."
Beating the Productivity Checker Using Embedded Languages
"... Abstract. Some total languages, like Agda and Coq, allow the use of guarded corecursion to construct infinite values and proofs. Guarded corecursion is a form of recursion in which arbitrary recursive calls are allowed, as long as they are guarded by a coinductive constructor. Guardedness ensures th ..."
Abstract

Cited by 6 (3 self)
 Add to MetaCart
Abstract. Some total languages, like Agda and Coq, allow the use of guarded corecursion to construct infinite values and proofs. Guarded corecursion is a form of recursion in which arbitrary recursive calls are allowed, as long as they are guarded by a coinductive constructor. Guardedness ensures that programs are productive, i.e. that every finite prefix of an infinite value can be computed in finite time. However, many productive programs are not guarded, and it can be nontrivial to put them in guarded form. This paper gives a method for turning a productive program into a guarded program. The method amounts to defining a problemspecific language as a data type, writing the program in the problemspecific language, and writing a guarded interpreter for this language. 1
HOLCF ’11: A Definitional Domain Theory for Verifying Functional Programs
, 2012
"... HOLCF is an interactive theorem proving system that uses the mathematics of domain theory to reason about programs written in functional programming languages. This thesis introduces HOLCF ’11, a thoroughly revised and extended version of HOLCF that advances the state of the art in program verificat ..."
Abstract

Cited by 3 (2 self)
 Add to MetaCart
HOLCF is an interactive theorem proving system that uses the mathematics of domain theory to reason about programs written in functional programming languages. This thesis introduces HOLCF ’11, a thoroughly revised and extended version of HOLCF that advances the state of the art in program verification: HOLCF ’11 can reason about many program definitions that are beyond the scope of other formal proof tools, while providing a high degree of proof automation. The soundness of the system is ensured by adhering to a definitional approach: New constants and types are defined in terms of previous concepts, without introducing new axioms. Major features of HOLCF ’11 include two highlevel definition packages: the Fixrec package for defining recursive functions, and the Domain package for defining recursive datatypes. Each of these uses the domaintheoretic concept of least fixed points to translate usersupplied recursive specifications into safe lowlevel definitions. Together, these tools make it easy for users to translate a wide variety of functional programs into the formalism of HOLCF. Theorems generated by the tools also make it easy for users to reason about their programs, with a very high level of confidence in the soundness of the results. As a case study, we present a fully mechanized verification of a model of concurrency based on powerdomains. The formalization depends on many features unique to HOLCF ’11, and is the first verification of such a model in a formal proof tool. ii ACKNOWLEDGMENTS I would like to thank my advisor, John Matthews, for having continued to devote so much time to working with me, even as a parttime professor; and for motivating me to keep studying domain theory (and enjoying it!) these past years. iii
Streaming RepresentationChangers
 LNCS
, 2004
"... Unfolds generate data structures, and folds consume them. ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
Unfolds generate data structures, and folds consume them.
Eekelen. Induction and Coinduction in Sparkle
 In HansWolfgang Loidl, editor, Fifth Symposium on Trends in Functional Programming (TFP 2004
, 2004
"... Abstract: Sparkle is a proof assistant designed for the lazy evaluating functional programming language Clean. It is designed with the clear objective in mind that proofs of first order logical predicates on programs should be as easy as possible for programmers. Since recursion is at the heart of ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
Abstract: Sparkle is a proof assistant designed for the lazy evaluating functional programming language Clean. It is designed with the clear objective in mind that proofs of first order logical predicates on programs should be as easy as possible for programmers. Since recursion is at the heart of functional languages, support for recursive reasoning should be as exhaustive as possible. Until now the induction tactic in Sparkle was rather basic. We have extended Sparkle with two standard techniques to perform inductive and coinductive reasoning about programs. By means of examples, we show from research papers how they benefit the programmer. More importantly, we propose a new technique to derive induction schemes for mutually recursive programs by using strongly connected components of complete call graphs to derive a well founded ordering and induction scheme. These induction schemes can be used to semiautomatically prove properties of programs out of reach of other automated proof techniques. Together this extends the realm of programs for which easy proofs in Sparkle can be constructed by the programmer. 1
An operational domaintheoretic treatment of recursive types
 in: TwentySecond Mathematical Foundations of Programming Semantics
, 2006
"... We develop a domain theory for treating recursive types with respect to contextual equivalence. The principal approach taken here deviates from classical domain theory in that we do not produce the recursive types via the usual inverse limits constructions we have it for free by working directly wi ..."
Abstract

Cited by 2 (2 self)
 Add to MetaCart
We develop a domain theory for treating recursive types with respect to contextual equivalence. The principal approach taken here deviates from classical domain theory in that we do not produce the recursive types via the usual inverse limits constructions we have it for free by working directly with the operational semantics. By extending type expressions to endofunctors on a ‘syntactic ’ category, we establish algebraic compactness. To do this, we rely on an operational version of the minimal invariance property. In addition, we apply techniques developed herein to reason about FPC programs. Key words: Operational domain theory, recursive types, FPC, realisable functor, algebraic compactness, generic approximation lemma, denotational semantics 1
Polytypic Functional Programming and Data Abstraction
, 2006
"... Structural polymorphism is a generic programming technique known within the functional programming community under the names of polytypic or datatypegeneric programming. In this thesis we show that such a technique conflicts with the principle of data abstraction and propose a solution for reconcil ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Structural polymorphism is a generic programming technique known within the functional programming community under the names of polytypic or datatypegeneric programming. In this thesis we show that such a technique conflicts with the principle of data abstraction and propose a solution for reconciliation. More concretely, we show that popular polytypic extensions of the functional programming language Haskell, namely, Generic Haskell and Scrap your Boilerplate have their genericity limited by data abstraction. We propose an extension to the Generic Haskell language where the `structure' in `structural polymorphism' is defined around the concept of interface and not the representation of a type.
Subtyping, Declaratively An Exercise in Mixed Induction and Coinduction
"... Abstract. It is natural to present subtyping for recursive types coinductively. However, Gapeyev, Levin and Pierce have noted that there is a problem with coinductive definitions of nontrivial transitive inference systems: they cannot be “declarative”—as opposed to “algorithmic ” or syntaxdirected ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Abstract. It is natural to present subtyping for recursive types coinductively. However, Gapeyev, Levin and Pierce have noted that there is a problem with coinductive definitions of nontrivial transitive inference systems: they cannot be “declarative”—as opposed to “algorithmic ” or syntaxdirected—because coinductive inference systems with an explicit rule of transitivity are trivial. We propose a solution to this problem. By using mixed induction and coinduction we define an inference system for subtyping which combines the advantages of coinduction with the convenience of an explicit rule of transitivity. The definition uses coinduction for the structural rules, and induction for the rule of transitivity. We also discuss under what conditions this technique can be used when defining other inference systems. The developments presented in the paper have been mechanised using Agda, a dependently typed programming language and proof assistant. 1