## Proof Tool Support for Explicit Strictness

Citations: | 2 - 1 self |

### BibTeX

@MISC{Eekelen_prooftool,

author = {Marko Van Eekelen and Maarten De Mol},

title = {Proof Tool Support for Explicit Strictness},

year = {}

}

### OpenURL

### Abstract

Abstract. In programs written in lazy functional languages such as for example Clean and Haskell, the programmer can choose freely whether particular subexpressions will be evaluated lazily (the default) or strictly (must be specified explicitly). It is widely known that this choice affects program behavior, resource consumption and semantics in several ways. However, not much experience is available about the impact on logical program properties and formal reasoning. This paper aims to give a better understanding of the concept of explicit strictness. The impact of explicit strictness on formal reasoning will be investigated. It will be shown that this impact is bigger than expected and that tool support is needed for formal reasoning in the context of explicit strictness. We introduce the various ways in which strictness specific support is offered by the proof assistant Sparkle. 1

### Citations

196 | A natural semantics for lazy evaluation
- Launchbury
- 1993
(Show Context)
Citation Context ...rmal Semantics The semantics of lazy functional languages have been described elegantly in practice in various ways: both operationally and denotationally, in terms of a term-graph rewrite system, in =-=[12]-=-; or just operationally, in terms of a graph rewrite-system, in [14]. All these semantics are well established, are widely known and accepted in the functional language community, and have been used f... |

134 |
Eekelen. Functional Programming and Parallel Graph Rewriting
- Plasmeijer, van
- 1993
(Show Context)
Citation Context ...described elegantly in practice in various ways: both operationally and denotationally, in terms of a term-graph rewrite system, in [12]; or just operationally, in terms of a graph rewrite-system, in =-=[14]-=-. All these semantics are well established, are widely known and accepted in the functional language community, and have been used for various kinds of theoretical purposes. The basic forms of all the... |

108 |
Term graph rewriting
- Barendregt, Eekelen, et al.
- 1987
(Show Context)
Citation Context ...ions. An example of such a far-reaching consequence is given in the next subsection. 2.2 A Dramatic Case of the Influence of Explicit Strictness The Clean compiler uses term graph rewriting semantics =-=[3]-=- to incorporate pattern matching, sharing and cycles. With term graph rewriting semantics, on right-hand sides of definitions those parts that are not connected to the root cannot have any influence o... |

71 | Deriving a lazy abstract machine
- Sestoft
- 1997
(Show Context)
Citation Context ...nguage. They do not use a formal semantics. We expect that our formal semantic approach can be used as a basis to prove their proof rules. With the purpose of deriving a lazy abstract machine Sestoft =-=[15]-=- has revised Launchbury’s semantics. Launchbury’s semantics require global inspection (which is unwanted for an abstract machine) for preserving the Distinct Names property. When an abstract machine i... |

61 | Algorithm + strategy = parallelism
- Trinder, Hammond, et al.
- 1998
(Show Context)
Citation Context ...n eval. The purpose of this function is to fully reduce its argument and return True afterwards. Such an ‘eval’ function is usually used to express evaluation strategies in the context of parallelism =-=[4, 17]-=-. We use eval for expressing definedness conditions. In the standard program library of Sparkle (StdSparkle), the function eval is defined by means of overloading. The instance on characters is define... |

43 | Gast: Generic automated software testing
- Koopman, Alimarine, et al.
- 2002
(Show Context)
Citation Context ...akes it impossible to prove the property at all. An automatic analysis to obtain termination conditions would be helpful. This does not seem too far-fetched. An idea is to extend the GAST-system (see =-=[11]-=-) for this purpose. With GAST, it is possible to automatically generate valid values for the quantified variables and test the property on these values. However, GAST currently is not able to cope wit... |

38 | Free theorems in the presence of seq
- Johann, Voigtländer
- 2004
(Show Context)
Citation Context ...me theory that might also be used to address the problems that arise in a mixed lazy/strict context. That would require a combination of his work and the work of Patricia Johann and Janis Voigtländer =-=[9]-=- who use a denotational approach to present some “free” theorems in the presence of Haskell’s seq. At Chalmers University of Technology for the language Haskell a proof assistant Agda [1] has been dev... |

32 | Existential types: Logical relations and operational equivalence
- Pitts
- 1998
(Show Context)
Citation Context ...pecific for the seq, such as the relation between ‘lazy’ and ‘strict’ terms. 14sIt is possible to translate seq’s to let!s (and vice versa) and shown properties can be compared directly. Andrew Pitts =-=[13]-=- discusses non-termination issues of logical relations and operational equivalence in the context of the presence of existential types in a strict language. He provides some theory that might also be ... |

26 | Theorem Proving for functional Programmers - Sparkle: A Functional Theorem Prover
- Mol, Eekelen, et al.
- 2001
(Show Context)
Citation Context ... rules that are based on reduction.sWe will demonstrate how to deal with these semantical effects with Sparkle, which is the proof assistant that is dedicated to Clean. Sparkle has been introduced in =-=[6]-=-. In this paper we will present the specific strictness support that it offers. This support has not been addressed in any earlier publication. As far we know, Sparkle is at present the only proof ass... |

23 |
An operational semantics for parallel lazy evaluation
- Baker-Finch, King, et al.
- 2000
(Show Context)
Citation Context ...ee [12]) The addition of this single StrictLet rule is sufficient to incorporate the concept of explicit strictness in a formal semantics. Our extension is equivalent to the one that is introduced in =-=[2]-=- for dealing formally with parallelism. In [2] seq is used as the basic primitive to denote explicit strictness. Using the equivalence of seq and let! sketched above, the proofs of soundness and compu... |

9 | Chasing bottoms: A case study in program verification in the presence of partial and infinite values
- Danielsson, Jansson
- 2004
(Show Context)
Citation Context ...pport for general type classes can be used [10]. With this tool, the following properties of ‘eval’ can be stated and proven in Sparkle. – ∀x[x �= ⊥ → eval x] – ∀x[eval x �= False)] 5 Related Work In =-=[5]-=- Danielsson and Jansson perform a case study in program verification using partial and undefined values. They assume proof rules to be valid for the programming language. They do not use a formal sema... |

7 | Verifying Haskell programs using constructive type theory
- Abel, Benke, et al.
- 2005
(Show Context)
Citation Context ... Voigtländer [9] who use a denotational approach to present some “free” theorems in the presence of Haskell’s seq. At Chalmers University of Technology for the language Haskell a proof assistant Agda =-=[1]-=- has been developed in the context of the CoVer project. As with Sparkle the language is translated to a core-version on which the proofs are performed. Being geared towards facilitating the ’average’... |

6 | Possibilities and limitations of call-by-need space improvement
- Gustavsson, Sands
- 2001
(Show Context)
Citation Context ...e required. As is further pointed out by Sestoft [15] the rules given by Launchbury are not fully lazy. Full laziness can be achieved by introducing new let-bindings for every maximal free expression =-=[8]-=-. An equivalent extension of Launchbury’s semantics can be found in [2]. In this paper, a formal semantics for Glasgow Parallel Haskell is constructed on top of the standard Launchbury’s semantics. In... |

3 | Extending the sparkle core language with object abstraction
- Tejfel, Horváth, et al.
(Show Context)
Citation Context ... Tool Support for Explicit Strictness in Sparkle Sparkle [6] is Clean’s dedicated proof-assistant. Apart from its location of origin Sparkle is used rather intensively in Budapest (Object Abstraction =-=[16]-=-) and Dublin (I/O models [7]). Sparkle works directly on a desugared version of Clean, called Core-Clean. Within Sparkle allows properties of functions to be expressed using first-order propositional ... |

1 |
Evaluation transformers a model for the parallel evolution of functional languages
- Burn
- 1987
(Show Context)
Citation Context ...n eval. The purpose of this function is to fully reduce its argument and return True afterwards. Such an ‘eval’ function is usually used to express evaluation strategies in the context of parallelism =-=[4, 17]-=-. We use eval for expressing definedness conditions. In the standard program library of Sparkle (StdSparkle), the function eval is defined by means of overloading. The instance on characters is define... |

1 |
Eekelen. Ta language for reasoning about concurrent functional i/o
- Dowse, Butterfield, et al.
- 2004
(Show Context)
Citation Context ...d by strictness: This property is valid for lazy lists, but invalid for element-strict lists. 6sInvalid in the strict case because: Suppose xs = [12], g 12 = ⊥ and f (g 12) = 7. Then map (f o g) xs = =-=[7]-=-, both in the lazy and in the strict case. However, map f (map g xs) = [7] in the lazy case, but ⊥ in the strict case. Extra definedness condition for the lazy case: The problematic case can be exclud... |

1 |
Proof Support for General Type Classes. Intellect
- Kesteren, Mol, et al.
- 2004
(Show Context)
Citation Context ... All instances of the class ‘eval’ have to share certain properties. To prove properties of all members of a certain type classes, the recently added tool support for general type classes can be used =-=[10]-=-. With this tool, the following properties of ‘eval’ can be stated and proven in Sparkle. – ∀x[x �= ⊥ → eval x] – ∀x[eval x �= False)] 5 Related Work In [5] Danielsson and Jansson perform a case study... |