Some algorithms make critical internal use of updatable state, even though their external specification is purely functional. Based on earlier work on monads, we present a way of securely encapsulating such stateful computations, in the context of a non-strict, purely-functional language.
There are two main new developments in this paper. First, we show how to use the type system to securely encapsulate stateful computations, including ones which manipulate multiple, named, mutable objects. Second, we give a formal semantics for our system.