Results 1  10
of
40
Some domain theory and denotational semantics in Coq
, 2009
"... Abstract. We present a Coq formalization of constructive ωcpos (extending earlier work by PaulinMohring) up to and including the inverselimit construction of solutions to mixedvariance recursive domain equations, and the existence of invariant relations on those solutions. We then define operatio ..."
Abstract

Cited by 16 (4 self)
 Add to MetaCart
(Show Context)
Abstract. We present a Coq formalization of constructive ωcpos (extending earlier work by PaulinMohring) up to and including the inverselimit construction of solutions to mixedvariance recursive domain equations, and the existence of invariant relations on those solutions. We then define operational and denotational semantics for both a simplytyped CBV language with recursion and an untyped CBV language, and establish soundness and adequacy results in each case. 1
A functional specification of effects
, 2009
"... This dissertation is about effects and type theory. Functional programming languages such as Haskell demonstrate that monads can safely encapsulated side effects. If you want to reason about effectful code, however, it is not enough to only encapsulate effects: you must explain their meaning. In thi ..."
Abstract

Cited by 14 (5 self)
 Add to MetaCart
This dissertation is about effects and type theory. Functional programming languages such as Haskell demonstrate that monads can safely encapsulated side effects. If you want to reason about effectful code, however, it is not enough to only encapsulate effects: you must explain their meaning. In this dissertation I provide pure specifications of effects in type theory. After initial investigations using Haskell, I show how such specifications can be made total in a language with dependent types. Hoare Type Theory takes an alternative approach to incorporating effects in a dependently typed language. Instead of giving functional specifications, they follow Haskell’s lead and postulate the existence of primitive functions. This dissertation shows how some of these primitives may be implemented in a programming language with dependent types. I believe that functional specifications may provide the foundations on top of which richer logics may be constructed. The results presented in this dissertation may be used to write and verify
Inductive and Coinductive Components of Corecursive Functions in Coq
, 2008
"... ..."
(Show Context)
Beating the Productivity Checker Using Embedded Languages
"... Abstract. Some total languages, like Agda and Coq, allow the use of guarded corecursion to construct infinite values and proofs. Guarded corecursion is a form of recursion in which arbitrary recursive calls are allowed, as long as they are guarded by a coinductive constructor. Guardedness ensures th ..."
Abstract

Cited by 9 (3 self)
 Add to MetaCart
Abstract. Some total languages, like Agda and Coq, allow the use of guarded corecursion to construct infinite values and proofs. Guarded corecursion is a form of recursion in which arbitrary recursive calls are allowed, as long as they are guarded by a coinductive constructor. Guardedness ensures that programs are productive, i.e. that every finite prefix of an infinite value can be computed in finite time. However, many productive programs are not guarded, and it can be nontrivial to put them in guarded form. This paper gives a method for turning a productive program into a guarded program. The method amounts to defining a problemspecific language as a data type, writing the program in the problemspecific language, and writing a guarded interpreter for this language. 1
Refinement Types For Haskell
"... SMTbased checking of refinement types for callbyvalue languages is a wellstudied subject. Unfortunately, the classical translation of refinement types to verification conditions is unsound under lazy evaluation. When checking an expression, such systems implicitly assume that all the free var ..."
Abstract

Cited by 8 (4 self)
 Add to MetaCart
(Show Context)
SMTbased checking of refinement types for callbyvalue languages is a wellstudied subject. Unfortunately, the classical translation of refinement types to verification conditions is unsound under lazy evaluation. When checking an expression, such systems implicitly assume that all the free variables in the expression are bound to values. This property is trivially guaranteed by eager, but does not hold under lazy, evaluation. Thus, to be sound and precise, a refinement type system for Haskell and the corresponding verification conditions must take into account which subset of binders actually reduces to values. We present a stratified type system that labels binders as potentially diverging or not, and that (circularly) uses refinement types to verify the labeling. We have implemented our system in LIQUIDHASKELL and present an experimental evaluation of our approach on more than 10,000 lines of widely used Haskell libraries. We show that LIQUIDHASKELL is able to prove 96 % of all recursive functions terminating, while requiring a modest 1.7 lines of terminationannotations per 100 lines of code. 1.
Recursive definitions of monadic functions
 In Proc. of PAR 2010
, 2010
"... Using standard domaintheoretic fixedpoints, we present an approach for defining recursive functions that are formulated in monadic style. The method works both in the simple option monad and the stateexception monad of Isabelle/HOL’s imperative programming extension, which results in a convenient ..."
Abstract

Cited by 8 (0 self)
 Add to MetaCart
(Show Context)
Using standard domaintheoretic fixedpoints, we present an approach for defining recursive functions that are formulated in monadic style. The method works both in the simple option monad and the stateexception monad of Isabelle/HOL’s imperative programming extension, which results in a convenient definition principle for imperative programs, which were previously hard to define. For such monadic functions, the recursion equation can always be derived without preconditions, even if the function is partial. The construction is easy to automate, and convenient induction principles can be derived automatically. 1
Tracebased coinductive operational semantics for While; Bigstep and smallstep, relational and functional styles
 In Theorem Proving in Higher Order Logics, 22nd International Conference, TPHOLs 2009, volume 5674 of LNCS
, 2009
"... Abstract. We present four coinductive operational semantics for the While language accounting for both terminating and nonterminating program runs: bigstep and smallstep relational semantics and bigstep and smallstep functional semantics. The semantics employ traces (possibly infinite sequences ..."
Abstract

Cited by 6 (1 self)
 Add to MetaCart
(Show Context)
Abstract. We present four coinductive operational semantics for the While language accounting for both terminating and nonterminating program runs: bigstep and smallstep relational semantics and bigstep and smallstep functional semantics. The semantics employ traces (possibly infinite sequences of states) to record the states that program runs go through. The relational semantics relate statementstate pairs to traces, whereas the functional semantics return traces for statementstate pairs. All four semantics are equivalent. We formalize the semantics and their equivalence proofs in the constructive setting of Coq. 1
A constructive denotational semantics for Kahn networks in Coq
, 2007
"... Semantics of programming languages and interactive environments for the development of proofs and programs are two important aspects of Gilles Kahn’s scientific contributions. In his paper “The semantics of a simple language for parallel programming ” [11], he proposed an interpretation of (determin ..."
Abstract

Cited by 6 (1 self)
 Add to MetaCart
(Show Context)
Semantics of programming languages and interactive environments for the development of proofs and programs are two important aspects of Gilles Kahn’s scientific contributions. In his paper “The semantics of a simple language for parallel programming ” [11], he proposed an interpretation of (deterministic) parallel programs (now called Kahn networks) as stream transformers based on the theory of complete partial orders (cpos). A restriction of this language to synchronous programs is the basis of the dataflow Lustre language which is used for the development of critical embedded systems [14, 10]. We present a formalization of this seminal paper in the Coq proof assistant [4, 15]. For that purpose, we developed a general library for cpos. Our cpos are defined with an explicit function computing the least upper bound (lub) of an increasing sequence of elements. This is different from what G. Kahn developed for the standard Coq library where only the existence of lubs (for arbitrary directed sets) is required, giving no way to explicitly compute a fixpoint. We define a cpo structure for the type of possibly infinite streams. It is then possible to define formally what is a Kahn network and what is its semantics, achieving the goal of having a concept closed by composition and recursion. The library is illustrated by the example taken from the original paper as well as the Sieve of Eratosthenes, an example of a dynamic network. 1
Resumptions, Weak Bisimilarity and BigStep Semantics for While with Interactive I/O: An Exercise in Mixed InductionCoinduction
"... We look at the operational semantics of languages with interactive I/O through the glasses of constructive type theory. Following on from our earlier work on coinductive tracebased semantics for While [17], we define several bigstep semantics for While with interactive I/O, based on resumptions an ..."
Abstract

Cited by 6 (3 self)
 Add to MetaCart
(Show Context)
We look at the operational semantics of languages with interactive I/O through the glasses of constructive type theory. Following on from our earlier work on coinductive tracebased semantics for While [17], we define several bigstep semantics for While with interactive I/O, based on resumptions and terminationsensitive weak bisimilarity. These require nesting inductive definitions in coinductive definitions, which is interesting both mathematically and from the pointofview of implementation in a proof assistant. After first defining a basic semantics of statements in terms of resumptions with explicit internal actions (delays), we introduce a semantics in terms of delayfree resumptions that essentially removes finite sequences of delays on the fly from those resumptions that are responsive. Finally, we also look at a semantics in terms of delayfree resumptions supplemented with a silent divergence option. This semantics hinges on decisions between convergence and divergence and is only equivalent to the basic one classically. We have fully formalized our development in Coq. 1