Pub Date : 2021-12-16DOI: 10.1017/s0956796821000265
J. Gibbons, S. Krishnamurthi
{"title":"Editorial","authors":"J. Gibbons, S. Krishnamurthi","doi":"10.1017/s0956796821000265","DOIUrl":"https://doi.org/10.1017/s0956796821000265","url":null,"abstract":"","PeriodicalId":15874,"journal":{"name":"Journal of Functional Programming","volume":null,"pages":null},"PeriodicalIF":1.1,"publicationDate":"2021-12-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"48707852","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-02DOI: 10.1017/S0956796821000186
Xuejing Huang, Jinxu Zhao, B. C. D. S. Oliveira
Abstract Calculi with disjoint intersection types support a symmetric merge operator with subtyping. The merge operator generalizes record concatenation to any type, enabling expressive forms of object composition, and simple solutions to hard modularity problems. Unfortunately, recent calculi with disjoint intersection types and the merge operator lack a (direct) operational semantics with expected properties such as determinism and subject reduction, and only account for terminating programs. This paper proposes a type-directed operational semantics (TDOS) for calculi with intersection types and a merge operator. We study two variants of calculi in the literature. The first calculus, called λi, is a variant of a calculus presented by Oliveira et al. (2016) and closely related to another calculus by Dunfield (2014). Although Dunfield proposes a direct small-step semantics for her calculus, her semantics lacks both determinism and subject reduction. Using our TDOS, we obtain a direct semantics for λi that has both properties. The second calculus, called λi+, employs the well-known subtyping relation of Barendregt, Coppo and Dezani-Ciancaglini (BCD). Therefore, λi+ extends the more basic subtyping relation of λi, and also adds support for record types and nested composition (which enables recursive composition of merged components). To fully obtain determinism, both λi and λi+ employ a disjointness restriction proposed in the original λi calculus. As an added benefit the TDOS approach deals with recursion in a straightforward way, unlike previous calculi with disjoint intersection types where recursion is problematic. We relate the static and dynamic semantics of λi to the original version of the calculus and the calculus by Dunfield. Furthermore, for λi+, we show a novel formulation of BCD subtyping, which is algorithmic, has a very simple proof of transitivity and allows for the modular addition of distributivity rules (i.e. without affecting other rules of subtyping). All results have been fully formalized in the Coq theorem prover.
{"title":"Taming the Merge Operator","authors":"Xuejing Huang, Jinxu Zhao, B. C. D. S. Oliveira","doi":"10.1017/S0956796821000186","DOIUrl":"https://doi.org/10.1017/S0956796821000186","url":null,"abstract":"Abstract Calculi with disjoint intersection types support a symmetric merge operator with subtyping. The merge operator generalizes record concatenation to any type, enabling expressive forms of object composition, and simple solutions to hard modularity problems. Unfortunately, recent calculi with disjoint intersection types and the merge operator lack a (direct) operational semantics with expected properties such as determinism and subject reduction, and only account for terminating programs. This paper proposes a type-directed operational semantics (TDOS) for calculi with intersection types and a merge operator. We study two variants of calculi in the literature. The first calculus, called λi, is a variant of a calculus presented by Oliveira et al. (2016) and closely related to another calculus by Dunfield (2014). Although Dunfield proposes a direct small-step semantics for her calculus, her semantics lacks both determinism and subject reduction. Using our TDOS, we obtain a direct semantics for λi that has both properties. The second calculus, called λi+, employs the well-known subtyping relation of Barendregt, Coppo and Dezani-Ciancaglini (BCD). Therefore, λi+ extends the more basic subtyping relation of λi, and also adds support for record types and nested composition (which enables recursive composition of merged components). To fully obtain determinism, both λi and λi+ employ a disjointness restriction proposed in the original λi calculus. As an added benefit the TDOS approach deals with recursion in a straightforward way, unlike previous calculi with disjoint intersection types where recursion is problematic. We relate the static and dynamic semantics of λi to the original version of the calculus and the calculus by Dunfield. Furthermore, for λi+, we show a novel formulation of BCD subtyping, which is algorithmic, has a very simple proof of transitivity and allows for the modular addition of distributivity rules (i.e. without affecting other rules of subtyping). All results have been fully formalized in the Coq theorem prover.","PeriodicalId":15874,"journal":{"name":"Journal of Functional Programming","volume":null,"pages":null},"PeriodicalIF":1.1,"publicationDate":"2021-11-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"48822720","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-02DOI: 10.1017/S0956796821000071
Weihao Qu, Marco Gaboardi, D. Garg
Abstract Relational cost analysis aims at formally establishing bounds on the difference in the evaluation costs of two programs. As a particular case, one can also use relational cost analysis to establish bounds on the difference in the evaluation cost of the same program on two different inputs. One way to perform relational cost analysis is to use a relational type-and-effect system that supports reasoning about relations between two executions of two programs. Building on this basic idea, we present a type-and-effect system, called ARel, for reasoning about the relative cost (the difference in the evaluation cost) of array-manipulating, higher order functional-imperative programs. The key ingredient of our approach is a new lightweight type refinement discipline that we use to track relations (differences) between two mutable arrays. This discipline combined with Hoare-style triples built into the types allows us to express and establish precise relative costs of several interesting programs that imperatively update their data. We have implemented ARel using ideas from bidirectional type checking.
{"title":"Relational cost analysis in a functional-imperative setting","authors":"Weihao Qu, Marco Gaboardi, D. Garg","doi":"10.1017/S0956796821000071","DOIUrl":"https://doi.org/10.1017/S0956796821000071","url":null,"abstract":"Abstract Relational cost analysis aims at formally establishing bounds on the difference in the evaluation costs of two programs. As a particular case, one can also use relational cost analysis to establish bounds on the difference in the evaluation cost of the same program on two different inputs. One way to perform relational cost analysis is to use a relational type-and-effect system that supports reasoning about relations between two executions of two programs. Building on this basic idea, we present a type-and-effect system, called ARel, for reasoning about the relative cost (the difference in the evaluation cost) of array-manipulating, higher order functional-imperative programs. The key ingredient of our approach is a new lightweight type refinement discipline that we use to track relations (differences) between two mutable arrays. This discipline combined with Hoare-style triples built into the types allows us to express and establish precise relative costs of several interesting programs that imperatively update their data. We have implemented ARel using ideas from bidirectional type checking.","PeriodicalId":15874,"journal":{"name":"Journal of Functional Programming","volume":null,"pages":null},"PeriodicalIF":1.1,"publicationDate":"2021-11-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"42069160","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-10-27DOI: 10.1017/S095679682100023X
Liam O'Connor, Zilin Chen, C. Rizkallah, Vincent Jackson, Sidney Amani, G. Klein, Toby C. Murray, Thomas Sewell, G. Keller
Abstract This paper presents a framework aimed at significantly reducing the cost of proving functional correctness for low-level operating systems components. The framework is designed around a new functional programming language, Cogent. A central aspect of the language is its uniqueness type system, which eliminates the need for a trusted runtime or garbage collector while still guaranteeing memory safety, a crucial property for safety and security. Moreover, it allows us to assign two semantics to the language: The first semantics is imperative, suitable for efficient C code generation, and the second is purely functional, providing a user-friendly interface for equational reasoning and verification of higher-level correctness properties. The refinement theorem connecting the two semantics allows the compiler to produce a proof via translation validation certifying the correctness of the generated C code with respect to the semantics of the Cogent source program. We have demonstrated the effectiveness of our framework for implementation and for verification through two file system implementations.
{"title":"Cogent: uniqueness types and certifying compilation","authors":"Liam O'Connor, Zilin Chen, C. Rizkallah, Vincent Jackson, Sidney Amani, G. Klein, Toby C. Murray, Thomas Sewell, G. Keller","doi":"10.1017/S095679682100023X","DOIUrl":"https://doi.org/10.1017/S095679682100023X","url":null,"abstract":"Abstract This paper presents a framework aimed at significantly reducing the cost of proving functional correctness for low-level operating systems components. The framework is designed around a new functional programming language, Cogent. A central aspect of the language is its uniqueness type system, which eliminates the need for a trusted runtime or garbage collector while still guaranteeing memory safety, a crucial property for safety and security. Moreover, it allows us to assign two semantics to the language: The first semantics is imperative, suitable for efficient C code generation, and the second is purely functional, providing a user-friendly interface for equational reasoning and verification of higher-level correctness properties. The refinement theorem connecting the two semantics allows the compiler to produce a proof via translation validation certifying the correctness of the generated C code with respect to the semantics of the Cogent source program. We have demonstrated the effectiveness of our framework for implementation and for verification through two file system implementations.","PeriodicalId":15874,"journal":{"name":"Journal of Functional Programming","volume":null,"pages":null},"PeriodicalIF":1.1,"publicationDate":"2021-10-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"48969372","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-10-19DOI: 10.1017/S0956796821000216
P. Achten
Abstract Elliot Soloway’s Rainfall problem is a well-known and well-studied problem to investigate the problem-solving strategies of programmers. Kathi Fisler investigated this programming challenge from the point of view of functional programmers. She showed that this particular challenge gives rise to five different high-level solution strategies, of which three are predominant and cover over 80% of all chosen solutions. In this study, we put forward the Segments problem as an alternative challenge to investigate the problem-solving skills of functional programmers. Analysis of the student solutions, their high-level solution strategies, and corresponding archetype solutions shows that the Segments problem gives rise to seven different high-level solution strategies that can be further divided into 17 subclasses. The Segments problem is particularly suited to investigate problem-solving skills that involve list processing and higher-order functions.
{"title":"Segments: An alternative rainfall problem","authors":"P. Achten","doi":"10.1017/S0956796821000216","DOIUrl":"https://doi.org/10.1017/S0956796821000216","url":null,"abstract":"Abstract Elliot Soloway’s Rainfall problem is a well-known and well-studied problem to investigate the problem-solving strategies of programmers. Kathi Fisler investigated this programming challenge from the point of view of functional programmers. She showed that this particular challenge gives rise to five different high-level solution strategies, of which three are predominant and cover over 80% of all chosen solutions. In this study, we put forward the Segments problem as an alternative challenge to investigate the problem-solving skills of functional programmers. Analysis of the student solutions, their high-level solution strategies, and corresponding archetype solutions shows that the Segments problem gives rise to seven different high-level solution strategies that can be further divided into 17 subclasses. The Segments problem is particularly suited to investigate problem-solving skills that involve list processing and higher-order functions.","PeriodicalId":15874,"journal":{"name":"Journal of Functional Programming","volume":null,"pages":null},"PeriodicalIF":1.1,"publicationDate":"2021-10-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"41391032","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-10-19DOI: 10.1017/s0956796820000076
GUILLAUME ALLAIS, ROBERT ATKEY, JAMES CHAPMAN, CONOR MCBRIDE, JAMES MCKINNA
The syntax of almost every programming language includes a notion of binder and corresponding bound occurrences, along with the accompanying notions of α-equivalence, capture-avoiding substitution, typing contexts, runtime environments, and so on. In the past, implementing and reasoning about programming languages required careful handling to maintain the correct behaviour of bound variables. Modern programming languages include features that enable constraints like scope safety to be expressed in types. Nevertheless, the programmer is still forced to write the same boilerplate over again for each new implementation of a scope-safe operation (e.g., renaming, substitution, desugaring, printing), and then again for correctness proofs. We present an expressive universe of syntaxes with binding and demonstrate how to (1) implement scope-safe traversals once and for all by generic programming; and (2) how to derive properties of these traversals by generic proving. Our universe description, generic traversals and proofs, and our examples have all been formalised in Agda and are available in the accompanying material available online at https://github.com/gallais/generic-syntax.
{"title":"A type- and scope-safe universe of syntaxes with binding: their semantics and proofs","authors":"GUILLAUME ALLAIS, ROBERT ATKEY, JAMES CHAPMAN, CONOR MCBRIDE, JAMES MCKINNA","doi":"10.1017/s0956796820000076","DOIUrl":"https://doi.org/10.1017/s0956796820000076","url":null,"abstract":"The syntax of almost every programming language includes a notion of binder and corresponding bound occurrences, along with the accompanying notions of α-equivalence, capture-avoiding substitution, typing contexts, runtime environments, and so on. In the past, implementing and reasoning about programming languages required careful handling to maintain the correct behaviour of bound variables. Modern programming languages include features that enable constraints like scope safety to be expressed in types. Nevertheless, the programmer is still forced to write the same boilerplate over again for each new implementation of a scope-safe operation (e.g., renaming, substitution, desugaring, printing), and then again for correctness proofs. We present an expressive universe of syntaxes with binding and demonstrate how to (1) implement scope-safe traversals once and for all by generic programming; and (2) how to derive properties of these traversals by generic proving. Our universe description, generic traversals and proofs, and our examples have all been formalised in Agda and are available in the accompanying material available online at <jats:uri xmlns:xlink=\"http://www.w3.org/1999/xlink\" xlink:href=\"https://github.com/gallais/generic-syntax\">https://github.com/gallais/generic-syntax</jats:uri>.","PeriodicalId":15874,"journal":{"name":"Journal of Functional Programming","volume":null,"pages":null},"PeriodicalIF":1.1,"publicationDate":"2021-10-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"138531910","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-10-14DOI: 10.1017/s0956796821000125
MAX S. NEW, DANIEL R. LICATA, AMAL AHMED
Gradually typed languages are designed to support both dynamically typed and statically typed programming styles while preserving the benefits of each. Sound gradually typed languages dynamically check types at runtime at the boundary between statically typed and dynamically typed modules. However, there is much disagreement in the gradual typing literature over how to enforce complex types such as tuples, lists, functions and objects. In this paper, we propose a new perspective on the design of runtime gradual type enforcement: runtime type casts exist precisely to ensure the correctness of certain type-based refactorings and optimizations. For instance, for simple types, a language designer might desire that beta-eta equality is valid. We show that this perspective is useful by demonstrating that a cast semantics can be derived from beta-eta equality. We do this by providing an axiomatic account program equivalence in a gradual cast calculus in a logic we call gradual type theory (GTT). Based on Levy’s call-by-push-value, GTT allows us to axiomatize both call-by-value and call-by-name gradual languages. We then show that we can derive the behavior of casts for simple types from the corresponding eta equality principle and the assumption that the language satisfies a property called graduality, also known as the dynamic gradual guarantee. Since we can derive the semantics from the assumption of eta equality, we also receive a useful contrapositive: any observably different cast semantics that satisfies graduality must violate the eta equality. We show the consistency and applicability of our axiomatic theory by proving that a contract-based implementation using the lazy cast semantics gives a logical relations model of our type theory, where equivalence in GTT implies contextual equivalence of the programs. Since GTT also axiomatizes the dynamic gradual guarantee, our model also establishes this central theorem of gradual typing. The model is parameterized by the implementation of the dynamic types, and so gives a family of implementations that validate type-based optimization and the gradual guarantee.
{"title":"Gradual type theory","authors":"MAX S. NEW, DANIEL R. LICATA, AMAL AHMED","doi":"10.1017/s0956796821000125","DOIUrl":"https://doi.org/10.1017/s0956796821000125","url":null,"abstract":"Gradually typed languages are designed to support both dynamically typed and statically typed programming styles while preserving the benefits of each. Sound gradually typed languages dynamically check types at runtime at the boundary between statically typed and dynamically typed modules. However, there is much disagreement in the gradual typing literature over how to enforce complex types such as tuples, lists, functions and objects. In this paper, we propose a new perspective on the design of runtime gradual type enforcement: runtime type casts exist precisely to ensure the correctness of certain type-based refactorings and optimizations. For instance, for simple types, a language designer might desire that beta-eta equality is valid. We show that this perspective is useful by demonstrating that a cast semantics can be derived from beta-eta equality. We do this by providing an axiomatic account program equivalence in a gradual cast calculus in a logic we call <jats:italic>gradual type theory</jats:italic> (GTT). Based on Levy’s call-by-push-value, GTT allows us to axiomatize both call-by-value and call-by-name gradual languages. We then show that we can derive the behavior of casts for simple types from the corresponding eta equality principle and the assumption that the language satisfies a property called <jats:italic>graduality</jats:italic>, also known as the dynamic gradual guarantee. Since we can derive the semantics from the assumption of eta equality, we also receive a useful contrapositive: any observably different cast semantics that satisfies graduality <jats:italic>must</jats:italic> violate the eta equality. We show the consistency and applicability of our axiomatic theory by proving that a contract-based implementation using the lazy cast semantics gives a logical relations model of our type theory, where equivalence in GTT implies contextual equivalence of the programs. Since GTT also axiomatizes the dynamic gradual guarantee, our model also establishes this central theorem of gradual typing. The model is parameterized by the implementation of the dynamic types, and so gives a family of implementations that validate type-based optimization and the gradual guarantee.","PeriodicalId":15874,"journal":{"name":"Journal of Functional Programming","volume":null,"pages":null},"PeriodicalIF":1.1,"publicationDate":"2021-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"138531911","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-10-13DOI: 10.1017/s0956796821000101
JEREMY G. SIEK, PETER THIEMANN, PHILIP WADLER
C#, Dart, Pyret, Racket, TypeScript, VB: many recent languages integrate dynamic and static types via gradual typing. We systematically develop four calculi for gradual typing and the relations between them, building on and strengthening previous work. The calculi are as follows: $lambda{B}$ , based on the blame calculus of Wadler and Findler (2009); $lambda{C}$ , inspired by the coercion calculus of Henglein (1994); $lambda{S}$ inspired by the space-efficient calculus of Herman, Tomb, and Flanagan (2006); and $lambda{T}$ based on the threesome calculus of Siek and Wadler (2010). While $lambda{B}$ and $lambda{T}$ are little changed from previous work, $lambda{C}$ and $lambda{S}$ are new. Together, $lambda{B}$ ,
c#、Dart、Pyret、Racket、TypeScript、VB:许多最新的语言都通过渐进式类型集成了动态类型和静态类型。在前人工作的基础上,系统地发展了四种渐进式演算及其相互关系。演算公式如下:$lambda{B}$,基于Wadler and Findler(2009)的责备演算;$lambda{C}$,灵感来自Henglein(1994)的强制演算;$lambda{S}$灵感来自Herman, Tomb, and Flanagan(2006)的空间高效演算;和基于Siek和Wadler(2010)的三人微积分的$lambda{T}$。虽然$lambda{B}$和$lambda{T}$与以前的工作相比变化不大,但$lambda{C}$和$lambda{S}$是新的。$lambda{B}$、$lambda{C}$、$lambda{S}$和$lambda{T}$共同为渐变类型的设计、实现和优化提供了一个连贯的基础。我们定义从$lambda{B}$到$lambda{C}$的转换,从$lambda{C}$到$lambda{S}$的转换,以及从$lambda{S}$到$lambda{T}$的转换。许多先前的工作缺乏正确性的证明,或者正确性标准很弱;在这里,我们展示了人们所能期望的最强的正确性标准,即每个翻译都是完全抽象的。每个演算都加强了其他演算的设计:$lambda{C}$有一个特别简单的定义,$lambda{B}$的责备安全的微妙定义被$lambda{C}$的责备安全的简单定义所证明。我们的演算$lambda{S}$已经为实现做好了准备:这是第一个既易于实现又易于理解的节省空间的演算。我们给出了两个应用:第一,利用$lambda{C}$到$lambda{S}$的完全抽象,建立了一个等价的强制子理论;其次,使用从$lambda{B}$到$lambda{S}$的完全抽象,可以轻松地建立类型转换的基本属性,这在早期的工作中需要一个自定义的双模拟和六个引理。
{"title":"Blame and coercion: Together again for the first time","authors":"JEREMY G. SIEK, PETER THIEMANN, PHILIP WADLER","doi":"10.1017/s0956796821000101","DOIUrl":"https://doi.org/10.1017/s0956796821000101","url":null,"abstract":"C#, Dart, Pyret, Racket, TypeScript, VB: many recent languages integrate dynamic and static types via gradual typing. We systematically develop four calculi for gradual typing and the relations between them, building on and strengthening previous work. The calculi are as follows: <jats:inline-formula> <jats:alternatives> <jats:inline-graphic xmlns:xlink=\"http://www.w3.org/1999/xlink\" mime-subtype=\"png\" xlink:href=\"S0956796821000101_inline1.png\" /> <jats:tex-math> $lambda{B}$ </jats:tex-math> </jats:alternatives> </jats:inline-formula>, based on the blame calculus of Wadler and Findler (2009); <jats:inline-formula> <jats:alternatives> <jats:inline-graphic xmlns:xlink=\"http://www.w3.org/1999/xlink\" mime-subtype=\"png\" xlink:href=\"S0956796821000101_inline2.png\" /> <jats:tex-math> $lambda{C}$ </jats:tex-math> </jats:alternatives> </jats:inline-formula>, inspired by the coercion calculus of Henglein (1994); <jats:inline-formula> <jats:alternatives> <jats:inline-graphic xmlns:xlink=\"http://www.w3.org/1999/xlink\" mime-subtype=\"png\" xlink:href=\"S0956796821000101_inline3.png\" /> <jats:tex-math> $lambda{S}$ </jats:tex-math> </jats:alternatives> </jats:inline-formula> inspired by the space-efficient calculus of Herman, Tomb, and Flanagan (2006); and <jats:inline-formula> <jats:alternatives> <jats:inline-graphic xmlns:xlink=\"http://www.w3.org/1999/xlink\" mime-subtype=\"png\" xlink:href=\"S0956796821000101_inline4.png\" /> <jats:tex-math> $lambda{T}$ </jats:tex-math> </jats:alternatives> </jats:inline-formula> based on the threesome calculus of Siek and Wadler (2010). While <jats:inline-formula> <jats:alternatives> <jats:inline-graphic xmlns:xlink=\"http://www.w3.org/1999/xlink\" mime-subtype=\"png\" xlink:href=\"S0956796821000101_inline5.png\" /> <jats:tex-math> $lambda{B}$ </jats:tex-math> </jats:alternatives> </jats:inline-formula> and <jats:inline-formula> <jats:alternatives> <jats:inline-graphic xmlns:xlink=\"http://www.w3.org/1999/xlink\" mime-subtype=\"png\" xlink:href=\"S0956796821000101_inline6.png\" /> <jats:tex-math> $lambda{T}$ </jats:tex-math> </jats:alternatives> </jats:inline-formula> are little changed from previous work, <jats:inline-formula> <jats:alternatives> <jats:inline-graphic xmlns:xlink=\"http://www.w3.org/1999/xlink\" mime-subtype=\"png\" xlink:href=\"S0956796821000101_inline7.png\" /> <jats:tex-math> $lambda{C}$ </jats:tex-math> </jats:alternatives> </jats:inline-formula> and <jats:inline-formula> <jats:alternatives> <jats:inline-graphic xmlns:xlink=\"http://www.w3.org/1999/xlink\" mime-subtype=\"png\" xlink:href=\"S0956796821000101_inline8.png\" /> <jats:tex-math> $lambda{S}$ </jats:tex-math> </jats:alternatives> </jats:inline-formula> are new. Together, <jats:inline-formula> <jats:alternatives> <jats:inline-graphic xmlns:xlink=\"http://www.w3.org/1999/xlink\" mime-subtype=\"png\" xlink:href=\"S0956796821000101_inline9.png\" /> <jats:tex-math> $lambda{B}$ </jats:tex-math> </jats:alternatives> </jats:inline-formula>, <jats:inline-formula> <jats:alternatives> <jats:in","PeriodicalId":15874,"journal":{"name":"Journal of Functional Programming","volume":null,"pages":null},"PeriodicalIF":1.1,"publicationDate":"2021-10-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"138531912","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-08-31DOI: 10.1017/S0956796821000174
B. Shivkumar, Jeffrey C. Murphy, Lukasz Ziarek
Abstract There is a growing interest in leveraging functional programming languages in real-time and embedded contexts. Functional languages are appealing as many are strictly typed, amenable to formal methods, have limited mutation, and have simple but powerful concurrency control mechanisms. Although there have been many recent proposals for specialized domain-specific languages for embedded and real-time systems, there has been relatively little progress on adapting more general purpose functional languages for programming embedded and real-time systems. In this paper, we present our current work on leveraging Standard ML (SML) in the embedded and real-time domains. Specifically, we detail our experiences in modifying MLton, a whole-program optimizing compiler for SML, for use in such contexts. We focus primarily on the language runtime, reworking the threading subsystem, object model, and garbage collector. We provide preliminary results over a radar-based aircraft collision detector ported to SML.
{"title":"Real-time MLton: A Standard ML runtime for real-time functional programs","authors":"B. Shivkumar, Jeffrey C. Murphy, Lukasz Ziarek","doi":"10.1017/S0956796821000174","DOIUrl":"https://doi.org/10.1017/S0956796821000174","url":null,"abstract":"Abstract There is a growing interest in leveraging functional programming languages in real-time and embedded contexts. Functional languages are appealing as many are strictly typed, amenable to formal methods, have limited mutation, and have simple but powerful concurrency control mechanisms. Although there have been many recent proposals for specialized domain-specific languages for embedded and real-time systems, there has been relatively little progress on adapting more general purpose functional languages for programming embedded and real-time systems. In this paper, we present our current work on leveraging Standard ML (SML) in the embedded and real-time domains. Specifically, we detail our experiences in modifying MLton, a whole-program optimizing compiler for SML, for use in such contexts. We focus primarily on the language runtime, reworking the threading subsystem, object model, and garbage collector. We provide preliminary results over a radar-based aircraft collision detector ported to SML.","PeriodicalId":15874,"journal":{"name":"Journal of Functional Programming","volume":null,"pages":null},"PeriodicalIF":1.1,"publicationDate":"2021-08-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"46019679","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-08-06DOI: 10.1017/S0956796822000077
D. Annenkov, Mikkel Milo, J. Nielsen, Bas Spitters
Abstract We implement extraction of Coq programs to functional languages based on MetaCoq’s certified erasure. We extend the MetaCoq erasure output language with typing information and use it as an intermediate representation, which we call �${lambda^T_square}$� . We complement the extraction functionality with a full pipeline that includes several standard transformations (e.g. eta-expansion and inlining) implemented in a proof-generating manner along with a verified optimisation pass removing unused arguments. We prove the pass correct wrt. a conventional call-by-value operational semantics of functional languages. From the optimised �${lambda^T_square}$� representation, we obtain code in two functional smart contract languages, Liquidity and CameLIGO, the functional language Elm, and a subset of the multi-paradigm language for systems programming Rust. Rust is currently gaining popularity as a language for smart contracts, and we demonstrate how our extraction can be used to extract smart contract code for the Concordium network. The development is done in the context of the ConCert framework that enables smart contract verification. We contribute with two verified real-world smart contracts (boardroom voting and escrow), which we use, among other examples, to exemplify the applicability of the pipeline. In addition, we develop a verified web application and extract it to fully functional Elm code. In total, this gives us a way to write dependently typed programs in Coq, verify, and then extract them to several target languages while retaining a small trusted computing base of only MetaCoq and the pretty-printers into these languages.
{"title":"Extracting functional programs from Coq, in Coq","authors":"D. Annenkov, Mikkel Milo, J. Nielsen, Bas Spitters","doi":"10.1017/S0956796822000077","DOIUrl":"https://doi.org/10.1017/S0956796822000077","url":null,"abstract":"Abstract We implement extraction of Coq programs to functional languages based on MetaCoq’s certified erasure. We extend the MetaCoq erasure output language with typing information and use it as an intermediate representation, which we call \u0000${lambda^T_square}$\u0000 . We complement the extraction functionality with a full pipeline that includes several standard transformations (e.g. eta-expansion and inlining) implemented in a proof-generating manner along with a verified optimisation pass removing unused arguments. We prove the pass correct wrt. a conventional call-by-value operational semantics of functional languages. From the optimised \u0000${lambda^T_square}$\u0000 representation, we obtain code in two functional smart contract languages, Liquidity and CameLIGO, the functional language Elm, and a subset of the multi-paradigm language for systems programming Rust. Rust is currently gaining popularity as a language for smart contracts, and we demonstrate how our extraction can be used to extract smart contract code for the Concordium network. The development is done in the context of the ConCert framework that enables smart contract verification. We contribute with two verified real-world smart contracts (boardroom voting and escrow), which we use, among other examples, to exemplify the applicability of the pipeline. In addition, we develop a verified web application and extract it to fully functional Elm code. In total, this gives us a way to write dependently typed programs in Coq, verify, and then extract them to several target languages while retaining a small trusted computing base of only MetaCoq and the pretty-printers into these languages.","PeriodicalId":15874,"journal":{"name":"Journal of Functional Programming","volume":null,"pages":null},"PeriodicalIF":1.1,"publicationDate":"2021-08-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"46215189","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: