Beating the Productivity Checker Using Embedded Languages

Some total languages, like Agda and Coq, allow the use of guarded corecursion to construct infinite values and proofs. Guarded corecursion is a form of recursion in which arbitrary recursive calls are allowed, as long as they are guarded by a coinductive constructor. Guardedness ensures that programs are productive, i.e. that every finite prefix of an infinite value can be computed in finite time. However, many productive programs are not guarded, and it can be nontrivial to put them in guarded form. This paper gives a method for turning a productive program into a guarded program. The method amounts to defining a problem-specific language as a data type, writing the program in the problem-specific language, and writing a guarded interpreter for this language.Comment: In Proceedings PAR 2010, arXiv:1012.455

Practical dependent type checking using twin types

People writing proofs or programs in dependently typed languages can omit some function arguments in order to decrease the code size and improve readability. Type checking such a program involves filling in each of these implicit arguments in a type-correct way. This is typically done using some form of unification.One approach to unification, taken by Agda, involves sometimes starting to unify terms before their types are known to be equal: in some cases one can make progress on unifying the terms, and then use information gleaned in this way to unify the types. This flexibility allows Agda to solve implicit arguments that are not found by several other systems. However, Agda\u27s implementation is buggy: sometimes the solutions chosen are ill-typed, which can cause the type checker to crash.With Gundry and McBride\u27s twin variable technique one can also start to unify terms before their types are known to be equal, and furthermore this technique is accompanied by correctness proofs. However, so far this technique has not been tested in practice as part of a full type checker.We have reformulated Gundry and McBride\u27s technique without twin variables, using only twin types, with the aim of making the technique easier to implement in existing type checkers (in particular Agda). We have also introduced a type-agnostic syntactic equality rule that seems to be useful in practice. The reformulated technique has been tested in a type checker for a tiny variant of Agda. This type checker handles at least one example that Coq, Idris, Lean and Matita cannot handle, and does so in time and space comparable to that used by Agda. This suggests that the reformulated technique is usable in practice

Anisotropic intrinsic lattice thermal conductivity of phosphorene from first principles

Phosphorene, the single layer counterpart of black phosphorus, is a novel two-dimensional semiconductor with high carrier mobility and a large fundamental direct band gap, which has attracted tremendous interest recently. Its potential applications in nano-electronics and thermoelectrics call for a fundamental study of the phonon transport. Here, we calculate the intrinsic lattice thermal conductivity of phosphorene by solving the phonon Boltzmann transport equation (BTE) based on first-principles calculations. The thermal conductivity of phosphorene at $300\,\mathrm{K}$ is $30.15\,\mathrm{Wm^{-1}K^{-1}}$ (zigzag) and $13.65\,\mathrm{Wm^{-1}K^{-1}}$ (armchair), showing an obvious anisotropy along different directions. The calculated thermal conductivity fits perfectly to the inverse relation with temperature when the temperature is higher than Debye temperature ($\Theta_D = 278.66\,\mathrm{K}$). In comparison to graphene, the minor contribution around $5\%$ of the ZA mode is responsible for the low thermal conductivity of phosphorene. In addition, the representative mean free path (MFP), a critical size for phonon transport, is also obtained.Comment: 5 pages and 6 figures, Supplemental Material available as http://www.rsc.org/suppdata/cp/c4/c4cp04858j/c4cp04858j1.pd

Total Haskell is Reasonable Coq

We would like to use the Coq proof assistant to mechanically verify properties of Haskell programs. To that end, we present a tool, named hs-to-coq, that translates total Haskell programs into Coq programs via a shallow embedding. We apply our tool in three case studies -- a lawful Monad instance, "Hutton's razor", and an existing data structure library -- and prove their correctness. These examples show that this approach is viable: both that hs-to-coq applies to existing Haskell code, and that the output it produces is amenable to verification.Comment: 13 pages plus references. Published at CPP'18, In Proceedings of 7th ACM SIGPLAN International Conference on Certified Programs and Proofs (CPP'18). ACM, New York, NY, USA, 201

Step-Indexed Normalization for a Language with General Recursion

The Trellys project has produced several designs for practical dependently typed languages. These languages are broken into two fragments-a_logical_fragment where every term normalizes and which is consistent when interpreted as a logic, and a_programmatic_fragment with general recursion and other convenient but unsound features. In this paper, we present a small example language in this style. Our design allows the programmer to explicitly mention and pass information between the two fragments. We show that this feature substantially complicates the metatheory and present a new technique, combining the traditional Girard-Tait method with step-indexed logical relations, which we use to show normalization for the logical fragment.Comment: In Proceedings MSFP 2012, arXiv:1202.240

Functional Program Correctness Through Types

This thesis addresses the problem of avoiding errors in functional programs. The thesis has three parts, discussing different aspects of program correctness, with the unifying theme that types are an integral part of the methods used to establish correctness. The first part validates a common, but not obviously correct, method for reasoning about functional programs. In this method, dubbed “fast and loose reasoning”, programs written in a language with non-terminating functions are treated as if they were written in a total language. It is shown that fast and loose reasoning is sound when the programs are written in a given total subset of the language, and the resulting properties are translated back to the partial setting using certain partial equivalence relations which capture the concept of totality. The second part discusses a method for ensuring that functions meet specified time bounds. The method is aimed at implementations of purel