Lambda the Ultimate

Thanks, that is good to know. I'm reading some examples of using the Haskell ST monad now.

I know that there are a plethora of "Introducing monads in language X" tutorials on the web. However, is anyone familiar with work along the lines of "Implementing the ST monad in language X including static checking that the code follows the rules that lead to a pure functional result" (where X is not Haskell, and most interesting to me would be X is a Lisp variant, Java, or JVM byte code)? That would be interesting to learn about.

Would doing so in a way similar to how the Haskell compiler does it require a nontrivial subset of the machinery of a Haskell compiler somehow added onto the language X compiler?

IIRC, Bit-C includes a 'pure' annotation to check code. Clojure and has support for 'transient' values, that serve a similar purpose. Both of these are lisp-like languages.

Thanks again for the BitC reference. I had heard of it, but didn't realize how much work on formal verification techniques was involved in that project. Hopefully I can learn something from their papers.

Clojure and its implementation of transients I am familiar with, and in fact was a motivation for my post. I suspect that a lot of mileage can be gotten in Clojure by having a simple code walker that checks for functions/macros/special forms known to cause mutation, and ones known to be purely functional (or at least assumed to be, without formal verification, e.g. the implementations of +, -, *, /, which are currently written in Java). It would also look for uses of free variables. I asked about Java and JVM purity-checkers above specifically because I wonder about the feasibility of extending such static checks down to the JVM layer beneath Clojure.

As hinted at above, I'm no semantic theorist, so there are likely all kinds of intricacies that I'm unaware of that many undergrads know about. I don't mind rediscovering some of these -- some problems become more real to you when you stumble across them yourself :-)

One place where I have a hazy awareness of potential complexities is functions passed as arguments. I suspect the best result one can give for a function like map is "it is pure functional if the function passed to it is pure functional, otherwise all bets are off."

Indeed, there may be some subtleties when passing a stateful function to a supposedly pure function. This problem was studied by Martin Hoffman in this paper :
www2.in.tum.de/bib/files/Hofmann10Pure.pdf
Alas, his work is not focused on yielding an automatic method for checking purity.

Bit-C, as far as I recall, is moving away from S-Expression syntax, for better or worse.

Very cool, and exactly the kind of thing I was looking for.

Is there perhaps some deep connection here that object capability models underly the techniques in this paper for determining a subset of pure Java methods, based on the Joe-E subset of Java, and also the EROS and Coyote operating systems that motivated Shapiro et al to create BitC referenced above? At first it seemed like a coincidence when I came across this connection, but now I wonder.

There is a deep connection between capabilities and side-effects. Side-effects by their very nature are non-local changes to the environment, which means otherwise isolated computations can communicate with each other if side-effects are not controlled. This is essentially an unauthorized communication channel.

By encapsulating the authority to cause specific side-effects into explicit handles, ie. capabilities, this communication channel is now explicit and you can now reason about the flow of information and the changes to the environment, and can determine when subsystems are properly isolated by examining the capabilities they are provided. This happens to provide many of the desirable properties of referential transparency, composition and modularity in programming languages, and I personally think there is a deeper connection here even beyond side-effects that has yet to be fully explored.

Re: BitC, Joe-E, E, and capability OSes, a lot of these folks are capability researchers and they discuss many of these issues on the cap-talk mailing list.

You might be interested in the other capability work that analyzes the flow of authority or information, such as SCOLL/SCOLLAR, and Toby Murray's analysis of capability patterns using CSP.