Automatic generation of certified construction functions guaranteeing algebraic invariants on concrete data types

Concrete data types and pattern-matching are salient features of modern programming languages as powerful ways of defining and manipulating data structures. Among other things (eg. abstract syntax trees, regular expressions, DNA sequences, chemistry, cellular automata), the developments of XML greatly increases the interest in more complex pattern-matching for easily writing programs transforming or querying XML documents. Various functional programming languages are extended with XML specific data types and matching (eg. OcamlDuce). Even some well-known non-functional programming languages (eg. C, Java) are extended with such complex pattern-matching (eg. TOM). Although concrete date types are very useful in defining complex data structures, they are not always sufficient to adequately specify the data structures manipulated by the algorithms. Often, only a subset of the concrete data type is in fact used since some invariants between the components are mandatory to ensure the correctness of the program. For instance, some list have to be sorted and should never have the same element twice. The usual way to solve this problem is to use abstract data types: no constructor is declared but instead construction functions that are supposed to guarantee the invariants are used to build the values of the data structure. However, by using an abstract data type, the programmer loses the ability to do pattern-matching, although this would not harm. Indeed, to maintain the invariants, the only important thing is to make sure that the user can only build values by using the construction functions. Pierre Weis’s ”private” data types in OCaml solves this problem [4]. Now, many data structures use common algebraic properties as invariants. For instance, a sorted list is a particular representant of the equivalence class of lists modulo commutativity. A list without the same element twice is a particular representant of the equivalence class of lists modulo idempotence. And, as soon as various such algebraic invariants must be combined, it becomes very difficult to write correct and efficient construction functions. That is why we propose to study the automatic generation of certified construction functions guaranteeing algebraic invariants on concrete data types. Together with Thérèse Hardin (LIP6, Paris), we already have preliminary