We argue that a logic programming language with a higher-order intuitionistic logic as its foundation can be used both to naturally specify and implement tactic style theorem provers. The language extends traditional logic programming languages by replacing first-order terms with simply-typed -terms, replacing first-order unification with higher-order unification, and allowing implication and universal quantification in queries and the bodies of clauses. Inference rules for a variety of inference systems can be naturally specified in this language. The higher-order features of the language contribute to a concise specification of provisos concerning variable occurrences in formulas and the discharge of assumptions present in many inference systems. Tactics and tacticals, which provide a framework for high-level control over search for proofs, can be directly and naturally implemented in the extended language. This framework serves as a starting point for implementing theorem provers an...

The need for subtyping in type-systems with dependent types has been realized for some years. But it is hard to prove that systems combining the two features have fundamental properties such as subject reduction. Here we investigate a subtyping extension of the system *P, which is an abstract version of the type system of the Edinburgh Logical Framework LF. By using an equivalent formulation, we establish some important properties of the new system *P^, including subject reduction. Our analysis culminates in a complete and terminating algorithm which establishes the decidability of type-checking.

A general formulation of inductive and recursive definitions in Martin-Lof's type theory is presented. It extends Backhouse's `Do-It-Yourself Type Theory' to include inductive definitions of families of sets and definitions of functions by recursion on the way elements of such sets are generated. The formulation is in natural deduction and is intended to be a natural generalization to type theory of Martin-Lof's theory of iterated inductive definitions in predicate logic. Formal criteria are given for correct formation and introduction rules of a new set former capturing definition by strictly positive, iterated, generalized induction. Moreover, there is an inversion principle for deriving elimination and equality rules from the formation and introduction rules. Finally, there is an alternative schematic presentation of definition by recursion. The resulting theory is a flexible and powerful language for programming and constructive mathematics. We hint at the wealth of possible applic...

Shapely types separate data, represented by lists, from shape, or structure. This separation supports shape polymorphism, where operations are defined for arbitrary shapes, and shapely operations, for which the shape of the result is determined by that of the input, permitting static shape checking. The shapely types are closed under the formation of fixpoints, and hence include the usual algebraic types of lists, trees, etc. They also include other standard data structures such as arrays, graphs and records. 1 Introduction The values of a shapely type are uniquely determined by their shape and their data. The shape can be thought of as a structure with holes or positions, into which data elements (stored in a list) can be inserted. The use of shape in computing is widespread, but till now it has not, apparently, been the subject of independent study. The body of the paper presents a semantics for shape, based on elementary ideas from category theory. First, let us consider some examp...

Motivated by applications to proof assistants based on dependent types, we develop and prove correct a strong reducer and b- equivalence checker for the l-calculus with products, sums, and guarded fixpoints. Our approach is based on compilation to the bytecode of an abstract machine performing weak reductions on non-closed terms, derived with minimal modifications from the ZAM machine used in the Objective Caml bytecode interpreter, and complemented by a recursive "read back" procedure. An implementation in the Coq proof assistant demonstrates important speedups compared with the original interpreter-based implementation of strong reduction in Coq.

We present algorithms for unification and antiunification in the Calculus of Constructions, where occurrences of free variables (the variables subject to instantiation) are restricted to higher-order patterns, a notion investigated for the simply-typed -calculus by Miller. Most general unifiers and least common antiinstances are shown to exist and are unique up to a simple equivalence. The unification algorithm is used for logic program execution and type and term reconstruction in the current implementation of Elf and has shown itself to be practical. The main application of the anti-unification algorithm we have in mind is that of proof generalization. 1 Introduction Higher-order logic with an embedded simply-typed - calculus has been used as the basis for a number of theorem provers (for example [1, 19]) and the programming language Prolog [16]. Central to these systems is an implementation of Huet's pre-unification algorithm for the simply-typed -calculus [12] which has shown it...

In computer science we speak of implementing a logic; this is done in a programming language, such as Lisp, called here the implementation language. We also reason about the logic, as in understanding how to search for proofs; these arguments are expressed in the metalanguage and conducted in the metalogic of the object language being implemented. We also reason about the implementation itself, say to know it is correct; this is done in a programming logic. How do all these logics relate? This paper considers that question and more. We show that by taking the view that the metalogic is primary, these other parts are related in standard ways. The metalogic should be suitably rich so that the object logic can be presented as an abstract data type, and it must be suitably computational (or constructive) so that an instance of that type is an implementation. The data type abstractly encodes all that is relevant for metareasoning, i.e., not only the term constructing functions but also the...

We study (extensions of) simply and polymorphically typed lambda calculus from a point of view of how iterative and recursive functions on inductive types are represented. The inductive types can usually be understood as initial algebras in a certain category and then recursion can be defined in terms of iteration. However, in the syntax we often have only weak initiality, which makes the definition of recursion in terms of iteration inefficient or just impossible. We propose a categorical notion of (primitive) recursion which can easily be added as computation rule to a typed lambda calculus and gives us a clear view on what the dual of recursion, corecursion, on coinductive types is. (The same notion has, independently, been proposed by [Mendler 1991].) We look at how these syntactic notions work out in the simply typed lambda calculus and the polymorphic lambda calculus. It will turn out that in the syntax, recursion can be defined in terms of corecursion and vice versa using polymo...

We present a new approach for supporting user-defined type refinements, which augment existing types to specify and check additional invariants of interest to programmers. We provide an expressive language in which users define new refinements and associated type rules. These rules are automatically incorporated by an extensible typechecker during static typechecking of programs. Separately, a soundness checker automatically proves that each refinement’s type rules ensure the intended invariant, for all possible programs. We have formalized our approach and have instantiated it as a framework for adding new type qualifiers to C programs. We have used this framework to define and automatically prove sound a host of type qualifiers of different sorts, including pos and neg for integers,tainted anduntainted for strings, andnonnull and unique for pointers, and we have applied our qualifiers to ensure important invariants on open-source C programs.

We study the problem of certifying programs combining imperative and functional features within the general framework of type theory. Type theory constitutes a powerful specification language, which is naturally suited for the proof of purely functional programs. To deal with imperative programs, we propose a logical interpretation of an annotated program as a partial proof of its specification. The construction of the corresponding partial proof term is based on a static analysis of the effects of the program, and on the use of monads. The usual notion of monads is refined in order to account for the notion of effect. The missing subterms in the partial proof term are seen as proof obligations, whose actual proofs are left to the user. We show that the validity of those proof obligations implies the total correctness of the program. We also establish a result of partial completeness. This work has been implemented in the Coq proof assistant. It appears as a tactic taking an ann...