Results 1 
8 of
8
Some lambda calculus and type theory formalized
 Journal of Automated Reasoning
, 1999
"... Abstract. We survey a substantial body of knowledge about lambda calculus and Pure Type Systems, formally developed in a constructive type theory using the LEGO proof system. On lambda calculus, we work up to an abstract, simplified, proof of standardization for beta reduction, that does not mention ..."
Abstract

Cited by 57 (7 self)
 Add to MetaCart
(Show Context)
Abstract. We survey a substantial body of knowledge about lambda calculus and Pure Type Systems, formally developed in a constructive type theory using the LEGO proof system. On lambda calculus, we work up to an abstract, simplified, proof of standardization for beta reduction, that does not mention redex positions or residuals. Then we outline the meta theory of Pure Type Systems, leading to the strengthening lemma. One novelty is our use of named variables for the formalization. Along the way we point out what we feel has been learned about general issues of formalizing mathematics, emphasizing the search for formal definitions that are convenient for formal proof and convincingly represent the intended informal concepts.
The Mechanisation of BarendregtStyle Equational Proofs (the Residual Perspective)
, 2001
"... We show how to mechanise equational proofs about higherorder languages by using the primitive proof principles of firstorder abstract syntax over onesorted variable names. We illustrate the method here by proving (in Isabelle/HOL) a technical property which makes the method widely applicable for ..."
Abstract

Cited by 9 (5 self)
 Add to MetaCart
We show how to mechanise equational proofs about higherorder languages by using the primitive proof principles of firstorder abstract syntax over onesorted variable names. We illustrate the method here by proving (in Isabelle/HOL) a technical property which makes the method widely applicable for the λcalculus: the residual theory of β is renamingfree upto an initiality condition akin to the socalled Barendregt Variable Convention. We use our results to give a new diagrambased proof of the development part of the strong finite development property for the λcalculus. The proof has the same equational implications (e.g., confluence) as the proof of the full property but without the need to prove SN. We account for two other uses of the proof method, as presented elsewhere. One has been mechanised in full in Isabelle/HOL.
Secure Mechanical Verification of Mutually Recursive Procedures
 Information and Computation
, 2003
"... . The verification of programs that contain mutually recursive procedures is a difficult task, and one which has not been satisfactorily addressed in the literature. Published proof rules have been later discovered to be unsound. Verification Condition Generator (VCG) tools have been effective in pa ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
(Show Context)
. The verification of programs that contain mutually recursive procedures is a difficult task, and one which has not been satisfactorily addressed in the literature. Published proof rules have been later discovered to be unsound. Verification Condition Generator (VCG) tools have been effective in partially automating the verification of programs, but in the past these VCG tools have in general not themselves been proven, so any proof using and depending on these VCGs might not be sound. In this paper we present a set of proof rules for proving the partial correctness of programs with mutually recursive procedures, together with a VCG that automates the use of the proof rules in program correctness proofs. The soundness of the proof rules and the VCG itself have been mechanically proven within the Higher Order Logic theorem prover, with respect to the underlying structural operational semantics of the programming language. This proof of soundness then forms the core of an implementation...
GDP Festschrift ENTCS, to appear Abstract Nominal Equational Logic
"... This paper studies the notion of “freshness ” that often occurs in the metatheory of computer science languages involving various kinds of names. Nominal Equational Logic is an extension of ordinary equational logic with assertions about the freshness of names. It is shown to be both sound and comp ..."
Abstract
 Add to MetaCart
(Show Context)
This paper studies the notion of “freshness ” that often occurs in the metatheory of computer science languages involving various kinds of names. Nominal Equational Logic is an extension of ordinary equational logic with assertions about the freshness of names. It is shown to be both sound and complete for the support interpretation of freshness and equality provided by the GabbayPitts nominal sets model of names, binding and αconversion.
Relational Reasoning about Functions and Nondeterminism
, 1998
"... Reproduction of all or part of this workis permitted for educational or research use on condition that this copyright notice isincluded in any copy. See back inner page for a list of recent BRICS Dissertation Series publications. Copies may be obtained by contacting: ..."
Abstract
 Add to MetaCart
Reproduction of all or part of this workis permitted for educational or research use on condition that this copyright notice isincluded in any copy. See back inner page for a list of recent BRICS Dissertation Series publications. Copies may be obtained by contacting:
A Theory of Inductive Definitions With αequivalence: Semantics, Implementation, Programming Language.
"... This document was compiled from L ATEX source on 10 August 2000. Copies will be printed, bound, and submitted for the title of PhD in Mathematics from Cambridge University, England. Other copies will be passed to those interested. Those interested are invited to write to me at Trinity College, Camb ..."
Abstract
 Add to MetaCart
(Show Context)
This document was compiled from L ATEX source on 10 August 2000. Copies will be printed, bound, and submitted for the title of PhD in Mathematics from Cambridge University, England. Other copies will be passed to those interested. Those interested are invited to write to me at Trinity College, Cambridge, or email m.j.gabbay@dpmms.cam.ac.uk. I remind the reader that my examiners may well suggest corrections to this document so it need not necessarily be the final version of my thesis. If the reader is wondering, DPMMS stands for the “Department of Pure Maths
4. Verification Condition Generators..................................................5
, 1993
"... When considering the correctness of programs, the only absolute demonstration of quality is mathematical proof. Yet the complexity of these proofs makes them all but impossible both to construct and read, and the correctness of the proofs themselves come into question. We take an approach to the cre ..."
Abstract
 Add to MetaCart
When considering the correctness of programs, the only absolute demonstration of quality is mathematical proof. Yet the complexity of these proofs makes them all but impossible both to construct and read, and the correctness of the proofs themselves come into question. We take an approach to the creation of these proofs based on specifying an axiomatic semantics for the programming language, and using that semantics to automatically create a Verification Condition Generator, a program that takes a general program written in the language and creates the proof of that program, modulo a set of verification conditions, to be proven by hand. This automates much of the detailed work of creating the proof. Yet even this VCG technique depends on the soundness of the axiomatic semantics, and in fact, many proposed axiomatic semantics have suffered from unsoundness. We take the difficult but secure approach of foundationally defining an operational semantics of the programming language, including concurrency, and then proving the axioms and rules of inference of the axiomatic semantics from the operational semantics as theorems. Once this is done, the correctness of the VCG function itself can be proven, so the proofs of concurrent programs as constructed by the VCG in a way that is known to be sound, modulo the truth of the
PROSPECTUS  Sound Foundations for Effective Proofs of Programs
"... When considering the correctness of programs, the only absolute demonstration of quality is mathematical proof. Yet the complexity of these proofs makes them all but impossible both to construct and read, and the correctness of the proofs themselves come into question. We take an approach to the ..."
Abstract
 Add to MetaCart
When considering the correctness of programs, the only absolute demonstration of quality is mathematical proof. Yet the complexity of these proofs makes them all but impossible both to construct and read, and the correctness of the proofs themselves come into question. We take an approach to the creation of these proofs based on specifying an axiomatic semantics for the programming language, and using that semantics to automatically create a Verification Condition Generator, a program that takes a general program written in the language and creates the proof of that program, modulo a set of verification conditions, to be proven by hand. This automates much of the detailed work of creating the proof. Yet even this VCG technique depends on the soundness of the axiomatic semantics, and in fact, many proposed axiomatic semantics have suffered from unsoundness. We take the difficult but secure approach of foundationally defining an operational semantics of the programming language...