Results 1 
5 of
5
Some lambda calculus and type theory formalized
 Journal of Automated Reasoning
, 1999
"... Abstract. We survey a substantial body of knowledge about lambda calculus and Pure Type Systems, formally developed in a constructive type theory using the LEGO proof system. On lambda calculus, we work up to an abstract, simplified, proof of standardization for beta reduction, that does not mention ..."
Abstract

Cited by 52 (7 self)
 Add to MetaCart
Abstract. We survey a substantial body of knowledge about lambda calculus and Pure Type Systems, formally developed in a constructive type theory using the LEGO proof system. On lambda calculus, we work up to an abstract, simplified, proof of standardization for beta reduction, that does not mention redex positions or residuals. Then we outline the meta theory of Pure Type Systems, leading to the strengthening lemma. One novelty is our use of named variables for the formalization. Along the way we point out what we feel has been learned about general issues of formalizing mathematics, emphasizing the search for formal definitions that are convenient for formal proof and convincingly represent the intended informal concepts.
The Mechanisation of BarendregtStyle Equational Proofs (the Residual Perspective)
, 2001
"... We show how to mechanise equational proofs about higherorder languages by using the primitive proof principles of firstorder abstract syntax over onesorted variable names. We illustrate the method here by proving (in Isabelle/HOL) a technical property which makes the method widely applicable for ..."
Abstract

Cited by 7 (4 self)
 Add to MetaCart
We show how to mechanise equational proofs about higherorder languages by using the primitive proof principles of firstorder abstract syntax over onesorted variable names. We illustrate the method here by proving (in Isabelle/HOL) a technical property which makes the method widely applicable for the λcalculus: the residual theory of β is renamingfree upto an initiality condition akin to the socalled Barendregt Variable Convention. We use our results to give a new diagrambased proof of the development part of the strong finite development property for the λcalculus. The proof has the same equational implications (e.g., confluence) as the proof of the full property but without the need to prove SN. We account for two other uses of the proof method, as presented elsewhere. One has been mechanised in full in Isabelle/HOL.
Secure Mechanical Verification of Mutually Recursive Procedures
 Information and Computation
, 2003
"... . The verification of programs that contain mutually recursive procedures is a difficult task, and one which has not been satisfactorily addressed in the literature. Published proof rules have been later discovered to be unsound. Verification Condition Generator (VCG) tools have been effective in pa ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
. The verification of programs that contain mutually recursive procedures is a difficult task, and one which has not been satisfactorily addressed in the literature. Published proof rules have been later discovered to be unsound. Verification Condition Generator (VCG) tools have been effective in partially automating the verification of programs, but in the past these VCG tools have in general not themselves been proven, so any proof using and depending on these VCGs might not be sound. In this paper we present a set of proof rules for proving the partial correctness of programs with mutually recursive procedures, together with a VCG that automates the use of the proof rules in program correctness proofs. The soundness of the proof rules and the VCG itself have been mechanically proven within the Higher Order Logic theorem prover, with respect to the underlying structural operational semantics of the programming language. This proof of soundness then forms the core of an implementation...
PROSPECTUS  Sound Foundations for Effective Proofs of Programs
"... When considering the correctness of programs, the only absolute demonstration of quality is mathematical proof. Yet the complexity of these proofs makes them all but impossible both to construct and read, and the correctness of the proofs themselves come into question. We take an approach to the ..."
Abstract
 Add to MetaCart
When considering the correctness of programs, the only absolute demonstration of quality is mathematical proof. Yet the complexity of these proofs makes them all but impossible both to construct and read, and the correctness of the proofs themselves come into question. We take an approach to the creation of these proofs based on specifying an axiomatic semantics for the programming language, and using that semantics to automatically create a Verification Condition Generator, a program that takes a general program written in the language and creates the proof of that program, modulo a set of verification conditions, to be proven by hand. This automates much of the detailed work of creating the proof. Yet even this VCG technique depends on the soundness of the axiomatic semantics, and in fact, many proposed axiomatic semantics have suffered from unsoundness. We take the difficult but secure approach of foundationally defining an operational semantics of the programming language...
4. Verification Condition Generators..................................................5
, 1993
"... When considering the correctness of programs, the only absolute demonstration of quality is mathematical proof. Yet the complexity of these proofs makes them all but impossible both to construct and read, and the correctness of the proofs themselves come into question. We take an approach to the cre ..."
Abstract
 Add to MetaCart
When considering the correctness of programs, the only absolute demonstration of quality is mathematical proof. Yet the complexity of these proofs makes them all but impossible both to construct and read, and the correctness of the proofs themselves come into question. We take an approach to the creation of these proofs based on specifying an axiomatic semantics for the programming language, and using that semantics to automatically create a Verification Condition Generator, a program that takes a general program written in the language and creates the proof of that program, modulo a set of verification conditions, to be proven by hand. This automates much of the detailed work of creating the proof. Yet even this VCG technique depends on the soundness of the axiomatic semantics, and in fact, many proposed axiomatic semantics have suffered from unsoundness. We take the difficult but secure approach of foundationally defining an operational semantics of the programming language, including concurrency, and then proving the axioms and rules of inference of the axiomatic semantics from the operational semantics as theorems. Once this is done, the correctness of the VCG function itself can be proven, so the proofs of concurrent programs as constructed by the VCG in a way that is known to be sound, modulo the truth of the