Results 1 
9 of
9
Structural Recursive Definitions in Type Theory
 Automata, Languages and Programming, 25th International Colloquium, ICALP’98
, 1998
"... We introduce an extension of the Calculus of Construction with inductive and coinductive types that preserves strong normalisation for a lazy computation relation. This extension considerably enlarges the expressiveness of the language, enabling a direct translation of recursive programs, while kee ..."
Abstract

Cited by 32 (0 self)
 Add to MetaCart
We introduce an extension of the Calculus of Construction with inductive and coinductive types that preserves strong normalisation for a lazy computation relation. This extension considerably enlarges the expressiveness of the language, enabling a direct translation of recursive programs, while keeping a relatively simple collection of typing rules. 1 Introduction The last twenty five years have seen an increasing development of different proof environments based on type theory. Several type theories have been proposed as a foundation of such proof environments [15, 6, 16], trying to find an accurate compromise between two criteria. On the one hand, we search for extensions of type theory that preserve its conceptual simplicity of type theory (a few primitive constructions, a small number of typing rules) and metatheoretical properties ensuring its soundness and a direct mechanisation (strong normalisation, decidability of typechecking, etc). On the other hand, we would like to pro...
Cyclic proofs for firstorder logic with inductive definitions
 In TABLEAUX’05, volume 3702 of LNCS
, 2005
"... Abstract. We consider a cyclic approach to inductive reasoning in the setting of firstorder logic with inductive definitions. We present a proof system for this language in which proofs are represented as finite, locally sound derivation trees with a “repeat function ” identifying cyclic proof sect ..."
Abstract

Cited by 13 (5 self)
 Add to MetaCart
Abstract. We consider a cyclic approach to inductive reasoning in the setting of firstorder logic with inductive definitions. We present a proof system for this language in which proofs are represented as finite, locally sound derivation trees with a “repeat function ” identifying cyclic proof sections. Soundness is guaranteed by a wellfoundedness condition formulated globally in terms of traces over the proof tree, following an idea due to Sprenger and Dam. However, in contrast to their work, our proof system does not require an extension of logical syntax by ordinal variables. A fundamental question in our setting is the strength of the cyclic proof system compared to the more familiar use of a noncyclic proof system using explicit induction rules. We show that the cyclic proof system subsumes the use of explicit induction rules. In addition, we provide machinery for manipulating and analysing the structure of cyclic proofs, based primarily on viewing them as generating regular infinite trees, and also formulate a finitary trace condition sufficient (but not necessary) for soundness, that is computationally and combinatorially simpler than the general trace condition. 1
Verifying Selfstabilizing Population Protocols with Coq
"... Population protocols are an elegant model recently introduced for distributed algorithms running in large and unreliable networks of tiny mobile agents. Correctness proofs of such protocols involve subtle arguments on infinite sequences of events. We propose a general formalization of selfstabilizi ..."
Abstract

Cited by 4 (4 self)
 Add to MetaCart
Population protocols are an elegant model recently introduced for distributed algorithms running in large and unreliable networks of tiny mobile agents. Correctness proofs of such protocols involve subtle arguments on infinite sequences of events. We propose a general formalization of selfstabilizing population protocols with the Coq proof assistant. It is used in reasoning about a concrete protocol for leader election in complete graphs. The protocol is formally proved to be correct for networks of arbitrarily large size. To this end we develop an appropriate theory of infinite sequences, including results for reasoning on abstractions. In addition, we provide a constructive correctness proof for a leader election protocol in directed rings. An advantage of using a constructive setting is that we get more informative proofs on the scenarios that converge to the desired configurations. 1.
A Framework for Verifying DataCentric Protocols
"... Abstract. Data centric languages, such as recursive rule based languages, have been proposed to program distributed applications over networks. They simplify greatly the code, which is orders of magnitude shorter, much more declarative, while still admitting efficient distributed execution. We show ..."
Abstract

Cited by 4 (3 self)
 Add to MetaCart
Abstract. Data centric languages, such as recursive rule based languages, have been proposed to program distributed applications over networks. They simplify greatly the code, which is orders of magnitude shorter, much more declarative, while still admitting efficient distributed execution. We show that they also provide a promising approach to the verification of distributed protocols, thanks to their data centric orientation, which allows to explicitly handle global structures, such as the topology of the network, routing tables, trees, etc, as well as their properties. We consider a framework using an original formalization in the Coq proof assistant of a distributed computation model based on message passing with either synchronous or asynchronous behavior. The declarative rules of the Netlog language for specifying distributed protocols, as well as the virtual machines for evaluating these rules, are encoded in Coq as well. We consider as a case study tree protocols, and show how this framework enables us to formally verify them in both the asynchronous and synchronous setting. 1
Pure type systems with corecursion on streams From finite to infinitary normalisation
 IN ICFP
, 2012
"... In this paper, we use types for ensuring that programs involving streams are wellbehaved. We extend pure type systems with a type constructor for streams, a modal operator next and a fixed point operator for expressing corecursion. This extension is called Pure Type Systems with Corecursion (CoPTS) ..."
Abstract

Cited by 3 (2 self)
 Add to MetaCart
In this paper, we use types for ensuring that programs involving streams are wellbehaved. We extend pure type systems with a type constructor for streams, a modal operator next and a fixed point operator for expressing corecursion. This extension is called Pure Type Systems with Corecursion (CoPTS). The typed lambda calculus for reactive programs defined by Krishnaswami and Benton can be obtained as a CoPTS. CoPTS’s allow us to study a wide range of typed lambda calculi extended with corecursion using only one framework. In particular, we study this extension for the calculus of constructions which is the underlying formal language of Coq. We use the machinery of infinitary rewriting and formalize the idea of wellbehaved programs using the concept of infinitary normalization. We study the properties of infinitary weak and strong normalization for CoPTS’s. The set of finite and infinite terms is defined as a metric completion. We shed new light on the meaning of the modal operator by connecting the modality with the depth used to define the metric. This connection is the key to the proofs of infinitary weak and strong normalization.
Typebased productivity of stream definitions in the calculus of constructions
 In LICS’13
, 2013
"... Abstract—Productivity of corecursive definitions is an essential property in proof assistants since it ensures logical consistency and decidability of type checking. Typebased mechanisms for ensuring productivity use types annotated with size information to track the number of elements produced in ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Abstract—Productivity of corecursive definitions is an essential property in proof assistants since it ensures logical consistency and decidability of type checking. Typebased mechanisms for ensuring productivity use types annotated with size information to track the number of elements produced in corecursive definitions. In this paper, we propose an extension of the Calculus of Constructions—the theory underlying the Coq proof assistant—with a typebased criterion for ensuring productivity of stream definitions. We prove strong normalization and logical consistency. Furthermore, we define an algorithm for inferring size annotations in types. These results can be easily extended to handle general coinductive types. I.
A Tutorial on [Co]Inductive Types in Coq
, 1998
"... This document 1 is an introduction to the definition and use of inductive and coinductive types in the Coq proof environment. It explains how types like natural numbers and infinite streams are defined in Coq, and the kind of proof techniques that can be used to reason about them (case analysis, in ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
This document 1 is an introduction to the definition and use of inductive and coinductive types in the Coq proof environment. It explains how types like natural numbers and infinite streams are defined in Coq, and the kind of proof techniques that can be used to reason about them (case analysis, induction, inversion of predicates, coinduction, etc). Each technique is illustrated
Université de Grenoble 1
, 2010
"... Abstract. Declarative languages, such as recursive rule based languages, have been proposed to program distributed applications over networks. It has been shown that they simplify greatly the code, while still offering efficient distributed execution. In this paper, we show that moreover they provid ..."
Abstract
 Add to MetaCart
Abstract. Declarative languages, such as recursive rule based languages, have been proposed to program distributed applications over networks. It has been shown that they simplify greatly the code, while still offering efficient distributed execution. In this paper, we show that moreover they provide a promising approach to the verification of distributed protocols. We choose the Netlog language and use the Coq proof assistant. We first formalize the distributed computation model based on message passing with either synchronous or asynchronous behavior. We then see how the declarative rules of the protocols can be simply encoded in Coq. Finally, we develop the machine embedded on each node of the network which evaluates the rules. This framework enables us to formally verify distributed declarative protocols, as sketched on a concrete example, a breadthfirst search tree construction in a distributed network. 1
SimSoCCERT: a Certified Simulator for Systems on Chip
"... Abstract—The design and debugging of SystemsonChip using a hardware implementation is difficult and requires heavy material. Simulation is an interesting alternative approach, which is both more flexible and less expensive. SimSoC [1] is a fast instruction set simulator for various ARM, PowerPC, a ..."
Abstract
 Add to MetaCart
Abstract—The design and debugging of SystemsonChip using a hardware implementation is difficult and requires heavy material. Simulation is an interesting alternative approach, which is both more flexible and less expensive. SimSoC [1] is a fast instruction set simulator for various ARM, PowerPC, and RISCbased architectures. However, speed involves tricky shortcomings and design decisions, resulting in a complex software product. This makes the accuracy of the simulator a nontrivial question: there is a strong need to strengthen the confidence that simulations results match the expected accuracy. We therefore decided to certify SimSoC, that is, to formally prove in Coq the correctness of a significant part of this software. The present paper reports our first efforts in this direction, targeting the ARMv6 architecture.