this paper and the LF. In particular the idea of having an operator T : Prop ! Type appears already in De Bruijn's earlier work, as does the idea of having several judgements. The paper [24] describes the basic features of the LF. In this paper we are going to provide a broader illustration of its applicability and discuss to what extent it is successful. The analysis (of the formal presentation) of a system carried out through encoding often illuminates the system itself. This paper will also deal with this phenomenon.

Abstract. We present five axioms of name-carrying lambda-terms identified up to alpha-conversion—that is, up to renaming of bound variables. We assume constructors for constants, variables, application and lambdaabstraction. Other constants represent a function Fv that returns the set of free variables in a term and a function that substitutes a term for a variable free in another term. Our axioms are (1) equations relating Fv and each constructor, (2) equations relating substitution and each constructor, (3) alpha-conversion itself, (4) unique existence of functions on lambda-terms defined by structural iteration, and (5) construction of lambda-abstractions given certain functions from variables to terms. By building a model from de Bruijn’s nameless lambda-terms, we show that our five axioms are a conservative extension of HOL. Theorems provable from the axioms include distinctness, injectivity and an exhaustion principle for the constructors, principles of structural induction and primitive recursion on lambda-terms, Hindley and Seldin’s substitution lemmas and

The paradigm of type-based termination is explored for functional programming with recursive data types. The article introduces , a lambda-calculus with recursion, inductive types, subtyping and bounded quanti cation. Decorated type variables representing approximations of inductive types are used to track the size of function arguments and return values. The system is shown to be type safe and strongly normalizing. The main novelty is a bidirectional type checking algorithm whose soundness is established formally.

... unification problems. Then, in this framework, we develop a new unification algorithm for a-calculus with dependent function (II) types. This algorithm is especially useful as it provides for mechanization in the very expressive Logical Framework (LF). The development (object-languages). The rich structure of a typed-calculus,asopposedtotraditional,rst- generalideaistousea-calculusasameta-languageforrepresentingvariousotherlanguages thelattercase,thealgorithmisincomplete,thoughstillquiteusefulinpractice. Thelastpartofthedissertationprovidesexamplesoftheusefulnessofthealgorithms.The algorithmrstfordependentproduct()types,andsecondforimplicitpolymorphism.In involvessignicantcomplicationsnotarisingHuet'scorrespondingalgorithmforthesimply orderabstractsyntaxtrees,allowsustoexpressrules,e.g.,programtransformationand typed-calculus,primarilybecauseitmustdealwithill-typedterms.Wethenextendthis Wecanthenuseunicationinthemeta-languagetomechanizeapplicationoftheserules.

This thesis considers the problem of program correctness within a rich theory of dependent types, the Extended Calculus of Constructions (ECC). This system contains a powerful programming language of higher-order primitive recursion and higher-order intuitionistic logic. It is supported by Pollack's versatile LEGO implementation, which I use extensively to develop the mathematical constructions studied here. I systematically investigate Burstall's notion of deliverable, that is, a program paired with a proof of correctness. This approach separates the concerns of programming and logic, since I want a simple program extraction mechanism. The \Sigma-types of the calculus enable us to achieve this. There are many similarities with the subset interpretation of Martin-Lof type theory. I show that deliverables have a rich categorical structure, so that correctness proofs may be decomposed in a principled way. The categorical combinators which I define in the system package up much logical bo...

Abstract not found

In this paper, we take an abstract view of search by describing search procedures via particular kinds of proofs in type theory. We rely on the proofs-as-programs interpretation to extract programs from our proofs. Using these techniques we explore, in depth, a large family of search problems by parameterizing the speci cation of the problem. A constructive proof is presented which has as its computational content a correct search procedure for these problems. We show how a classical extension to an otherwise constructive system can be used to describe a typical use of the nonlocal control operator call/cc. Using the classical typing of nonlocal control we extend our purely constructive proof to incorporate a sophisticated backtracking technique known as ‘con ict-directed backjumping’ (CBJ). A variant of this proof is formalized in Nuprl yielding a correct-by-construction implementation of CBJ. The extracted program has been translated into Scheme and serves as the basis for an implementation of a new solution to the Hamiltonian circuit problem. This paper demonstrates a nontrivial application of the proofs-as-programs paradigm by applying the technique to the derivation of a sophisticated search algorithm; also, it shows the generality of the resulting implementation by demonstrating its application in a new problem

. Many search algorithms have been introduced without correctness proofs, or proved only with respect to an informal semantics of the algorithm. We address this problem by taking advantage of the correspondence between programs and proofs. We give a single proof of the correctness of a very general search algorithm, for which we provide Scheme code. It is straightforward to implement service functions to implement algorithms such as Davis-Putnam for satisfiability or forward checking (FC) for constraint satisfaction, and to incorporate conflictdirected backjumping (CBJ) and heuristics for variable and value ordering. By separating the search algorithm from problem features, our work should enable the much speedier implementation of sophisticated search methods such as FC-CBJ in new domains, and we illustrate this by sketching an implementation for the Hamiltonian Circuit problem. 1 Introduction The constraint satisfaction community has an excellent record of introducing intelligent se...

s and compressed postscript files are available via http://svrc.it.uq.edu.au Proof Representations in Theorem Provers Geoffrey Norman Watson Abstract This is a survey of some of the proof representations used by current theorem provers. The aim of the survey is to ascertain the range of mechanisms used to represent proofs and the purposes to which these representations are put. This is done within a simple framework. It examines both internal and external representations, although the focus is on representations that could be exported to an external proof checker. A number of examples from various provers are given in a series of appendices. 1 Contents 1 Introduction 3 2 Aim of the Survey 3 2.1 Why Construct Proofs . . . . . . . . . 3 2.2 Levels of Representation . . . . . . . . 4 3 Scope of the Survey 5 3.1 Ergo . . . . . . . . . . . . . . . . . . . 5 3.2 HOL . . . . . . . . . . . . . . . . . . 6 3.3 Isabelle . . . . . . . . . . . . . . . . . 7 3.4 Nuprl . . . . . . . . . . . ...

Abstract. A general version of the fundamental theorem for System F is presented which can be instantiated to obtain proofs of weak β- and βη-normalization and normalization by evaluation. 1 Introduction and Related Work Dependently typed lambda-calculi have been successfully used as proof languages in proof assistants like Agda [Nor07], Coq [INR07], LEGO [Pol94], and NuPrl [Ct86]. Since types may depend on values in these type theories, checking equality of types, which is crucial for type and, thus, proof checking, is non-trivial for these