Results 1  10
of
28
A syntactic approach to foundational proofcarrying code
 In Seventeenth IEEE Symposium on Logic in Computer Science
, 2002
"... ProofCarrying Code (PCC) is a general framework for verifying the safety properties of machinelanguage programs. PCC proofs are usually written in a logic extended with languagespecific typing rules. In Foundational ProofCarrying Code (FPCC), on the other hand, proofs are constructed and verifie ..."
Abstract

Cited by 96 (19 self)
 Add to MetaCart
ProofCarrying Code (PCC) is a general framework for verifying the safety properties of machinelanguage programs. PCC proofs are usually written in a logic extended with languagespecific typing rules. In Foundational ProofCarrying Code (FPCC), on the other hand, proofs are constructed and verified using strictly the foundations of mathematical logic, with no typespecific axioms. FPCC is more flexible and secure because it is not tied to any particular type system and it has a smaller trusted base. Foundational proofs, however, are much harder to construct. Previous efforts on FPCC all required building sophisticated semantic models for types. In this paper, we present a syntactic approach to FPCC that avoids the difficulties of previous work. Under our new scheme, the foundational proof for a typed machine program simply consists of the typing derivation plus the formalized syntactic soundness proof for the underlying type system. We give a translation from a typed assembly language into FPCC and demonstrate the advantages of our new system via an implementation in the Coq proof assistant. 1.
Some lambda calculus and type theory formalized
 Journal of Automated Reasoning
, 1999
"... Abstract. We survey a substantial body of knowledge about lambda calculus and Pure Type Systems, formally developed in a constructive type theory using the LEGO proof system. On lambda calculus, we work up to an abstract, simplified, proof of standardization for beta reduction, that does not mention ..."
Abstract

Cited by 65 (10 self)
 Add to MetaCart
(Show Context)
Abstract. We survey a substantial body of knowledge about lambda calculus and Pure Type Systems, formally developed in a constructive type theory using the LEGO proof system. On lambda calculus, we work up to an abstract, simplified, proof of standardization for beta reduction, that does not mention redex positions or residuals. Then we outline the meta theory of Pure Type Systems, leading to the strengthening lemma. One novelty is our use of named variables for the formalization. Along the way we point out what we feel has been learned about general issues of formalizing mathematics, emphasizing the search for formal definitions that are convenient for formal proof and convincingly represent the intended informal concepts.
More ChurchRosser Proofs (in Isabelle/HOL)
 Journal of Automated Reasoning
, 1996
"... The proofs of the ChurchRosser theorems for fi, j and fi [ j reduction in untyped calculus are formalized in Isabelle/HOL, an implementation of Higher Order Logic in the generic theorem prover Isabelle. ..."
Abstract

Cited by 42 (4 self)
 Add to MetaCart
(Show Context)
The proofs of the ChurchRosser theorems for fi, j and fi [ j reduction in untyped calculus are formalized in Isabelle/HOL, an implementation of Higher Order Logic in the generic theorem prover Isabelle.
Closure Under AlphaConversion
 In The Informal Proceeding of the 1993 Workshop on Types for Proofs and Programs
, 1993
"... this paper appears in Types for Proofs and Programs: International Workshop TYPES'93, Nijmegen, May 1993, Selected Papers, LNCS 806. abstraction, compute a type for its body in an extended context; to compute a type for an application, compute types for its left and right components, and check ..."
Abstract

Cited by 26 (3 self)
 Add to MetaCart
this paper appears in Types for Proofs and Programs: International Workshop TYPES'93, Nijmegen, May 1993, Selected Papers, LNCS 806. abstraction, compute a type for its body in an extended context; to compute a type for an application, compute types for its left and right components, and check that they match appropriately. Lets use the algorithm to compute a type for a = [x:ø ][x:oe]x. FAILURE: no rule applies because x 2 Dom (x:ø )
Mechanizing set theory: Cardinal arithmetic and the axiom of choice
 Journal of Automated Reasoning
, 1996
"... Abstract. Fairly deep results of ZermeloFrænkel (ZF) set theory have been mechanized using the proof assistant Isabelle. The results concern cardinal arithmetic and the Axiom of Choice (AC). A key result about cardinal multiplication is κ ⊗ κ = κ, where κ is any infinite cardinal. Proving this resu ..."
Abstract

Cited by 16 (9 self)
 Add to MetaCart
(Show Context)
Abstract. Fairly deep results of ZermeloFrænkel (ZF) set theory have been mechanized using the proof assistant Isabelle. The results concern cardinal arithmetic and the Axiom of Choice (AC). A key result about cardinal multiplication is κ ⊗ κ = κ, where κ is any infinite cardinal. Proving this result required developing theories of orders, orderisomorphisms, order types, ordinal arithmetic, cardinals, etc.; this covers most of Kunen, Set Theory, Chapter I. Furthermore, we have proved the equivalence of 7 formulations of the Wellordering Theorem and 20 formulations of AC; this covers the first two chapters of Rubin and Rubin, Equivalents of the Axiom of Choice, and involves highly technical material. The definitions used in the proofs are
A Full Formalisation of πCalculus Theory in the Calculus of Constructions
, 1997
"... A formalisation of picalculus in the Coq system is presented. Based on a de Bruijn notation for names, our... ..."
Abstract

Cited by 15 (0 self)
 Add to MetaCart
A formalisation of picalculus in the Coq system is presented. Based on a de Bruijn notation for names, our...
The ChurchRosser Theorem in Isabelle: A Proof Porting Experiment
, 1995
"... This paper describes a proof of the ChurchRosser theorem for the pure calculus formalised in the Isabelle theorem prover. The initial version of the proof is ported from a similar proof done in the Coq proof assistant by Gérard Huet, but a number of optimisations have been performed. The developme ..."
Abstract

Cited by 12 (0 self)
 Add to MetaCart
(Show Context)
This paper describes a proof of the ChurchRosser theorem for the pure calculus formalised in the Isabelle theorem prover. The initial version of the proof is ported from a similar proof done in the Coq proof assistant by Gérard Huet, but a number of optimisations have been performed. The development involves the introduction of several inductive and recursive definitions and thus gives a good presentation of the inductive package of Isabelle.
Upper Bounds for Standardizations and an Application
 The Journal of Symbolic Logic
, 1996
"... We first present a new proof for the standardization theorem, a fundamental theorem in calculus. Since our proof is largely built upon structural induction on lambda terms, we can extract some bounds for the number of fireduction steps in the standard fireduction sequences obtained from transfor ..."
Abstract

Cited by 9 (1 self)
 Add to MetaCart
(Show Context)
We first present a new proof for the standardization theorem, a fundamental theorem in calculus. Since our proof is largely built upon structural induction on lambda terms, we can extract some bounds for the number of fireduction steps in the standard fireduction sequences obtained from transforming any given fireduction sequences. This result sharpens the standardization theorem and establishes a link between lazy and eager evaluation orders in the context of computational complexity. As an application, we establish a superexponential bound for the number of fireduction steps in fireduction sequences from any given simply typed terms. 1 Introduction The standardization theorem of Curry and Feys [CF58] is a very useful result, stating that if u reduces to v for terms u and v, then there is a standard fireduction from u to v. Using this theorem, we can readily prove the normalization theorem, i.e., a term has a normal form if and only if the leftmost fireduction sequence f...
Formalizing Rewriting in the ACL2 Theorem Prover
"... We present an application of the ACL2 theorem prover to formalize and reason about rewrite systems theory. This can be seen as a first approach to apply formal methods, using ACL2, to the design of symbolic computation systems, since the notion of rewriting or simplification is ubiquitous in such sy ..."
Abstract

Cited by 7 (6 self)
 Add to MetaCart
We present an application of the ACL2 theorem prover to formalize and reason about rewrite systems theory. This can be seen as a first approach to apply formal methods, using ACL2, to the design of symbolic computation systems, since the notion of rewriting or simplification is ubiquitous in such systems. We concentrate here in formalization and representation aspects of abstract reduction and term rewriting systems, using the firstorder, quantifierfree ACL2 logic based on Common Lisp.
Polishing Up the TaitMartinLöf Proof of the ChurchRosser Theorem
, 1995
"... Introduction The TaitMartinLof proof is the best known and simplest proof of confluence (the ChurchRosser theorem) for various lambda calculi. It is explained in detail, for example, in [Bar84, HS86, Rev88]. The desire to clarify this proof has inspired work on concrete representation of bindi ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
(Show Context)
Introduction The TaitMartinLof proof is the best known and simplest proof of confluence (the ChurchRosser theorem) for various lambda calculi. It is explained in detail, for example, in [Bar84, HS86, Rev88]. The desire to clarify this proof has inspired work on concrete representation of binding [dB72, Coq91]. Perhaps the best modern version is given in [Tak95]. Formal proofs are reported in [Hue94, MP93, Pfe92, Sha88] 1 . In this note I outline the innovation given in [Tak95] (and formalized by McKinna [MP93]), and present a further improvement which I believe has not appeared in the literature before. 1.1 Preliminary Definitions Let Rel2 be the class of binary relations, and R; T 2 Rel2 ; we write aRb for (a; b) 2 R . For R 2 Rel2 the transitive reflexive closure of R , wri