zur Erlangung des akademischen Grades eines genehmigten Dissertation. Doktors der Naturwissenschaften (Dr. rer. nat.) Vorsitzender: Univ.-Prof. Dr. Dr. h.c. Wilfried Brauer

Based on a representation of primitive proof objects as - terms, which has been built into the theorem prover Isabelle recently, we propose a generic framework for program extraction. We show how this framework can be used to extract functional programs from proofs conducted in a constructive fragment of the object logic Isabelle/HOL. A characteristic feature of our implementation of program extraction is that it produces both a program and a correctness proof. Since the extracted program is available as a function within the logic, its correctness proof can be checked automatically inside Isabelle.

Based on the Calculus of Constructions extended with inductive definitions we present a Theory of Specifications with rules for simultaneously constructing programs and their correctness proofs. The theory contains types for representing specifications, whose corresponding notion of implementation is that of a pair formed by a program and a correctness proof. The rules of the theory are such that in implementations the program parts appear mixed together with the proof parts. A reduction relation performs the task of separating programs from proofs. Consequently, every implementation computes to a pair composed of a program and a proof of its correctness, and so the program extraction procedure is immediate. 1

The Theory of Specifications is an extension of the Calculus of Constructions where the specification of a problem, the derivation of a program, and its correctness proof, can all be done within the same formalism. An operational semantics describes the process of extracting a program from a proof of its specification. This has several advantages: from the user's point of view, it simplifies the task of developing correct programs, since it is sufficient to know just one system in order to be able to specify, develop and prove the correction of a program; from the implementation point of view, the fact that the extraction procedure is part of the system allows to control in a finer way its interactions with the rest of the system. In this paper we continue the study of the Theory of Specifications and propose a solution to restore subject reduction and strong normalization. Counterexamples for subject reduction and strong normalization for this theory have been shown in [RS02].