Most general purpose proof assistants support versions of typed higher order logic. Experience has shown that these logics are capable of representing most of the mathematical models needed in Computer Science. However, perhaps there exist applications where ZF-style set theory is more natural, or even necessary. Examples may include Scott's classical inverse-limit construction of a model of the untyped - calculus (D1 ) and the semantics of parts of the Z specification notation. This paper

Set theory is the standard foundation for mathematics, but the majority of general purpose mechanised proof assistants support versions of type theory (higher order logic). Examples include Alf, Automath, Coq, EHDM, HOL, IMPS, LAMBDA, LEGO, Nuprl, PVS and Veritas. For many applications type theory works well and provides, for specification, the benefits of type-checking that are well-known in programming. However, there are areas where types get in the way or seem unmotivated. Furthermore, most people with a scientific or engineering background already know set theory, whereas type theory may appear inaccessable and so be an obstacle to the uptake of proof assistants based on it. This paper describes some experiments (using HOL) in combining set theory and type theory; the aim is to get the best of both worlds in a single system. Three approaches have been tried, all based on an axiomatically specified type V of ZF-like sets: (i) HOL is used without any additions besides V; (ii) an emb...

Often, calculi for manipulating and reasoning about programs can be recast as calculi for synthesizing programs. The difference involves often only a slight shift of perspective: admitting metavariables into proofs. We propose that such calculi should be implemented in logical frameworks that support this kind of proof construction and that such an implementation can unify program verification and synthesis. Our proposal is illustrated with a worked example developed in Paulson's Isabelle system. We also give examples of existent calculi that are closely related to the methodology we are proposing and others that can be profitably recast using our approach.

. Formal Synthesis is a methodology developed at Kent for combining circuit design and verification, where a circuit is constructed from a proof that it meets a given formal specification. We have reinterpreted this methodology in Isabelle's theory of higher-order logic so that circuits are incrementally built during proofs using higher-order resolution. Our interpretation simplifies and extends Formal Synthesis both conceptually and in implementation. It also supports integration of this development style with other proof-based synthesis methodologies and leads to techniques for developing new classes of circuits, e.g., recursive descriptions of parametric designs. Keywords: Hardware verification and synthesis, theorem proving, higher-order logic, higherorder unification. 1. Introduction Verification by formal proof is time intensive and this is a burden in bringing formal methods into software and hardware design. One approach to reducing the verification burden is to combine develop...

. The majority of general purpose mechanised proof assistants support versions of typed higher order logic, even though set theory is the standard foundation for mathematics. For many applications higher order logic works well and provides, for specification, the benefits of type-checking that are well-known in programming. However, there are areas where types get in the way or seem unmotivated. Furthermore, most people with a scientific or engineering background already know set theory, but not higher order logic. This paper discusses some approaches to getting the best of both worlds: the expressiveness and standardness of set theory with the efficient treatment of functions provided by typed higher order logic. 1 Introduction Higher order logic is a successful and popular formalism for computer assisted reasoning. Proof systems based on higher order logic include ALF [18], Automath [20], Coq [9], EHDM [19], HOL [13], IMPS [10], LAMBDA [11], LEGO [17], Nuprl [6], PVS [22]...

For certain kinds of applications of type theories, the faithfulness of formalization in the theory depends on intensional, or structural, properties of objects constructed in the theory. For type theories such as LF, such properties can be established via an analysis of normal forms and types. In type theories such as Nuprl or Martin-Lof's polymorphic type theory, which are much more expressive than LF, the underlying programming language is essentially untyped, and terms proved to be in types do not necessarily have normal forms. Nevertheless, it is possible to show that for Martin-Lof's type theory, and a large class of extensions of it, a sufficient kind of normalization property does in fact hold in certain well-behaved subtheories. Applications of our results include the use of the type theory as a logical framework in the manner of LF, and an extension of the proofs-as-programs paradigm to the synthesis of verified computer hardware. For the latter application we point out some ...

Veritas is a design logic that provides dependent types and subtypes. It is implemented within the functional programming language Haskell. Interesting aspects of this implementation, in particular those relating to dependent types, to the representation of terms and signatures, to syntactic variants (controlled by attributes) and to a concrete notation for derivations are discussed.

Reproduction of all or part of this work is permitted for educational or research use on condition that this copyright notice is included in any copy. See back inner page for a list of recent publications in the BRICS Report Series. Copies may be obtained by contacting: BRICS

this report, we consider digital circuits. Describing circuits as mathematical objects corresponds to construct accurate formal specifications of these circuits on which it becomes possible to prove correctness properties. From this point of view, formal verification of circuits amounts to develop a proof which states that the representation of the circuit under consideration (structural specification) satisfies the representation of its intended behaviour (behavioural specification) that is to say what one expects from the circuit to be correct. In other words, establishing the correctness of a circuit is proving that its implementation is equivalent (or at least implies) its specification.

This 2-year project description is part of the Digital Design Derivation Project of the Hardware Methods Laboratory, Computer Science Department, Indiana University.