Results 1 
5 of
5
Setoids in Type Theory
, 2000
"... Formalising mathematics in dependent type theory often requires to use setoids, i.e. types with an explicit equality relation, as a representation of sets. This paper surveys some possible denitions of setoids and assesses their suitability as a basis for developing mathematics. In particular, we ..."
Abstract

Cited by 30 (4 self)
 Add to MetaCart
Formalising mathematics in dependent type theory often requires to use setoids, i.e. types with an explicit equality relation, as a representation of sets. This paper surveys some possible denitions of setoids and assesses their suitability as a basis for developing mathematics. In particular, we argue that a commonly advocated approach to partial setoids is unsuitable, and more generally that total setoids seem better suited for formalising mathematics. 1
A Formal Executable Semantics of the JavaCard Platform
"... We present a formal executable specification of two crucial JavaCard platform components, namely the Java Card Virtual Machine (JCVM) and the ByteCode Verier (BCV). Moreover, we relate both components by giving a proof of correctness of the ByteCode Verier. Both formalisations and proofs have been m ..."
Abstract

Cited by 16 (0 self)
 Add to MetaCart
We present a formal executable specification of two crucial JavaCard platform components, namely the Java Card Virtual Machine (JCVM) and the ByteCode Verier (BCV). Moreover, we relate both components by giving a proof of correctness of the ByteCode Verier. Both formalisations and proofs have been machinedchecked using the proof assistant Coq.
Constructor subtyping
, 1999
"... Constructor subtyping is a form of subtyping in which an inductive type is viewed as a subtype of another inductive type Ï if Ï has more constructors than. As suggested in [5, 12], its (potential) uses include proof assistants and functional programming languages. In this paper, we introduce and ..."
Abstract

Cited by 7 (3 self)
 Add to MetaCart
Constructor subtyping is a form of subtyping in which an inductive type is viewed as a subtype of another inductive type Ï if Ï has more constructors than. As suggested in [5, 12], its (potential) uses include proof assistants and functional programming languages. In this paper, we introduce and study the properties of a simply typed Î»calculus with record types and datatypes, and which supports record subtyping and constructor subtyping. In the first part of the paper, we show that the calculus is confluent and strongly normalizing. In the second part of the paper, we show that the calculus admits a wellbehaved theory of canonical inhabitants, provided one adopts expansive extensionality rules, includingexpansion, surjective pairing, and a suitable expansion rule for datatypes. Finally, in the third part of the paper, we extend our calculus with unbounded recursion and show that confluence is preserved.
A Compared Study of Two Correctness Proofs for the Standardized Algorithm of ABR Conformance
 Research Report LSV997, Lab. Speci and Veri ENS de
, 1999
"... The ABR conformance protocol is a realtime program that controls dataflow rates on ATM networks. A crucial part of this protocol is the dynamical computation of the expected rate of data cells. We present here a modelling of the corresponding program with its environment, using the notion of (p ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
The ABR conformance protocol is a realtime program that controls dataflow rates on ATM networks. A crucial part of this protocol is the dynamical computation of the expected rate of data cells. We present here a modelling of the corresponding program with its environment, using the notion of (parametric) timed automata. A fundamental property of the service provided by the protocol to the user is expressed in this framework and proved by two different methods. The first proof relies on inductive invariants, and was originally verified using theoremproving assistant Coq. The second proof is based on reachability analysis, and was obtained using modelchecker HyTech. We explain and compare these two proofs in the unified framework of timed automata.
A Compared Study of two Correctness Proofs for the . . .
"... The ABR conformance protocol is a realtime program that controls dataflow rates on ATM networks. A crucial part of this protocol is the dynamical computation of the expected rate of data cells. We present here a modelling of the corresponding program with its environment, using the notion of (p ..."
Abstract
 Add to MetaCart
The ABR conformance protocol is a realtime program that controls dataflow rates on ATM networks. A crucial part of this protocol is the dynamical computation of the expected rate of data cells. We present here a modelling of the corresponding program with its environment, using the notion of (parametric) timed automata. A fundamental property of the service provided by the protocol to the user is expressed in this framework and proved by two different methods. The first proof relies on inductive invariants, and was originally verified using theorem proving assistant Coq. The second proof is based on reachability analysis, and was obtained using modelchecker HyTech. We explain and compare these two proofs in the unified framework of timed automata.