In computer science we speak of implementing a logic; this is done in a programming language, such as Lisp, called here the implementation language. We also reason about the logic, as in understanding how to search for proofs; these arguments are expressed in the metalanguage and conducted in the metalogic of the object language being implemented. We also reason about the implementation itself, say to know it is correct; this is done in a programming logic. How do all these logics relate? This paper considers that question and more. We show that by taking the view that the metalogic is primary, these other parts are related in standard ways. The metalogic should be suitably rich so that the object logic can be presented as an abstract data type, and it must be suitably computational (or constructive) so that an instance of that type is an implementation. The data type abstractly encodes all that is relevant for metareasoning, i.e., not only the term constructing functions but also the...

We describe a proof plan that characterises a family of proofs corresponding to the synthesis of recursive functional programs. This plan provides a significant degree of automation in the construction of recursive programs from specifications, together with correctness proofs. This plan makes use of meta-variables to allow successive refinement of the identity of unknowns, and so allows the program and the proof to be developed hand in hand. We illustrate the plan with parts of a substantial example --- the synthesis of a unification algorithm.

Feferman has proposed a system, FS 0 , as an alternative framework for encoding logics and also for reasoning about those encodings. We have implemented a version of this framework and performed experiments that show that it is practical. Specifically, we describe a formalisation of predicate calculus and the development of an admissible rule that manipulates formulae with bound variables. This application will be of interest to researchers working with frameworks that use mechanisms based on substitution in the lambda calculus to implement variable binding and substitution in the declared logic directly. We suggest that meta-theoretic reasoning, even for a theory using bound variables, is not as difficult as is often supposed, and leads to more powerful ways of reasoning about the encoded theory. x 1 Introduction: why metamathematics? A logical framework is a formal theory that is designed for the purpose of describing other formal theories in a uniform way, and for making the work ...

. There are two ways of reasoning about functional programs in the constructive type theory of the Nuprl proof development system. Nuprl can be used in a conventional program-verification mode, in which functional programs are written in a familiar style and then proven to be correct. It can also be used in an extraction mode, where programs are not written explicitly, but instead are extracted from mathematical proofs. Nuprl is the only constructive type theory to support both of these approaches. These approaches are illustrated by applying Nuprl to Boyer and Moore's "majority" algorithm. 1 Introduction A type system for a functional programming language can be syntactic or semantic. In a syntactically typed language, such as SML 1 [25], typing is a property of the syntax of expressions. Only certain combinations of language constructs are designated "well-typed", and only well-typed expressions are given a meaning. Each well-typed expression has a type which can be derive...

The five lectures at Marktoberdorf on which these notes are based were about the architecture of problem solving environments which use theorem provers. Experience with these systems over the past two decades has shown that the prover must be extensible, yet it must be kept safe. We examine a way to safely add new decision procedures to the Nuprl prover. It relies on a reflection mechanism and is applicable to any tactic-oriented prover with sufficient reflection. The lectures explain reflection in the setting of constructive type theory, the core logic of Nuprl.

In this paper, we take an abstract view of search by describing search procedures via particular kinds of proofs in type theory. We rely on the proofs-as-programs interpretation to extract programs from our proofs. Using these techniques we explore, in depth, a large family of search problems by parameterizing the speci cation of the problem. A constructive proof is presented which has as its computational content a correct search procedure for these problems. We show how a classical extension to an otherwise constructive system can be used to describe a typical use of the nonlocal control operator call/cc. Using the classical typing of nonlocal control we extend our purely constructive proof to incorporate a sophisticated backtracking technique known as ‘con ict-directed backjumping’ (CBJ). A variant of this proof is formalized in Nuprl yielding a correct-by-construction implementation of CBJ. The extracted program has been translated into Scheme and serves as the basis for an implementation of a new solution to the Hamiltonian circuit problem. This paper demonstrates a nontrivial application of the proofs-as-programs paradigm by applying the technique to the derivation of a sophisticated search algorithm; also, it shows the generality of the resulting implementation by demonstrating its application in a new problem

This paper highlights a methodology of Nuprl proof that results in efficient programs that are more readable than those produced by other established methods for extracting programs from proofs. We describe a formal constructive proof of the decidability of a sequent calculus for classical propositional logic. The proof is implemented in the Nuprl system and the resulting proof object yields a "correct-by-construction" program for deciding propositional sequents. If the sequent is valid, the program reports that fact; otherwise, the program returns a counterexample in the form of a falsifying assignment. We employ Kleene's strong three-valued logic to give more informativecounter-examples, it is also shown how this semantics agrees with the standard two-valued presentation.

Abstract not found

Introduction 14.1.1 What is development? Software development encompasses many phases including requirements engineering, specification, design, implementation, verification or testing, and maintenance. In this chapter we concentrate on the intermediate tasks: the transition from requirements specification to verified design and design optimization; in particular techniques for developing correct designs as opposed to ad hoc or a posteriori methods in which a postulated design is later verified or tested. We view software development as the composition of correctness preserving refinement steps. Hence, a development is meaningful relative to a notion of refinement and correctness. There are many such notions (e.g., Chapter 6), each defining a type of problem transformation or reduction. For example specification refinement from a specification SP to SP 0 through a refinement map ae might be defined as co

The topic of this thesis is the extraction of efficient and readable programs from formal constructive proofs of decidability. The proof methods employed to generate the efficient code are new and result in clean and readable Nuprl extracts for two non-trivial programs. They are based on the use of Nuprl's set type and techniques for extracting efficient programs from induction principles. The constructive formal theories required to express the decidability theorems are of independent interest. They formally circumscribe the mathematical knowledge needed to understand the derived algorithms. The formal theories express concepts that are taught at the senior college level. The decidability proofs themselves, depending on this material, are of interest and are presented in some detail. The proof of decidability of classical propositional logic is relative to a semantics based on Kleene's strong three-valued logic. The constructive proof of intuitionistic decidability presented here is the first machine formalization of this proof. The exposition reveals aspects of the Nuprl tactic collection relevant to the creation of readable proofs; clear extracts and efficient code are illustrated in the discussion of the proofs.