Results 1 
6 of
6
Dependently Typed Functional Programs and their Proofs
, 1999
"... Research in dependent type theories [ML71a] has, in the past, concentrated on its use in the presentation of theorems and theoremproving. This thesis is concerned mainly with the exploitation of the computational aspects of type theory for programming, in a context where the properties of programs ..."
Abstract

Cited by 70 (13 self)
 Add to MetaCart
Research in dependent type theories [ML71a] has, in the past, concentrated on its use in the presentation of theorems and theoremproving. This thesis is concerned mainly with the exploitation of the computational aspects of type theory for programming, in a context where the properties of programs may readily be specified and established. In particular, it develops technology for programming with dependent inductive families of datatypes and proving those programs correct. It demonstrates the considerable advantage to be gained by indexing data structures with pertinent characteristic information whose soundness is ensured by typechecking, rather than human effort. Type theory traditionally presents safe and terminating computation on inductive datatypes by means of elimination rules which serve as induction principles and, via their associated reduction behaviour, recursion operators [Dyb91]. In the programming language arena, these appear somewhat cumbersome and give rise to unappealing code, complicated by the inevitable interaction between case analysis on dependent types and equational reasoning on their indices which must appear explicitly in the terms. Thierry Coquand’s proposal [Coq92] to equip type theory directly with the kind of
Termination of Nested and Mutually Recursive Algorithms
, 1996
"... This paper deals with automated termination analysis for functional programs. Previously developed methods for automated termination proofs of functional programs often fail for algorithms with nested recursion and they cannot handle algorithms with mutual recursion. We show that termination proofs ..."
Abstract

Cited by 39 (9 self)
 Add to MetaCart
This paper deals with automated termination analysis for functional programs. Previously developed methods for automated termination proofs of functional programs often fail for algorithms with nested recursion and they cannot handle algorithms with mutual recursion. We show that termination proofs for nested and mutually recursive algorithms can be performed without having to prove the correctness of the algorithms simultaneously. Using this result, nested and mutually recursive algorithms do no longer constitute a special problem and the existing methods for automated termination analysis can be extended to nested and mutual recursion in a straightforward way. We give some examples of algorithms whose termination can now be proved automatically (including wellknown challenge problems such as McCarthy's f_91 function).
Using Symbolic Execution for Verifying SafetyCritical Systems
, 2001
"... Safety critical systems require to be highly reliable and thus special care is taken when verifying them in order to increase the confidence in their behavior. This paper addresses the problem of formal verification of safety critical systems by providing empirical evidence of the practical applicab ..."
Abstract

Cited by 37 (0 self)
 Add to MetaCart
Safety critical systems require to be highly reliable and thus special care is taken when verifying them in order to increase the confidence in their behavior. This paper addresses the problem of formal verification of safety critical systems by providing empirical evidence of the practical applicability of symbolic execution and of its usefulness for checking safetyrelated properties. In this paper, symbolic execution is used for building an operational model of the software on which safety properties, expressed by means of a Path Description Language (PDL), can be assessed.
On Automating Inductive and NonInductive Termination Methods
, 1999
"... . The Coq and ProPre systems show the automated termination of a recursive function by first constructing a tree associated with the specification of the function which satisfies a notion of terminal property and then verifying that this construction process is formally correct. However, those two ..."
Abstract

Cited by 4 (2 self)
 Add to MetaCart
. The Coq and ProPre systems show the automated termination of a recursive function by first constructing a tree associated with the specification of the function which satisfies a notion of terminal property and then verifying that this construction process is formally correct. However, those two steps strongly depend on inductive principles and hence Coq and ProPre can only deal with the termination proofs that are inductive. There are however many functions for which the termination proofs are noninductive. In this article, we attempt to extend the class of functions whose proofs can be done automatically `a la Coq and ProPre to a larger class including functions whose termination proofs are not inductive. We do this by extending the terminal property notion and replacing the verification step above by one that searches for a decreasing measure which can be used to establish the termination of the function. 1 Introduction Termination is an important property in the verification ...
TYPE THEORY AND FUNCTIONAL PROGRAMMING A WORK PROPOSAL Gustavo Betarte
"... We propose a series of work areas related to type theory and functional programming. By type theory we mean the formulation of MartinLof's set theory using the theory of types as logical framework, extended with record types and subtyping. The areas presented are: the implementation of an environme ..."
Abstract
 Add to MetaCart
We propose a series of work areas related to type theory and functional programming. By type theory we mean the formulation of MartinLof's set theory using the theory of types as logical framework, extended with record types and subtyping. The areas presented are: the implementation of an environment for carrying out constructions in type theory, the systematic development of programming in type theory as a formal discipline and the formalization in type theory of the theory of functional programming languages. We also give a succint introduction to a theory of specifications and programs in which programs and their correctness proofs are separated but still can be built up simultaneously; we propose the implementation of a programming system for this theory too. The group of people presenting this work proposal is defined by their common interest to work together in at least one of the areas proposed. There will be people working in each of these areas in the Plata region. 1. Introdu...
Automating Inversion of Inductive Predicates in Coq
 In BRA Workshop on Types for Proofs and Programs
, 1995
"... . An inductive definition of a set is often informally presented by giving some rules that explain how to build the elements of the set. The closure property states that any object is in the set if and only if it has been generated according to the formation rules. This is enough to justify case ..."
Abstract
 Add to MetaCart
. An inductive definition of a set is often informally presented by giving some rules that explain how to build the elements of the set. The closure property states that any object is in the set if and only if it has been generated according to the formation rules. This is enough to justify case analysis reasoning: we can read the formation rules backwards to derive the necessary conditions for a given instance to hold. The problem of inversion consists in finding out these conditions. In this paper we address the problem of deriving inversion lemmas in logical frameworks based on Type Theory that have been extended with inductive definitions at the primitive level. These frameworks associate to each inductive definition a case analysis principle corresponding to the closure property. In this formal context, inversion lemmas can be seen as derived case analysis principles. Though they are intuitively simple they are curiously hard to formalize. We relate first inversion to co...