Results 1 
8 of
8
The Theory of LEGO  A Proof Checker for the Extended Calculus of Constructions
, 1994
"... LEGO is a computer program for interactive typechecking in the Extended Calculus of Constructions and two of its subsystems. LEGO also supports the extension of these three systems with inductive types. These type systems can be viewed as logics, and as meta languages for expressing logics, and LEGO ..."
Abstract

Cited by 69 (10 self)
 Add to MetaCart
(Show Context)
LEGO is a computer program for interactive typechecking in the Extended Calculus of Constructions and two of its subsystems. LEGO also supports the extension of these three systems with inductive types. These type systems can be viewed as logics, and as meta languages for expressing logics, and LEGO is intended to be used for interactively constructing proofs in mathematical theories presented in these logics. I have developed LEGO over six years, starting from an implementation of the Calculus of Constructions by G erard Huet. LEGO has been used for problems at the limits of our abilities to do formal mathematics. In this thesis I explain some aspects of the metatheory of LEGO's type systems leading to a machinechecked proof that typechecking is decidable for all three type theories supported by LEGO, and to a verified algorithm for deciding their typing judgements, assuming only that they are normalizing. In order to do this, the theory of Pure Type Systems (PTS) is extended and f...
Enhancing the Nuprl Proof Development System and Applying it to Computational Abstract Algebra
, 1995
"... This thesis describes substantial enhancements that were made to the software tools in the Nuprl system that are used to interactively guide the production of formal proofs. Over 20,000 lines of code were written for these tools. Also, a corpus of formal mathematics was created that consists of rou ..."
Abstract

Cited by 46 (4 self)
 Add to MetaCart
This thesis describes substantial enhancements that were made to the software tools in the Nuprl system that are used to interactively guide the production of formal proofs. Over 20,000 lines of code were written for these tools. Also, a corpus of formal mathematics was created that consists of roughly 500 definitions and 1300 theorems. Much of this material is of a foundational nature and supports all current work in Nuprl. This thesis concentrates on describing the half of this corpus that is concerned with abstract algebra and that covers topics central to the mathematics of the co...
Setoids in Type Theory
, 2000
"... Formalising mathematics in dependent type theory often requires to use setoids, i.e. types with an explicit equality relation, as a representation of sets. This paper surveys some possible denitions of setoids and assesses their suitability as a basis for developing mathematics. In particular, we ..."
Abstract

Cited by 31 (4 self)
 Add to MetaCart
Formalising mathematics in dependent type theory often requires to use setoids, i.e. types with an explicit equality relation, as a representation of sets. This paper surveys some possible denitions of setoids and assesses their suitability as a basis for developing mathematics. In particular, we argue that a commonly advocated approach to partial setoids is unsuitable, and more generally that total setoids seem better suited for formalising mathematics. 1
A machinechecked formalization of the generic model and the random oracle model
 in Proceedings of IJCAR’04, vol. 3097, Lecture Notes in Computer Science
"... Abstract. Most approaches to the formal analyses of cryptographic protocols make the perfect cryptography assumption, i.e. the hypothese that there is no way to obtain knowledge about the plaintext pertaining to a ciphertext without knowing the key. Ideally, one would prefer to rely on a weaker hypo ..."
Abstract

Cited by 22 (5 self)
 Add to MetaCart
(Show Context)
Abstract. Most approaches to the formal analyses of cryptographic protocols make the perfect cryptography assumption, i.e. the hypothese that there is no way to obtain knowledge about the plaintext pertaining to a ciphertext without knowing the key. Ideally, one would prefer to rely on a weaker hypothesis on the computational cost of gaining information about the plaintext pertaining to a ciphertext without knowing the key. Such a view is permitted by the Generic Model and the Random Oracle Model which provide nonstandard computational models in which one may reason about the computational cost of breaking a cryptographic scheme. Using the proof assistant Coq, we provide a machinechecked account of the Generic Model and the Random Oracle Model. 1
A Verified Typechecker
 PROCEEDINGS OF THE SECOND INTERNATIONAL CONFERENCE ON TYPED LAMBDA CALCULI AND APPLICATIONS, VOLUME 902 OF LECTURE NOTES IN COMPUTER SCIENCE
, 1995
"... ..."
Some Algorithmic and ProofTheoretical Aspects of Coercive Subtyping
 In Proceedings of TYPES'96, Lecture Notes in Computer Science
, 1996
"... . Coercive subtyping offers a conceptually simple but powerful framework to understand subtyping and subset relationships in type theory. In this paper we study some of its prooftheoretic and computational properties. 1 Introduction Coercive subtyping, as first introduced in [Luo96], offers a conc ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
. Coercive subtyping offers a conceptually simple but powerful framework to understand subtyping and subset relationships in type theory. In this paper we study some of its prooftheoretic and computational properties. 1 Introduction Coercive subtyping, as first introduced in [Luo96], offers a conceptually simple but powerful framework to understand subtyping and subset relationships in type theories with sophisticated type structures such as dependent types, inductive types, and type universes. A basic idea behind coercive subtyping is that subtyping provides a powerful mechanism for notational abbreviation in type theory. If A is a subtype of B given by a specified coercion function, an object of type A can be regarded as an object of type B, that is, its image via the coercion function, and hence objects of a subtype can be used as abbreviations for objects of a supertype. With coercive subtyping, this abbreviational mechanism is formally treated at the level of the logical framewo...
DOI: 10.1017/S0956796802004501 Printed in the United Kingdom Setoids in type theory
"... Formalising mathematics in dependent type theory often requires to represent sets as setoids, i.e. types with an explicit equality relation. This paper surveys some possible definitions of setoids and assesses their suitability as a basis for developing mathematics. According to whether the equality ..."
Abstract
 Add to MetaCart
(Show Context)
Formalising mathematics in dependent type theory often requires to represent sets as setoids, i.e. types with an explicit equality relation. This paper surveys some possible definitions of setoids and assesses their suitability as a basis for developing mathematics. According to whether the equality relation is required to be reflexive or not we have total or partial setoid, respectively. There is only one definition of total setoid, but four different definitions of partial setoid, depending on four different notions of setoid function. We prove that one approach to partial setoids in unsuitable, and that the other approaches can be divided in two classes of equivalence. One class contains definitions of partial setoids that are equivalent to total setoids; the other class contains an inherently different definition, that has been useful in the modeling of type systems. We also provide some elements of discussion on the merits of each approach from the viewpoint of formalizing mathematics. In particular, we exhibit a difficulty with the common definition of subsetoids in the partial setoid approach. 1