Results 1  10
of
17
Inductive datatypes in HOL  lessons learned in FormalLogic Engineering
 Theorem Proving in Higher Order Logics: TPHOLs ’99, LNCS 1690
, 1999
"... Isabelle/HOL has recently acquired new versions of definitional packages for inductive datatypes and primitive recursive functions. In contrast to its predecessors and most other implementations, Isabelle/HOL datatypes may be mutually and indirect recursive, even infinitely branching. We also su ..."
Abstract

Cited by 42 (6 self)
 Add to MetaCart
Isabelle/HOL has recently acquired new versions of definitional packages for inductive datatypes and primitive recursive functions. In contrast to its predecessors and most other implementations, Isabelle/HOL datatypes may be mutually and indirect recursive, even infinitely branching. We also support inverted datatype definitions for characterizing existing types as being inductive ones later. All our constructions are fully definitional according to established HOL tradition. Stepping back from the logical details, we also see this work as a typical example of what could be called "FormalLogic Engineering". We observe that building realistic theorem proving environments involves further issues rather than pure logic only. 1
Abstract predicates and mutable ADTs in Hoare type theory
 In Proc. ESOP’07, volume 4421 of LNCS
, 2007
"... Hoare Type Theory (HTT) combines a dependently typed, higherorder language with monadicallyencapsulated, stateful computations. The type system incorporates pre and postconditions, in a fashion similar to Hoare and Separation Logic, so that programmers can modularly specify the requirements and e ..."
Abstract

Cited by 42 (19 self)
 Add to MetaCart
Hoare Type Theory (HTT) combines a dependently typed, higherorder language with monadicallyencapsulated, stateful computations. The type system incorporates pre and postconditions, in a fashion similar to Hoare and Separation Logic, so that programmers can modularly specify the requirements and effects of computations within types. This paper extends HTT with quantification over abstract predicates (i.e., higherorder logic), thus embedding into HTT the Extended Calculus of Constructions. When combined with the Hoarelike specifications, abstract predicates provide a powerful way to define and encapsulate the invariants of private state; that is, state which may be shared by several functions, but is not accessible to their clients. We demonstrate this power by sketching a number of abstract data types and functions that demand ownership of mutable memory, including an idealized custom memory manager. 1
Complete sequent calculi for induction and infinite descent
 Proceedings of LICS22
, 2007
"... This paper compares two different styles of reasoning with inductively defined predicates, each style being encapsulated by a corresponding sequent calculus proof system. The first system supports traditional proof by induction, with induction rules formulated as sequent rules for introducing induct ..."
Abstract

Cited by 18 (6 self)
 Add to MetaCart
This paper compares two different styles of reasoning with inductively defined predicates, each style being encapsulated by a corresponding sequent calculus proof system. The first system supports traditional proof by induction, with induction rules formulated as sequent rules for introducing inductively defined predicates on the left of sequents. We show this system to be cutfree complete with respect to a natural class of Henkin models; the eliminability of cut follows as a corollary. The second system uses infinite (nonwellfounded) proofs to represent arguments by infinite descent. In this system, the left rules for inductively defined predicates are simple casesplit rules, and an infinitary, global condition on proof trees is required to ensure soundness. We show this system to be cutfree complete with respect to standard models, and again infer the eliminability of cut. The second infinitary system is unsuitable for formal reasoning. However, it has a natural restriction to proofs given by regular trees, i.e. to those proofs representable by finite graphs. This restricted “cyclic ” system subsumes the first system for proof by induction. We conjecture that the two systems are in fact equivalent, i.e., that proof by induction is equivalent to regular proof by infinite descent.
On Equivalents of Wellfoundedness  An experiment in Mizar
, 1998
"... Four statements equivalent to wellfoundedness (wellfounded induction, existence of recursively defined functions, uniqueness of recursively defined functions, and absence of descending omegachains) have been proved in Mizar and the proofs mechanically checked for correctness. It seems not to be w ..."
Abstract

Cited by 13 (3 self)
 Add to MetaCart
Four statements equivalent to wellfoundedness (wellfounded induction, existence of recursively defined functions, uniqueness of recursively defined functions, and absence of descending omegachains) have been proved in Mizar and the proofs mechanically checked for correctness. It seems not to be widely known that the existence (without the uniqueness assumption) of recursively defined functions implies wellfoundedness. In the proof we used regular cardinals, a fairly advanced notion of set theory. The theory of cardinals in Mizar was developed earlier by G. Bancerek. With the current state of the Mizar system, the proofs turned out to be an exercise with only minor additions at the fundamental level. We would like to stress the importance of a systematic development of a mechanized data base for mathematics in the spirit of the QED Project.
A Proof Tool for Reasoning about Functional Programs
 In Proc. 1996 International Workshop on Higher Order Logic Theorem Proving, Lecture Notes in Computer Science 1125
, 1996
"... . This paper describes a system to support reasoning about lazy functional programs. We describe an approach based on combining a deep embedding of the language in HOL and a set of proof tools to raise the level of interaction with the theorem prover. This approach allows metatheoretic reasoning ab ..."
Abstract

Cited by 12 (1 self)
 Add to MetaCart
. This paper describes a system to support reasoning about lazy functional programs. We describe an approach based on combining a deep embedding of the language in HOL and a set of proof tools to raise the level of interaction with the theorem prover. This approach allows metatheoretic reasoning about the semantics and reasoning about undefined programs while still supporting practical reasoning about programs in the language. 1 Introduction It is often claimed that functional programming languages, and in particular pure functional languages, are suitable for formal reasoning. This claim is supported by the fact that many people in the functional programming community do reason about their programs in a formal or semiformal way. Depending on the nature of the problem, different styles of reasoning, such as equational reasoning, induction and coinduction, are used. This paper discusses some of the technical issues involved in constructing a proof tool, using HOL [4], for reasoning ...
Foundational, Compositional (Co)datatypes for HigherOrder Logic  Category Theory Applied to Theorem Proving
"... Higherorder logic (HOL) forms the basis of several popular interactive theorem provers. These follow the definitional approach, reducing highlevel specifications to logical primitives. This also applies to the support for datatype definitions. However, the internal datatype construction used in H ..."
Abstract

Cited by 8 (4 self)
 Add to MetaCart
Higherorder logic (HOL) forms the basis of several popular interactive theorem provers. These follow the definitional approach, reducing highlevel specifications to logical primitives. This also applies to the support for datatype definitions. However, the internal datatype construction used in HOL4, HOL Light, and Isabelle/HOL is fundamentally noncompositional, limiting its efficiency and flexibility, and it does not cater for codatatypes. We present a fully modular framework for constructing (co)datatypes in HOL, with support for mixed mutual and nested (co)recursion. Mixed (co)recursion enables type definitions involving both datatypes and codatatypes, such as the type of finitely branching trees of possibly infinite depth. Our framework draws heavily from category theory. The key notion is that of a rich type constructor—a functor satisfying specific properties preserved by interesting categorical operations. Our ideas are formalized in Isabelle and implemented as a new definitional package, answering a longstanding user request.
On the Representation of Datatypes in Isabelle/HOL
 First Isabelle Users Workshop
, 1995
"... Representation of datatypes is a necessary prerequisite if one wants to proverather than postulate the characteristic theorems of datatypes. This paper introduces two notions of representation functions for types and shows how representations of composed types can be calculated from representations ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
Representation of datatypes is a necessary prerequisite if one wants to proverather than postulate the characteristic theorems of datatypes. This paper introduces two notions of representation functions for types and shows how representations of composed types can be calculated from representations of their constituents. Together with a representation of basic types due to Paulson [6], this provides a basis for the mechanization of datatypes in Isabelle/HOL. 0
A Comparative Study of Coq and HOL
 In Gunter and Felty [GF97
, 1997
"... . This paper illustrates the differences between the style of theory mechanisation of Coq and of HOL. This comparative study is based on the mechanisation of fragments of the theory of computation in these systems. Examples from these implementations are given to support some of the arguments discus ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
. This paper illustrates the differences between the style of theory mechanisation of Coq and of HOL. This comparative study is based on the mechanisation of fragments of the theory of computation in these systems. Examples from these implementations are given to support some of the arguments discussed in this paper. The mechanisms for specifying definitions and for theorem proving are discussed separately, building in parallel two pictures of the different approaches of mechanisation given by these systems. 1 Introduction This paper compares the different theorem proving approaches of the HOL [10] and Coq [5] proof assistants. This comparison is based on a case study involving the mechanisation of parts of the theory of computation in the two systems. This paper does not illustrate these mechanisations but rather discusses the differences between the two systems and backs up certain points by examples taken from the case studies. One motivation of this work is that many users of theo...
Adapting Functional Programs to HigherOrder Logic
"... Abstract. Higherorder logic proof systems combine functional programming with logic, providing functional programmers with a comfortable setting for the formalization of programs, specifications, and proofs. However, a possibly unfamiliar aspect of working in such an environment is that formally es ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
Abstract. Higherorder logic proof systems combine functional programming with logic, providing functional programmers with a comfortable setting for the formalization of programs, specifications, and proofs. However, a possibly unfamiliar aspect of working in such an environment is that formally establishing program termination is necessary. In many cases, termination can be automatically proved, but there are useful programs that diverge and others that always terminate but have difficult termination proofs. We discuss techniques that support the expression of such programs as logical functions. 1.
The HOL Light manual (1.0)
, 1998
"... ion is in a precise sense a converse operation to application. Given 49 50 CHAPTER 5. PRIMITIVE BASIS OF HOL LIGHT a variable x and a term t, which may or may not contain x, one can construct the socalled lambdaabstraction x: t, which means `the function of x that yields t'. (In HOL's ASCII concr ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
ion is in a precise sense a converse operation to application. Given 49 50 CHAPTER 5. PRIMITIVE BASIS OF HOL LIGHT a variable x and a term t, which may or may not contain x, one can construct the socalled lambdaabstraction x: t, which means `the function of x that yields t'. (In HOL's ASCII concrete syntax the backslash is used, e.g. "x. t.) For example, x: x + 1 is the function that adds one to its argument. Abstractions are not often seen in informal mathematics, but they have at least two merits. First, they allow one to write anonymous functionvalued expressions without naming them (occasionally one sees x 7! t[x] used for this purpose), and since our logic is avowedly higher order, it's desirable to place functions on an equal footing with firstorder objects in this way. Secondly, they make variable dependencies and binding explicit; by contrast in informal mathematics one often writes f(x) in situations where one really means x: f(x). We should give some idea of how ordinary...