Results 11  20
of
70
μJava: Embedding a Programming Language in a Theorem Prover
 Foundations of Secure Computation, volume 175 of NATO Science Series F: Computer and Systems Sciences
, 2000
"... . This paper introduces the subset Java of Java, essentially by omitting everything but classes. The type system and semantics of this language (and a corresponding abstract Machine JVM) are formalized in the theorem prover Isabelle/HOL. Type safety both of Java and the JVM are mechanically veri ..."
Abstract

Cited by 13 (0 self)
 Add to MetaCart
. This paper introduces the subset Java of Java, essentially by omitting everything but classes. The type system and semantics of this language (and a corresponding abstract Machine JVM) are formalized in the theorem prover Isabelle/HOL. Type safety both of Java and the JVM are mechanically verified. To make the paper selfcontained, it begins with introductions to Isabelle/HOL and the art of embedding languages in theorem provers. 1 Introduction Embedding a programming language in a theorem prover means to describe (parts of) the language in the logic of the theorem prover, for example the abstract syntax, the semantics, the type system, a Hoare logic, a compiler, etc. One could call this applied machinechecked semantics. Why should we want to do this? We have to distinguish two possible applications: ffl Proving theorems about programs. This is usually called program analysis or verification and will not concern us very much in this paper. ffl Proving theorems about the pr...
The Implicit Calculus of Constructions  Extending Pure Type Systems with an Intersection Type Binder and Subtyping
 Proc. of 5th Int. Conf. on Typed Lambda Calculi and Applications, TLCA'01, Krakow
, 2001
"... In this paper, we introduce a new type system, the Implicit Calculus of Constructions, which is a Currystyle variant of the Calculus of Constructions that we extend by adding an intersection type binder called the implicit dependent product. Unlike the usual approach of Type Assignment Systems ..."
Abstract

Cited by 13 (0 self)
 Add to MetaCart
In this paper, we introduce a new type system, the Implicit Calculus of Constructions, which is a Currystyle variant of the Calculus of Constructions that we extend by adding an intersection type binder called the implicit dependent product. Unlike the usual approach of Type Assignment Systems, the implicit product can be used at every place in the universe hierarchy. We study syntactical properties of this calculus such as the subject reduction property, and we show that the implicit product induces a rich subtyping relation over the type system in a natural way. We also illustrate the specicities of this calculus by revisitting the impredicative encodings of the Calculus of Constructions, and we show that their translation into the implicit calculus helps to reect the computational meaning of the underlying terms in a more accurate way.
Proof of Imperative Programs in Type Theory
, 1998
"... We present a new approach to certifying functional programs with imperative aspects, in the context of Type Theory. The key is a functional translation of imperative programs, based on a combination of the type and effect discipline and monads. Then an incomplete proof of the specification is built ..."
Abstract

Cited by 12 (2 self)
 Add to MetaCart
We present a new approach to certifying functional programs with imperative aspects, in the context of Type Theory. The key is a functional translation of imperative programs, based on a combination of the type and effect discipline and monads. Then an incomplete proof of the specification is built in the Type Theory, whose gaps would correspond to proof obligations. On sequential imperative programs, we get the same proof obligations as those given by FloydHoare logic. Compared to the latter, our approach also includes functional constructions in a straightforward way. This work has been implemented in the Coq Proof Assistant and applied on nontrivial examples.
Reflecting BDDs in Coq
 IN ASIAN'2000
, 2000
"... We describe an implementation and a proof of correctness of binary decision diagrams (BDDs), completely formalized in Coq. This allows us to run BDDbased algorithms inside Coq and paves the way for a smooth integration of symbolic model checking in the Coq proof assistant by using reflection. I ..."
Abstract

Cited by 12 (2 self)
 Add to MetaCart
We describe an implementation and a proof of correctness of binary decision diagrams (BDDs), completely formalized in Coq. This allows us to run BDDbased algorithms inside Coq and paves the way for a smooth integration of symbolic model checking in the Coq proof assistant by using reflection. It also gives us, by Coq's extraction mechanism, certified BDD algorithms implemented in Caml. We also implement and prove correct a garbage collector for our implementation of BDDs inside Coq. Our experiments show that this approach works in practice, and is able to solve both relatively hard propositional problems and actual industrial hardware verification tasks.
A FaultTolerant Directory Service for Mobile Agents based on Forwarding Pointers
 In The 17th ACM Symposium on Applied Computing (SAC'2002)  Track on Agents, Interactions, Mobility and Systems
, 2002
"... A reliable communication layer is an essential component of a mobile agent system. We present a new faulttolerant directory service for mobile agents, which can be used to route messages to them. The directory service, based on a terhn~que of forwarding pointers, introduces some redundancy in orde ..."
Abstract

Cited by 12 (4 self)
 Add to MetaCart
A reliable communication layer is an essential component of a mobile agent system. We present a new faulttolerant directory service for mobile agents, which can be used to route messages to them. The directory service, based on a terhn~que of forwarding pointers, introduces some redundancy in order to ensure resilience to stopping failures of nodes contaln~g forwarding pointers; in addition, it avoids cyclic routing of messages, and it supports a technique to collapse chains of pointers that allows direct communications between agents. We have formalised the algorithm and derived a]uil ~ mechanical proof of its correctness using the proof assistant Coq; we report on our experience of designLug the algorithm and deriving its proof of correctness. The complete source code of the proof is made aveglable f~om the WWW. 1.
Programming With Types
 CORNELL UNIVERSITY
, 2002
"... Runtime type analysis is an increasingly important linguistic mechanism in modern programming languages. Language runtime systems use it to implement services such as accurate garbage collection, serialization, cloning and structural equality. Component frameworks rely on it to provide reflection m ..."
Abstract

Cited by 11 (1 self)
 Add to MetaCart
Runtime type analysis is an increasingly important linguistic mechanism in modern programming languages. Language runtime systems use it to implement services such as accurate garbage collection, serialization, cloning and structural equality. Component frameworks rely on it to provide reflection mechanisms so they may discover and interact with program interfaces dynamically. Runtime type analysis is also crucial for large, distributed systems that must be dynamically extended, because it allows those systems to check program invariants when new code and new forms of data are added. Finally, many generic userlevel algorithms for iteration, pattern matching, and unification can be defined through type analysis mechanisms. However, existing frameworks for runtime type analysis were designed for simple type systems. They do not scale well to the sophisticated type systems of modern and nextgeneration programming languages that include complex constructs such as firstclass abstract types, recursive types, objects, and type parameterization. In addition, facilities to support type analysis often require complicated
Program Extraction in simplytyped Higher Order Logic
 Types for Proofs and Programs (TYPES 2002), LNCS 2646
, 2002
"... Based on a representation of primitive proof objects as  terms, which has been built into the theorem prover Isabelle recently, we propose a generic framework for program extraction. We show how this framework can be used to extract functional programs from proofs conducted in a constructive fr ..."
Abstract

Cited by 9 (2 self)
 Add to MetaCart
Based on a representation of primitive proof objects as  terms, which has been built into the theorem prover Isabelle recently, we propose a generic framework for program extraction. We show how this framework can be used to extract functional programs from proofs conducted in a constructive fragment of the object logic Isabelle/HOL. A characteristic feature of our implementation of program extraction is that it produces both a program and a correctness proof. Since the extracted program is available as a function within the logic, its correctness proof can be checked automatically inside Isabelle.
ProofTerm Synthesis on Dependenttype Systems via Explicit Substitutions
, 1999
"... Typed #terms are used as a compact and linear representation of proofs in intuitionistic logic. This is possible since the CurryHoward isomorphism relates proof trees with typed #terms. The proofsasterms principle can be used to check a proof by type checking the #term extracted from the compl ..."
Abstract

Cited by 8 (1 self)
 Add to MetaCart
Typed #terms are used as a compact and linear representation of proofs in intuitionistic logic. This is possible since the CurryHoward isomorphism relates proof trees with typed #terms. The proofsasterms principle can be used to check a proof by type checking the #term extracted from the complete proof tree. However, proof trees and typed #terms are built differently. Usually, an auxiliary representation of unfinished proofs is needed, where type checking is possible only on complete proofs. In this paper we present a proof synthesis method for dependenttype systems where typed open terms are built incrementally at the same time as proofs are done. This way, every construction step, not just the last one, may be type checked. The method is based on a suitable calculus where substitutions as well as metavariables are firstclass objects.
Coq Tacticals and PVS Strategies: A SmallStep Semantics
 in: Design and Application of Strategies/Tactics in Higher Order Logics
, 2003
"... ..."
Mathematics and Proof Presentation in Pcoq
 IN: PROCEEDINGS OF PROOF TRANSFORMATION AND PRESENTATION AND PROOF COMPLEXITIES (PTP’01
, 2001
"... PCOQ is the latest product in a decadelong effort to produce graphical userinterfaces for proof systems. It inherits many characteristics from the previous CTCOQ system... ..."
Abstract

Cited by 7 (1 self)
 Add to MetaCart
PCOQ is the latest product in a decadelong effort to produce graphical userinterfaces for proof systems. It inherits many characteristics from the previous CTCOQ system...