Results 11  20
of
99
μJava: Embedding a Programming Language in a Theorem Prover
 Foundations of Secure Computation, volume 175 of NATO Science Series F: Computer and Systems Sciences
, 2000
"... . This paper introduces the subset Java of Java, essentially by omitting everything but classes. The type system and semantics of this language (and a corresponding abstract Machine JVM) are formalized in the theorem prover Isabelle/HOL. Type safety both of Java and the JVM are mechanically veri ..."
Abstract

Cited by 14 (0 self)
 Add to MetaCart
. This paper introduces the subset Java of Java, essentially by omitting everything but classes. The type system and semantics of this language (and a corresponding abstract Machine JVM) are formalized in the theorem prover Isabelle/HOL. Type safety both of Java and the JVM are mechanically verified. To make the paper selfcontained, it begins with introductions to Isabelle/HOL and the art of embedding languages in theorem provers. 1 Introduction Embedding a programming language in a theorem prover means to describe (parts of) the language in the logic of the theorem prover, for example the abstract syntax, the semantics, the type system, a Hoare logic, a compiler, etc. One could call this applied machinechecked semantics. Why should we want to do this? We have to distinguish two possible applications: ffl Proving theorems about programs. This is usually called program analysis or verification and will not concern us very much in this paper. ffl Proving theorems about the pr...
A FaultTolerant Directory Service for Mobile Agents based on Forwarding Pointers
 In The 17th ACM Symposium on Applied Computing (SAC'2002)  Track on Agents, Interactions, Mobility and Systems
, 2002
"... A reliable communication layer is an essential component of a mobile agent system. We present a new faulttolerant directory service for mobile agents, which can be used to route messages to them. The directory service, based on a terhn~que of forwarding pointers, introduces some redundancy in orde ..."
Abstract

Cited by 13 (4 self)
 Add to MetaCart
(Show Context)
A reliable communication layer is an essential component of a mobile agent system. We present a new faulttolerant directory service for mobile agents, which can be used to route messages to them. The directory service, based on a terhn~que of forwarding pointers, introduces some redundancy in order to ensure resilience to stopping failures of nodes contaln~g forwarding pointers; in addition, it avoids cyclic routing of messages, and it supports a technique to collapse chains of pointers that allows direct communications between agents. We have formalised the algorithm and derived a]uil ~ mechanical proof of its correctness using the proof assistant Coq; we report on our experience of designLug the algorithm and deriving its proof of correctness. The complete source code of the proof is made aveglable f~om the WWW. 1.
Reflecting BDDs in Coq
 IN ASIAN'2000
, 2000
"... We describe an implementation and a proof of correctness of binary decision diagrams (BDDs), completely formalized in Coq. This allows us to run BDDbased algorithms inside Coq and paves the way for a smooth integration of symbolic model checking in the Coq proof assistant by using reflection. I ..."
Abstract

Cited by 13 (2 self)
 Add to MetaCart
We describe an implementation and a proof of correctness of binary decision diagrams (BDDs), completely formalized in Coq. This allows us to run BDDbased algorithms inside Coq and paves the way for a smooth integration of symbolic model checking in the Coq proof assistant by using reflection. It also gives us, by Coq's extraction mechanism, certified BDD algorithms implemented in Caml. We also implement and prove correct a garbage collector for our implementation of BDDs inside Coq. Our experiments show that this approach works in practice, and is able to solve both relatively hard propositional problems and actual industrial hardware verification tasks.
The Implicit Calculus of Constructions  Extending Pure Type Systems with an Intersection Type Binder and Subtyping
 Proc. of 5th Int. Conf. on Typed Lambda Calculi and Applications, TLCA'01, Krakow
, 2001
"... In this paper, we introduce a new type system, the Implicit Calculus of Constructions, which is a Currystyle variant of the Calculus of Constructions that we extend by adding an intersection type binder called the implicit dependent product. Unlike the usual approach of Type Assignment Systems ..."
Abstract

Cited by 13 (0 self)
 Add to MetaCart
(Show Context)
In this paper, we introduce a new type system, the Implicit Calculus of Constructions, which is a Currystyle variant of the Calculus of Constructions that we extend by adding an intersection type binder called the implicit dependent product. Unlike the usual approach of Type Assignment Systems, the implicit product can be used at every place in the universe hierarchy. We study syntactical properties of this calculus such as the subject reduction property, and we show that the implicit product induces a rich subtyping relation over the type system in a natural way. We also illustrate the specicities of this calculus by revisitting the impredicative encodings of the Calculus of Constructions, and we show that their translation into the implicit calculus helps to reect the computational meaning of the underlying terms in a more accurate way.
A Proof Planning Framework for Isabelle
, 2005
"... Proof planning is a paradigm for the automation of proof that focuses on encoding intelligence to guide the proof process. The idea is to capture common patterns of reasoning which can be used to derive abstract descriptions of proofs known as proof plans. These can then be executed to provide fully ..."
Abstract

Cited by 13 (9 self)
 Add to MetaCart
Proof planning is a paradigm for the automation of proof that focuses on encoding intelligence to guide the proof process. The idea is to capture common patterns of reasoning which can be used to derive abstract descriptions of proofs known as proof plans. These can then be executed to provide fully formal proofs. This thesis concerns the development and analysis of a novel approach to proof planning that focuses on an explicit representation of choices during search. We embody our approach as a proof planner for the generic proof assistant Isabelle and use the Isar language, which is humanreadable and machinecheckable, to represent proof plans. Within this framework we develop an inductive theorem prover as a case study of our approach to proof planning. Our prover uses the difference reduction heuristic known as rippling to automate the step cases of the inductive proofs. The development of a flexible approach to rippling that supports its various modifications and extensions is the second major focus of this thesis. Here, our inductive theorem prover provides a context in which to evaluate rippling experimentally. This work results in an efficient and powerful inductive theorem prover for Isabelle as well as proposals for further improving the efficiency of rippling. We also draw observations in order
Programming With Types
 CORNELL UNIVERSITY
, 2002
"... Runtime type analysis is an increasingly important linguistic mechanism in modern programming languages. Language runtime systems use it to implement services such as accurate garbage collection, serialization, cloning and structural equality. Component frameworks rely on it to provide reflection m ..."
Abstract

Cited by 11 (1 self)
 Add to MetaCart
Runtime type analysis is an increasingly important linguistic mechanism in modern programming languages. Language runtime systems use it to implement services such as accurate garbage collection, serialization, cloning and structural equality. Component frameworks rely on it to provide reflection mechanisms so they may discover and interact with program interfaces dynamically. Runtime type analysis is also crucial for large, distributed systems that must be dynamically extended, because it allows those systems to check program invariants when new code and new forms of data are added. Finally, many generic userlevel algorithms for iteration, pattern matching, and unification can be defined through type analysis mechanisms. However, existing frameworks for runtime type analysis were designed for simple type systems. They do not scale well to the sophisticated type systems of modern and nextgeneration programming languages that include complex constructs such as firstclass abstract types, recursive types, objects, and type parameterization. In addition, facilities to support type analysis often require complicated
Mathematics and Proof Presentation in Pcoq
 IN: PROCEEDINGS OF PROOF TRANSFORMATION AND PRESENTATION AND PROOF COMPLEXITIES (PTP’01
, 2001
"... PCOQ is the latest product in a decadelong effort to produce graphical userinterfaces for proof systems. It inherits many characteristics from the previous CTCOQ system... ..."
Abstract

Cited by 9 (1 self)
 Add to MetaCart
(Show Context)
PCOQ is the latest product in a decadelong effort to produce graphical userinterfaces for proof systems. It inherits many characteristics from the previous CTCOQ system...
Program Extraction in simplytyped Higher Order Logic
 Types for Proofs and Programs (TYPES 2002), LNCS 2646
, 2002
"... Based on a representation of primitive proof objects as  terms, which has been built into the theorem prover Isabelle recently, we propose a generic framework for program extraction. We show how this framework can be used to extract functional programs from proofs conducted in a constructive fr ..."
Abstract

Cited by 9 (2 self)
 Add to MetaCart
(Show Context)
Based on a representation of primitive proof objects as  terms, which has been built into the theorem prover Isabelle recently, we propose a generic framework for program extraction. We show how this framework can be used to extract functional programs from proofs conducted in a constructive fragment of the object logic Isabelle/HOL. A characteristic feature of our implementation of program extraction is that it produces both a program and a correctness proof. Since the extracted program is available as a function within the logic, its correctness proof can be checked automatically inside Isabelle.
VeriML: Typed computation of logical terms inside a language with effects
, 2010
"... Modern proof assistants such as Coq and Isabelle provide high degrees of expressiveness and assurance because they support formal reasoning in higherorder logic and supply explicit machinecheckable proof objects. Unfortunately, large scale proof development in these proof assistants is still an ex ..."
Abstract

Cited by 8 (1 self)
 Add to MetaCart
Modern proof assistants such as Coq and Isabelle provide high degrees of expressiveness and assurance because they support formal reasoning in higherorder logic and supply explicit machinecheckable proof objects. Unfortunately, large scale proof development in these proof assistants is still an extremely difficult and timeconsuming task. One major weakness of these proof assistants is the lack of a single language where users can develop complex tactics and decision procedures using a rich programming model and in a typeful manner. This limits the scalability of the proof development process, as users avoid developing domainspecific tactics and decision procedures. In this paper, we present VeriML—a novel language design that couples a typesafe effectful computational language with firstclass support for manipulating logical terms such as propositions and proofs. The main idea behind our design is to integrate a rich logical framework—similar to the one supported by Coq—inside a computational language inspired by ML. The language design is such that the added features are orthogonal to the rest of the computational language, and also do not require significant additions to the logic language, so soundness is guaranteed. We have built a prototype implementation of VeriML including both its typechecker and an interpreter. We demonstrate the effectiveness of our design by showing a number of typesafe tactics and decision procedures written in VeriML.
ProofTerm Synthesis on Dependenttype Systems via Explicit Substitutions
, 1999
"... Typed #terms are used as a compact and linear representation of proofs in intuitionistic logic. This is possible since the CurryHoward isomorphism relates proof trees with typed #terms. The proofsasterms principle can be used to check a proof by type checking the #term extracted from the compl ..."
Abstract

Cited by 8 (1 self)
 Add to MetaCart
Typed #terms are used as a compact and linear representation of proofs in intuitionistic logic. This is possible since the CurryHoward isomorphism relates proof trees with typed #terms. The proofsasterms principle can be used to check a proof by type checking the #term extracted from the complete proof tree. However, proof trees and typed #terms are built differently. Usually, an auxiliary representation of unfinished proofs is needed, where type checking is possible only on complete proofs. In this paper we present a proof synthesis method for dependenttype systems where typed open terms are built incrementally at the same time as proofs are done. This way, every construction step, not just the last one, may be type checked. The method is based on a suitable calculus where substitutions as well as metavariables are firstclass objects.