The need to use partial functions arises frequently in formal descriptions of computer systems. However, most proof assistants are based on logics of total functions. One way to address this mismatch is to invent and mechanize a new logic. Another is to develop practical workarounds in existing settings. In this paper we take the latter course: we survey and compare methods used to support partiality in a mechanization of a higher order logic featuring only total functions. The techniques we discuss are generally applicable and are illustrated by relatively large examples. 1.

. This work is centred on the specification of partial operations in a system based on a classical logic with total functions. We present a style with pre-conditions: our method enables calculation of the domain of a partial function f independently of calculation of f. We also study the influence of this style upon the proof facility and the later use of the specification. 1 Introduction In this paper we are in the context of a logic which does not incorporate the notion of partiality and where any function is total. This choice is justified by the power of the underlying logic and by the expressive power of the associated languages. In this context, various tricks are used to encode the partiality. In a typed world, a total function of type ! 0 is defined for every value of type . Thus we have to encode a partial function whose arguments and result are respectively of type 1 and 2 into a total function of type ! 0 . Usually 1 and are identical but 2 and 0 are...

Functions specified by nested recursions are difficult to define and reason about. We present several ameliorative techniques that use deduction in a classical higher-order logic. First, we discuss how an apparent circular dependency between the proof of nested termination conditions and the definition of the specified function can be avoided. Second, we propose a method that allows the specified function to be defined in the absence of a termination relation. Finally, we show how our techniques extend to nested program schemes, where a termination relation cannot be found until schematic parameters have been filled in. In each of these techniques, suitable induction theorems are automatically derived.

In this paper we present a method for automated induction proofs about partial functions. We show that most well-known techniques developed for (explicit) induction theorem proving are unsound when dealing with partial functions. But surprisingly, by slightly restricting the application of these techniques, it is possible to develop a calculus for automated induction proofs with partial functions. In particular, under certain conditions one may even generate induction schemes from the recursions of non-terminating algorithms. The need for such induction schemes and the power of our calculus have been demonstrated on a large collection of non-trivial theorems (including Knuth and Bendix' critical pair lemma). In this way, existing induction theorem provers can be directly extended to partial functions without major changes of their logical framework.

Abstract. In a series of articles, we developed a method to translate general recursive functions written in a functional programming style into constructive type theory. Three problems remained: the method could not properly deal with functions taking functional arguments, the translation of terms containing λ-abstractions was too strict, and partial application of general recursive functions was not allowed. Here, we show how the three problems can be solved by defining a type of partial functions between given types. Every function, including arguments to higher order functions, λ-abstractions and partially applied functions, is then translated as a pair consisting of a domain predicate and a function dependent on the predicate. Higher order functions are assigned domain predicates that inherit termination conditions from their functional arguments. The translation of a λ-abstraction does not need to be total anymore, but generates a local termination condition. The domain predicate of a partially applied function is defined by fixing the given arguments in the domain of the original function. As in our previous articles, simultaneous induction-recursion is required to deal with nested recursive functions. Since by using our method the inductive definition of the domain predicate can refer globally to the domain predicate itself, here we need to work on an impredicative type theory for the method to apply to all functions. However, in most practical cases the method can be adapted to work on a predicative type theory with type universes. 1

Abstract. We present an environment for proving partial correctness of recursive functional programs which contain nested recursive calls. As usual, correctness is transformed into a set of first-order predicate logic formulae—verification conditions. As a distinctive feature of our method, these formulae are not only sufficient, but also necessary for the correctness. We demonstrate our method on the McCarthy 91 function, which is considered a “challenge problem ” for automated program verification. 1

We present an environment for proving total correctness of mutual recursive functional programs. As usual, correctness is transformed into a set of first-order predicate logic formulae—verification conditions. As a distinctive feature of our method, these formulae are not only sufficient, but also necessary for the correctness. A specialized strategy for proving termination is developed. The detailed termination proofs may in many cases be avoided due to their reusability. 1