Results 1  10
of
58
Program extraction from normalization proofs
 Typed Lambda Calculi and Applications, volume 664 of LNCS
, 1993
"... This paper describes formalizations of Tait’s normalization proof for the simply typed λcalculus in the proof assistants Minlog, Coq and Isabelle/HOL. From the formal proofs programs are machineextracted that implement variants of the wellknown normalizationbyevaluation algorithm. The case stud ..."
Abstract

Cited by 64 (5 self)
 Add to MetaCart
(Show Context)
This paper describes formalizations of Tait’s normalization proof for the simply typed λcalculus in the proof assistants Minlog, Coq and Isabelle/HOL. From the formal proofs programs are machineextracted that implement variants of the wellknown normalizationbyevaluation algorithm. The case study is used to test and compare the program extraction machineries of the three proof assistants in a nontrivial setting. 1
Proofassistants using Dependent Type Systems
, 2001
"... this article we will not attempt to describe all the dierent possible choices of type theories. Instead we want to discuss the main underlying ideas, with a special focus on the use of type theory as the formalism for the description of theories including proofs ..."
Abstract

Cited by 55 (4 self)
 Add to MetaCart
this article we will not attempt to describe all the dierent possible choices of type theories. Instead we want to discuss the main underlying ideas, with a special focus on the use of type theory as the formalism for the description of theories including proofs
Abstract interpretation based formal methods and future challenges, invited paper
 Informatics — 10 Years Back, 10 Years Ahead, volume 2000 of Lecture Notes in Computer Science
, 2001
"... Abstract. In order to contribute to the solution of the software reliability problem, tools have been designed to analyze statically the runtime behavior of programs. Because the correctness problem is undecidable, some form of approximation is needed. The purpose of abstract interpretation is to f ..."
Abstract

Cited by 33 (6 self)
 Add to MetaCart
Abstract. In order to contribute to the solution of the software reliability problem, tools have been designed to analyze statically the runtime behavior of programs. Because the correctness problem is undecidable, some form of approximation is needed. The purpose of abstract interpretation is to formalize this idea of approximation. We illustrate informally the application of abstraction to the semantics of programming languages as well as to static program analysis. The main point is that in order to reason or compute about a complex system, some information must be lost, that is the observation of executions must be either partial or at a high level of abstraction. In the second part of the paper, we compare static program analysis with deductive methods, modelchecking and type inference. Their foundational ideas are briefly reviewed, and the shortcomings of these four methods are discussed, including when they should be combined. Alternatively, since program debugging is still the main program verification
Constructions, Inductive Types and Strong Normalization
, 1993
"... This thesis contains an investigation of Coquand's Calculus of Constructions, a basic impredicative Type Theory. We review syntactic properties of the calculus, in particular decidability of equality and typechecking, based on the equalityasjudgement presentation. We present a settheoretic ..."
Abstract

Cited by 33 (2 self)
 Add to MetaCart
This thesis contains an investigation of Coquand's Calculus of Constructions, a basic impredicative Type Theory. We review syntactic properties of the calculus, in particular decidability of equality and typechecking, based on the equalityasjudgement presentation. We present a settheoretic notion of model, CCstructures, and use this to give a new strong normalization proof based on a modification of the realizability interpretation. An extension of the core calculus by inductive types is investigated and we show, using the example of infinite trees, how the realizability semantics and the strong normalization argument can be extended to nonalgebraic inductive types. We emphasize that our interpretation is sound for large eliminations, e.g. allows the definition of sets by recursion. Finally we apply the extended calculus to a nontrivial problem: the formalization of the strong normalization argument for Girard's System F. This formal proof has been developed and checked using the...
Filters on coinductive streams, an application to eratosthenes’ sieve
 Typed Lambda Calculi and Applications, 7th International Conference, TLCA 2005
, 2005
"... Our objective is to describe a formal proof of correctness for the following Haskell [13] program in a type theorybased proof verification system, such as the Coq system [10, 1]. sieve (p:rest) = p:sieve [r  r < rest, r ‘rem ‘ p / = 0] primes = sieve [2..] This program is a functional impleme ..."
Abstract

Cited by 22 (5 self)
 Add to MetaCart
(Show Context)
Our objective is to describe a formal proof of correctness for the following Haskell [13] program in a type theorybased proof verification system, such as the Coq system [10, 1]. sieve (p:rest) = p:sieve [r  r < rest, r ‘rem ‘ p / = 0] primes = sieve [2..] This program is a functional implementation of Eratosthenes ’ sieve that consists in removing all multiples of previously found primes from the sequence of natural numbers. We want to prove that the expression primes is the stream containing all the prime numbers in increasing order. This work relies on coinductive types [5, 11, 12] because the program manipulates infinite lists, also known as streams. It first uses the infinite list of natural numbers larger than 2, then the infinite list of numbers larger than 3 and containing no multiples of 2, then the infinite list of numbers larger than 4 and containing no multiples of prime numbers smaller than 4, and so on. This example was initially proposed as a challenge by G. Kahn and used as an illustration of a program and its proof of correctness in a
EtaExpansion does the Trick
 ACM TRANSACTIONS ON PROGRAMMING LANGUAGES AND SYSTEMS
, 1996
"... Partialevaluation folklore has it that massaging one's source programs can make them specialize better. In Jones, Gomard, and Sestoft's recent textbook, a whole chapter is dedicated to listing such "bindingtime improvements": nonstandard use of continuationpassing style, etaex ..."
Abstract

Cited by 22 (6 self)
 Add to MetaCart
Partialevaluation folklore has it that massaging one's source programs can make them specialize better. In Jones, Gomard, and Sestoft's recent textbook, a whole chapter is dedicated to listing such "bindingtime improvements": nonstandard use of continuationpassing style, etaexpansion, and a popular transformation called "The Trick". We provide a unified view of these bindingtime improvements, from a typing perspective. Just as a
Formalizing a JVML verifier for initialization in a theorem prover
, 2001
"... The bytecode verier is advertised as a key component of the security and safety strategy for the Java language, making it possible to use and exchange Java programs without fearing too much damage due to erroneous programs or malignant program providers. As Java is likely to become one of the langu ..."
Abstract

Cited by 21 (3 self)
 Add to MetaCart
The bytecode verier is advertised as a key component of the security and safety strategy for the Java language, making it possible to use and exchange Java programs without fearing too much damage due to erroneous programs or malignant program providers. As Java is likely to become one of the languages used to embed programs in all kinds of appliances or computerbased applications, it becomes important to verify that the claim of safety is justified. We worked on a type system proposed in [7] to enforce a discipline for object initialization in the Java Virtual Machine Language and implemented it in the Coq [5] proof and specification language. We first produced mechanically checked proofs of the theorems in [7] and then we constructed a functional implementation of a bytecode verifier. We have a mechanical proof that this bytecode verifier only accepts programs that have a safe behavior with respect to initialization. Thanks to the extraction mechanism provided in Coq...
Un Calcul De Constructions Infinies Et Son Application A La Verification De Systemes Communicants
, 1996
"... m networks and the recent works of Thierry Coquand in type theory have been the most important sources of motivation for the ideas presented here. I wish to specially thank Roberto Amadio, who read the manuscript in a very short delay, providing many helpful comments and remarks. Many thanks also to ..."
Abstract

Cited by 18 (0 self)
 Add to MetaCart
m networks and the recent works of Thierry Coquand in type theory have been the most important sources of motivation for the ideas presented here. I wish to specially thank Roberto Amadio, who read the manuscript in a very short delay, providing many helpful comments and remarks. Many thanks also to Luc Boug'e, who accepted to be my oficial supervisor, and to the chair of the jury, Michel Cosnard, who opened to me the doors of the LIP. During these last three years in Lyon I met many wonderful people, who then become wonderful friends. Miguel, Nuria, Veronique, Patricia, Philippe, Pia, Rodrigo, Salvador, Sophie : : : with you I have shared the happiness and sadness of everyday life, those little things which make us to remember someone forever. I also would like to thank the people from "Tango de Soie", for all those funny nights at the Caf'e Moulin Joly. Thanks too to the Uruguayan research community in Computer Science (specially to Cristina Cornes and Alberto Pardo) w
Moving proofsasprograms into practice
 In: Proceedings of the 12 th IEEE International Conference on Automated Software Engineering, IEEE Computer Society
, 1997
"... Proofs in the Nuprl system, an implementation of a constructive type theory, yield “correctbyconstruction ” programs. In this paper a new methodology is presented for extracting efficient and readable programs from inductive proofs. The resulting extracted programs are in a form suitable for use i ..."
Abstract

Cited by 18 (5 self)
 Add to MetaCart
(Show Context)
Proofs in the Nuprl system, an implementation of a constructive type theory, yield “correctbyconstruction ” programs. In this paper a new methodology is presented for extracting efficient and readable programs from inductive proofs. The resulting extracted programs are in a form suitable for use in hierarchical verifications in that they are amenable to clean partial evaluation via extensions to the Nuprl rewrite system. The method is based on two elements: specifications written with careful use of the Nuprl settype to restrict the extracts to strictly computational content; and on proofs that use induction tactics that generate extracts using familiar fixedpoint combinators of the untyped lambda calculus. In this paper the methodology is described and its application is illustrated by example. 1.
Uniform Heyting arithmetic
 Annals Pure Applied Logic
, 2005
"... Abstract. We present an extension of Heyting Arithmetic in finite types called Uniform Heyting Arithmetic (HA u) that allows for the extraction of optimized programs from constructive and classical proofs. The system HA u has two sorts of firstorder quantifiers: ordinary quantifiers governed by the ..."
Abstract

Cited by 13 (0 self)
 Add to MetaCart
(Show Context)
Abstract. We present an extension of Heyting Arithmetic in finite types called Uniform Heyting Arithmetic (HA u) that allows for the extraction of optimized programs from constructive and classical proofs. The system HA u has two sorts of firstorder quantifiers: ordinary quantifiers governed by the usual rules, and uniform quantifiers subject to stronger variable conditions expressing roughly that the quantified object is not computationally used in the proof. We combine a Kripkestyle Friedman/Dragalin translation which is inspired by work of Coquand and Hofmann and a variant of the refined Atranslation due to Buchholz, Schwichtenberg and the author to extract programs from a rather large class of classical firstorder proofs while keeping explicit control over the levels of recursion and the decision procedures for predicates used in the extracted program. §1. Introduction. According to the BrouwerHeytingKolmogorov interpretation of constructive logic a proof is a construction providing evidence for the proven formula [20]. Viewing this interpretation from a dataoriented perspective one arrives at the socalled proofsasprograms paradigm associating a constructive proof with a program ‘realizing ’ the proven formula. This paradigm has been