Results 1  10
of
42
Program extraction from normalization proofs
 Typed Lambda Calculi and Applications, number 664 in Lecture Notes in Computer Science
, 1993
"... This paper describes formalizations of Tait’s normalization proof for the simply typed λcalculus in the proof assistants Minlog, Coq and Isabelle/HOL. From the formal proofs programs are machineextracted that implement variants of the wellknown normalizationbyevaluation algorithm. The case stud ..."
Abstract

Cited by 60 (5 self)
 Add to MetaCart
This paper describes formalizations of Tait’s normalization proof for the simply typed λcalculus in the proof assistants Minlog, Coq and Isabelle/HOL. From the formal proofs programs are machineextracted that implement variants of the wellknown normalizationbyevaluation algorithm. The case study is used to test and compare the program extraction machineries of the three proof assistants in a nontrivial setting. 1
Proofassistants using Dependent Type Systems
, 2001
"... this article we will not attempt to describe all the dierent possible choices of type theories. Instead we want to discuss the main underlying ideas, with a special focus on the use of type theory as the formalism for the description of theories including proofs ..."
Abstract

Cited by 47 (4 self)
 Add to MetaCart
this article we will not attempt to describe all the dierent possible choices of type theories. Instead we want to discuss the main underlying ideas, with a special focus on the use of type theory as the formalism for the description of theories including proofs
Constructions, Inductive Types and Strong Normalization
, 1993
"... This thesis contains an investigation of Coquand's Calculus of Constructions, a basic impredicative Type Theory. We review syntactic properties of the calculus, in particular decidability of equality and typechecking, based on the equalityasjudgement presentation. We present a settheoretic notio ..."
Abstract

Cited by 31 (2 self)
 Add to MetaCart
This thesis contains an investigation of Coquand's Calculus of Constructions, a basic impredicative Type Theory. We review syntactic properties of the calculus, in particular decidability of equality and typechecking, based on the equalityasjudgement presentation. We present a settheoretic notion of model, CCstructures, and use this to give a new strong normalization proof based on a modification of the realizability interpretation. An extension of the core calculus by inductive types is investigated and we show, using the example of infinite trees, how the realizability semantics and the strong normalization argument can be extended to nonalgebraic inductive types. We emphasize that our interpretation is sound for large eliminations, e.g. allows the definition of sets by recursion. Finally we apply the extended calculus to a nontrivial problem: the formalization of the strong normalization argument for Girard's System F. This formal proof has been developed and checked using the...
Abstract interpretation based formal methods and future challenges, invited paper
 Informatics — 10 Years Back, 10 Years Ahead, volume 2000 of Lecture Notes in Computer Science
, 2001
"... Abstract. In order to contribute to the solution of the software reliability problem, tools have been designed to analyze statically the runtime behavior of programs. Because the correctness problem is undecidable, some form of approximation is needed. The purpose of abstract interpretation is to f ..."
Abstract

Cited by 28 (6 self)
 Add to MetaCart
Abstract. In order to contribute to the solution of the software reliability problem, tools have been designed to analyze statically the runtime behavior of programs. Because the correctness problem is undecidable, some form of approximation is needed. The purpose of abstract interpretation is to formalize this idea of approximation. We illustrate informally the application of abstraction to the semantics of programming languages as well as to static program analysis. The main point is that in order to reason or compute about a complex system, some information must be lost, that is the observation of executions must be either partial or at a high level of abstraction. In the second part of the paper, we compare static program analysis with deductive methods, modelchecking and type inference. Their foundational ideas are briefly reviewed, and the shortcomings of these four methods are discussed, including when they should be combined. Alternatively, since program debugging is still the main program verification
Filters on coinductive streams, an application to eratosthenes’ sieve
 Typed Lambda Calculi and Applications, 7th International Conference, TLCA 2005
, 2005
"... Our objective is to describe a formal proof of correctness for the following Haskell [13] program in a type theorybased proof verification system, such as the Coq system [10, 1]. sieve (p:rest) = p:sieve [r  r < rest, r ‘rem ‘ p / = 0] primes = sieve [2..] This program is a functional implementa ..."
Abstract

Cited by 22 (5 self)
 Add to MetaCart
Our objective is to describe a formal proof of correctness for the following Haskell [13] program in a type theorybased proof verification system, such as the Coq system [10, 1]. sieve (p:rest) = p:sieve [r  r < rest, r ‘rem ‘ p / = 0] primes = sieve [2..] This program is a functional implementation of Eratosthenes ’ sieve that consists in removing all multiples of previously found primes from the sequence of natural numbers. We want to prove that the expression primes is the stream containing all the prime numbers in increasing order. This work relies on coinductive types [5, 11, 12] because the program manipulates infinite lists, also known as streams. It first uses the infinite list of natural numbers larger than 2, then the infinite list of numbers larger than 3 and containing no multiples of 2, then the infinite list of numbers larger than 4 and containing no multiples of prime numbers smaller than 4, and so on. This example was initially proposed as a challenge by G. Kahn and used as an illustration of a program and its proof of correctness in a
EtaExpansion does the Trick
 ACM TRANSACTIONS ON PROGRAMMING LANGUAGES AND SYSTEMS
, 1996
"... Partialevaluation folklore has it that massaging one's source programs can make them specialize better. In Jones, Gomard, and Sestoft's recent textbook, a whole chapter is dedicated to listing such "bindingtime improvements": nonstandard use of continuationpassing style, etaexpansion, and a popul ..."
Abstract

Cited by 21 (6 self)
 Add to MetaCart
Partialevaluation folklore has it that massaging one's source programs can make them specialize better. In Jones, Gomard, and Sestoft's recent textbook, a whole chapter is dedicated to listing such "bindingtime improvements": nonstandard use of continuationpassing style, etaexpansion, and a popular transformation called "The Trick". We provide a unified view of these bindingtime improvements, from a typing perspective. Just as a
Formalizing a JVML verifier for initialization in a theorem prover
, 2001
"... The bytecode verier is advertised as a key component of the security and safety strategy for the Java language, making it possible to use and exchange Java programs without fearing too much damage due to erroneous programs or malignant program providers. As Java is likely to become one of the langu ..."
Abstract

Cited by 20 (2 self)
 Add to MetaCart
The bytecode verier is advertised as a key component of the security and safety strategy for the Java language, making it possible to use and exchange Java programs without fearing too much damage due to erroneous programs or malignant program providers. As Java is likely to become one of the languages used to embed programs in all kinds of appliances or computerbased applications, it becomes important to verify that the claim of safety is justified. We worked on a type system proposed in [7] to enforce a discipline for object initialization in the Java Virtual Machine Language and implemented it in the Coq [5] proof and specification language. We first produced mechanically checked proofs of the theorems in [7] and then we constructed a functional implementation of a bytecode verifier. We have a mechanical proof that this bytecode verifier only accepts programs that have a safe behavior with respect to initialization. Thanks to the extraction mechanism provided in Coq...
Moving proofsasprograms into practice
 In: Proceedings of the 12 th IEEE International Conference on Automated Software Engineering, IEEE Computer Society
, 1997
"... Proofs in the Nuprl system, an implementation of a constructive type theory, yield “correctbyconstruction ” programs. In this paper a new methodology is presented for extracting efficient and readable programs from inductive proofs. The resulting extracted programs are in a form suitable for use i ..."
Abstract

Cited by 18 (5 self)
 Add to MetaCart
Proofs in the Nuprl system, an implementation of a constructive type theory, yield “correctbyconstruction ” programs. In this paper a new methodology is presented for extracting efficient and readable programs from inductive proofs. The resulting extracted programs are in a form suitable for use in hierarchical verifications in that they are amenable to clean partial evaluation via extensions to the Nuprl rewrite system. The method is based on two elements: specifications written with careful use of the Nuprl settype to restrict the extracts to strictly computational content; and on proofs that use induction tactics that generate extracts using familiar fixedpoint combinators of the untyped lambda calculus. In this paper the methodology is described and its application is illustrated by example. 1.
Un Calcul De Constructions Infinies Et Son Application A La Verification De Systemes Communicants
, 1996
"... m networks and the recent works of Thierry Coquand in type theory have been the most important sources of motivation for the ideas presented here. I wish to specially thank Roberto Amadio, who read the manuscript in a very short delay, providing many helpful comments and remarks. Many thanks also to ..."
Abstract

Cited by 16 (0 self)
 Add to MetaCart
m networks and the recent works of Thierry Coquand in type theory have been the most important sources of motivation for the ideas presented here. I wish to specially thank Roberto Amadio, who read the manuscript in a very short delay, providing many helpful comments and remarks. Many thanks also to Luc Boug'e, who accepted to be my oficial supervisor, and to the chair of the jury, Michel Cosnard, who opened to me the doors of the LIP. During these last three years in Lyon I met many wonderful people, who then become wonderful friends. Miguel, Nuria, Veronique, Patricia, Philippe, Pia, Rodrigo, Salvador, Sophie : : : with you I have shared the happiness and sadness of everyday life, those little things which make us to remember someone forever. I also would like to thank the people from "Tango de Soie", for all those funny nights at the Caf'e Moulin Joly. Thanks too to the Uruguayan research community in Computer Science (specially to Cristina Cornes and Alberto Pardo) w
CoInductive Types in Coq: An Experiment with the Alternating Bit Protocol
, 1995
"... We describe an experience concerning the implementation and use of coinductive types in the proof editor Coq. Coinductive types are recursive types which, opposite to inductive ones, may be inhabited by infinite objects. In order to illustrate their use in Coq, we describe an axiomatisation of ..."
Abstract

Cited by 12 (1 self)
 Add to MetaCart
We describe an experience concerning the implementation and use of coinductive types in the proof editor Coq. Coinductive types are recursive types which, opposite to inductive ones, may be inhabited by infinite objects. In order to illustrate their use in Coq, we describe an axiomatisation of a calculus of broadcasting systems where recursive processes are represented using infinite objects. This calculus is used for developing a verification proof of the alternating bit protocol. Keywords: Program Verification, Type Theory, CoInductive Types, Communicating Processes R'esum'e Dans cet article nous d'ecrivons une exp'erience concernant l'implantation et l'utilisation de types coinductifs dans l'environnement de preuves Coq. Les types coinductifs sont des types recursifs qui, `a la diff'erence des types inductifs, peuvent etre habit'es par des objets infinis. Pour illustrer leur utilisation dans Coq nous d'ecrivons comment axiomatiser un calcul de processus qui communiq...