Results 1  10
of
25
Nominal techniques in Isabelle/HOL
 Proceedings of the 20th International Conference on Automated Deduction (CADE20
, 2005
"... Abstract. In this paper we define an inductive set that is bijective with the ffequated lambdaterms. Unlike deBruijn indices, however, our inductive definition includes names and reasoning about this definition is very similar to informal reasoning on paper. For this we provide a structural induc ..."
Abstract

Cited by 101 (14 self)
 Add to MetaCart
Abstract. In this paper we define an inductive set that is bijective with the ffequated lambdaterms. Unlike deBruijn indices, however, our inductive definition includes names and reasoning about this definition is very similar to informal reasoning on paper. For this we provide a structural induction principle that requires to prove the lambdacase for fresh binders only. The main technical novelty of this work is that it is compatible with the axiomofchoice (unlike earlier nominal logic work by Pitts et al); thus we were able to implement all results in Isabelle/HOL and use them to formalise the standard proofs for ChurchRosser and strongnormalisation. Keywords. Lambdacalculus, nominal logic, structural induction, theoremassistants.
A Model for Java with Wildcards
 In ECOOP’08, number 5142 in LNCS
, 2008
"... Abstract. Wildcards are a complex and subtle part of the Java type system, present since version 5.0. Although there have been various formalisations and partial type soundness results concerning wildcards, to the best of our knowledge, no system that includes all the key aspects of Java wildcards h ..."
Abstract

Cited by 21 (7 self)
 Add to MetaCart
(Show Context)
Abstract. Wildcards are a complex and subtle part of the Java type system, present since version 5.0. Although there have been various formalisations and partial type soundness results concerning wildcards, to the best of our knowledge, no system that includes all the key aspects of Java wildcards has been proven type sound. This paper establishes that Java wildcards are type sound. We describe a new formal model based on explicit existential types whose pack and unpack operations are handled implicitly, and prove it type sound. Moreover, we specify a translation from a subset of Java to our formal model, and discuss how several interesting aspects of the Java type system are handled. 1
Mechanizing the Metatheory of LF
, 2008
"... LF is a dependent type theory in which many other formal systems can be conveniently embedded. However, correct use of LF relies on nontrivial metatheoretic developments such as proofs of correctness of decision procedures for LF’s judgments. Although detailed informal proofs of these properties hav ..."
Abstract

Cited by 16 (7 self)
 Add to MetaCart
LF is a dependent type theory in which many other formal systems can be conveniently embedded. However, correct use of LF relies on nontrivial metatheoretic developments such as proofs of correctness of decision procedures for LF’s judgments. Although detailed informal proofs of these properties have been published, they have not been formally verified in a theorem prover. We have formalized these properties within Isabelle/HOL using the Nominal Datatype Package, closely following a recent article by Harper and Pfenning. In the process, we identified and resolved a gap in one of the proofs and a small number of minor lacunae in others. Besides its intrinsic interest, our formalization provides a foundation for studying the adequacy of LF encodings, the correctness of Twelfstyle metatheoretic reasoning, and the metatheory of extensions to LF.
PsiCalculi in Isabelle
 In Proc of the 22nd Conference on Theorem Proving in Higher Order Logics (TPHOLs), volume 5674 of LNCS
"... Abstract. Psicalculi are extensions of the picalculus, accommodating arbitrary nominal datatypes to represent not only data but also communication channels, assertions and conditions, giving it an expressive power beyond the applied picalculus and the concurrent constraint picalculus. We have for ..."
Abstract

Cited by 15 (4 self)
 Add to MetaCart
(Show Context)
Abstract. Psicalculi are extensions of the picalculus, accommodating arbitrary nominal datatypes to represent not only data but also communication channels, assertions and conditions, giving it an expressive power beyond the applied picalculus and the concurrent constraint picalculus. We have formalised psicalculi in the interactive theorem prover Isabelle using its nominal datatype package. One distinctive feature is that the framework needs to treat binding sequences, as opposed to single binders, in an efficient way. While different methods for formalising single binder calculi have been proposed over the last decades, representations for such binding sequences are not very well explored. The main effort in the formalisation is to keep the machine checked proofs as close to their penandpaper counterparts as possible. We discuss two approaches to reasoning about binding sequences along with their strengths and weaknesses. We also cover custom induction rules to remove the bulk of manual alphaconversions. 1
Nominal Inversion Principles
"... Abstract. When reasoning about inductively defined predicates, such as typing judgements or reduction relations, proofs are often done by a case analysis on the last rule of a derivation. In HOL and other formal frameworks this case analysis involves solving equational constraints on the arguments o ..."
Abstract

Cited by 8 (2 self)
 Add to MetaCart
(Show Context)
Abstract. When reasoning about inductively defined predicates, such as typing judgements or reduction relations, proofs are often done by a case analysis on the last rule of a derivation. In HOL and other formal frameworks this case analysis involves solving equational constraints on the arguments of the inductively defined predicates. This is wellunderstood when the arguments consist of variables and injective termconstructors. However, when alphaequivalence classes are involved, that is when termconstructors are not injective, these equational constraints give rise to annoying variable renamings. In this paper, we show that more convenient inversion principles can be derived where one does not have to deal with explicit variable renamings. An interesting observation is that our result relies on the fact that inductive predicates must satisfy the variable convention compatibility condition, which was introduced to justify the admissibility of Barendregt’s variable convention in rule inductions. 1
Revisiting cutelimination: One difficult proof is really a proof
 RTA 2008
, 2008
"... Powerful proof techniques, such as logical relation arguments, have been developed for establishing the strong normalisation property of termrewriting systems. The first author used such a logical relation argument to establish strong normalising for a cutelimination procedure in classical logic. ..."
Abstract

Cited by 6 (4 self)
 Add to MetaCart
(Show Context)
Powerful proof techniques, such as logical relation arguments, have been developed for establishing the strong normalisation property of termrewriting systems. The first author used such a logical relation argument to establish strong normalising for a cutelimination procedure in classical logic. He presented a rather complicated, but informal, proof establishing this property. The difficulties in this proof arise from a quite subtle substitution operation. We have formalised this proof in the theorem prover Isabelle/HOL using the Nominal Datatype Package, closely following the first authors PhD. In the process, we identified and resolved a gap in one central lemma and a number of smaller problems in others. We also needed to make one informal definition rigorous. We thus show that the original proof is indeed a proof and that present automated proving technology is adequate for formalising such difficult proofs.
Concurrent pattern calculus
 In Proc. of IFIPTCS, volume 323 of IFIP Advances in Information and Communication Technology
, 2010
"... HAL is a multidisciplinary open access archive for the deposit and dissemination of scientific research documents, whether they are published or not. The documents may come from teaching and research institutions in France or abroad, or from public or private research centers. L’archive ouverte p ..."
Abstract

Cited by 6 (5 self)
 Add to MetaCart
(Show Context)
HAL is a multidisciplinary open access archive for the deposit and dissemination of scientific research documents, whether they are published or not. The documents may come from teaching and research institutions in France or abroad, or from public or private research centers. L’archive ouverte pluridisciplinaire HAL, est destinée au dépôt et a ̀ la diffusion de documents scientifiques de niveau recherche, publiés ou non, émanant des établissements d’enseignement et de recherche français ou étrangers, des laboratoires publics ou privés.
Contributions to the Theory of Syntax with Bindings and to Process Algebra
, 2010
"... We develop a theory of syntax with bindings, focusing on: methodological issues concerning the convenient representation of syntax; techniques for recursive definitions and inductive reasoning. Our approach consists of a combination of FOAS (FirstOrder Abstract Syntax) and HOAS (HigherOrder Abst ..."
Abstract

Cited by 5 (4 self)
 Add to MetaCart
(Show Context)
We develop a theory of syntax with bindings, focusing on: methodological issues concerning the convenient representation of syntax; techniques for recursive definitions and inductive reasoning. Our approach consists of a combination of FOAS (FirstOrder Abstract Syntax) and HOAS (HigherOrder Abstract Syntax) and tries to take advantage of the best of both worlds. The connection between FOAS and HOAS follows some general patterns and is presented as a (formally certified) statement of adequacy. We also develop a general technique for proving bisimilarity in process algebra Our technique, presented as a formal proof system, is applicable to a wide range of process algebras. The proof system is incremental, in that it allows building incrementally an a priori unknown bisimulation, and patternbased, in that it works on equalities of process patterns (i.e., universally quantified equations of process terms containing process variables), thus taking advantage of equational reasoning in a “circular ” manner, inside coinductive proof loops. All the work presented here has been formalized in the Isabelle theorem prover. The formalization is performed in a general setting: arbitrary manysorted syntax with bindings and arbitrary SOSspecified process algebra in de Simone format. The usefulness of our techniques is illustrated by several formalized case studies: a development of callbyname and callbyvalue λcalculus with constants, including ChurchRosser theorems, connection with de Bruijn representation, connection with other Isabelle formalizations, HOAS representation, and contituationpassingstyle (CPS) transformation; a proof in HOAS of strong normalization for the polymorphic secondorder λcalculus (a.k.a. System F). We also indicate the outline and some details of the formal development. ii to Leili R. Marleene iii
Formalising in Nominal Isabelle Crary’s Completeness Proof for Equivalence Checking
 LFMTP 2007
, 2007
"... In the book on Advanced Topics in Types and Programming Languages, Crary illustrates the reasoning technique of logical relations in a case study about equivalence checking. He presents a typedriven equivalence checking algorithm and verifies its completeness with respect to a definitional characte ..."
Abstract

Cited by 5 (1 self)
 Add to MetaCart
(Show Context)
In the book on Advanced Topics in Types and Programming Languages, Crary illustrates the reasoning technique of logical relations in a case study about equivalence checking. He presents a typedriven equivalence checking algorithm and verifies its completeness with respect to a definitional characterisation of equivalence. We present in this paper a formalisation of Crary’s proof using Isabelle/HOL and the nominal datatype package.