This paper describes a method of proving strong normalization based on an extension of the conservation theorem. We introduce a structural notion of reduction that we call fi S , and we prove that any -term that has a fi I fi S-normal form is strongly fi-normalizable. We show how to use this result to prove the strong normalization of different typed -calculi.

... unification problems. Then, in this framework, we develop a new unification algorithm for a-calculus with dependent function (II) types. This algorithm is especially useful as it provides for mechanization in the very expressive Logical Framework (LF). The development (object-languages). The rich structure of a typed-calculus,asopposedtotraditional,rst- generalideaistousea-calculusasameta-languageforrepresentingvariousotherlanguages thelattercase,thealgorithmisincomplete,thoughstillquiteusefulinpractice. Thelastpartofthedissertationprovidesexamplesoftheusefulnessofthealgorithms.The algorithmrstfordependentproduct()types,andsecondforimplicitpolymorphism.In involvessignicantcomplicationsnotarisingHuet'scorrespondingalgorithmforthesimply orderabstractsyntaxtrees,allowsustoexpressrules,e.g.,programtransformationand typed-calculus,primarilybecauseitmustdealwithill-typedterms.Wethenextendthis Wecanthenuseunicationinthemeta-languagetomechanizeapplicationoftheserules.

The significance of type theory to the theory of programming languages has long been recognized. Advances in programming languages have often derived from understanding that stems from type theory. However, these applications of type theory to practical programming languages have been indirect; the differences between practical languages and type theory have prevented direct connections between the two. This dissertation presents systematic techniques directly relating practical programming languages to type theory. These techniques allow programming languages to be interpreted in the rich mathematical domain of type theory. Such interpretations lead to semantics that are at once denotational and operational, combining the advantages of each, and they also lay the foundation for formal verification of computer programs in type theory. Previous type theories either have not provided adequate expressiveness to interpret practical languages, or have provided such expressiveness at the expense of essential features of the type theory. In particular, no previous type theory has supported a notion of partial functions (needed to interpret recursion in practical languages), and a notion of total functions and objects (needed to reason about data values), and an intrinsic notion of equality (needed for most interesting results). This dissertation presents the first type theory incorporating all three, and discusses issues arising in the design of that type theory. This type theory is used as the target of a type­theoretic semantics for a expressive programming calculus. This calculus may serve as an internal language for a variety of functional programming languages. The semantics is stated as a syntax­directed embedding of the programming calculus into type theory. A critical point arising in both the type theory and the type­theoretic semantics is the issue of admissibility. Admissibility governs what types it is legal to form recursive functions over. To build a useful type theory for partial functions it is necessary to have a wide class of admissible types. In particular, it is necessary for all the types arising in the type­theoretic semantics to be admissible. In this dissertation I present a class of admissible types that is considerably wider than any previously known class.

This paper gives an introduction to type theory, focusing on its recent use as a logical framework for proofs and programs. The first two sections give a background to type theory intended for the reader who is new to the subject. The following presents Martin-Lof's monomorphic type theory and an implementation, ALF, of this theory. Finally, a few small tutorial examples in ALF are given.

Contents 1 Introduction : : : : : : : : : : : : : : : : : : : : : : : : : : : : 2 2 The expressive power of second order Logic : : : : : : : : : : : 3 2.1 The language of second order logic : : : : : : : : : : : : : 3 2.2 Expressing size : : : : : : : : : : : : : : : : : : : : : : : : 4 2.3 Defining data types : : : : : : : : : : : : : : : : : : : : : 6 2.4 Describing processes : : : : : : : : : : : : : : : : : : : : : 8 2.5 Expressing convergence using second order validity : : : : : : : : : : : : : : : : : : : : : : : : : 9 2.6 Truth definitions: the analytical hierarchy : : : : : : : : 10 2.7 Inductive definitions : : : : : : : : : : : : : : : : : : : : : 13 3 Canonical semantics of higher order logic : : : : : : : : : : : : 15 3.1 Tarskian semantics of second order logic : : : : : : : : : 15 3.2 Function and re

PVS stands for "Prototype Verification System." It consists of a specification language integrated with support tools and a theorem prover. PVS tries to provide the mechanization needed to apply formal methods both rigorously and productively. This tutorial serves to introduce PVS and its use in the context of hardware verification. In the first section, we briefly sketch the purposes for which PVS is intended and the rationale behind its design, mention some of the uses that we and others are making of it. We give an overview of the PVS specification language and proof checker. The PVS language, system, and theorem prover each have their own reference manuals, which you will need to study in order to make productive use of the system. A pocket reference card, summarizing all the features of the PVS language, system, and prover is also available. The purpose of this tutorial is not to describe in detail the features of PVS and how to use the system. Rather, its purpose is to...

The purpose of a logical framework such as LF is to provide a language for defining logical systems suitable for use in a logic-independent proof development environment. All inferential activity in an object logic (in particular, proof search) is to be conducted in the logical framework via the representation of that logic in the framework. An important tool for controlling search in an object logic, the need for which is motivated by the difficulty of reasoning about large and complex systems, is the use of structured theory presentations. In this paper a rudimentary language of structured theory presentations is presented, and the use of this structure in proof search for an arbitrary object logic is explored. The behaviour of structured theory presentations under representation in a logical framework is studied, focusing on the problem of "lifting" presentations from the object logic to the metalogic of the framework. The topic of imposing structure on logic presentations...

The concept of locales for Isabelle enables local definition and assumption for interactive mechanical proofs. Furthermore, dependent types are constructed in Isabelle/HOL for first class representation of structure. These two concepts are introduced briefly. Although each of them has proved useful in itself, their real power lies in combination. This paper illustrates by examples from abstract algebra how this combination works and argues that it enables modular reasoning.

Abstract. Recently, significant advances have been made in formalised mathematical texts for large, demanding proofs. But although such large developments are possible, they still take an inordinate amount of effort and time, and there is a significant gap between the resulting formalised machine-checkable proof scripts and the corresponding human-readable mathematical texts. We present an authoring system for formal proof which addresses these concerns. It is based on a central document format which, in the tradition of literate programming, allows one to extract either a formal proof script or a human-readable document; the two may have differing structure and detail levels, but are developed together in a synchronised way. Additionally, we introduce ways to assist production of the central document, by allowing tools to contribute backflow to update and extend it. Our authoring system builds on the new PG Kit architecture for Proof General, bringing the extra advantage that it works in a uniform interface, generically across various interactive theorem provers. 1

. Feferman has proposed FS 0 , a theory of finitary inductive systems, as a framework theory that allows a user to reason both in and about an encoded theory. I look here at how practical FS 0 really is. To this end I formalise a sequent calculus presentation of classical propositional logic, and show this can be used for work in both the theory and the metatheory. the latter is illustrated with a discussion of a proof of Gentzen's Hauptsatz. Contents x 1 Introduction 2 x 1.1 Background : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 2 x 1.2 Outline of paper : : : : : : : : : : : : : : : : : : : : : : : : : : : 3 x 2 The theory FS 0 and notational conventions 4 x 2.1 What is FS 0 : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 4 x 3 An informal description of Gentzen's calculus 5 x 3.1 The language : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 5 x 3.2 The calculus for classical propositional logic : : : : : : : : : : : : 6 x 4 Formalising the ...