Proof animation is a way of executing proofs to find errors in the formalization of proofs. It is intended to be "testing in proof engineering". Although the realizability interpretation as well as the functional interpretation based on limit-computations were introduced as means for proof animation, they were unrealistic as an architectural basis for actual proof animation tools. We have found game theoretical semantics corresponding to these interpretations, which is likely to be the right architectural basis for proof animation.

The development of Applied Type System (ATS) [36, 31] stems from an earlier attempt to introduce dependent types into practical programming [38, 37]. While there is already a framework Pure Type System [4] (PTS) that offers a simple and general approach to designing and formalizing type systems,

Deduction is usually considered to be the opposite of induction. However, deduction and induction can be related in many ways. In this paper, two endeavors that try to relate discovery science and verification technology are described. The first is discovery by deduction, where attempts to find algorithms are made using verifiers. Case studies of finding algorithms for concurrent garbage collection and for mutual exclusion without semaphores are described. Superoptimization can also be classified as work in this field. Recent work on finding authentication protocols using a protocol verifier is also briefly surveyed. The second endeavor is discovery for deduction. This concerns the long-standing problem of finding induction formulae or loop invariants. The problem is regarded as one of learning from positive data, and the notion of safe generalization, which is commonly recognized in learning from positive data, is introduced into iterative computation of loop invariants. The si...

Abstract not found

Modern integrated development environments (IDEs) provide programmers with a variety of sophisticated tools for program visualization and manipulation. These tools assist the programmer in understanding legacy code and making coordinated changes across large parts of a program. Similar tools incorporated into an integrated proof environment (IPE) would assist proof developers in understanding and manipulating the increasingly larger proofs that are being developed. In this paper we propose some tools and techniques developed for software engineering that we believe would be equally applicable in proof engineering.

Two extensions of PX system will be discussed. The extensions are ctPX (catch/throw PX) and mvPX (multiple values PX). ctPX is a PX system extended with Nakano's catch/throw logic. ctPX enables to extract LISP programs with catch/throw mechanism form natural proofs. mvPX is a PX system which uses multiple values rather than lists to keep a finite sequences of data. Programs extracted by ctPX are more efficient than the ones by the original PX. 1 Introduction PX system is a proof checker based on Feferman's formal theory of functions and classes. Its main aim is extracting programs from constructive proofs. Thus it is called PX = "Program eXtractor". The activity of developing programs formally by program extraction is dubbed as constructive programming by Masahiko Sato. We will not give detailed accounts on PX system and its use to constructive programming, which are fully described in [1]. PX is an old system built about 10 years ago. In this work, it is used as a platform experiment...

. C lausal Language (CL) is a really used declarative programming and verifying system with an extremely simple semantics (primitive recursive functions). We can in CL prove properties of our programs. This paper is mostly concerned with the combination of programming and verication where one does the former at the same time as one veri- es that a specication is satised. Our contribution is the design of CL and of its proof system where the programming constructs correspond exactly to the proof rules with computational content and so the programs extracted by CL from proofs are as ecient as hand-programmed ones. 1 Introduction The class of eectively computable functions over natural numbers coincides by the thesis of Church with recursive functions as dened by Herbrand-Godel style equations. We use the latter as the basis for CL because such denitions oer the programming comfort with almost unrestricted kinds of recursion and the computation of recursive equations b...

formal proofs. A recent outcome of this analysis is the development of computer systems for automated or interactive theorem proving that can for instance be used for computer aided program verication. An example of such a system is the interactive theorem prover Minlog developed by the logic group at the University of Munich (7). As a former member of this group I was mainly involved in the theoretical background steering the implementation of the system. The system also exploits the so-called proofs-as-programs paradigm as a logical approach to correct software development: from a formal proof that a certain specication has a solution one fully automatically extracts a program that provably meets the specication. We carried out a number of extended case studies extracting programs from proofs in areas such as arithmetic (6), graph theory (7), innitary combinatorics (7), and lambda calculus (1,2). Special emphasis has been put on an ecient implemen

C lausal Language (CL) is a declarative programming and verifying system used in our teaching of computer science. CL is an implementation of, what we call, PR+I1 paradigm (primitive recursive functions with I1-arithmetic). This paper introduces an extension of I1-proofs called extraction proofs where one can extract from the proofs of 2-speci cations primitive recursive programs as ecient as the hand-coded ones. This is achieved by having the programming constructs correspond exactly to the proof rules with the computational content.

In this report we give an outline how proof-theoretic notions can be useful for questions related to software maintenance.