HOL Light is a new version of the HOL theorem prover. While retaining the reliability and programmability of earlier versions, it is more elegant, lightweight, powerful and automatic; it will be the basis for the Cambridge component of the HOL-2000 initiative to develop the next generation of HOL theorem provers. HOL Light is written in CAML Light, and so will run well even on small machines, e.g. PCs and Macintoshes with a few megabytes of RAM. This is in stark contrast to the resource-hungry systems which are the norm in this field, other versions of HOL included. Among the new features of this version are a powerful simplifier, effective first order automation, simple higher-order matching and very general support for inductive and recursive definitions.

. We present Bigloo, a highly portable and optimizing compiler. Bigloo is the first compiler for strict functional languages that can efficiently compile several languages: Bigloo is the first compiler for full Scheme and full ML, and for these two languages, Bigloo is one of the most efficient compiler now available (Bigloo is available by anonymous ftp on ftp.inria.fr [192.93.2.54]). This high level of performance is achieved by numerous high-level optimizations. Some of those are classical optimizations adapted to higherorder functional languages (e.g. inlining), other optimization schemes are specific to Bigloo (e.g. a new refined closure analysis, an original optimization of imperative variables, and intensive use of higher-order control flow analysis). All these optimizations share the same design guideline: the reduction of heap allocation. 1 Introduction Strict functional programming languages have many different variations, but they all belong to the same family, the so-calle...

. Pattern matching is an important feature in various functional programming languages such as SML, Caml, Haskell, etc. In these languages, unreachable or redundant matching clauses, which can be regarded as a special form of dead code, are a rich source for program errors. Therefore, eliminating unreachable matching clauses at compiletime can significantly enhance program error detection. Furthermore, this can also lead to significantly more efficient code at run-time. We present a novel approach to eliminating unreachable matching clauses through the use of the dependent type system of DML, a functional programming language that enriches ML with a restricted form of dependent types. We then prove the correctness of the approach, which consists of the major technical contribution of the paper. In addition, we demonstrate the applicability of our approach to dead code elimination through some realistic examples. This constitutes a practical application of dependent types to functional ...

Abstract. We have formal verified a number of algorithms for evaluating transcendental functions in double-extended precision floating point arithmetic in the Intel ® IA-64 architecture. These algorithms are used in the Itanium TM processor to provide compatibility with IA-32 (x86) hardware transcendentals, and similar ones are used in mathematical software libraries. In this paper we describe in some depth the formal verification of the sin and cos functions, including the initial range reduction step. This illustrates the different facets of verification in this field, covering both pure mathematics and the detailed analysis of floating point rounding. 1

Abstract. The IA-64 architecture defers floating point and integer division to software. To ensure correctness and maximum efficiency, Intel provides a number of recommended algorithms which can be called as subroutines or inlined by compilers and assembly language programmers. All these algorithms have been subjected to formal verification using the HOL Light theorem prover. As well as improving our level of confidence in the algorithms, the formal verification process has led to a better understanding of the underlying theory, allowing some significant efficiency improvements. 1

The use of types in capturing program invariants is overwhelming in practical programming. The type systems in languages such as ML and Java scale convincingly to realistic programs but they are of relatively limited expressive power. In this paper, we show that the use of a restricted form of dependent types can enable us to capture many more program invariants such as memory safety while retaining practical type-checking. The programmer can encode program invariants with type annotations and then verify these invariants through static type-checking. Also the type annotations can serve as informative program documentation, which are mechanically verified and can thus be fully trusted. We argue with realistic examples that this restricted form of dependent types can significantly facilitate program verification as well as program documentation.

Abstract. We define an interpretation of the Isabelle/HOL logic in HOL Light and its metalanguage, OCaml. Some aspects of the Isabelle logic are not representable directly in the HOL Light object logic. The interpretation thus takes the form of a set of elaboration rules, where features of the Isabelle logic that cannot be represented directly are elaborated to functors in OCaml. We demonstrate the effectiveness of the interpretation via an implementation, translating a significant part of the Isabelle standard library into HOL Light. 1

There is a main difference between a program which is interpreted by an interpreter written in a strongly-typed language and a compiled version. Such an interpreter usually uses a universal domain for the values it manipulates. A value encoding is necessary. A compiled program works directly on values. A layer of interpretation for value representation is inserted. On the other hand, a way to derive automatically a compiler from an interpreter is to use a partial evaluator applied to the interpreter and the interpreted program. This leads to a problem when we want that this technique removes all the layer of interpretation because value encoding must disappear. It is not the case for conventional partial evaluator. This paper proposes to introduce a new domain for partial evaluators called alternative values and a new algorithm of specialization (based on events) which can solve this problem of removing value encoding. We conclude by reporting a successful specialization...

We present CAMLFLOW, a custom CAML to data-flow graph (DFG) compiler. CAMLFLOW was designed to provide a front-end to various implementation -level parallel programming CASE tools taking DFGs for algorithm specification. It allows large and complex DFGs to be described in a textual and concise manner, using the facilities of the CAML LIGHT functional language. Compared to other graph notation systems, the main originality of CAMLFLOW lies in its ability to define higher-order polymorphic graph patterns.