Results 1  10
of
43
Inductive Definitions in the System Coq Rules and Properties
, 1992
"... In the pure Calculus of Constructions, it is possible to represent data structures and predicates using higherorder quantification. However, this representation is not satisfactory, from the point of view of both the efficiency of the underlying programs and the power of the logical system. For ..."
Abstract

Cited by 163 (1 self)
 Add to MetaCart
In the pure Calculus of Constructions, it is possible to represent data structures and predicates using higherorder quantification. However, this representation is not satisfactory, from the point of view of both the efficiency of the underlying programs and the power of the logical system. For these reasons, the calculus was extended with a primitive notion of inductive definitions [8]. This paper describes the rules for inductive definitions in the system Coq. They are general enough to be seen as one formulation of adding inductive definitions to a typed lambdacalculus. We prove strong normalization for a subsystem of Coq corresponding to the pure Calculus of Constructions plus Inductive Definitions with only weak nondependent eliminations.
Efficient Representation and Validation of Proofs
, 1998
"... This paper presents a logical framework derived from the Edinburgh Logical Framework (LF) [5] that can be used to obtain compact representations of proofs and efficient proof checkers. These are essential ingredients of any application that manipulates proofs as firstclass objects, such as a Proof ..."
Abstract

Cited by 61 (7 self)
 Add to MetaCart
This paper presents a logical framework derived from the Edinburgh Logical Framework (LF) [5] that can be used to obtain compact representations of proofs and efficient proof checkers. These are essential ingredients of any application that manipulates proofs as firstclass objects, such as a ProofCarrying Code [11] system, in which proofs are used to allow the easy validation of properties of safetycritical or untrusted code. Our framework, which we call LF i , inherits from LF the capability to encode various logics in a natural way. In addition, the LF i framework allows proof representations without the high degree of redundancy that is characteristic of LF representations. The missing parts of LF i proof representations can be reconstructed during proof checking by an efficient reconstruction algorithm. We also describe an algorithm that can be used to strip the unnecessary parts of an LF representation of a proof. The experimental data that we gathered in the context of a Proof...
Dynamics in ML
, 1993
"... Objects with dynamic types allow the integration of operations that essentially require runtime typechecking into staticallytyped languages. This article presents two extensions of the ML language with dynamics, based on our work on the CAML implementation of ML, and discusses their usefulness. ..."
Abstract

Cited by 56 (0 self)
 Add to MetaCart
Objects with dynamic types allow the integration of operations that essentially require runtime typechecking into staticallytyped languages. This article presents two extensions of the ML language with dynamics, based on our work on the CAML implementation of ML, and discusses their usefulness. The main novelty of this work is the combination of dynamics with polymorphism.
OracleBased Checking of Untrusted Software
, 2001
"... We present a variant of ProofCarrying Code (PCC) in which the trusted inference rules are represented as a higherorder logic program, the proof checker is replaced by a nondeterministic higherorder logic interpreter and the proof by an oracle implemented as a stream of bits that resolve the nondet ..."
Abstract

Cited by 55 (3 self)
 Add to MetaCart
We present a variant of ProofCarrying Code (PCC) in which the trusted inference rules are represented as a higherorder logic program, the proof checker is replaced by a nondeterministic higherorder logic interpreter and the proof by an oracle implemented as a stream of bits that resolve the nondeterministic interpretation choices. In this setting, ProofCarrying Code allows the receiver of the code the luxury of using nondeterminism in constructing a simple yet powerful checking procedure. This oraclebased variant of PCC is able to adapt quite naturally to situations when the property being checked is simple or there is a fairly directed search procedure for it. As an example, we demonstrate that if PCC is used to verify type safety of assembly language programs compiled from Java source programs, the oracles that are needed are on the average just 12% of the size of the code, which represents an improvement of a factor of 30 over previous syntactic representations of PCC proofs. ...
Some lambda calculus and type theory formalized
 Journal of Automated Reasoning
, 1999
"... Abstract. We survey a substantial body of knowledge about lambda calculus and Pure Type Systems, formally developed in a constructive type theory using the LEGO proof system. On lambda calculus, we work up to an abstract, simplified, proof of standardization for beta reduction, that does not mention ..."
Abstract

Cited by 53 (7 self)
 Add to MetaCart
Abstract. We survey a substantial body of knowledge about lambda calculus and Pure Type Systems, formally developed in a constructive type theory using the LEGO proof system. On lambda calculus, we work up to an abstract, simplified, proof of standardization for beta reduction, that does not mention redex positions or residuals. Then we outline the meta theory of Pure Type Systems, leading to the strengthening lemma. One novelty is our use of named variables for the formalization. Along the way we point out what we feel has been learned about general issues of formalizing mathematics, emphasizing the search for formal definitions that are convenient for formal proof and convincingly represent the intended informal concepts.
Verification of an Audio Control Protocol
 FORMAL TECHNIQUES IN REALTIME AND FAULTTOLERANT SYSTEMS
, 1994
"... We analyze a simple version of a protocol developed by Philips for the physical layer of an interface bus that connects the various devices of some stereo equipment (tuner, CD player,...). The protocol, which uses Manchester encoding, has to deal with a significant uncertainty in the timing of event ..."
Abstract

Cited by 49 (7 self)
 Add to MetaCart
We analyze a simple version of a protocol developed by Philips for the physical layer of an interface bus that connects the various devices of some stereo equipment (tuner, CD player,...). The protocol, which uses Manchester encoding, has to deal with a significant uncertainty in the timing of events, due to both hardware and software constraints. We present a formal specification of the protocol, and a proof of correctness for the case where the tolerance of the clocks used within the system is less than 1/17 . A counterexample shows that the protocol fails for tolerances greater than or equal to this value. The verification is carried out using a model of linear hybrid systems, which is similar to the phase transition system model of Manna and Pnueli, and the model of linear hybrid automata of Alur, Henzinger and Ho. The semantics of linear hybrid systems is defined via a translation to the timed I/O automata model of Lynch and Vaandrager.
Efficient Representation and Validation of Logical Proofs
, 1997
"... This report describes a framework for representing and validating formal proofs in various axiomatic systems. The framework is based on the Edinburgh Logical Framework (LF) but is optimized for minimizing the size of proofs and the complexity of proof validation, by removing redundant representation ..."
Abstract

Cited by 45 (6 self)
 Add to MetaCart
This report describes a framework for representing and validating formal proofs in various axiomatic systems. The framework is based on the Edinburgh Logical Framework (LF) but is optimized for minimizing the size of proofs and the complexity of proof validation, by removing redundant representation components. Several variants of representation algorithms are presented with the resulting representations being a factor of 15 smaller than similar LF representations. The validation algorithm is a reconstruction algorithm that runs about 7 times faster than LF typechecking. We present a full proof of correctness of the reconstruction algorithm and hints for the efficient implementation using explicit substitutions. We conclude with a quantitative analysis of the algorithms. This research was sponsored in part by the Advanced Research Projects Agency CSTO under the title "The Fox Project: Advanced Languages for Systems Software," ARPA Order No. C533, issued by ESC/ENS under Contract No. F1...