Results 21  30
of
131
The Generic Approximation Lemma
 Information Processing Letters
, 2001
"... The approximation lemma is a simplification of the wellknown take lemma, and is used to prove properties of programs that produce lists of values. We show how the approximation lemma, unlike the take lemma, can naturally be generalised from lists to a large class of datatypes, and present a gen ..."
Abstract

Cited by 16 (3 self)
 Add to MetaCart
(Show Context)
The approximation lemma is a simplification of the wellknown take lemma, and is used to prove properties of programs that produce lists of values. We show how the approximation lemma, unlike the take lemma, can naturally be generalised from lists to a large class of datatypes, and present a generic approximation lemma that is parametric in the datatype to which it applies. As a useful byproduct, we find that generalising the approximation lemma in this way also simplifies its proof. Keywords: Programming calculi; Functional Programming 1 Introduction The standard proof method for programs that consume lists of values is structural induction. However, this method is not applicable to the dual case of programs that produce lists of values, because in general such programs do not have a list argument over which to perform induction. Proof methods that are applicable to such programs have recently been surveyed in [6], and include fixpoint induction [4], the take lemma [3], coin...
Reasoning about Functions with Effects
 See Gordon and Pitts
, 1997
"... ing and using (Lunif) we have that any two lambdas that are everywhere undefined are equivalent. The classic example of an everywhere undefined lambda is Bot 4 = x:app(x:app(x; x); x:app(x; x)) In f , another example of an everywhere undefined lambda is the "doforever" loop. Do 4 ..."
Abstract

Cited by 14 (1 self)
 Add to MetaCart
ing and using (Lunif) we have that any two lambdas that are everywhere undefined are equivalent. The classic example of an everywhere undefined lambda is Bot 4 = x:app(x:app(x; x); x:app(x; x)) In f , another example of an everywhere undefined lambda is the "doforever" loop. Do 4 = f:Yv(Dox:Do(f(x)) By the recursive definition, for any lambda ' and value v Do(')(v) \Gamma!Ø Do(')('(v)) Reasoning about Functions with Effects 21 In f , either '(v) \Gamma!Ø v 0 for some v 0 or '(v) is undefined. In the latter case the computation is undefined since the redex is undefined. In the former case, the computation reduces to Do(')(v 0 ) and on we go. The argument for undefinedness of Bot relies only on the (app) rule and will be valid in any uniform semantics. In contrast the argument for undefinedness of Do(') relies on the (fred.isdef) property of f . Functional Streams We now illustrate the use of (Lunifsim) computation to reason about streams represented as functions ...
Adequacy of compositional translations for observational semantics
 INTERNATIONAL CONFERENCE ON THEORETICAL COMPUTER SCIENCE
, 2008
"... We investigate methods and tools for analyzing translations between programming languages with respect to observational semantics. The behavior of programs is observed in terms of may and mustconvergence in arbitrary contexts, and adequacy of translations, i.e., the reflection of program equivalenc ..."
Abstract

Cited by 12 (9 self)
 Add to MetaCart
(Show Context)
We investigate methods and tools for analyzing translations between programming languages with respect to observational semantics. The behavior of programs is observed in terms of may and mustconvergence in arbitrary contexts, and adequacy of translations, i.e., the reflection of program equivalence, is taken to be the fundamental correctness condition. For compositional translations we propose a notion of convergence equivalence as a means for proving adequacy. This technique avoids explicit reasoning about contexts, and is able to deal with the subtle role of typing in implementations of language extensions.
The Power of Parameterization in Coinductive Proof
"... Coinduction is one of the most basic concepts in computer science. It is therefore surprising that the commonlyknown latticetheoretic accounts of the principles underlying coinductive proofs are lacking in two key respects: they do not support compositional reasoning (i.e., breaking proofs into se ..."
Abstract

Cited by 12 (5 self)
 Add to MetaCart
(Show Context)
Coinduction is one of the most basic concepts in computer science. It is therefore surprising that the commonlyknown latticetheoretic accounts of the principles underlying coinductive proofs are lacking in two key respects: they do not support compositional reasoning (i.e., breaking proofs into separate pieces that can be developed in isolation), and they do not support incremental reasoning (i.e., developing proofs interactively by starting from the goal and generalizing the coinduction hypothesis repeatedly as necessary). In this paper, we show how to support coinductive proofs that are both compositional and incremental, using a dead simple construction we call the parameterized greatest fixed point. The basic idea is to parameterize the greatest fixed point of interest over the accumulated knowledge of “the proof so far”. While this idea has been proposed before, by Winskel in 1989 and by Moss in 2001, neither of the previous accounts suggests its general applicability to improving the state of the art in interactive coinductive proof. In addition to presenting the latticetheoretic foundations of parameterized coinduction, demonstrating its utility on representative examples, and studying its composition with “upto ” techniques, we also explore its mechanization in proof assistants like Coq and Isabelle. Unlike traditional approaches to mechanizing coinduction (e.g., Coq’s cofix), which employ syntactic “guardedness checking”, parameterized coinduction offers a semantic account of guardedness. This leads to faster and more robust proof development, as we demonstrate using our new Coq library, Paco.
Mechanically verifying the correctness of an offline partial evaluator (extended version
, 1995
"... Abstract. We show that using deductive systems to specify an offline partial evaluator allows one to specify, prototype, and mechanically verify correctness via metaprogramming — all within a single framework. For a λmixstyle partial evaluator, we specify bindingtime constraints using a natural ..."
Abstract

Cited by 12 (3 self)
 Add to MetaCart
Abstract. We show that using deductive systems to specify an offline partial evaluator allows one to specify, prototype, and mechanically verify correctness via metaprogramming — all within a single framework. For a λmixstyle partial evaluator, we specify bindingtime constraints using a naturaldeduction logic, and the associated program specializer using natural (aka “deductive”) semantics. These deductive systems can be directly encoded in the Elf programming language — a logic programming language based on the LF logical framework. The specifications are then executable as logic programs. This provides a prototype implementation of the partial evaluator. Moreover, since deductive system proofs are accessible as objects in Elf, many aspects of the partial evaluator correctness proofs (e.g., the correctness of bindingtime analysis) can be coded in Elf and mechanically checked. 1
A Proof Tool for Reasoning about Functional Programs
 In Proc. 1996 International Workshop on Higher Order Logic Theorem Proving, Lecture Notes in Computer Science 1125
, 1996
"... . This paper describes a system to support reasoning about lazy functional programs. We describe an approach based on combining a deep embedding of the language in HOL and a set of proof tools to raise the level of interaction with the theorem prover. This approach allows metatheoretic reasoning ab ..."
Abstract

Cited by 12 (1 self)
 Add to MetaCart
. This paper describes a system to support reasoning about lazy functional programs. We describe an approach based on combining a deep embedding of the language in HOL and a set of proof tools to raise the level of interaction with the theorem prover. This approach allows metatheoretic reasoning about the semantics and reasoning about undefined programs while still supporting practical reasoning about programs in the language. 1 Introduction It is often claimed that functional programming languages, and in particular pure functional languages, are suitable for formal reasoning. This claim is supported by the fact that many people in the functional programming community do reason about their programs in a formal or semiformal way. Depending on the nature of the problem, different styles of reasoning, such as equational reasoning, induction and coinduction, are used. This paper discusses some of the technical issues involved in constructing a proof tool, using HOL [4], for reasoning ...
A Note on Logical Relations Between Semantics and Syntax
, 1997
"... This note gives a new proof of the `operational extensionality' property of Abramsky's lazy lambda calculusnamely the coincidence of contextual equivalence with a coinductively defined notion of `applicative bisimilarity'. This purely syntactic result is here proved using a logica ..."
Abstract

Cited by 11 (0 self)
 Add to MetaCart
(Show Context)
This note gives a new proof of the `operational extensionality' property of Abramsky's lazy lambda calculusnamely the coincidence of contextual equivalence with a coinductively defined notion of `applicative bisimilarity'. This purely syntactic result is here proved using a logical relation (due to Plotkin) between the syntax and its denotational semantics. The proof exploits a mixed inductive/coinductive characterisation of the logical relation recently discovered by the author.
Using a Generalisation Critic to Find Bisimulations for Coinductive Proofs
 PROCEEDINGS OF THE 14TH CONFERENCE ON AUTOMATED DEDUCTION, VOLUME 1249 OF LECTURE NOTES IN ARTIFICIAL INTELIGENCE
, 1997
"... Coinduction is a method of growing importance in reasoning about functional languages, due to the increasing prominence of lazy data structures. Through the use of bisimulations and proofs that observational equivalence is a congruence in various domains it can be used to proof the congruence of ..."
Abstract

Cited by 11 (2 self)
 Add to MetaCart
Coinduction is a method of growing importance in reasoning about functional languages, due to the increasing prominence of lazy data structures. Through the use of bisimulations and proofs that observational equivalence is a congruence in various domains it can be used to proof the congruence of two processes. Several proof tools have been developed to aid coinductive proofs but all require user interaction. Crucially they require the user to supply an appropriate relation which the system can then prove to be a bisimulation. A method is proposed which uses the idea of proof plans to make a heuristic guess at a suitable relation. If the proof fails for that relation the reasons for failure are analysed using a proof critic and a new relation is proposed to allow the proof to go through.
Improvement Theory and its Applications
 HIGHER ORDER OPERATIONAL TECHNIQUES IN SEMANTICS, PUBLICATIONS OF THE NEWTON INSTITUTE
, 1997
"... An improvement theory is a variant of the standard theories of observational approximation (or equivalence) in which the basic observations made of a functional program's execution include some intensionalinformation about, for example, the program's computational cost. One program is an i ..."
Abstract

Cited by 11 (4 self)
 Add to MetaCart
An improvement theory is a variant of the standard theories of observational approximation (or equivalence) in which the basic observations made of a functional program's execution include some intensionalinformation about, for example, the program's computational cost. One program is an improvement of another if its execution is more efficient in any program context. In this article we give an overview of our work on the theory and applications of improvement. Applications include reasoning about time properties of functional programs, and proving the correctness of program transformation methods. We also introduce a new application, in the form of some bisimulationlike proof techniques for equivalence, with something of the flavour of Sangiorgi's "bisimulation upto expansion and context".
Beating the Productivity Checker Using Embedded Languages
"... Abstract. Some total languages, like Agda and Coq, allow the use of guarded corecursion to construct infinite values and proofs. Guarded corecursion is a form of recursion in which arbitrary recursive calls are allowed, as long as they are guarded by a coinductive constructor. Guardedness ensures th ..."
Abstract

Cited by 10 (3 self)
 Add to MetaCart
(Show Context)
Abstract. Some total languages, like Agda and Coq, allow the use of guarded corecursion to construct infinite values and proofs. Guarded corecursion is a form of recursion in which arbitrary recursive calls are allowed, as long as they are guarded by a coinductive constructor. Guardedness ensures that programs are productive, i.e. that every finite prefix of an infinite value can be computed in finite time. However, many productive programs are not guarded, and it can be nontrivial to put them in guarded form. This paper gives a method for turning a productive program into a guarded program. The method amounts to defining a problemspecific language as a data type, writing the program in the problemspecific language, and writing a guarded interpreter for this language. 1