Results 1 
9 of
9
Engineering formal metatheory
 In ACM SIGPLANSIGACT Symposium on Principles of Programming Languages
, 2008
"... Machinechecked proofs of properties of programming languages have become a critical need, both for increased confidence in large and complex designs and as a foundation for technologies such as proofcarrying code. However, constructing these proofs remains a black art, involving many choices in th ..."
Abstract

Cited by 86 (9 self)
 Add to MetaCart
Machinechecked proofs of properties of programming languages have become a critical need, both for increased confidence in large and complex designs and as a foundation for technologies such as proofcarrying code. However, constructing these proofs remains a black art, involving many choices in the formulation of definitions and theorems that make a huge cumulative difference in the difficulty of carrying out large formal developments. The representation and manipulation of terms with variable binding is a key issue. We propose a novel style for formalizing metatheory, combining locally nameless representation of terms and cofinite quantification of free variable names in inductive definitions of relations on terms (typing, reduction,...). The key technical insight is that our use of cofinite quantification obviates the need for reasoning about equivariance (the fact that free names can be renamed in derivations); in particular, the structural induction principles of relations
Focusing on binding and computation
 In IEEE Symposium on Logic in Computer Science
, 2008
"... Variable binding is a prevalent feature of the syntax and proof theory of many logical systems. In this paper, we define a programming language that provides intrinsic support for both representing and computing with binding. This language is extracted as the CurryHoward interpretation of a focused ..."
Abstract

Cited by 21 (6 self)
 Add to MetaCart
Variable binding is a prevalent feature of the syntax and proof theory of many logical systems. In this paper, we define a programming language that provides intrinsic support for both representing and computing with binding. This language is extracted as the CurryHoward interpretation of a focused sequent calculus with two kinds of implication, of opposite polarity. The representational arrow extends systems of definitional reflection with a notion of scoped inference rules, which are used to represent binding. On the other hand, the usual computational arrow classifies recursive functions defined by patternmatching. Unlike many previous approaches, both kinds of implication are connectives in a single logic, which serves as a rich logical framework capable of representing inference rules that mix binding and computation. 1
A Universe of Binding and Computation
"... We construct a logical framework supporting datatypes that mix binding and computation, implemented as a universe in the dependently typed programming language Agda 2. We represent binding pronominally, using wellscoped de Bruijn indices, so that types can be used to reason about the scoping of var ..."
Abstract

Cited by 17 (5 self)
 Add to MetaCart
We construct a logical framework supporting datatypes that mix binding and computation, implemented as a universe in the dependently typed programming language Agda 2. We represent binding pronominally, using wellscoped de Bruijn indices, so that types can be used to reason about the scoping of variables. We equip our universe with datatypegeneric implementations of weakening, substitution, exchange, contraction, and subordinationbased strengthening, so that programmers need not reimplement these operations for each individual language they define. In our mixed, pronominal setting, weakening and substitution hold only under some conditions on types, but we show that these conditions can be discharged automatically in many cases. Finally, we program a variety of standard difficult test cases from the literature, such as normalizationbyevaluation for the untyped λcalculus, demonstrating that we can express detailed invariants about variable usage in a program’s type while still writing clean and clear code.
A Definitional TwoLevel Approach to Reasoning with HigherOrder Abstract Syntax
 Journal of Automated Reasoning
, 2010
"... Abstract. Combining higherorder abstract syntax and (co)induction in a logical framework is well known to be problematic. Previous work [ACM02] described the implementation of a tool called Hybrid, within Isabelle HOL, syntax, and reasoned about using tactical theorem proving and principles of (co ..."
Abstract

Cited by 14 (3 self)
 Add to MetaCart
Abstract. Combining higherorder abstract syntax and (co)induction in a logical framework is well known to be problematic. Previous work [ACM02] described the implementation of a tool called Hybrid, within Isabelle HOL, syntax, and reasoned about using tactical theorem proving and principles of (co)induction. Moreover, it is definitional, which guarantees consistency within a classical type theory. The idea is to have a de Bruijn representation of syntax, while offering tools for reasoning about them at the higher level. In this paper we describe how to use it in a multilevel reasoning fashion, similar in spirit to other metalogics such as Linc and Twelf. By explicitly referencing provability in a middle layer called a specification logic, we solve the problem of reasoning by (co)induction in the presence of nonstratifiable hypothetical judgments, which allow very elegant and succinct specifications of object logic inference rules. We first demonstrate the method on a simple example, formally proving type soundness (subject reduction) for a fragment of a pure functional language, using a minimal intuitionistic logic as the specification logic. We then prove an analogous result for a continuationmachine presentation of the operational semantics of the same language, encoded this time in an ordered linear logic that serves as the specification layer. This example demonstrates the ease with which we can incorporate new specification logics, and also illustrates a significantly
Developing (Meta)Theory of lambdacalculus in the Theory of Contexts
 Proc. MERLIN’01, TR 2001/26, Dept. of Math. and Comp. Sci., Univ. of Leicester
, 2001
"... . We present a case study on the formal development of a non trivial (meta)theory in the Theory of Contexts using the Coq proof assistant. The methodology underlying the Theory of Contexts for reasoning on systems presented in HOAS is based on an axiomatic syntactic standpoint. We feel that one ..."
Abstract

Cited by 12 (2 self)
 Add to MetaCart
. We present a case study on the formal development of a non trivial (meta)theory in the Theory of Contexts using the Coq proof assistant. The methodology underlying the Theory of Contexts for reasoning on systems presented in HOAS is based on an axiomatic syntactic standpoint. We feel that one of the main advantages of this approach, is that it requires a very low logical overhead. The object logic we focus on is the lazy, callbyname #calculus (#cbn ), both untyped and simply typed. We will see that the formal, fully detailed development of the theory of #cbn in the Theory of Contexts introduces a small, sustainable overhead with respect to the proofs "on the paper". Moreover, this will allow for comparison with similar case studies developed in other approaches to the metatheoretical reasoning in higherorder abstract syntax. Keywords: higherorder abstract syntax, induction, logical frameworks.
Dependently Typed Programming with DomainSpecific Logics
 SUBMITTED TO POPL ’09
, 2008
"... We define a dependent programming language in which programmers can define and compute with domainspecific logics, such as an accesscontrol logic that statically prevents unauthorized access to controlled resources. Our language permits programmers to define logics using the LF logical framework, ..."
Abstract

Cited by 6 (3 self)
 Add to MetaCart
We define a dependent programming language in which programmers can define and compute with domainspecific logics, such as an accesscontrol logic that statically prevents unauthorized access to controlled resources. Our language permits programmers to define logics using the LF logical framework, whose notion of binding and scope facilitates the representation of the consequence relation of a logic, and to compute with logics by writing functional programs over LF terms. These functional programs can be used to compute values at runtime, and also to compute types at compiletime. In previous work, we studied a simplytyped framework for representing and computing with variable binding [LICS 2008]. In this paper, we generalize our previous type theory to account for dependently typed inference rules, which are necessary to adequately represent domainspecific logics, and we present examples of using our type theory for certified software and mechanized metatheory.
Nominal renaming sets
"... Abstract. Nominal techniques are based on the idea of sets with a finitelysupported atomspermutation action. We consider the idea of nominal renaming sets, which are sets with a finitelysupported atomsrenaming action; renamings can identify atoms, permutations cannot. We show that nominal renaming ..."
Abstract

Cited by 4 (2 self)
 Add to MetaCart
Abstract. Nominal techniques are based on the idea of sets with a finitelysupported atomspermutation action. We consider the idea of nominal renaming sets, which are sets with a finitelysupported atomsrenaming action; renamings can identify atoms, permutations cannot. We show that nominal renaming sets exhibit many of the useful qualities found in (permutative) nominal sets; an elementary setsbased presentation, inductive datatypes of syntax up to binding, cartesian closure, and being a topos. Unlike is the case for nominal sets, the notion of namesabstraction coincides with functional abstraction. Thus we obtain a concrete presentation of sheaves on
A monadic formalization of ML5
 In Prepreceedings of Workshop on Logical Frameworks and Metalanguages: Theory and Practice
, 2010
"... ML5 is a programming language for spatially distributed computing, based on a CurryHoward correspondence with the modal logic S5. However, the ML5 programming language differs from the logic in several ways. In this paper, we give a semantic embedding of ML5 into the dependently typed programming l ..."
Abstract

Cited by 3 (2 self)
 Add to MetaCart
ML5 is a programming language for spatially distributed computing, based on a CurryHoward correspondence with the modal logic S5. However, the ML5 programming language differs from the logic in several ways. In this paper, we give a semantic embedding of ML5 into the dependently typed programming language Agda, which both explains these discrepancies between ML5 and S5 and suggests some simplifications and generalizations of the language. Our embedding translates ML5 into a slightly different logic: intuitionistic S5 extended with a lax modality that encapsulates effectful computations in a monad. Rather than formalizing lax S5 as a proof theory, we embed it as a universe within the the dependently typed host language, with the universe elimination given by implementing the modal logic’s Kripke semantics. 1
Strong normalization for System F by HOAS on top of FOAS
"... Abstract—We present a point of view concerning HOAS (HigherOrder Abstract Syntax) and an extensive exercise in HOAS along this point of view. The point of view is that HOAS can be soundly and fruitfully regarded as a definitional extension on top of FOAS (FirstOrder Abstract Syntax). As such, HOAS ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Abstract—We present a point of view concerning HOAS (HigherOrder Abstract Syntax) and an extensive exercise in HOAS along this point of view. The point of view is that HOAS can be soundly and fruitfully regarded as a definitional extension on top of FOAS (FirstOrder Abstract Syntax). As such, HOAS is not only an encoding technique, but also a higherorder view of a firstorder reality. A rich collection of concepts and proof principles is developed inside the standard mathematical universe to give technical life to this point of view. The exercise consists of a new proof of Strong Normalization for System F. HOAS makes our proof considerably more direct than previous proofs. The concepts and results presented here have been formalized in the theorem prover Isabelle/HOL.