Machine-checked proofs of properties of programming languages have become a critical need, both for increased confidence in large and complex designs and as a foundation for technologies such as proof-carrying code. However, constructing these proofs remains a black art, involving many choices in the formulation of definitions and theorems that make a huge cumulative difference in the difficulty of carrying out large formal developments. The representation and manipulation of terms with variable binding is a key issue. We propose a novel style for formalizing metatheory, combining locally nameless representation of terms and cofinite quantification of free variable names in inductive definitions of relations on terms (typing, reduction,...). The key technical insight is that our use of cofinite quantification obviates the need for reasoning about equivariance (the fact that free names can be renamed in derivations); in particular, the structural induction principles of relations

Abstract. Combining Higher Order Abstract Syntax (HOAS) and induction is well known to be problematic. We have implemented a tool called Hybrid, within Isabelle HOL, which does allow object logics to be represented using HOAS, and reasoned about using tactical theorem proving in general and principles of (co)induction in particular. In this paper we describe Hybrid, and illustrate its use with case studies. We also provide some theoretical adequacy results which underpin our practical work. 1 Introduction Many people are concerned with the development of computing systems which can be used to reason about and prove properties of programming languages. However, developing such systems is not easy. Difficulties abound in both practical implementation and underpinning theory. Our paper makes both a theoretical and practical contribution to this research area. More precisely, this paper concerns how to reason about object level logics with syntax involving variable binding--note that a programming language can be presented as an example of such an object logic. Our contribution is the provision of a mechanized tool, Hybrid, which has been coded within Isabelle HOL, and- provides a form of logical framework within which the syntax of an object

Abstract. This paper describes a proof of the Church-Rosser theorem within the Higher Order Logic (HOL) theorem prover. This follows the proof by Tait/Martin-Löf, preserving the elegance of the classic presentation by Barendregt. We model the lambda calculus with a name-carrying syntax, as in practical languages. The proof is simplified by forming a quotient of the name-carrying syntax by the α-equivalence relation, thus separating the concerns of α-equivalence and β-reduction. 1

This paper proves several generic variants of context lemmas and thus contributes to improving the tools for observational semantics of deterministic and non-deterministic higher-order calculi that use a small-step reduction semantics. The generic (sharing) context lemmas are provided for may- as well as two variants of must-convergence, which hold in a broad class of extended process- and extended lambda calculi, if the calculi satisfy certain natural conditions. As a guide-line, the proofs of the context lemmas are valid in call-by-need calculi, in call-by-value calculi if substitution is restricted to variable-by-variable and in process calculi like variants of the π-calculus. For calculi employing beta-reduction using a call-by-name or call-by-value strategy or similar reduction rules, some iu-variants of ciu-theorems are obtained from our context lemmas. Our results reestablish several context lemmas already proved in the literature, and also provide some new context lemmas as well as some new variants of the ciu-theorem. To make the results widely applicable, we use a higher-order abstract syntax that allows untyped calculi as well as certain simple typing schemes. The approach may lead to a unifying view of higher-order calculi, reduction, and observational equality.

The Hybrid system (Ambler et al., 2002b), implemented within Isabelle/HOL, allows object logics to be represented using higher order abstract syntax (HOAS), and reasoned about using tactical theorem proving in general and principles of (co)induction in particular. The form of HOAS provided by Hybrid is essentially a lambda calculus with constants. Of fundamental interest is the form of the lambda abstractions provided by Hybrid. The user has the convenience of writing lambda abstractions using names for the binding variables. However each abstraction is actually a definition of a de Bruijn expression, and Hybrid can unwind the user’s abstractions (written with names) to machine friendly de Bruijn expressions (without names). In this sense the formal system contains a hybrid of named and nameless bound variable notation. In this paper, we present a formal theory in a logical framework which can be viewed as a model of core Hybrid, and state and prove that the model is representationally adequate for HOAS. In particular, it is the canonical translation function from λ-expressions to Hybrid that witnesses adequacy. We also prove two results that characterise how Hybrid represents certain classes of λ-expressions. The Hybrid system contains a number of different syntactic classes of expression, and associated abstraction mechanisms. Hence this paper also aims to provide a self-contained theoretical introduction to both the syntax and key ideas of the system; background in automated theorem proving is not essential, although this paper will be of considerable interest to those who wish to work with Hybrid in Isabelle/HOL.

We present the titular proof development that has been verified in Isabelle/HOL. As a first, the proof is conducted exclusively by the primitive proof principles of the standard syntax and of the considered reduction relations: the naive way, so to speak. Curiously, the Barendregt Variable Convention takes on a central technical role in the proof. We also show (i) that our presentation of the λ-calculus coincides with Curry’s and Hindley’s when terms are considered equal up to α-equivalence and (ii) that the confluence properties of all considered systems are equivalent.