Results 1  10
of
22
Engineering formal metatheory
 In ACM SIGPLANSIGACT Symposium on Principles of Programming Languages
, 2008
"... Machinechecked proofs of properties of programming languages have become a critical need, both for increased confidence in large and complex designs and as a foundation for technologies such as proofcarrying code. However, constructing these proofs remains a black art, involving many choices in th ..."
Abstract

Cited by 84 (9 self)
 Add to MetaCart
Machinechecked proofs of properties of programming languages have become a critical need, both for increased confidence in large and complex designs and as a foundation for technologies such as proofcarrying code. However, constructing these proofs remains a black art, involving many choices in the formulation of definitions and theorems that make a huge cumulative difference in the difficulty of carrying out large formal developments. The representation and manipulation of terms with variable binding is a key issue. We propose a novel style for formalizing metatheory, combining locally nameless representation of terms and cofinite quantification of free variable names in inductive definitions of relations on terms (typing, reduction,...). The key technical insight is that our use of cofinite quantification obviates the need for reasoning about equivariance (the fact that free names can be renamed in derivations); in particular, the structural induction principles of relations
Some lambda calculus and type theory formalized
 Journal of Automated Reasoning
, 1999
"... Abstract. We survey a substantial body of knowledge about lambda calculus and Pure Type Systems, formally developed in a constructive type theory using the LEGO proof system. On lambda calculus, we work up to an abstract, simplified, proof of standardization for beta reduction, that does not mention ..."
Abstract

Cited by 52 (7 self)
 Add to MetaCart
Abstract. We survey a substantial body of knowledge about lambda calculus and Pure Type Systems, formally developed in a constructive type theory using the LEGO proof system. On lambda calculus, we work up to an abstract, simplified, proof of standardization for beta reduction, that does not mention redex positions or residuals. Then we outline the meta theory of Pure Type Systems, leading to the strengthening lemma. One novelty is our use of named variables for the formalization. Along the way we point out what we feel has been learned about general issues of formalizing mathematics, emphasizing the search for formal definitions that are convenient for formal proof and convincingly represent the intended informal concepts.
An Algorithm for TypeChecking Dependent Types
 Science of Computer Programming
, 1996
"... We present a simple typechecker for a language with dependent types and let expressions, with a simple proof of correctness. Introduction Type Theory provides an interesting approach to the problem of (interactive) proofchecking. Instead of introducing, like in LCF [10], an abstract data type of t ..."
Abstract

Cited by 45 (4 self)
 Add to MetaCart
We present a simple typechecker for a language with dependent types and let expressions, with a simple proof of correctness. Introduction Type Theory provides an interesting approach to the problem of (interactive) proofchecking. Instead of introducing, like in LCF [10], an abstract data type of theorems, it uses the proofsasprograms analogy and reduces the problem of proof checking to the problem of typechecking in a programming language with dependent types [5]. This approach presents several advantages, well described in [11,5], among those being the possibility of independent proof verification and of a uniform treatment for naming constants and theorems. It is crucial however for this approach to proofchecking to have a simple and reliable typechecking algorithm. Since the core part of such languages, like the ones described in [5,7], seems very simple, there may be some hope for such a short and simple typechecker for dependent types. Indeed, de Bruijn sketches such an al...
A Linear Spine Calculus
 Journal of Logic and Computation
, 2003
"... We present the spine calculus S ##&# as an efficient representation for the linear #calculus # ##&# which includes unrestricted functions (#), linear functions (#), additive pairing (&), and additive unit (#). S ##&# enhances the representation of Church's simply typed #calculus by enforcing ..."
Abstract

Cited by 32 (5 self)
 Add to MetaCart
We present the spine calculus S ##&# as an efficient representation for the linear #calculus # ##&# which includes unrestricted functions (#), linear functions (#), additive pairing (&), and additive unit (#). S ##&# enhances the representation of Church's simply typed #calculus by enforcing extensionality and by incorporating linear constructs. This approach permits procedures such as unification to retain the efficient head access that characterizes firstorder term languages without the overhead of performing #conversions at run time. Applications lie in proof search, logic programming, and logical frameworks based on linear type theories. It is also related to foundational work on term assignment calculi for presentations of the sequent calculus. We define the spine calculus, give translations of # ##&# into S ##&# and viceversa, prove their soundness and completeness with respect to typing and reductions, and show that the typable fragment of the spine calculus is strongly normalizing and admits unique canonical, i.e. ##normal, forms.
A Trustworthy Proof Checker
 IN ILIANO CERVESATO, EDITOR, WORKSHOP ON THE FOUNDATIONS OF COMPUTER SECURITY
, 2002
"... ProofCarrying Code (PCC) and other applications in computer security require machinecheckable proofs of properties of machinelanguage programs. The main advantage of the PCC approach is that the amount of code that must be explicitly trusted is very small: it consists of the logic in which predic ..."
Abstract

Cited by 29 (7 self)
 Add to MetaCart
ProofCarrying Code (PCC) and other applications in computer security require machinecheckable proofs of properties of machinelanguage programs. The main advantage of the PCC approach is that the amount of code that must be explicitly trusted is very small: it consists of the logic in which predicates and proofs are expressed, the safety predicate, and the proof checker. We have built a minimal proof checker, and we explain its design principles, and the representation issues of the logic, safety predicate, and safety proofs. We show that the trusted computing base (TCB) in such a system can indeed be very small. In our current system the TCB is less than 2,700 lines of code (an order of magnitude smaller even than other PCC systems) which adds to our confidence of its correctness.
Closure Under AlphaConversion
 In The Informal Proceeding of the 1993 Workshop on Types for Proofs and Programs
, 1993
"... this paper appears in Types for Proofs and Programs: International Workshop TYPES'93, Nijmegen, May 1993, Selected Papers, LNCS 806. abstraction, compute a type for its body in an extended context; to compute a type for an application, compute types for its left and right components, and check that ..."
Abstract

Cited by 23 (3 self)
 Add to MetaCart
this paper appears in Types for Proofs and Programs: International Workshop TYPES'93, Nijmegen, May 1993, Selected Papers, LNCS 806. abstraction, compute a type for its body in an extended context; to compute a type for an application, compute types for its left and right components, and check that they match appropriately. Lets use the algorithm to compute a type for a = [x:ø ][x:oe]x. FAILURE: no rule applies because x 2 Dom (x:ø )
An Implementation of LF with Coercive Subtyping & Universes
 Journal of Automated Reasoning
"... . We present `Plastic', an implementation of LF with Coercive Subtyping, and focus on its implementation of Universes. LF is a variant of MartinLof's logical framework, with explicitly typed abstractions. We outline the system of LF with its extensions of inductive types and coercions. Plastic is ..."
Abstract

Cited by 15 (9 self)
 Add to MetaCart
. We present `Plastic', an implementation of LF with Coercive Subtyping, and focus on its implementation of Universes. LF is a variant of MartinLof's logical framework, with explicitly typed abstractions. We outline the system of LF with its extensions of inductive types and coercions. Plastic is the first implementation of this extended system; we discuss motivations and basic architecture, and give examples of its use. LF is used to specify type theories. The theory UTT includes a hierarchy of universes which is specified in Tarski style. We outline the theory of these universes and explain how they are implemented in Plastic. Of particular interest is the relationship between universes and inductive types, and the relationship between universes and coercive subtyping. We claim that the combination of Tarskistyle universes together with coercive subtyping provides an ideal formulation of universes which is both semantically clear and practical to use. Keywords: type theory, un...
A Verified Typechecker
 PROCEEDINGS OF THE SECOND INTERNATIONAL CONFERENCE ON TYPED LAMBDA CALCULI AND APPLICATIONS, VOLUME 902 OF LECTURE NOTES IN COMPUTER SCIENCE
, 1995
"... ..."