This paper presents a fixedpoint approach to inductive definitions. Instead of using a syntactic test such as "strictly positive," the approach lets definitions involve any operators that have been proved monotone. It is conceptually simple, which has allowed the easy implementation of mutual recursion and iterated definitions. It also handles coinductive definitions: simply replace the least fixedpoint by a greatest fixedpoint. The method

The logical framework LF is a type theory defined by Harper, Honsell and Plotkin. It is wellsuited to serve as a meta language to represent deductive systems. LF and its logic programming implementation Elf are also well-suited to represent meta-theoretic proofs and their computational content, but search for such proofs lies outside the framework. This thesis proposes a computational meta logic (MLF) for the Horn fragment of LF. The Horn fragment is a significant restriction of LF but it is powerful enough to represent non-trivial problems. This thesis demonstrates how MLF can be used for the problem of compiler verification. It also discusses some theoretical properties of MLF. Contents 1 Introduction 1 2 Motivation 3 2.1 An Example : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 4 2.1.1 A Toy Language : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 4 2.1.2 Natural Semantics : : : : : : : : : : : : : : : : : : : : : : : : : : : : : :...

This paper has proposed several combinators for structuring recursive programs according to the control implicit in datatype algebras (and coalgebras). We have insufficient experience in using these combinators to make strong claims for their superiority, but it is encouraging that they seem to have natural and intuitive proof rules. Furthermore, they suggest styles of programming that allow one to anticipate sources of possible non-termination and of space leaks, and to take appropriate measures to avoid them. References

: Coq is a proof assistant based on a higher-order logic allowing powerful definitions of functions. Coq V6.1 is available by anonymous ftp at ftp.inria.fr:/INRIA/Projects/coq/V6.1 and ftp.ens-lyon.fr:/pub/LIP/COQ/V6.1 Key-words: Coq, Proof Assistant, Formal Proofs, Calculus of Inductives Constructions (R'esum'e : tsvp) This research was partly supported by ESPRIT Basic Research Action "Types" and by the GDR "Programmation " co-financed by MRE-PRC and CNRS. Unit'e de recherche INRIA Rocquencourt Domaine de Voluceau, Rocquencourt, BP 105, 78153 LE CHESNAY Cedex (France) T'el'ephone : (33 1) 39 63 55 11 -- T'el'ecopie : (33 1) 39 63 53 30 Manuel de r'ef'erence du syst`eme Coq version V6.1 R'esum'e : Coq est un syst`eme permettant le d'eveloppement et la v'erification de preuves formelles dans une logique d'ordre sup'erieure incluant un riche langage de d'efinitions de fonctions. Ce document constitue le manuel de r'ef'erence de la version V6.1 qui est distribu 'ee par ftp ...

1.1 An overview of the specification language Gallina.................... 5

ion All Axiom Begin Cd Chapter Check CheckGuard CoFixpoint Compute Defined Definition Drop Elimination End Eval Explain Extraction Fact Fixpoint Focus for Go Goal Hint Hypothesis Immediate Induction Inductive Infix Inspect Lemma Let Local Minimality ML Module Modules Mutual Node Opaque Parameter Parameters Print Proofs Prop Pwd Qed Remark Require Restart Resume Save Scheme Script Search Section Set Show Silent States Suspend Syntactic Theorem Token Transparent Tree Type TypeSet Undo Unfocus Variable Variables Write Other keywords and user's tokens The following sequences of characters are also keywords: --- : := = ? ?? !? !! ! -? ; # * , ? @ :: / !- You can add new tokens with the command Token (see section 5.7.4). New tokens must be sequences, without blanks, of characters taken from the following list: ! ? / " - + = ; , --- ! @ # % & ? * : ~ $ a..z A..Z ' 0..9 that do not start with a character from $ a..z A..Z ' 0..9 Lexical ambiguities are resolved according to the "longest m...

this paper is but a tiny initial fragment of the theory of categories. However, it is quite promising, in that the power of dependent types and inductive types (or at least \Sigma-types) is put to full use; note in particular the dependent equality between morphisms of possibly non-convertible types.

syntax of elementary languages in Gedanken . . . . . . . . . . . 129 7.1 Match counting algorithm for patterns over PC k . . . . . . . . . . . . . 157 8.1 log 2 speed of Model Graphs after elimination . . . . . . . . . . . . . . . 187 8.2 log 2 speed-up of Model Graphs after elimination . . . . . . . . . . . . . 188 8.3 log 2 speed of Model Graphs after invalidation . . . . . . . . . . . . . . . 188 8.4 log 2 speed-up of Model Graphs after invalidation . . . . . . . . . . . . . 189 ix Chapter 1 Summary One goal of computer science has been to develop a tool T to aid a programmer in building a program P that satisfies a specification S by helping the programmer build a proof in some logic of programs L that shows that P satisfies S. S typically is a pair of propositions (#, #) such that, for an input x to P , #(x) # #(P (x)) when P is defined on x. # is called the precondition or assumption, and # is called the postcondition or assertion. The problem of finding a suitable logic L of programs and specifications and verification tool T may be generically referred to as the "Floyd-Hoare problem", formulated around 1967 [Flo67, Hoa69]. Around 1977, Davis and Schwartz proposed an extension of the Floyd-Hoare problem in which there are multiple assumptions and assertions, referring to the state of a program as execution passes through di#erent places # in the program [DS77, Sch77]. A placed proposition is then a pair (#, #), where # is either a line of a program or the name of a function. A placed proposition (#, #) holds when, if execution reaches # and the value of the variables X in P is V , then #(V ) is valid. A program with assumptions and assertions or praa is then a triple R = (P, E, F ) where the assumptions E and assertions F are sets of placed propositions. T...