roofs in intuitionistic propositional natural deduction and simply-typed -terms. A related observation on proof in combinatory logic had been made previously by Curry [CF58]. A generalization of this observation to include quanti ers gives rise to the rich eld of type theory, which we will analyze in Chapter ??. Here we study the basic correspondence, extended to the case of linear logic. A linear -calculus of proof terms will be useful for us in various circumstances. First of all, it gives a compact and faithful representation of proofs as terms. Proof checking is reduced to type-checking in a -calculus. For example, if we do not trust the implementation of our theorem prover, we can instrument it to generate proof terms which can be veri ed independently. In this scenario we are just exploiting that validity of proof terms is an analytic judgment. Secondly, the terms in the -calculus provide the core of a functional language with an expressive type system, in which statemen

proofs in intuitionistic propositional natural deduction and simply-typed #-terms. A related observation on proof in combinatory logic had been made previously by Curry [CF58]. A generalization of this observation to include quantifiers gives rise to the rich field of type theory, which we will analyze in Chapter ??. Here we study the basic correspondence, extended to the case of linear logic. A linear #-calculus of proof terms will be useful for us in various circumstances. First of all, it gives a compact and faithful representation of proofs as terms. Proof checking is reduced to type-checking in a #-calculus. For example, if we do not trust the implementation of our theorem prover, we can instrument it to generate proof terms which can be verified independently. In this scenario we are just exploiting that validity of proof terms is an analytic judgment. Secondly, the terms in the #-calculus provide the core of a functional language with an expressive type system, in which statem

Well-established dependently-typed languages like Agda and Coq provide reliable ways to build and check formal proofs. Several other dependently-typed languages such as Aura, ATS, Cayenne, Epigram, F ⋆ , F7, Fine, Guru, PCML5, and Ur also explore reliable ways to develop and verify programs. All these languages shine in their own regard, but their implementations do not themselves enjoy the degree of safety provided by machine-checked verification. We propose a general technique called self-certification that allows a typechecker for a suitably expressive language to be certified for correctness. We have implemented this technique for F ⋆ , a dependently typed language on the.NET platform. Self-certification involves implementing a typechecker for F ⋆ in F ⋆ , while using all the conveniences F ⋆ provides for the compiler-writer (e.g., partiality, effects, implicit conversions, proof automation, libraries). This

It is well recognized that proofs serve two different goals. On one hand, they can serve the didactic purpose of explaining why a theorem holds: that is, a proof has a message that is meant to describe the “why ” behind a theorem. On the other hand, proofs can serve as certificates of validity. In this case, once a certificate