Our objective is to describe a formal proof of correctness for the following Haskell [13] program in a type theory-based proof verification system, such as the Coq system [10, 1]. sieve (p:rest) = p:sieve [r | r <- rest, r ‘rem ‘ p / = 0] primes = sieve [2..] This program is a functional implementation of Eratosthenes ’ sieve that consists in removing all multiples of previously found primes from the sequence of natural numbers. We want to prove that the expression primes is the stream containing all the prime numbers in increasing order. This work relies on co-inductive types [5, 11, 12] because the program manipulates infinite lists, also known as streams. It first uses the infinite list of natural numbers larger than 2, then the infinite list of numbers larger than 3 and containing no multiples of 2, then the infinite list of numbers larger than 4 and containing no multiples of prime numbers smaller than 4, and so on. This example was initially proposed as a challenge by G. Kahn and used as an illustration of a program and its proof of correctness in a

Over the last decade, the increasing demand for the validation of safety critical systems lead to the development of domain-specific programming languages (e.g. synchronous languages) and automatic verification tools (e.g. model checkers). Conventionally, the verification of a reactive system is implemented by specifying a discrete model of the system (i.e. a finite-state machine) and then checking this model against temporal properties (e.g. using an automata-based tool). We investigate the use of a theorem prover, Coq, for the specification of infinite state systems and for the verification of co-inductive properties.

When providing a collection of constructors to define an inductive type, we actually also define a dual operation: a destructor. This destructor is always defined using the same structure of pattern-matching, so that we have a tendency to forget that we do extend the “pattern-matching ” capability with a new destructor at each definition. Constructors and destructors play a dual role in the definition of inductive types. Constructors produce elements of the inductive type, destructors consume elements of the inductive type. The inductive type itself is defined as the smallest collection of elements that is stable with respect to the constructors: it must contain all constants that are declared to be in the inductive type and all results of the constructors when the arguments of these constructors are already found to be in the inductive type. When considering structural recursion, recursive definitions are functions that consume elements of the inductive type. The discipline of structural recursion imposes that recursive calls consume data that is obtained through the destructor. The inductive type uses the constructors and destructors in a specific way. Co-inductive

We provide a treatise about checking proofs of distributed systems by computer using general purpose proof checkers. In particular, we present two approaches to verifying and checking the verification of the Sequential Line Interface Protocol (SLIP), one using rewriting techniques and one using the so-called cones and foci theorem. Both verifications are carried out in the setting of process algebra. Finally, we present an overview of literature containing checked proofs. Note: The research of the second author is supported by Human Capital Mobility (HCM). 1 Proof checkers Anyone trying to use a proof checker, e.g. Isabelle [67, 68], HOL [29], Coq [20], PVS [78], Boyer-Moore [14] or many others that exist today has experienced the same frustration. It is very difficult to prove even the simplest theorem. In the first place it is difficult to get acquainted to the logical language of the system. Most systems employ higher order logics that are extremely versatile and expressive. Howev...

We introduce a coinductive logical system à la Gentzen for establishing bisimulation equivalences on circular non-wellfounded regular objects, inspired by work of Coquand, and of Brandt and Henglein. In order to describe circular objects, we utilize a typed language, whose coinductive types involve disjoint sum, cartesian product, and finite powerset constructors. Our system is shown to be complete with respect to a maximal fixed point semantics. It is shown to be complete also with respect to an equivalent final semantics. In this latter semantics, terms are viewed as points of a coalgebra for a suitable endofunctor on the category Set of non-wellfounded sets. Our system subsumes an axiomatization of regular processes, alternative to the classical one given by Milner.

We propose a series of work areas related to type theory and functional programming. By type theory we mean the formulation of Martin-Lof's set theory using the theory of types as logical framework, extended with record types and subtyping. The areas presented are: the implementation of an environment for carrying out constructions in type theory, the systematic development of programming in type theory as a formal discipline and the formalization in type theory of the theory of functional programming languages. We also give a succint introduction to a theory of specifications and programs in which programs and their correctness proofs are separated but still can be built up simultaneously; we propose the implementation of a programming system for this theory too. The group of people presenting this work proposal is defined by their common interest to work together in at least one of the areas proposed. There will be people working in each of these areas in the Plata region. 1. Introdu...

Abstract. We present a coinductive proof system for bisimilarity in transition systems specifiable in the de Simone SOS format. Our coinduction is incremental, in that it allows building incrementally an a priori unknown bisimulation, and pattern-based, in that it works on equalities of process patterns (i.e., universally quantified equations of process terms containing process variables), thus taking advantage of equational reasoning in a “circular ” manner, inside coinductive proof loops. The proof system has been formalized and proved sound in Isabelle/HOL. 1