Results 1  10
of
19
A Definitional TwoLevel Approach to Reasoning with HigherOrder Abstract Syntax
 Journal of Automated Reasoning
, 2010
"... Abstract. Combining higherorder abstract syntax and (co)induction in a logical framework is well known to be problematic. Previous work [ACM02] described the implementation of a tool called Hybrid, within Isabelle HOL, syntax, and reasoned about using tactical theorem proving and principles of (co ..."
Abstract

Cited by 14 (3 self)
 Add to MetaCart
Abstract. Combining higherorder abstract syntax and (co)induction in a logical framework is well known to be problematic. Previous work [ACM02] described the implementation of a tool called Hybrid, within Isabelle HOL, syntax, and reasoned about using tactical theorem proving and principles of (co)induction. Moreover, it is definitional, which guarantees consistency within a classical type theory. The idea is to have a de Bruijn representation of syntax, while offering tools for reasoning about them at the higher level. In this paper we describe how to use it in a multilevel reasoning fashion, similar in spirit to other metalogics such as Linc and Twelf. By explicitly referencing provability in a middle layer called a specification logic, we solve the problem of reasoning by (co)induction in the presence of nonstratifiable hypothetical judgments, which allow very elegant and succinct specifications of object logic inference rules. We first demonstrate the method on a simple example, formally proving type soundness (subject reduction) for a fragment of a pure functional language, using a minimal intuitionistic logic as the specification logic. We then prove an analogous result for a continuationmachine presentation of the operational semantics of the same language, encoded this time in an ordered linear logic that serves as the specification layer. This example demonstrates the ease with which we can incorporate new specification logics, and also illustrates a significantly
A TypePreserving Compiler in Haskell
, 2008
"... There has been a lot of interest of late for programming languages that incorporate features from dependent type systems and proof assistants, in order to capture important invariants of the program in the types. This allows typebased program verification and is a promising compromise between plain ..."
Abstract

Cited by 13 (3 self)
 Add to MetaCart
There has been a lot of interest of late for programming languages that incorporate features from dependent type systems and proof assistants, in order to capture important invariants of the program in the types. This allows typebased program verification and is a promising compromise between plain old types and full blown Hoare logic proofs. The introduction of GADTs in GHC (and more recently type families) made such dependent typing available in an industryquality implementation, making it possible to consider its use in large scale programs. We have undertaken the construction of a complete compiler for System F, whose main property is that the GHC type checker verifies mechanically that each phase of the compiler properly preserves types. Our particular focus is on “types rather than proofs”: reasonably few annotations that do not overwhelm the actual code. We believe it should be possible to write such a typepreserving compiler with an amount of extra code comparable to what is necessary for typical typed intermediate languages, but with the advantage of static checking. We will show in this paper the remaining hurdles to reach this goal.
How to make ad hoc proof automation less ad hoc
 In ICFP
, 2011
"... Most interactive theorem provers provide support for some form of usercustomizable proof automation. In a number of popular systems, such as Coq and Isabelle, this automation is achieved primarily through tactics, which are programmed in a separate language from that of the prover’s base logic. Whi ..."
Abstract

Cited by 9 (2 self)
 Add to MetaCart
Most interactive theorem provers provide support for some form of usercustomizable proof automation. In a number of popular systems, such as Coq and Isabelle, this automation is achieved primarily through tactics, which are programmed in a separate language from that of the prover’s base logic. While tactics are clearly useful in practice, they can be difficult to maintain and compose because, unlike lemmas, their behavior cannot be specified within the expressive type system of the prover itself. We propose a novel approach to proof automation in Coq that allows the user to specify the behavior of custom automated routines in terms of Coq’s own type system. Our approach involves a sophisticated application of Coq’s canonical structures, which generalize Haskell type classes and facilitate a flexible style of dependentlytyped logic programming. Specifically, just as Haskell type classes are used to infer the canonical implementation of an overloaded term at a given type, canonical structures can be used to infer the canonical proof of an overloaded lemma for a given instantiation of its parameters. We present a series of design patterns for canonical structure programming that enable one to carefully and predictably coax Coq’s type inference engine into triggering the execution of usersupplied algorithms during unification, and we illustrate these patterns through several realistic examples drawn from Hoare Type Theory. We assume no prior knowledge of Coq and describe the relevant aspects of Coq type inference from first principles.
Greedy Bidirectional Polymorphism
, 2009
"... Bidirectional typechecking has become popular in advanced type systems because it works in many situations where inference is undecidable. In this paper, I show how to cleanly handle parametric polymorphism in a bidirectional setting. The key contribution is a bidirectional type system for a subset ..."
Abstract

Cited by 6 (4 self)
 Add to MetaCart
Bidirectional typechecking has become popular in advanced type systems because it works in many situations where inference is undecidable. In this paper, I show how to cleanly handle parametric polymorphism in a bidirectional setting. The key contribution is a bidirectional type system for a subset of ML that supports firstclass (higherrank and even impredicative) polymorphism, and is complete for predicative polymorphism (including MLstyle polymorphism and higherrank polymorphism). The system’s power comes from bidirectionality combined with a “greedy ” method of finding polymorphic instances inspired by Cardelli’s early work on System F<:. This work demonstrates that bidirectionality is a good foundation for traditionally vexing features like firstclass polymorphism.
VeriML: Typed computation of logical terms inside a language with effects (extended version
, 2010
"... Modern proof assistants such as Coq and Isabelle provide high degrees of expressiveness and assurance because they support formal reasoning in higherorder logic and supply explicit machinecheckable proof objects. Unfortunately, large scale proof development in these proof assistants is still an ext ..."
Abstract

Cited by 6 (1 self)
 Add to MetaCart
Modern proof assistants such as Coq and Isabelle provide high degrees of expressiveness and assurance because they support formal reasoning in higherorder logic and supply explicit machinecheckable proof objects. Unfortunately, large scale proof development in these proof assistants is still an extremely difficult and timeconsuming task. One major weakness of these proof assistants is the lack of a single language where users can develop complex tactics and decision procedures using a rich programming model and in a typeful manner. This limits the scalability of the proof development process, as users avoid developing domainspecific tactics and decision procedures. In this paper, we present VeriML—a novel language design that couples a typesafe effectful computational language with firstclass support for manipulating logical terms such as propositions and proofs. The main idea behind our design is to integrate a rich logical framework—similar to the one supported by Coq— inside a computational language inspired by ML. The language design is such that the added features are orthogonal to the rest of the computational language, and also do not require significant additions to the logic language, so soundness is guaranteed. We have built a prototype implementation of VeriML including both its typechecker and an interpreter. We demonstrate the effectiveness of our design by showing a number of typesafe tactics and decision procedures written in VeriML.
An insider’s look at LF type reconstruction: Everything you (n)ever wanted to know
, 2010
"... Although type reconstruction for dependently typed languages is common in practical systems, it is still illunderstood. Detailed descriptions of the issues around it are hard to find and formal descriptions together with correctness proofs are nonexisting. In this paper, we discuss a onepass type ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
Although type reconstruction for dependently typed languages is common in practical systems, it is still illunderstood. Detailed descriptions of the issues around it are hard to find and formal descriptions together with correctness proofs are nonexisting. In this paper, we discuss a onepass type reconstruction for objects in the logical framework LF, describe formally the type reconstruction process using the framework of contextual modal types, and prove correctness of type reconstruction. Since type reconstruction will find the most general types and may leave free variables, we in addition describe abstraction which will return a closed object where all free variables are bound at the outside. We also implemented our algorithms as part of the Beluga language, and the performance of our type reconstruction algorithm is comparable to type reconstruction in existing systems such as the logical framework Twelf. 1
LFP – A Logical Framework with External Predicates
"... The LFP Framework is an extension of the HarperHonsellPlotkin’s Edinburgh Logical Framework LF with external predicates. This is accomplished by defining lock type constructors, which are a sort of ⋄modality constructors, releasing their argument under the condition that a possibly external predi ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
The LFP Framework is an extension of the HarperHonsellPlotkin’s Edinburgh Logical Framework LF with external predicates. This is accomplished by defining lock type constructors, which are a sort of ⋄modality constructors, releasing their argument under the condition that a possibly external predicate is satisfied on an appropriate typed judgement. Lock types are defined using the standard pattern of constructive type theory, i.e. via introduction, elimination, and equality rules. Using LFP, one can factor out the complexity of encoding specific features of logical systems which, otherwise, would be awkwardly encoded in LF, e.g. sideconditions in the application of rules in Modal Logics, and substructural rules, as in noncommutative Linear Logic. The idea of LFP is that these conditions need only to be specified, while their verification can be delegated to an external proof engine, in the style of the Poincaré Principle. We investigate and characterize the metatheoretical properties of the calculus underpinning LFP: strong normalization, confluence, and subject reduction. This latter property holds under the assumption that the predicates are wellbehaved, i.e. closed under weakening, permutation, substitution, and reduction in the arguments.
Beluga: programming with dependent types, contextual data, and contexts
"... Abstract. The logical framework LF provides an elegant foundation for specifying formal systems and proofs and it is used successfully in a wide range of applications such as certifying code and mechanizing metatheory of programming languages. However, incorporating LF technology into functional pro ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
Abstract. The logical framework LF provides an elegant foundation for specifying formal systems and proofs and it is used successfully in a wide range of applications such as certifying code and mechanizing metatheory of programming languages. However, incorporating LF technology into functional programming to allow programmers to specify and reason about formal guarantees of their programs from within the programming language itself has been a major challenge. In this paper, we present an overview of Beluga, a framework for programming and reasoning with formal systems. It supports specifying formal systems in LF and it also provides a dependently typed functional language that supports analyzing and manipulating LF data via pattern matching. A distinct feature of Beluga is its direct support for reasoning with contexts and contextual objects. Taken together these features lead to powerful language which supports writing compact and elegant proofs. 1
Covering all bases: design and implementation of case analysis for contextual objects
"... Abstract. We consider the question: Does a set of patterns cover all objects of a given type? This is straightforward in the simplytyped setting, but undecidable in the presence of dependent types. We discuss the question in the setting of Beluga, a dependentlytyped programming and reasoning envir ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
Abstract. We consider the question: Does a set of patterns cover all objects of a given type? This is straightforward in the simplytyped setting, but undecidable in the presence of dependent types. We discuss the question in the setting of Beluga, a dependentlytyped programming and reasoning environment which supports programming with contextual objects and contexts. We describe the design and implementation of a coverage algorithm for Beluga programs and provide an indepth comparison to closely related systems such as Twelf and Delphin. Our experience with coverage checking Beluga programs shows that many problems and difficulties are avoided. Beluga’s coverage algorithm has been used on a wide range of examples, from mechanizing the metatheory of programming languages from Pierce’s textbook Types and Programming Languages to the examples from the Twelf repository. 1
Explicit Substitutions for Contextual Type Theory
"... In this paper, we present an explicit substitution calculus which distinguishes between ordinary bound variables and metavariables. Its typing discipline is derived from contextual modal type theory. We first present a dependently typed lambda calculus with explicit substitutions for ordinary varia ..."
Abstract
 Add to MetaCart
In this paper, we present an explicit substitution calculus which distinguishes between ordinary bound variables and metavariables. Its typing discipline is derived from contextual modal type theory. We first present a dependently typed lambda calculus with explicit substitutions for ordinary variables and explicit metasubstitutions for metavariables. We then present a weak head normalization procedure which performs both substitutions lazily and in a single pass thereby combining substitution walks for the two different classes of variables. Finally, we describe a bidirectional type checking algorithm which uses weak head normalization and prove soundness.