Results 1  10
of
29
How to make ad hoc proof automation less ad hoc
 In ICFP
, 2011
"... Most interactive theorem provers provide support for some form of usercustomizable proof automation. In a number of popular systems, such as Coq and Isabelle, this automation is achieved primarily through tactics, which are programmed in a separate language from that of the prover’s base logic. Whi ..."
Abstract

Cited by 26 (7 self)
 Add to MetaCart
(Show Context)
Most interactive theorem provers provide support for some form of usercustomizable proof automation. In a number of popular systems, such as Coq and Isabelle, this automation is achieved primarily through tactics, which are programmed in a separate language from that of the prover’s base logic. While tactics are clearly useful in practice, they can be difficult to maintain and compose because, unlike lemmas, their behavior cannot be specified within the expressive type system of the prover itself. We propose a novel approach to proof automation in Coq that allows the user to specify the behavior of custom automated routines in terms of Coq’s own type system. Our approach involves a sophisticated application of Coq’s canonical structures, which generalize Haskell type classes and facilitate a flexible style of dependentlytyped logic programming. Specifically, just as Haskell type classes are used to infer the canonical implementation of an overloaded term at a given type, canonical structures can be used to infer the canonical proof of an overloaded lemma for a given instantiation of its parameters. We present a series of design patterns for canonical structure programming that enable one to carefully and predictably coax Coq’s type inference engine into triggering the execution of usersupplied algorithms during unification, and we illustrate these patterns through several realistic examples drawn from Hoare Type Theory. We assume no prior knowledge of Coq and describe the relevant aspects of Coq type inference from first principles.
A Definitional TwoLevel Approach to Reasoning with HigherOrder Abstract Syntax
 Journal of Automated Reasoning
, 2010
"... Abstract. Combining higherorder abstract syntax and (co)induction in a logical framework is well known to be problematic. Previous work [ACM02] described the implementation of a tool called Hybrid, within Isabelle HOL, syntax, and reasoned about using tactical theorem proving and principles of (co ..."
Abstract

Cited by 21 (4 self)
 Add to MetaCart
Abstract. Combining higherorder abstract syntax and (co)induction in a logical framework is well known to be problematic. Previous work [ACM02] described the implementation of a tool called Hybrid, within Isabelle HOL, syntax, and reasoned about using tactical theorem proving and principles of (co)induction. Moreover, it is definitional, which guarantees consistency within a classical type theory. The idea is to have a de Bruijn representation of syntax, while offering tools for reasoning about them at the higher level. In this paper we describe how to use it in a multilevel reasoning fashion, similar in spirit to other metalogics such as Linc and Twelf. By explicitly referencing provability in a middle layer called a specification logic, we solve the problem of reasoning by (co)induction in the presence of nonstratifiable hypothetical judgments, which allow very elegant and succinct specifications of object logic inference rules. We first demonstrate the method on a simple example, formally proving type soundness (subject reduction) for a fragment of a pure functional language, using a minimal intuitionistic logic as the specification logic. We then prove an analogous result for a continuationmachine presentation of the operational semantics of the same language, encoded this time in an ordered linear logic that serves as the specification layer. This example demonstrates the ease with which we can incorporate new specification logics, and also illustrates a significantly
A TypePreserving Compiler in Haskell
, 2008
"... There has been a lot of interest of late for programming languages that incorporate features from dependent type systems and proof assistants, in order to capture important invariants of the program in the types. This allows typebased program verification and is a promising compromise between plain ..."
Abstract

Cited by 13 (3 self)
 Add to MetaCart
There has been a lot of interest of late for programming languages that incorporate features from dependent type systems and proof assistants, in order to capture important invariants of the program in the types. This allows typebased program verification and is a promising compromise between plain old types and full blown Hoare logic proofs. The introduction of GADTs in GHC (and more recently type families) made such dependent typing available in an industryquality implementation, making it possible to consider its use in large scale programs. We have undertaken the construction of a complete compiler for System F, whose main property is that the GHC type checker verifies mechanically that each phase of the compiler properly preserves types. Our particular focus is on “types rather than proofs”: reasonably few annotations that do not overwhelm the actual code. We believe it should be possible to write such a typepreserving compiler with an amount of extra code comparable to what is necessary for typical typed intermediate languages, but with the advantage of static checking. We will show in this paper the remaining hurdles to reach this goal.
VeriML: Typed computation of logical terms inside a language with effects
, 2010
"... Modern proof assistants such as Coq and Isabelle provide high degrees of expressiveness and assurance because they support formal reasoning in higherorder logic and supply explicit machinecheckable proof objects. Unfortunately, large scale proof development in these proof assistants is still an ex ..."
Abstract

Cited by 12 (1 self)
 Add to MetaCart
(Show Context)
Modern proof assistants such as Coq and Isabelle provide high degrees of expressiveness and assurance because they support formal reasoning in higherorder logic and supply explicit machinecheckable proof objects. Unfortunately, large scale proof development in these proof assistants is still an extremely difficult and timeconsuming task. One major weakness of these proof assistants is the lack of a single language where users can develop complex tactics and decision procedures using a rich programming model and in a typeful manner. This limits the scalability of the proof development process, as users avoid developing domainspecific tactics and decision procedures. In this paper, we present VeriML—a novel language design that couples a typesafe effectful computational language with firstclass support for manipulating logical terms such as propositions and proofs. The main idea behind our design is to integrate a rich logical framework—similar to the one supported by Coq—inside a computational language inspired by ML. The language design is such that the added features are orthogonal to the rest of the computational language, and also do not require significant additions to the logic language, so soundness is guaranteed. We have built a prototype implementation of VeriML including both its typechecker and an interpreter. We demonstrate the effectiveness of our design by showing a number of typesafe tactics and decision procedures written in VeriML.
An insider’s look at LF type reconstruction: Everything you (n)ever wanted to know
, 2010
"... Although type reconstruction for dependently typed languages is common in practical systems, it is still illunderstood. Detailed descriptions of the issues around it are hard to find and formal descriptions together with correctness proofs are nonexisting. In this paper, we discuss a onepass type ..."
Abstract

Cited by 6 (3 self)
 Add to MetaCart
(Show Context)
Although type reconstruction for dependently typed languages is common in practical systems, it is still illunderstood. Detailed descriptions of the issues around it are hard to find and formal descriptions together with correctness proofs are nonexisting. In this paper, we discuss a onepass type reconstruction for objects in the logical framework LF, describe formally the type reconstruction process using the framework of contextual modal types, and prove correctness of type reconstruction. Since type reconstruction will find the most general types and may leave free variables, we in addition describe abstraction which will return a closed object where all free variables are bound at the outside. We also implemented our algorithms as part of the Beluga language, and the performance of our type reconstruction algorithm is comparable to type reconstruction in existing systems such as the logical framework Twelf. 1
Greedy Bidirectional Polymorphism
, 2009
"... Bidirectional typechecking has become popular in advanced type systems because it works in many situations where inference is undecidable. In this paper, I show how to cleanly handle parametric polymorphism in a bidirectional setting. The key contribution is a bidirectional type system for a subset ..."
Abstract

Cited by 6 (4 self)
 Add to MetaCart
Bidirectional typechecking has become popular in advanced type systems because it works in many situations where inference is undecidable. In this paper, I show how to cleanly handle parametric polymorphism in a bidirectional setting. The key contribution is a bidirectional type system for a subset of ML that supports firstclass (higherrank and even impredicative) polymorphism, and is complete for predicative polymorphism (including MLstyle polymorphism and higherrank polymorphism). The system’s power comes from bidirectionality combined with a “greedy ” method of finding polymorphic instances inspired by Cardelli’s early work on System F<:. This work demonstrates that bidirectionality is a good foundation for traditionally vexing features like firstclass polymorphism.
Beluga: programming with dependent types, contextual data, and contexts
"... Abstract. The logical framework LF provides an elegant foundation for specifying formal systems and proofs and it is used successfully in a wide range of applications such as certifying code and mechanizing metatheory of programming languages. However, incorporating LF technology into functional pro ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
Abstract. The logical framework LF provides an elegant foundation for specifying formal systems and proofs and it is used successfully in a wide range of applications such as certifying code and mechanizing metatheory of programming languages. However, incorporating LF technology into functional programming to allow programmers to specify and reason about formal guarantees of their programs from within the programming language itself has been a major challenge. In this paper, we present an overview of Beluga, a framework for programming and reasoning with formal systems. It supports specifying formal systems in LF and it also provides a dependently typed functional language that supports analyzing and manipulating LF data via pattern matching. A distinct feature of Beluga is its direct support for reasoning with contexts and contextual objects. Taken together these features lead to powerful language which supports writing compact and elegant proofs. 1
LFP  A Logical Framework with External Predicates
, 2012
"... The LFP Framework is an extension of the HarperHonsellPlotkin’s Edinburgh Logical Framework LF with external predicates. This is accomplished by defining lock type constructors, which are a sort of ⋄modality constructors, releasing their argument under the condition that a possibly external predi ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
(Show Context)
The LFP Framework is an extension of the HarperHonsellPlotkin’s Edinburgh Logical Framework LF with external predicates. This is accomplished by defining lock type constructors, which are a sort of ⋄modality constructors, releasing their argument under the condition that a possibly external predicate is satisfied on an appropriate typed judgement. Lock types are defined using the standard pattern of constructive type theory, i.e. via introduction, elimination, and equality rules. Using LFP, one can factor out the complexity of encoding specific features of logical systems which, otherwise, would be awkwardly encoded in LF, e.g. sideconditions in the application of rules in Modal Logics, and substructural rules, as in noncommutative Linear Logic. The idea of LFP is that these conditions need only to be specified, while their verification can be delegated to an external proof engine, in the style of the Poincaré Principle. We investigate and characterize the metatheoretical properties of the calculus underpinning LFP: strong normalization, confluence, and subject reduction. This latter property holds under the assumption that the predicates are wellbehaved, i.e. closed under weakening, permutation, substitution, and reduction in the arguments.
Typed syntactic metaprogramming
 International Conference on Functional Programming (ICFP
, 2013
"... We present a novel set of metaprogramming primitives for use in a dependentlytyped functional language. The types of our metaprograms provide strong and precise guarantees about their termination, correctness and completeness. Our system supports typesafe construction and analysis of terms, typ ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
(Show Context)
We present a novel set of metaprogramming primitives for use in a dependentlytyped functional language. The types of our metaprograms provide strong and precise guarantees about their termination, correctness and completeness. Our system supports typesafe construction and analysis of terms, types and typing contexts. Unlike alternative approaches, they are written in the same style as normal programs and use the language’s standard functional computational model. We formalise the new metaprogramming primitives, implement them as an extension of Agda, and provide evidence of usefulness by means of two compelling applications in the fields of datatypegeneric programming and proof tactics.
Structural Recursion over Contextual Objects
"... Abstract—A core programming language is presented that allows structural recursion over open LF objects and contexts. The main technical tool is a coverage checking algorithm that also generates valid recursive calls. Termination of callbyvalue reduction is proven using a reducibility semantics. T ..."
Abstract

Cited by 3 (3 self)
 Add to MetaCart
(Show Context)
Abstract—A core programming language is presented that allows structural recursion over open LF objects and contexts. The main technical tool is a coverage checking algorithm that also generates valid recursive calls. Termination of callbyvalue reduction is proven using a reducibility semantics. This establishes consistency and allows the implementation of proofs about LF specifications as wellfounded recursive functions using simultaneous pattern matching. I.