Abstract not found

Based on a representation of primitive proof objects as - terms, which has been built into the theorem prover Isabelle recently, we propose a generic framework for program extraction. We show how this framework can be used to extract functional programs from proofs conducted in a constructive fragment of the object logic Isabelle/HOL. A characteristic feature of our implementation of program extraction is that it produces both a program and a correctness proof. Since the extracted program is available as a function within the logic, its correctness proof can be checked automatically inside Isabelle.

This paper reports a case study in the use of proof planning in the context of higher order syntax. Rippling is a heuristic for guiding rewriting steps in induction that has been used successfully in proof planning inductive proofs using first order representations. Ordinal arithmetic provides a natural set of higher order examples on which transfinite induction may be attempted using rippling. Previously Boyer-Moore style automation could not be applied to such domains. We demonstrate that a higher-order extension of the rippling heuristic is sufficient to plan such proofs automatically. Accordingly, ordinal arithmetic has been implemented in Clam, a higher order proof planning system for induction, and standard undergraduate text book problems have been successfully planned. We show the synthesis of a fixpoint for normal ordinal functions which demonstrates how our automation could be extended to produce more interesting results than the textbook examples tried so far.

Abstract. We prove a general strong normalization theorem for higher type rewrite systems based on Tait's strong computability predicates and a strictly continuous domain-theoretic semantics. The theorem applies to extensions of G"odel's system T, but also to various forms of bar recursion for which strong normalization was hitherto unknown.

In this article we show how we proved correctness of the translation from a small applicative language with recursive definitions (Mini-ML) to the Categorical abstract machine (CAM) using the Coq system. Our aim was to mechanise the proof of J. Despeyroux [10]. Like her, we use natural semantics to axiomatise the semantics of our languages. The axiomatisations of inferences systems and of the languages is nicely performed by the mechanism of inductive definitions in the Coq system. Unfortunately both the source and the target semantics involve nested structures that cannot be formalised inductively. We have overcome this problem by making some slight modifications of both the source and target semantics and show how the changes in the source and target semantics are related. For the remaining tranlation we explain how we can use the Coq system to formalize non-terminating programs and incorrect programs, objects that are impossible to explain with only the formalism of natural semantic...

A function has a dependent type when the type of its result depends upon the value of its argument. The type o all types is the type of every type, including itself. In a typed A-calculus, these two features synergize in a conceptually clean and uniform way to yield enormous expressive power at very little apparent cost. By reconstructing and analyzing a paradox due to Girard, we argue that there is no effective typechecking algorithm for such a language.

Coq and HOL are proof systems based upon versions of higher order logic, which broadly follow the LCF theorem proving paradigm. However, Coq is based on a constructive logic, whereas HOL is based on classical higher-order logic. Both systems have been advocated for the specification and verification of hardware. In this paper we describe a detailed comparison of the two approaches for specifying the structure and behaviour of hardware using these systems. The example used is the Fairisle 4 by 4 switching fabric : a real ATM network chip. We discuss the advantages and disadvantages of both the underlying logics and their particular implementations as embodied in the two proof systems. Different styles were used in the two specifications. We therefore also compare these two styles and note the extent to which their choice was determined by the logic, its implementation or personal choice of the specifier. 1 Introduction There currently exist a wide range of proof systems based on diffe...

: Coq is a proof assistant based on a higher-order logic allowing powerful definitions of functions. Coq V6.1 is available by anonymous ftp at ftp.inria.fr:/INRIA/Projects/coq/V6.1 and ftp.ens-lyon.fr:/pub/LIP/COQ/V6.1 Key-words: Coq, Proof Assistant, Formal Proofs, Calculus of Inductives Constructions (R'esum'e : tsvp) This research was partly supported by ESPRIT Basic Research Action "Types" and by the GDR "Programmation " co-financed by MRE-PRC and CNRS. Unit'e de recherche INRIA Rocquencourt Domaine de Voluceau, Rocquencourt, BP 105, 78153 LE CHESNAY Cedex (France) T'el'ephone : (33 1) 39 63 55 11 -- T'el'ecopie : (33 1) 39 63 53 30 Manuel de r'ef'erence du syst`eme Coq version V6.1 R'esum'e : Coq est un syst`eme permettant le d'eveloppement et la v'erification de preuves formelles dans une logique d'ordre sup'erieure incluant un riche langage de d'efinitions de fonctions. Ce document constitue le manuel de r'ef'erence de la version V6.1 qui est distribu 'ee par ftp ...

Nowadays, type theory has many applications and is used in many different disciplines. Within computer science, logic and mathematics, there are many different type systems. They serve several purposes, and are formulated in various ways. A general framework called Pure Type Systems (PTSs for short) has been introduced independently by Terlouw and Berardi in 1988 and 1989, in order to provide a unified formalism in which many type systems can be represented. In particular, PTSs allow the representation of the simple theory of types, the polymophic theory of types, the dependent theory of types and various other well-known type systems such as the Edinburgh Logical Frameworks LF and the Automath system. Pure Type Systems are usually presented using variable names. In this article, we present a formulation of PTSs with de Bruijn indices. De Bruijn indices [6] avoid the problems caused by variable names during the implementation of type systems. We show that PTSs with variable names and PTSs with de Bruijn indices are isomorphic. This isomorphism enables us to answer questions about PTSs with de Bruijn indices including confluence, termination (strong normalisation) and safety (subject reduction).

. This paper presents a toolbox implemented in Coq and dedicated to the specification and verification of synchronous sequential devices. The use of Coq co-inductive types underpins our methodology and leads to elegant and uniform descriptions of the circuits and their behaviours as well as clear and short proofs. An application to a non trivial circuit is given as an illustration. 1 Introduction Co-induction is a powerful tool for dealing with infinite structures. It is especially well suited to prove properties about circuits where one has to cope with infinitely long temporal sequences. This work presents a general methodology to specifying and proving synchronous sequential circuits in the Calculus of Inductive Constructions (enriched with Co-inductive types) implemented in the Coq proof assistant [1]. It is a continuation of [5], where we made heavy use of dependent types. We go deeply into this direction, introducing dependent types systematically whenever this leads to m...