Results 1  10
of
14
Some lambda calculus and type theory formalized
 Journal of Automated Reasoning
, 1999
"... Abstract. We survey a substantial body of knowledge about lambda calculus and Pure Type Systems, formally developed in a constructive type theory using the LEGO proof system. On lambda calculus, we work up to an abstract, simplified, proof of standardization for beta reduction, that does not mention ..."
Abstract

Cited by 53 (7 self)
 Add to MetaCart
Abstract. We survey a substantial body of knowledge about lambda calculus and Pure Type Systems, formally developed in a constructive type theory using the LEGO proof system. On lambda calculus, we work up to an abstract, simplified, proof of standardization for beta reduction, that does not mention redex positions or residuals. Then we outline the meta theory of Pure Type Systems, leading to the strengthening lemma. One novelty is our use of named variables for the formalization. Along the way we point out what we feel has been learned about general issues of formalizing mathematics, emphasizing the search for formal definitions that are convenient for formal proof and convincingly represent the intended informal concepts.
Hoare Logic and VDM: MachineChecked Soundness and Completeness Proofs
, 1998
"... Investigating soundness and completeness of verification calculi for imperative programming languages is a challenging task. Many incorrect results have been published in the past. We take advantage of the computeraided proof tool LEGO to interactively establish soundness and completeness of both H ..."
Abstract

Cited by 31 (1 self)
 Add to MetaCart
Investigating soundness and completeness of verification calculi for imperative programming languages is a challenging task. Many incorrect results have been published in the past. We take advantage of the computeraided proof tool LEGO to interactively establish soundness and completeness of both Hoare Logic and the operation decomposition rules of the Vienna Development Method (VDM) with respect to operational semantics. We deal with parameterless recursive procedures and local variables in the context of total correctness. As a case study, we use LEGO to verify the correctness of Quicksort in Hoare Logic. As our main contribution, we illuminate the rle of auxiliary variables in Hoare Logic. They are required to relate the value of program variables in the final state with the value of program variables in the initial state. In our formalisation, we reflect their purpose by interpreting assertions as relations on states and a domain of auxiliary variables. Furthermore, we propose a new structural rule for adjusting auxiliary variables when strengthening preconditions and weakening postconditions. This rule is stronger than all previously suggested structural rules, including rules of adaptation. With the new treatment, we are able to show that, contrary to common belief, Hoare Logic subsumes VDM in that every derivation in VDM can be naturally embedded in Hoare Logic. Moreover, we establish completeness results uniformly as corollaries of Most General Formula theorems which remove the need to reason about arbitrary assertions.
A Dependently Typed Framework for Static Analysis of Program Execution Costs
 In Revised selected papers from IFL 2005: 17th international workshop on implementation and application of functional languages
, 2005
"... Abstract. This paper considers the use of dependent types to capture information about dynamic resource usage in a static type system. Dependent types allow us to give (explicit) proofs of properties with a program; we present a dependently typed core language ��, and define a framework within this ..."
Abstract

Cited by 13 (9 self)
 Add to MetaCart
Abstract. This paper considers the use of dependent types to capture information about dynamic resource usage in a static type system. Dependent types allow us to give (explicit) proofs of properties with a program; we present a dependently typed core language ��, and define a framework within this language for representing size metrics and their properties. We give several examples of size bounded programs within this framework and show that we can construct proofs of their size bounds within ��. We further show how the framework handles recursive higher order functions and sum types, and contrast our system with previous work based on sized types. 1
Search algorithms in type theory
, 2000
"... In this paper, we take an abstract view of search by describing search procedures via particular kinds of proofs in type theory. We rely on the proofsasprograms interpretation to extract programs from our proofs. Using these techniques we explore, in depth, a large family of search problems by par ..."
Abstract

Cited by 8 (2 self)
 Add to MetaCart
In this paper, we take an abstract view of search by describing search procedures via particular kinds of proofs in type theory. We rely on the proofsasprograms interpretation to extract programs from our proofs. Using these techniques we explore, in depth, a large family of search problems by parameterizing the speci cation of the problem. A constructive proof is presented which has as its computational content a correct search procedure for these problems. We show how a classical extension to an otherwise constructive system can be used to describe a typical use of the nonlocal control operator call/cc. Using the classical typing of nonlocal control we extend our purely constructive proof to incorporate a sophisticated backtracking technique known as ‘con ictdirected backjumping’ (CBJ). A variant of this proof is formalized in Nuprl yielding a correctbyconstruction implementation of CBJ. The extracted program has been translated into Scheme and serves as the basis for an implementation of a new solution to the Hamiltonian circuit problem. This paper demonstrates a nontrivial application of the proofsasprograms paradigm by applying the technique to the derivation of a sophisticated search algorithm; also, it shows the generality of the resulting implementation by demonstrating its application in a new problem
Inverting Inductively Defined Relations in LEGO
 TYPES FOR PROOFS AND PROGRAMS, ’96, VOLUME 1512 OF LNCS
, 1998
"... ..."
Synthetic Domain Theory in Type Theory: Another Logic of Computable Functions
 In Proceedings of TPHOL
, 1996
"... Abstract. We will present a Logic of Computable Functions based on the idea of Synthetic Domain Theory such that all functions are automatically continuous. Its implementation in the Lego proofchecker – the logic is formalized on top of the Extended Calculus of Constructions – has two main advantag ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
Abstract. We will present a Logic of Computable Functions based on the idea of Synthetic Domain Theory such that all functions are automatically continuous. Its implementation in the Lego proofchecker – the logic is formalized on top of the Extended Calculus of Constructions – has two main advantages. First, one gets machine checked proofs verifying that the chosen logical presentation of Synthetic Domain Theory is correct. Second, it gives rise to a LCFlike theory for verification of functional programs where continuity proofs are obsolete. Because of the powerful type theory even modular programs and specifications can be coded such that one gets a prototype setting for modular software verification and development. 1
An Account of Natural Language Coordination in Type Theory with Coercive Subtyping
"... We discuss the semantics of NL coordination in modern type theories (MTTs) with coercive subtyping. The issue of conjoinable types is handled by means of a type universe of linguistic types. We discuss quantifier coordination, arguing that they should be allowed in principle and that the semantic i ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
We discuss the semantics of NL coordination in modern type theories (MTTs) with coercive subtyping. The issue of conjoinable types is handled by means of a type universe of linguistic types. We discuss quantifier coordination, arguing that they should be allowed in principle and that the semantic infelicity of some cases of quantifier coordination is due to the incompatible semantics of the relevant quantifiers. NonBoolean collective readings of conjunction are also discussed and, in particular, treated as involving the vectors of type Vec(A,n), an inductive family of types in an MTT. Lastly, the interaction between coordination and copredication is briefly discussed, showing that the proposed account of coordination and that of copredication by means of dottypes combine consistently as expected.
K.: Dependently typed metaprogramming
 In: Proc. of 7th Symposium on Trends in Functional Programming. (2006) Available at http://www.cs.nott.ac.uk/˜nhn/TFP2006/Papers/30BradyHammondDependentlyTypedMetaProgramming.pdf
"... Dependent types and multi stage programming have both been used, separately, as implementation techniques for programming languages. Each technique has its own advantages — with dependent types, we can verify aspects of interpreters and compilers such as type safety and stack invariants. Multi stage ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Dependent types and multi stage programming have both been used, separately, as implementation techniques for programming languages. Each technique has its own advantages — with dependent types, we can verify aspects of interpreters and compilers such as type safety and stack invariants. Multi stage programming, on the other hand, can give the implementor access to underlying compiler technology; a staged interpreter is a translator. In this paper, we investigate how we might combine these techniques to implement a compiler for a resourcesafe functional programming language for embedded systems. 1
Phase distinctions in the compilation of Epigram
, 2005
"... Abstract. It is commonly believed that in dependently typed programming languages, the blurring of the distinction between types and values means that no type erasure is possible at runtime. In this paper, however, we propose an alternative phase distinction. Rather than distinguishing types and va ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
Abstract. It is commonly believed that in dependently typed programming languages, the blurring of the distinction between types and values means that no type erasure is possible at runtime. In this paper, however, we propose an alternative phase distinction. Rather than distinguishing types and values in the compilation of EPIGRAM, we distinguish compiletime and runtime evaluation, and show by a series of program transformations that values which are not required at runtime can be erased. 1
Constructing Correct Circuits: Verification of Functional Aspects of Hardware Specifications with Dependent Types
"... Abstract: This paper focuses on the important, but tricky, problem of determining provably correct program properties automatically from program source. We describe a novel approach to constructing correct lowlevel programs. By using modern, fullspectrum dependent types, we are able to give an exp ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
Abstract: This paper focuses on the important, but tricky, problem of determining provably correct program properties automatically from program source. We describe a novel approach to constructing correct lowlevel programs. By using modern, fullspectrum dependent types, we are able to give an explicit and checkable link between the lowlevel program and its highlevel meaning. Our approach closely links programming and theorem proving in that a type correct program is a constructive proof that the program meets its specification. It goes beyond typical modelchecking approaches, that are commonly used to check formal properties of lowlevel programs, by building proofs over abstractions of properties. In this way, we avoid the statespace explosion problem that bedevils modelchecking solutions. We are also able to consider properties over potentially infinite domains and determine properties for potentially infinite programs. We illustrate our approach by implementing a carryripple adder for binary numbers.