Results 11  20
of
49
A verified model checker for the modal µcalculus in Coq
 In TACAS, volume 1384 of LNCS
, 1998
"... . We report on the formalisation and correctness proof of a model checker for the modal calculus in Coq's constructive type theory. Using Coq's extraction mechanism we obtain an executable Caml program, which is added as a safe decision procedure to the system. An example illustrates ..."
Abstract

Cited by 11 (0 self)
 Add to MetaCart
. We report on the formalisation and correctness proof of a model checker for the modal calculus in Coq's constructive type theory. Using Coq's extraction mechanism we obtain an executable Caml program, which is added as a safe decision procedure to the system. An example illustrates its application in combination with deduction. 1 Introduction There is an obvious advantage in combining theorem proving and model checking techniques for the verification of reactive systems. The expressiveness of the theorem prover's (often higherorder) logic can be used to accommodate a variety of program modelling and verification paradigms, so infinite state and parametrised designs can be verified. However, using a theorem prover is not transparent and may require a fair amount of expertise. On the other hand, model checking is transparent, but exponential in the number of concurrent components. Its application is thus limited to systems with small state spaces. A combination of the two techn...
Program Extraction in simplytyped Higher Order Logic
 Types for Proofs and Programs (TYPES 2002), LNCS 2646
, 2002
"... Based on a representation of primitive proof objects as  terms, which has been built into the theorem prover Isabelle recently, we propose a generic framework for program extraction. We show how this framework can be used to extract functional programs from proofs conducted in a constructive fr ..."
Abstract

Cited by 9 (2 self)
 Add to MetaCart
Based on a representation of primitive proof objects as  terms, which has been built into the theorem prover Isabelle recently, we propose a generic framework for program extraction. We show how this framework can be used to extract functional programs from proofs conducted in a constructive fragment of the object logic Isabelle/HOL. A characteristic feature of our implementation of program extraction is that it produces both a program and a correctness proof. Since the extracted program is available as a function within the logic, its correctness proof can be checked automatically inside Isabelle.
On the strength of proofirrelevant type theories
 of Lecture Notes in Computer Science
, 2006
"... Vol. 4 (3:13) 2008, pp. 1–20 ..."
Realizability and parametricity in pure type systems
 In the Proceedings of FoSSaCS 2011 (Saarbruecken
, 2011
"... Abstract. We describe a systematic method to build a logic from any programming language described as a Pure Type System (PTS). The formulas of this logic express properties about programs. We define a parametricity theory about programs and a realizability theory for the logic. The logic is express ..."
Abstract

Cited by 6 (2 self)
 Add to MetaCart
Abstract. We describe a systematic method to build a logic from any programming language described as a Pure Type System (PTS). The formulas of this logic express properties about programs. We define a parametricity theory about programs and a realizability theory for the logic. The logic is expressive enough to internalize both theories. Thanks to the PTS setting, we abstract most idiosyncrasies specific to particular type theories. This confers generality to the results, and reveals parallels between parametricity and realizability. 1
The Calculus of Constructions and Higher Order Logic
 In preparation
, 1992
"... The Calculus of Constructions (CC) ([Coquand 1985]) is a typed lambda calculus for higher order intuitionistic logic: proofs of the higher order logic are interpreted as lambda terms and formulas as types. It is also the union of Girard's system F! ([Girard 1972]), a higher order typed lambda c ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
The Calculus of Constructions (CC) ([Coquand 1985]) is a typed lambda calculus for higher order intuitionistic logic: proofs of the higher order logic are interpreted as lambda terms and formulas as types. It is also the union of Girard's system F! ([Girard 1972]), a higher order typed lambda calculus, and a first order dependent typed lambda calculus in the style of de Bruijn's Automath ([de Bruijn 1980]) or MartinLof's intuitionistic theory of types ([MartinLof 1984]). Using the impredicative coding of data types in F! , the Calculus of Constructions thus becomes a higher order language for the typing of functional programs. We shall introduce and try to explain CC by exploiting especially the first point of view, by introducing a typed lambda calculus that faithfully represent higher order predicate logic (so for this system the CurryHoward `formulasastypes isomorphism' is really an isomorphism.) Then we discuss some propositions that are provable in CC but not in the higher or...
Verifying programs in the Calculus of Inductive Constructions
, 1997
"... . This paper deals with a particular approach to the verification of functional programs. A specification of a program can be represented by a logical formula [Con86, NPS90]. In a constructive framework, developing a program then corresponds to proving this formula. Given a specification and a progr ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
. This paper deals with a particular approach to the verification of functional programs. A specification of a program can be represented by a logical formula [Con86, NPS90]. In a constructive framework, developing a program then corresponds to proving this formula. Given a specification and a program, we focus on reconstructing a proof of the specification whose algorithmic contents corresponds to the given program. The best we can hope is to generate proof obligations on atomic parts of the program corresponding to logical properties to be verified. First, this paper studies a weak extraction of a program from a proof that keeps track of intermediate specifications. From such a program, we prove the determinism of retrieving proof obligations. Then, heuristic methods are proposed for retrieving the proof from a natural program containing only partial annotations. Finally, the implementation of this method as a tactic of the Coq proof assistant is presented. 1. Introduction A large p...
Intensionality, Extensionality, and Proof Irrelevance in Modal Type Theory
 Pages 221–230 of: Symposium on Logic in Computer Science
, 2001
"... We develop a uniform type theory that integrates intensionality, extensionality, and proof irrelevance as judgmental concepts. Any object may be treated intensionally (subject only to #conversion), extensionally (subject also to ##conversion), or as irrelevant (equal to any other object at the sam ..."
Abstract

Cited by 5 (3 self)
 Add to MetaCart
We develop a uniform type theory that integrates intensionality, extensionality, and proof irrelevance as judgmental concepts. Any object may be treated intensionally (subject only to #conversion), extensionally (subject also to ##conversion), or as irrelevant (equal to any other object at the same type), depending on where it occurs. Modal restrictions developed in prior work for simple types are generalized and employed to guarantee consistency between these views of objects. Potential applications are in logical frameworks, functional programming, and the foundations of firstorder modal logics.
Idris — systems programming meets full dependent types
 In Proc. 5th ACM workshop on Programming languages meets program verification, PLPV ’11
, 2011
"... Dependent types have emerged in recent years as a promising approach to ensuring program correctness. However, existing dependently typed languages such as Agda and Coq work at a very high level of abstraction, making it difficult to map verified programs to suitably efficient executable code. Thi ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
Dependent types have emerged in recent years as a promising approach to ensuring program correctness. However, existing dependently typed languages such as Agda and Coq work at a very high level of abstraction, making it difficult to map verified programs to suitably efficient executable code. This is particularly problematic for programs which work with bit level data, e.g. network packet processing, binary file formats or operating system services. Such programs, being fundamental to the operation of computers in general, may stand to benefit significantly from program verification techniques. This paper describes the use of a dependently typed programming language, IDRIS, for specifying and verifying properties of lowlevel systems programs, taking network packet processing as an extended example. We give an overview of the distinctive features of IDRIS which allow it to interact with external systems code, with precise types. Furthermore, we show how to integrate tactic scripts and plugin decision procedures to reduce the burden of proof on application developers. The ideas we present are readily adaptable to languages with related type systems.
Coq in Coq
, 1997
"... . We formalize the definition and the metatheory of the Calculus of Constructions (CC) using the proof assistant Coq. In particular, we prove strong normalization and decidability of type inference. From the latter proof, we extract a certified Objective Caml program which performs type inference in ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
. We formalize the definition and the metatheory of the Calculus of Constructions (CC) using the proof assistant Coq. In particular, we prove strong normalization and decidability of type inference. From the latter proof, we extract a certified Objective Caml program which performs type inference in CC and use this code to build a smallscale certified proofchecker. Key words: Type Theory, proofchecker, Calculus of Constructions, metatheory, strong normalization proof, program extraction. 1. Introduction 1.1. Motivations This work can be described as the formal certification in Coq of a proofchecker for the Calculus of Constructions (CC). We view it as a first experimental step towards a certified kernel for the whole Coq system, of which CC is a significative fragment. In decidable type theories, a proofchecker is a program which verifies whether a given judgement (input) is valid or not (output). Valid meaning that there exists a derivation for that judgement following the in...
Program Verification using Coq Introduction to the WHY tool
 TYPES SUMMER SCHOOL 2005
, 2005
"... ..."