A theory of recursive definitions has been mechanized in Isabelle's Zermelo-Fraenkel (ZF) set theory. The objective is to support the formalization of particular recursive definitions for use in verification, semantics proofs and other computational reasoning.

In Martin-Löf's type theory, general recursion is not available. The only iterating constructs are primitive recursion over natural numbers and other inductive sets. The paper describes a way to allow a general recursion operator in type theory (extended with propositions). A proof rule for the new operator is presented. The addition of the new operator will not distroy the property that all well-typed programs terminate. An advantage of the new program construct is that it is possible to separate the termination proof of the program from the proof of other properties.

Abstract. Fairly deep results of Zermelo-Frænkel (ZF) set theory have been mechanized using the proof assistant Isabelle. The results concern cardinal arithmetic and the Axiom of Choice (AC). A key result about cardinal multiplication is κ ⊗ κ = κ, where κ is any infinite cardinal. Proving this result required developing theories of orders, order-isomorphisms, order types, ordinal arithmetic, cardinals, etc.; this covers most of Kunen, Set Theory, Chapter I. Furthermore, we have proved the equivalence of 7 formulations of the Well-ordering Theorem and 20 formulations of AC; this covers the first two chapters of Rubin and Rubin, Equivalents of the Axiom of Choice, and involves highly technical material. The definitions used in the proofs are

Abstract not found

Abstract not found

The Calculus of Constructions is a higher-order formalism for writing constructive proofs in a natural deduction style, inspired from work of de Bruijn [2, 3], Girard [12], Martin-Löf [14] and Scott [18]. The calculus and its syntactic theory were presented in Coquand’s thesis [7], and an implementation by the author was used to mechanically verify a substantial number of proofs demonstrating the power of expression of the formalism [9]. The Calculus of Constructions is proposed as a foundation for the design of programming environments where programs are developed consistently with formal specifications. The current paper shows how to define inductive concepts in the calculus. A very general induction schema is obtained by postulating all elements of the type of interest to belong to the standard interpretation associated with a predicate map. This is similar to the treatment of D. Park [16], but the power of expression of the formalism permits a very direct treatment, in a language that is formalized enough to be actually implemented on computer. Special instances of the induction schema specialize to Nœtherian induction and Structural induction over any algebraic type. Computational Induction is treated in an axiomatization of Domain Theory in Constructions. It is argued that the resulting principle is more powerful than LCF’s [13], since the restriction on admissibility is expressible in the object language. Notations We assume the reader is familiar with the Calculus of Constructions, as presented in [7, 9, 10, 11]. More precisely, we shall use in the present paper the extended system defined in Section 11 of [8]. The notation [x: A]B stands for the algorithm with formal parameter x of type A and body B, whereas (x: A)B stands for the product of types B indexed by x ranging over A. Thus square brackets are used for λ-abstraction, whereas parentheses stand for product formation. The atom P rop is the type of logical propositions. The atom T ype stands for the first level in the predicative hierarchy of types (and thus we have P rop: T ype). We abbreviate (x: A)B into A → B whenever x does not occur in B. When B: P rop, we think of (x: A)B as the universally quantified proposition ∀x: A·B. When x does not occur in B and A: P rop,

Manna and Waldinger's theory of substitutions and unification has been verified using the Cambridge LCF theorem prover. A proof of the monotonicity of substitution is presented in detail, as an example of interaction with LCF. Translating the theory into LCF's domaintheoretic logic is largely straightforward. Well-founded induction on a complex ordering is translated into nested structural inductions. Correctness of unification is expressed using predicates for such properties as idempotence and most-generality. The verification is presented as a series of lemmas. The LCF proofs are compared with the original ones, and with other approaches. It appears di#cult to find a logic that is both simple and flexible, especially for proving termination.

Contents 1 Introduction 2 2 Type Theory as a Programming Language 3 2.1 Hello World in Type Theory . . . . . . . . . . . . . . . . . . . . . . 3 2.2 Hiding and argument synthesis . . . . . . . . . . . . . . . . . . . . . 4 2.3 Using dependent types in programming . . . . . . . . . . . . . . . . 4 2.4 Higher-order sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 3 Logic for free 8 3.1 Propositional logic . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 3.2 Predicate logic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 3.3 Equality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 3.4 Induction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 3.5 Inductively defined relations . . . . . . . . . . . . . . . . . . . . . . . 13 4 ALF's Type Theory 14 4.1 Judgements of Type Theory . . . . . . . . . . . . . . . . . . . . . . . 14 4.2 Conventions

This paper shows on a non-trivial example that it is possible to mix proving and computing using current technologies. We present a proof of the Buchberger's algorithm that has been developed in the Coq proof assistant. The formulation of the algorithm in Coq can then be efficiently compiled and used to do computation.

Abstract not found