. This paper describes a system to support reasoning about lazy functional programs. We describe an approach based on combining a deep embedding of the language in HOL and a set of proof tools to raise the level of interaction with the theorem prover. This approach allows meta-theoretic reasoning about the semantics and reasoning about undefined programs while still supporting practical reasoning about programs in the language. 1 Introduction It is often claimed that functional programming languages, and in particular pure functional languages, are suitable for formal reasoning. This claim is supported by the fact that many people in the functional programming community do reason about their programs in a formal or semi-formal way. Depending on the nature of the problem, different styles of reasoning, such as equational reasoning, induction and co-induction, are used. This paper discusses some of the technical issues involved in constructing a proof tool, using HOL [4], for reasoning ...

We study the problem of representing a modular specification language in a type-theory based theorem prover. Our goals are: to provide mechanical support for reasoning about specifications and about the specification language itself; to clarify the semantics of the specification language by formalising them fully; to augment the specification language with a programming language in a setting where they are both part of the same formal environment, allowing us to define a formal implementation relationship between the two. Previous work on similar issues has given rise to a dichotomy between “shal-low ” and “deep ” embedding styles when representing one language within another. We show that the expressiveness of type theory, and the high degree of reflection that it permits, allow us to develop embedding techniques which lie between the “shallow ” and “deep ” extremes. We consider various possible embedding strategies and then choose one of them to explore more fully. As our object of study we choose a fragment of the Z specification language, which we encode in the type theory UTT, as implemented in the LEGO proof-checker. We use the encoding to study some of the operations on schemas provided by Z. One of our main concerns is whether it is possible to reason about Z specifications at the level of these operations. We prove some theorems about Z showing that, within certain constraints, this kind of reasoning is indeed possible. We then show how these metatheorems can be used to carry out formal reasoning about Z specifications. For this we make use of an example taken from the Z Reference Manual (ZRM). Finally, we exploit the fact that type theory provides a programming lan-guage as well as a logic to define a notion of implementation for Z specifications. We illustrate this by encoding some example programs taken from the ZRM. ii Declaration I declare that this thesis was composed by myself, and that the work con-tained in it is my own except where otherwise stated. Some of this work has been published previously [Mah94]. iii

Syntax Notation (ASN) standard. The specification standard [20] is called a `specification of basic specification of abstract syntax notation'. For the sake of efficiency, there is also a standard [21] for encoding an ASN specification. A similar set of independent standards for logics like the ones supported by the Isabelle theorem prover could be valuable in achieving interoperability between theorem provers, thus liberating parties from the need to specify specific tools as the basis for formal portions of their specifications. In a commercial context, greater interoperability might lead to more general-purpose tools. For instance, it might enable a buyer and seller to agree that a step in their dealings would be for the technical people of one side to deliver a formal set of requirements for a portion of the proposed system to the technical people of the other in a language like SFOL. In-house or offthe -shelf software might be available for analyzing such specifications. As anoth...