e present new sound and complete axiomatizations of type equality and subtype inequality for a first-order type language with regular recursive types. The rules are motivated by coinductive characterizations of type containment and type equality via simulation and bisimulation, respectively. The main novelty of the axiomatization is the fixpoint rule (or coinduction principle), which has the form A; P ` P A ` P (Fix) where P is either a type equality = 0 or type containment 0 and the proof of the premise must be contractive in a formal sense. In particular, a proof of A; P ` P using the assumption axiom is not contractive. The fixpoint rule embodies a finitary coinduction principle and thus allows us to capture a coinductive relation in the fundamentally inductive framework of inference systems. The new axiomatizations are more concise than previous axiomatizations, particularly so for type containment since no separate axiomatization of type equality is required, as in A...

This article The purpose of this paper is to introduce b, a simply typed -calculus that supports type-based recursive definitions. Although heavily inspired from previous work by Giménez (Giménez 1998) and closely related to recent work by Amadio and Coupet (Amadio and Coupet-Grimal 1998), the technical machinery behind our system puts a slightly different emphasis on the interpretation of types. More precisely, we formalize the notion of type-based termination using a restricted form of type dependency (a.k.a. indexed types), as popularized by (Xi and Pfenning 1998; Xi and Pfenning 1999). This leads to a simple and intuitive system which is robust under several extensions, such as mutually inductive datatypes and mutually recursive function definitions; however, such extensions are not treated in the paper

We introduce an extension of the Calculus of Construction with inductive and co-inductive types that preserves strong normalisation for a lazy computation relation. This extension considerably enlarges the expressiveness of the language, enabling a direct translation of recursive programs, while keeping a relatively simple collection of typing rules. 1 Introduction The last twenty five years have seen an increasing development of different proof environments based on type theory. Several type theories have been proposed as a foundation of such proof environments [15, 6, 16], trying to find an accurate compromise between two criteria. On the one hand, we search for extensions of type theory that preserve its conceptual simplicity of type theory (a few primitive constructions, a small number of typing rules) and meta-theoretical properties ensuring its soundness and a direct mechanisation (strong normalisation, decidability of type-checking, etc). On the other hand, we would like to pro...

The paradigm of type-based termination is explored for functional programming with recursive data types. The article introduces , a lambda-calculus with recursion, inductive types, subtyping and bounded quanti cation. Decorated type variables representing approximations of inductive types are used to track the size of function arguments and return values. The system is shown to be type safe and strongly normalizing. The main novelty is a bidirectional type checking algorithm whose soundness is established formally.

artment of Computer Science, University of Edinburgh, Edinburgh. E-mail: mhe@dcs.ed.ac.uk tions (2) and (1) normalize the integral with respect to the subintegral function and the interval of integration. 1 Reapplying equation (3) yields the Taylor (Maclaurin) expansion f = f(0) :: f 0 = f(0) :: f 0 (0) :: f 00 . . . = f(0) :: f 0 (0) :: \Delta \Delta \Delta :: f (n) (0) :: \Delta \Delta \Delta Unfolding the above definition of ::, which amounts to iterated integration, one finally gets f(x) = f(0) + f 0 (0)x + \Delta \Delta \Delta + f (n) (0)x n<F2

Our objective is to describe a formal proof of correctness for the following Haskell [13] program in a type theory-based proof verification system, such as the Coq system [10, 1]. sieve (p:rest) = p:sieve [r | r <- rest, r ‘rem ‘ p / = 0] primes = sieve [2..] This program is a functional implementation of Eratosthenes ’ sieve that consists in removing all multiples of previously found primes from the sequence of natural numbers. We want to prove that the expression primes is the stream containing all the prime numbers in increasing order. This work relies on co-inductive types [5, 11, 12] because the program manipulates infinite lists, also known as streams. It first uses the infinite list of natural numbers larger than 2, then the infinite list of numbers larger than 3 and containing no multiples of 2, then the infinite list of numbers larger than 4 and containing no multiples of prime numbers smaller than 4, and so on. This example was initially proposed as a challenge by G. Kahn and used as an illustration of a program and its proof of correctness in a

. It is our aim to develop an elementary strong functional programming (ESFP) system. To be useful, ESFP should include structures such as streams which can be computationally unwound infinitely often. We describe a syntactic analysis to ensure that infinitely proceeding structures, which we shall term codata, are productive. This analysis is an extension of the check for guardedness that has been used with definitions over coinductive types in Martin-Lof's type theory and in the calculus of constructions. Our analysis is presented as a form of abstract interpretation that allows a wider syntactic class of corecursive definitions to be recognised as productive than in previous work. Thus programmers will have fewer restrictions on their use of infinite streams within a strongly normalizing functional language. 1 Introduction We aim to develop an Elementary Strong Functional Programming (ESFP) system. That is, we wish to exhibit a language that has the strong normalization (every progr...

We describe an experience concerning the implementation and use of co-inductive types in the proof editor Coq. Co-inductive types are recursive types which, opposite to inductive ones, may be inhabited by infinite objects. In order to illustrate their use in Coq, we describe an axiomatisation of a calculus of broadcasting systems where recursive processes are represented using infinite objects. This calculus is used for developing a verification proof of the alternating bit protocol. Keywords: Program Verification, Type Theory, Co-Inductive Types, Communicating Processes R'esum'e Dans cet article nous d'ecrivons une exp'erience concernant l'implantation et l'utilisation de types co-inductifs dans l'environnement de preuves Coq. Les types co-inductifs sont des types recursifs qui, `a la diff'erence des types inductifs, peuvent etre habit'es par des objets infinis. Pour illustrer leur utilisation dans Coq nous d'ecrivons comment axiomatiser un calcul de processus qui communiq...

m networks and the recent works of Thierry Coquand in type theory have been the most important sources of motivation for the ideas presented here. I wish to specially thank Roberto Amadio, who read the manuscript in a very short delay, providing many helpful comments and remarks. Many thanks also to Luc Boug'e, who accepted to be my oficial supervisor, and to the chair of the jury, Michel Cosnard, who opened to me the doors of the LIP. During these last three years in Lyon I met many wonderful people, who then become wonderful friends. Miguel, Nuria, Veronique, Patricia, Philippe, Pia, Rodrigo, Salvador, Sophie : : : with you I have shared the happiness and sadness of everyday life, those little things which make us to remember someone forever. I also would like to thank the people from "Tango de Soie", for all those funny nights at the Caf'e Moulin Joly. Thanks too to the Uruguayan research community in Computer Science (specially to Cristina Cornes and Alberto Pardo) w

We investigate the relation between the set-theoretical description of coinduction based on Tarski Fixpoint Theorem, and the categorical description of coinduction based on coalgebras. In particular, we examine set-theoretic generalizations of the coinduction proof principle, in the spirit of Milner's bisimulation "up-to", and we discuss categorical counterparts for these. Moreover, we investigate the connection between these and the equivalences induced by T -coiterative functions. These are morphisms into final coalgebras, satisfying the T -coiteration scheme, which is a generalization of both the coiteration and the corecursion scheme. We generalize Rutten's transformation from coalgebraic bisimulations to set-theoretic bisimulations, in order to cover also the case of bisimulations "up-to". A list of examples of set-theoretic coinductive specifications which appear not to be easily expressible in coalgebraic terms are discussed. Introduction Coinductive definitions and ...