Results 1  10
of
21
The Theory of LEGO  A Proof Checker for the Extended Calculus of Constructions
, 1994
"... LEGO is a computer program for interactive typechecking in the Extended Calculus of Constructions and two of its subsystems. LEGO also supports the extension of these three systems with inductive types. These type systems can be viewed as logics, and as meta languages for expressing logics, and LEGO ..."
Abstract

Cited by 68 (10 self)
 Add to MetaCart
LEGO is a computer program for interactive typechecking in the Extended Calculus of Constructions and two of its subsystems. LEGO also supports the extension of these three systems with inductive types. These type systems can be viewed as logics, and as meta languages for expressing logics, and LEGO is intended to be used for interactively constructing proofs in mathematical theories presented in these logics. I have developed LEGO over six years, starting from an implementation of the Calculus of Constructions by G erard Huet. LEGO has been used for problems at the limits of our abilities to do formal mathematics. In this thesis I explain some aspects of the metatheory of LEGO's type systems leading to a machinechecked proof that typechecking is decidable for all three type theories supported by LEGO, and to a verified algorithm for deciding their typing judgements, assuming only that they are normalizing. In order to do this, the theory of Pure Type Systems (PTS) is extended and f...
Some lambda calculus and type theory formalized
 Journal of Automated Reasoning
, 1999
"... Abstract. We survey a substantial body of knowledge about lambda calculus and Pure Type Systems, formally developed in a constructive type theory using the LEGO proof system. On lambda calculus, we work up to an abstract, simplified, proof of standardization for beta reduction, that does not mention ..."
Abstract

Cited by 53 (7 self)
 Add to MetaCart
Abstract. We survey a substantial body of knowledge about lambda calculus and Pure Type Systems, formally developed in a constructive type theory using the LEGO proof system. On lambda calculus, we work up to an abstract, simplified, proof of standardization for beta reduction, that does not mention redex positions or residuals. Then we outline the meta theory of Pure Type Systems, leading to the strengthening lemma. One novelty is our use of named variables for the formalization. Along the way we point out what we feel has been learned about general issues of formalizing mathematics, emphasizing the search for formal definitions that are convenient for formal proof and convincingly represent the intended informal concepts.
The Implementation of ALF  a Proof Editor based on MartinLöf's Monomorphic Type Theory with Explicit Substitution
, 1995
"... This thesis describes the implementation of ALF, which is an interactive proof editor based on MartinLöf's type theory with explicit substitutions. ALF is a general purpose proof assistant, in which different logics can be represented. Proof objects are manipulated directly, by the usual editing op ..."
Abstract

Cited by 43 (0 self)
 Add to MetaCart
This thesis describes the implementation of ALF, which is an interactive proof editor based on MartinLöf's type theory with explicit substitutions. ALF is a general purpose proof assistant, in which different logics can be represented. Proof objects are manipulated directly, by the usual editing operations. A partial proof is represented as an incomplete proof object, i.e., a proof object containing placeholders. A modular type/proof checking algorithm for complete proof objects is presented, and it is proved sound and complete assuming some basic meta theory properties of the substitution calculus. The algorithm is extended to handle incomplete objects in such a way that the type checking problem is reduced to a unication problem, i.e., the problem of finding instantiations to the placeholders in the object. Placeholders are represented together with their expected type and local context. We show that checking the correctness of instantiations can be localised, which means that it is e...
Maude as a Formal MetaTool
 FM’99 — Formal Methods, World Congress on Formal Methods in the Development of Computing Systems
, 1999
"... Given the different perspectives from which a complex software system has to be analyzed, the multiplicity of formalisms is unavoidable. This poses two important technical challenges: how to rigorously meet the need to interrelate formalisms, and how to reduce the duplication of effort in tool a ..."
Abstract

Cited by 34 (13 self)
 Add to MetaCart
Given the different perspectives from which a complex software system has to be analyzed, the multiplicity of formalisms is unavoidable. This poses two important technical challenges: how to rigorously meet the need to interrelate formalisms, and how to reduce the duplication of effort in tool and specification building across formalisms. These challenges could be answered by adequate formal metatools that, when given the specification of a formal inference system, generate an efficient inference engine, and when given a specification of two formalisms and a translation, generate an actual translator between them. Similarly, module composition operations that are logicindependent, but that at present require costly implementation efforts for each formalism, could be provided for logics in general by module algebra generator metatools. The foundations of metatools of this kind can be based on a metatheory of general logics. Their actual design and implementation can be based on appropriate logical frameworks having efficient implementations. This paper explains how the reflective logical framework of rewriting logic can be used, in conjunction with an efficient reflective implementation such as the Maude language, to design formal metatools such as those described above. The feasibility of these ideas and techniques has been demonstrated by a number of substantial experiments in which new formal tools and new translations between formalisms, efficient enough to be used in practice, have been generated. 1
A proof of strong normalisation using domain theory
 In LICS’06
, 2006
"... U. Berger, [11] significantly simplified Tait’s normalisation proof for bar recursion [27], see also [9], replacing Tait’s introduction of infinite terms by the construction of a domain having the property that a term is strongly normalizing if its semantics is. The goal of this paper is to show tha ..."
Abstract

Cited by 13 (1 self)
 Add to MetaCart
U. Berger, [11] significantly simplified Tait’s normalisation proof for bar recursion [27], see also [9], replacing Tait’s introduction of infinite terms by the construction of a domain having the property that a term is strongly normalizing if its semantics is. The goal of this paper is to show that, using ideas from the theory of intersection types [2, 6, 7, 21] and MartinLöf’s domain interpretation of type theory [18], we can in turn simplify U. Berger’s argument in the construction of such a domain model. We think that our domain model can be used to give modular proofs of strong normalization for various type theory. As an example, we show in some details how it can be used to prove strong normalization for MartinLöf dependent type theory extended with bar recursion, and with some form of proofirrelevance. 1
Verifying a Semantic βηConversion Test for MartinLöf Type Theory
, 2008
"... Typechecking algorithms for dependent type theories often rely on the interpretation of terms in some semantic domain of values when checking equalities. Here we analyze a version of Coquand’s algorithm for checking the βηequality of such semantic values in a theory with a predicative universe hi ..."
Abstract

Cited by 12 (9 self)
 Add to MetaCart
Typechecking algorithms for dependent type theories often rely on the interpretation of terms in some semantic domain of values when checking equalities. Here we analyze a version of Coquand’s algorithm for checking the βηequality of such semantic values in a theory with a predicative universe hierarchy and large elimination rules. Although this algorithm does not rely on normalization by evaluation explicitly, we show that similar ideas can be employed for its verification. In particular, our proof uses the new notions of contextual reification and strong semantic equality. The algorithm is part of a bidirectional type checking algorithm which checks whether a normal term has a certain semantic type, a technique notion of semantic domain in order to accommodate a variety of possible implementation techniques, such as normal forms, weak head normal forms, closures, and compiled code. Our aim is to get closer than previous work to verifying the typechecking algorithms which are actually used in practice.
LNgen: Tool Support for Locally Nameless Representations
"... Given the complexity of the metatheoretic reasoning involved with current programming languages and their type systems, techniques for mechanical formalization and checking of the metatheory have received much recent attention. In previous work, we advocated a combination of locally nameless represe ..."
Abstract

Cited by 12 (4 self)
 Add to MetaCart
Given the complexity of the metatheoretic reasoning involved with current programming languages and their type systems, techniques for mechanical formalization and checking of the metatheory have received much recent attention. In previous work, we advocated a combination of locally nameless representation and cofinite quantification as a lightweight style for carrying out such formalizations in the Coq proof assistant. As part of the presentation of that methodology, we described a number of operations associated with variable binding and listed a number of properties, called “infrastructure lemmas, ” about those operations that needed to be shown. The proofs of these infrastructure lemmas are generally straightforward, given a specification of the binding structure of the language. In this work, we present LNgen, a prototype tool for automatically generating these definitions, lemmas, and proofs from Ottlike language specifications. Furthermore, the tool also generates a recursion scheme for defining functions over syntax, which was not available in our previous work. We also show the soundness and completeness of our tool’s output. For untyped lambda terms, we prove the adequacy of our representation with respect to a fully concrete representation, and we argue that the representation is complete—that we generate the right set of lemmas—with respect to Gordon and Melham’s “Five Axioms of AlphaConversion. ” Finally, we claim that our recursion scheme is simpler to work with than either Gordon and Melham’s recursion scheme or the recursion scheme of Nominal Logic. 1.
Pure Type Systems in Rewriting Logic
 In Proc. of LFM’99: Workshop on Logical Frameworks and MetaLanguages
, 1999
"... . The logical and operational aspects of rewriting logic as a logical framework are illustrated in detail by representing pure type systems as object logics. More precisely, we apply membership equational logic, the equational sublogic of rewriting logic, to specify pure type systems as they can be ..."
Abstract

Cited by 10 (2 self)
 Add to MetaCart
. The logical and operational aspects of rewriting logic as a logical framework are illustrated in detail by representing pure type systems as object logics. More precisely, we apply membership equational logic, the equational sublogic of rewriting logic, to specify pure type systems as they can be found in the literature and also a new variant of pure type systems with explicit names that solves the problems with closure under conversion in a very satisfactory way. Furthermore, we use rewriting logic itself to give a formal operational description of type checking, that directly serves as an ecient type checking algorithm. The work reported here is part of a more ambitious project concerned with the development in Maude [7] of a proof assistant for OCC, the open calculus of constructions, an equational extension of the calculus of constructions. 1 Introduction This paper is a detailed case study on the ease and naturalness with which a family of higherorder formal systems, namely...
Functional pearl: I am not a number–I am a free variable
 In Proc. Haskell workshop
"... In this paper, we show how to manipulate syntax with binding using a mixed representation of names for free variables (with respect to the task in hand) and de Bruijn indices [5] for bound variables. By doing so, we retain the advantages of both representations: naming supports easy, arithmeticfree ..."
Abstract

Cited by 9 (2 self)
 Add to MetaCart
In this paper, we show how to manipulate syntax with binding using a mixed representation of names for free variables (with respect to the task in hand) and de Bruijn indices [5] for bound variables. By doing so, we retain the advantages of both representations: naming supports easy, arithmeticfree manipulation of terms; de Bruijn indices eliminate the need for αconversion. Further, we have ensured that not only the user but also the implementation need never deal with de Bruijn indices, except within key basic operations. Moreover, we give a hierarchical representation for names which naturally reflects the structure of the operations we implement. Name choice is safe and straightforward. Our technology combines easily with an approach to syntax manipulation inspired by Huet’s ‘zippers’[10]. Without the ideas in this paper, we would have struggled to implement EPIGRAM [19]. Our example—constructing inductive elimination operators for datatype families—is but one of many where it proves invaluable.
A modular typechecking algorithm for type theory with singleton types and proof irrelevance
 IN TLCA’09, VOLUME 5608 OF LNCS
, 2009
"... ..."