Citation Context

...ty features alone. The Tinkertype project [23] is a framework for modularly specifying formal languages. It was used to format the language variants used in Pierce’s “Types and Programming Languages” =-=[37]-=-, and to compose traditional pen-and-paper proofs. Both Boite [6] and Mulhern [29] consider how to extend existing inductive definitions and reuse related proofs in the Coq proof assistant. Both their...

Citation Context

...pose an approach based on interpreters. Of course, we are not the only ones to do so. A particularly prominent line of work based on interpreters is that of using monads to structure semantics. Moggi =-=[28]-=- pioneered monads to model computation effects and structure denotation semantics. Liang et al. [25] introduced monad transformers to compose multiple monads and build modular interpreters. Jaskelioff...

Citation Context

...omplete definitions. The lack of reuse in formalizations is somewhat surprising, because proof assistants such as Coq and Agda have powerful modularity constructs including modules [26], type classes =-=[17, 39, 43]-=- and expressive forms of dependent types [10, 34]. It is reasonable to wonder whether these language constructs can achieve better reuse. After all, there has been a lot of progress in addressing exte...

Citation Context

...r components. The problem of modeling binders has received a lot of attention before. Certain proof assistants and type theories address this problem with better support for names and abstract syntax =-=[36, 38]-=-. In general-purpose proof assistants like Coq, however, such support is not available. A popular approach, widely used in Coq formalizations, is to use mechanization-friendly first-order representati...

Citation Context

... prominent line of work based on interpreters is that of using monads to structure semantics. Moggi [28] pioneered monads to model computation effects and structure denotation semantics. Liang et al. =-=[25]-=- introduced monad transformers to compose multiple monads and build modular interpreters. Jaskelioff et al. [20] used an approach similar to DTC in combination with monads to provide modular implement...

Citation Context

...r components. The problem of modeling binders has received a lot of attention before. Certain proof assistants and type theories address this problem with better support for names and abstract syntax =-=[36, 38]-=-. In general-purpose proof assistants like Coq, however, such support is not available. A popular approach, widely used in Coq formalizations, is to use mechanization-friendly first-order representati...

Citation Context

...h as structural induction cannot be used since they require closed or complete definitions. However, because MTC relies on folds, the proof methods used in the initial algebra semantics of data types =-=[16, 27]-=- offered an initial handle on this problem. With some care and adaptations, universal properties and other derived principles work quite well with modular Church encodings. Not only do universal prope...

Citation Context

...induction) assume complete definitions. The lack of reuse in formalizations is somewhat surprising, because proof assistants such as Coq and Agda have powerful modularity constructs including modules =-=[26]-=-, type classes [17, 39, 43] and expressive forms of dependent types [10, 34]. It is reasonable to wonder whether these language constructs can achieve better reuse. After all, there has been a lot of ...

Citation Context

...ons is somewhat surprising, because proof assistants such as Coq and Agda have powerful modularity constructs including modules [26], type classes [17, 39, 43] and expressive forms of dependent types =-=[10, 34]-=-. It is reasonable to wonder whether these language constructs can achieve better reuse. After all, there has been a lot of progress in addressing extensibility [13, 30, 32, 40] issues in general-purp...

Citation Context

...s copying an existing formalization and adapting it manually to incorporate new features. An extreme case of this copy-&-adapt approach can be found in Leroy’s 3 person-year verified compiler project =-=[22]-=-: it consists of 8 intermediate languages in addition to the source and target languages, many of which are minor variations of each other. Due to the crosscutting impact of new features, the adaptati...

Citation Context

...s of properties for non-inductive semantic functions, and mediating type classes enable proof adaptation for more feature-rich languages. 1. Introduction With their POPLMARK challenge, Aydemir et al. =-=[14]-=- identified representation of binders, complex inductions, experimentation, and reuse of components as key challenges in mechanizing programming language meta-theory. While progress has been made, for...

Citation Context

... be possible too). Because such higher-order featuresrequire general recursion, they cannot be defined inductively using folds. To support these non-inductive features MTC uses a variation of mixins =-=[9]-=-. Mixins are closely related to Mendler-style folds, but they allow uses of general recursion, and can be modeled on top of Mendler-style Church encodings using a bounded fixpoint combinator. To illus...

Citation Context

...er, such support is not available. A popular approach, widely used in Coq formalizations, is to use mechanization-friendly first-order representations of binders such as the locally nameless approach =-=[1]-=-. This involves developing a number of straightforward, but tedious infrastructure lemmas and definitions for each new language. Such tedious infrastructure can be automatically generated [2] or reuse...

Citation Context

...an be modeled on top of Mendler-style Church encodings using a bounded fixpoint combinator. To illustrate MTC, we present a case study modularizing several orthogonal features of a variant of mini-ML =-=[8]-=-. The case study illustrates how various features and partial type soundness proofs can be modularly developed and verified and later composed to assemble complete languages and proofs. 1.1 Contributi...

Citation Context

...h as structural induction cannot be used since they require closed or complete definitions. However, because MTC relies on folds, the proof methods used in the initial algebra semantics of data types =-=[16, 27]-=- offered an initial handle on this problem. With some care and adaptations, universal properties and other derived principles work quite well with modular Church encodings. Not only do universal prope...

Citation Context

...r them. It is an open problem to do so without resorting to axioms. MTC solves this problem with a novel axiom-free approach based on adaptations of two important aspects of folds discussed by Hutton =-=[19]-=-. 3.1 The Problem of Church Encodings and Induction Coq’s own original approach [35] to inductive data types was based on Church encodings. It is well-known that Church encodings ofinductive data typ...

Citation Context

... challenging issue we are currently considering of is the pervasive impact of new sideeffecting features on existing definitions and proofs. We believe that existing work on modular monadic semantics =-=[20, 24, 25]-=- is a good starting point to overcome this hurdle. Acknowledgements We would like to especially thank William Cook for his help in structuring the presentation of this work. Further thanks to Don Bato...

Citation Context

...ssive forms of dependent types [10, 34]. It is reasonable to wonder whether these language constructs can achieve better reuse. After all, there has been a lot of progress in addressing extensibility =-=[13, 30, 32, 40]-=- issues in general-purpose languages using advanced type system features – although not a lot of attention has been paid to modular reasoning. This paper presents MTC, a framework for defining modular...

Citation Context

...omplete definitions. The lack of reuse in formalizations is somewhat surprising, because proof assistants such as Coq and Agda have powerful modularity constructs including modules [26], type classes =-=[17, 39, 43]-=- and expressive forms of dependent types [10, 34]. It is reasonable to wonder whether these language constructs can achieve better reuse. After all, there has been a lot of progress in addressing exte...

Citation Context

...ons is somewhat surprising, because proof assistants such as Coq and Agda have powerful modularity constructs including modules [26], type classes [17, 39, 43] and expressive forms of dependent types =-=[10, 34]-=-. It is reasonable to wonder whether these language constructs can achieve better reuse. After all, there has been a lot of progress in addressing extensibility [13, 30, 32, 40] issues in general-purp...

Citation Context

...TC [13, 40]. However type-level fixpoints, central to DTC, cannot be used in Coq because they require general recursion. To avoid general recursion, we use least-fixpoints encoded as Church encodings =-=[5, 35]-=-. Church encodings inspired other solutions to the expression problem before (especially in object-oriented languages) [30–32]. However those solutions do not use F-algebras: instead, they use an isom...

Citation Context

...n the Calculus of (Inductive) Constructions [34, 35]. Ubiquitous higher-order features such as binders and general recursion can also be implemented in MTC. Binders are modeled with a parametric HOAS =-=[7]-=- representation (a first-order representation would be possible too). Because such higher-order featuresrequire general recursion, they cannot be defined inductively using folds. To support these non...

Citation Context

...ve new languages. Transparency One long-standing criticism of mechanized metatheory has been that it interferes with adequacy, i.e. convincing users that the proven theorem is in fact the desired one =-=[39]-=-. Certainly the use of PHOAS can complicate the transparency of mechanized definitions. The soundnessX theorem, for example, uses a more complicated statement than the pen-and-paper version because PH...

Citation Context

...omplete definitions. The lack of reuse in formalizations is somewhat surprising, because proof assistants such as Coq and Agda have powerful modularity constructs including modules [26], type classes =-=[17, 39, 43]-=- and expressive forms of dependent types [10, 34]. It is reasonable to wonder whether these language constructs can achieve better reuse. After all, there has been a lot of progress in addressing exte...

Citation Context

... and logical relations. Mechanized Meta-Theory and Reuse Several ad-hoc tool-based approaches provide reuse, but none is based on a proof assistant’s modularity features alone. The Tinkertype project =-=[23]-=- is a framework for modularly specifying formal languages. It was used to format the language variants used in Pierce’s “Types and Programming Languages” [37], and to compose traditional pen-and-paper...

Citation Context

...for Coq’s termination checker, because the recursive call does not conform to Coq’s structural restrictions. 2.2 Recursion-Free Church Encodings MTC encodes data types and folds with Church encodings =-=[5, 35]-=-, which are recursion-free. Church encodings represent (least) fixpoints and folds as follows: type Fix f = ∀a.Algebra f a → a fold :: Algebra f a → Fix f → a fold alg fa = fa alg Both definitions are...

Citation Context

...ssive forms of dependent types [10, 34]. It is reasonable to wonder whether these language constructs can achieve better reuse. After all, there has been a lot of progress in addressing extensibility =-=[13, 30, 32, 40]-=- issues in general-purpose languages using advanced type system features – although not a lot of attention has been paid to modular reasoning. This paper presents MTC, a framework for defining modular...

Citation Context

...approach [1]. This involves developing a number of straightforward, but tedious infrastructure lemmas and definitions for each new language. Such tedious infrastructure can be automatically generated =-=[2]-=- or reused from data type-generic definitions [21]. However this typically requires additional tool support. A higher-order representation like PHOAS [7] avoids most infrastructure definitions. While ...

Citation Context

...of dependencies of a toplevel proof algebra forms a proof interface that must be satisfied by any language which uses that algebra. Such proof interfaces introduce the problem of feature interactions =-=[4]-=-, well-known from modular component-based frameworks. In essence, a feature interaction is functionality (e.g., a function or 4 Also available at http://www.cs.utexas.edu/~bendy/MTCe ::= N | e + e Ar...

Citation Context

...ssive forms of dependent types [10, 34]. It is reasonable to wonder whether these language constructs can achieve better reuse. After all, there has been a lot of progress in addressing extensibility =-=[13, 30, 32, 40]-=- issues in general-purpose languages using advanced type system features – although not a lot of attention has been paid to modular reasoning. This paper presents MTC, a framework for defining modular...

Citation Context

...ve to consider modular reasoning. Monads introduce important challenges in terms of modular reasoning. Only very recently some modular proof techniques for reasoning about monads have been introduced =-=[15, 33]-=-. While this is a good step forward, it remains to be seen whether these techniques are sufficient to reason about suitably generalized modular statements like soundness.The above approaches mainly i...

Citation Context

...ve to consider modular reasoning. Monads introduce important challenges in terms of modular reasoning. Only very recently some modular proof techniques for reasoning about monads have been introduced =-=[15, 33]-=-. While this is a good step forward, it remains to be seen whether these techniques are sufficient to reason about suitably generalized modular statements like soundness.The above approaches mainly i...

Citation Context

...o the expression problem before (especially in object-oriented languages) [30–32]. However those solutions do not use F-algebras: instead, they use an isomorphic representation called object algebras =-=[31]-=-. Object algebras are a better fit for languages where records are the main structuring construct (such as OO languages). Our solution differs from previous approaches in the use of Mendler-style Falg...

Citation Context

...ssive forms of dependent types [10, 34]. It is reasonable to wonder whether these language constructs can achieve better reuse. After all, there has been a lot of progress in addressing extensibility =-=[13, 30, 32, 40]-=- issues in general-purpose languages using advanced type system features – although not a lot of attention has been paid to modular reasoning. This paper presents MTC, a framework for defining modular...

Citation Context

...ly on the executable artifact, rather than on an intermediate formulation based on logical relations. The only similar work in this direction, developed concurrently to our own, is that of Danielsson =-=[11]-=-. He uses the partiality monad, which fairly similar to our bounded fixpoint, to formalize semantic interpreters in Agda. He argues that this style is more easily understood and more obviously determi...

Citation Context

... independently or easily reused with new specifications. In contrast, our approach is fully implemented within Coq and allows for independent development and verification of features. Delaware et al. =-=[12]-=- applied product-line techniques for modularizing mechanized meta-theory proofs. As a case study, they built type safety proofs for a family of extensions to Featherweight Java from a common base of f...

Citation Context

...d Coq setting. Another difference between DTC and MTC is the use of Mendler-style folds and algebras instead of conventional folds to express modular definitions. The advantage of Mendler-style folds =-=[41]-=- and algebras is that they offer explicit control over the evaluation order, which is important when modeling semantics of programming languages. MTC employs similar techniques to solve extensibility ...

Citation Context

...Programming Languages]: Formal Definitions and Theory—Semantics Keywords Modular Mechanized Meta-Theory, Extensible Church Encodings, Coq 1. Introduction With their POPLMARK challenge, Aydemir et al. =-=[3]-=- identified representation of binders, complex inductions, experimentation, and reuse of components as key challenges in mechanizing programming language meta-theory. While progress has been made, for...

Citation Context

...modularly specifying formal languages. It was used to format the language variants used in Pierce’s “Types and Programming Languages” [37], and to compose traditional pen-and-paper proofs. Both Boite =-=[6]-=- and Mulhern [29] consider how to extend existing inductive definitions and reuse related proofs in the Coq proof assistant. Both their techniques rely on external tools that are no longer available a...

Citation Context

...ed monads to model computation effects and structure denotation semantics. Liang et al. [25] introduced monad transformers to compose multiple monads and build modular interpreters. Jaskelioff et al. =-=[20]-=- used an approach similar to DTC in combination with monads to provide modular implementation of mathematical operational semantics. Our work could benefit of monads to model more complex language fea...

Citation Context

...ying formal languages. It was used to format the language variants used in Pierce’s “Types and Programming Languages” [37], and to compose traditional pen-and-paper proofs. Both Boite [6] and Mulhern =-=[29]-=- consider how to extend existing inductive definitions and reuse related proofs in the Coq proof assistant. Both their techniques rely on external tools that are no longer available and write extensio...

Citation Context

...nitions are closed to extension: the proofs and definitions of a language cannot simply be imported and extended with new constructs. This is a manifestation of the well-known Expression Problem (EP) =-=[42]-=-. 2. Modular reasoning: Reasoning with modular definitions requires reasoning about partial definitions and composing partial proofs to obtain a complete proof. However, most reasoning techniques (suc...

Citation Context

...dularly specifying formal languages. It was used to format the language variants used in Pierce’s “Types and Programming Languages” [37], and to compose traditional pen-and-paper proofs. The Ott tool =-=[41]-=- allows users to write definitions and theorem statements in an ASCII format designed to mirror pen-andpaper formalizations. These are then automatically translated to definitions in either LATEX or a...

Citation Context

...misleading for someone trying to implement the semantics. Furthermore, this approach can be quite brittle: in more complex object languages using folds and laziness can lead to subtle semantic issues =-=[3]-=-. 2.4 Mendler-style Church Encodings To express semantics in a way that allows explicit control over evaluation and does not rely on the evaluation semantics of the meta-language, MTC adapts Church en...

Citation Context

...aditional algebra. As the only concern is the behavior of proof algebras (which are traditional algebras) folded over Church encodings, this is a sufficient characterization of well-formedness. Hinze =-=[18]-=- uses the same characterization for deriving Church numerals. Fortunately, the left-to-right implication follows trivially from the definitions of fold ′ M and inf , independent of the particular term...

Citation Context

...f straightforward, but tedious infrastructure lemmas and definitions for each new language. Such tedious infrastructure can be automatically generated [2] or reused from data type-generic definitions =-=[21]-=-. However this typically requires additional tool support. A higher-order representation like PHOAS [7] avoids most infrastructure definitions. While we have developed PHOAS-based binders in MTC, firs...

Citation Context

...se features was entirely manual, as opposed to the automated composition developed here. Concurrently with our development of MTC, Schwaab et al. have been working on modularizing meta-theory in Agda =-=[40]-=-. While MTC uses Church encodings to encode extensible datatypes, their approach achieves extensibility by using universes which can be lifted to the type level. Encodings and their associated proofs ...