## A Type-Theoretic Analysis of Modular Specifications (1996)

Citations: | 2 - 1 self |

### BibTeX

@TECHREPORT{Maharaj96atype-theoretic,

author = {Savitri Maharaj and Savitri Maharaj},

title = {A Type-Theoretic Analysis of Modular Specifications},

institution = {},

year = {1996}

}

### OpenURL

### Abstract

We study the problem of representing a modular specification language in a type-theory based theorem prover. Our goals are: to provide mechanical support for reasoning about specifications and about the specification language itself; to clarify the semantics of the specification language by formalising them fully; to augment the specification language with a programming language in a setting where they are both part of the same formal environment, allowing us to define a formal implementation relationship between the two. Previous work on similar issues has given rise to a dichotomy between “shal-low ” and “deep ” embedding styles when representing one language within another. We show that the expressiveness of type theory, and the high degree of reflection that it permits, allow us to develop embedding techniques which lie between the “shallow ” and “deep ” extremes. We consider various possible embedding strategies and then choose one of them to explore more fully. As our object of study we choose a fragment of the Z specification language, which we encode in the type theory UTT, as implemented in the LEGO proof-checker. We use the encoding to study some of the operations on schemas provided by Z. One of our main concerns is whether it is possible to reason about Z specifications at the level of these operations. We prove some theorems about Z showing that, within certain constraints, this kind of reasoning is indeed possible. We then show how these metatheorems can be used to carry out formal reasoning about Z specifications. For this we make use of an example taken from the Z Reference Manual (ZRM). Finally, we exploit the fact that type theory provides a programming lan-guage as well as a logic to define a notion of implementation for Z specifications. We illustrate this by encoding some example programs taken from the ZRM. ii Declaration I declare that this thesis was composed by myself, and that the work con-tained in it is my own except where otherwise stated. Some of this work has been published previously [Mah94]. iii

### Citations

485 |
The calculus of constructions
- Coquand, Huet
- 1988
(Show Context)
Citation Context ...this section we shall briefly describe UTT and LEGO; the cited references should be consulted for complete information. 1.3.1 UTT The type theory UTT is an extension of the Calculus of Constructions (=-=[CH88]-=-) with dependent sum types and a predicative hierarchy of type universes and inductive types. Our understanding of UTT is based on an interpretation suggested by Luo, in which the type theory is thoug... |

453 |
The formulae-as-type notion of construction
- Howard
- 1980
(Show Context)
Citation Context ... of two layers. The first of these is a single type universe, named Prop. Types which lie in the universe Prop are interpreted as propositions, using the “propositions as types” paradigm described in =-=[How80]-=-. It is possible to encode an intuitionistic, higher-order logic within the universe Prop. The encoding that is used in the LEGO system is described in Appendix D.sChapter 1. Introduction 8 The second... |

205 |
Hol:a proof generating system for higher-order logic
- Gordon
- 1988
(Show Context)
Citation Context ...ding axiomatisations we avoid the possibility of introducing logical contradiction. Mike Gordon et al have considered the problem of embedding hardware description languages in the HOL theorem prover =-=[Gor88]-=- and have coined the terms “shallow” and “deep” [BG+92] to describe two opposing styles of representation. We shall consider how these terms may be interpreted with respect to type theory. We shall se... |

119 |
The type theoretic interpretation of constructive set theory, Logic colloquium ’77
- Aczel
- 1978
(Show Context)
Citation Context ...tance the encodings presented in the Lego library [JM94] and in previous work on embedding Z in LEGO [Mah90]. Also of interest is Aczel’s encoding of constructive set theory in Martin-Lof type theory =-=[1]-=-. As we have already explained, we are going to use an encoding of finite sets represented via lists. An advantage of using finite sets is we can define decidable membership and equality relations (pr... |

109 | Computation and reasoning: a type theory for computer science - Luo - 1994 |

87 | mural: A Formal Development Support System - Jones, Jones, et al. - 1991 |

86 | An Extended Calculus of Constructions - Luo - 1990 |

83 | Using typed lambda calculus to implement formal systems on a machine - Avron, Honsell, et al. - 1992 |

53 | A Typed Operational Semantics for Type Theory - Goguen - 1994 |

52 | et al., “The Coq Proof Assistant User’s Guide Version 5.6 - Dowek - 1991 |

41 | Event-B language - Metayer, Abrial, et al. - 2005 |

39 |
An informal introduction to specifications using Clear
- Burstall, Goguen
- 1981
(Show Context)
Citation Context ...pecification languages are based on a different approach in which a specification is viewed as a collection of axioms describing the behaviour of a set of operations. The specification language CLEAR =-=[BG81]-=- extends this approach by providing a number of specification-building operations which allow the modular construction of specifications. Harper, Sannella and Tarlecki [HST89] have looked at using the... |

37 |
proof development system: user's manual
- LEGO
- 1992
(Show Context)
Citation Context ...ed by means of inductive type definitions. We shall say more about this in Section 1.3.4. 1.3.2 LEGO LEGO [Pol95] is a proof development system implemented by Randy Pollack. The LEGO Reference Manual =-=[LP92]-=- is the main documentation for users of this system. Figures 1–1, 1–2 and 1–3 show the notation which we use in this thesis for representing LEGO terms. Figure 1–1 gives the notation used for those LE... |

28 | Program specification and data refinement in type theory
- Luo
- 1993
(Show Context)
Citation Context ...cursor to UTT) using constructs called “deliverables” [BM91,McK92]. Zhaohui Luo has looked at methods for expressing structured specifications in ECC using the -type as the basic specification module =-=[Luo91]-=-. The Coq project [Coq95] centres upon the Coq proof assistant [DFH+93] which implements a constructive type theory very similar to UTT. One of the main applications to which this is being applied is ... |

19 | Andrzej Tarlecki. The definition of Extended ML: A gentle introduction - Kahrs, Sannella - 1997 |

17 | Deliverables: an approach to program development in the calculus of constructions - Burstall, McKinna - 1990 |

14 | Understanding the differences between VDM and Z
- Hayes, Jones, et al.
- 1993
(Show Context)
Citation Context ...el-oriented (a specification is viewed as a description of an abstract machine). However, the structuring mechanisms of the two notations are very dissimilar. VDM and Z are compared entertainingly in =-=[HJN93]-=-. The Mural system [JJ+91] provides a support system for VDM. Algebraic specification languages are based on a different approach in which a specification is viewed as a collection of axioms describin... |

14 | A unifying theory of dependent types: the schematic approach - Luo - 1992 |

13 | An overview of larch - Garland, Guttag, et al. - 1993 |

13 | Data refinement in a categorical setting - Hoare, He - 1990 |

11 | The RAISE Specification language. A tutorial - George - 1991 |

10 |
Proof rules for Balzac
- Harwood
- 1991
(Show Context)
Citation Context ...on [BG94]; the work of Martin [Mar93] who has encoded W, a logic for Z, in the metalogical framework 2OBJ; the Z/EVES project [Saa91] which uses a theorem prover for ZF set theory; the Balzac project =-=[Har91]-=- at Imperial Software Technology. The Vienna Development Method[Jon86] incorporates a specification language which is similar to Z in that it is model-oriented (a specification is viewed as a descript... |

5 |
A Logic covering undefinedness
- Barringer, Cheng, et al.
- 1984
(Show Context)
Citation Context ...sted in the previous chapter as a means of handling failed lookups.) This is reminiscent of suggestions for adopting a 3-valued logic for dealing with undefined terms in specification languages (e.g.,=-=[BCJ84]-=-). For the reasons mentioned in Section 3.5.6 we shall not pursue this approach, but we believe it warrants further study. The method we have adopted for dealing with partial functions is very simple,... |

5 |
Andrzej Tarlecki. Structure and representation in LF
- Harper, Sannella
- 1989
(Show Context)
Citation Context ...cification language CLEAR [BG81] extends this approach by providing a number of specification-building operations which allow the modular construction of specifications. Harper, Sannella and Tarlecki =-=[HST89]-=- have looked at using the Logical Framework to provide a support system for specification languages similar to CLEAR. A different means of achieving modularity is explored in Extended ML [San89,ST89,K... |

5 | Studying the ML module system in HOL - Maharaj, Gunter - 1994 |

4 | Programming as a mathematical exercise. In - Abrial - 1985 |

4 | et al. Experience with embedding hardware description languages in HOL - Boulton, Gordon - 1992 |

4 | The metatheory of UTT - Goguen |

4 | Formal development of functional programs in type theory --- a case study - Hofmann - 1992 |

3 | et al. A Tutorial Introduction to - Crow, Owre, et al. - 1995 |

3 | Methods and Tools for the Verification of Critical Properties - Jones - 1992 |

2 |
Implementing Z
- Maharaj
- 1990
(Show Context)
Citation Context ... the type of finite sets over some other type, or the product of two types. (We restrict ourselves to finite sets in order to avoid difficulties in dealing with set-theoretic functions in type theory =-=[Mah90]-=-.) We also add two primitive types N and B . A related restriction involves the grammar of predicates (PRED). Whereas in Z the existential and universal quantifiers are allowed to quantify over SCHEMA... |

1 | The Mathematical Construction of a Program and its Application to the Construction of Mathematics - Abrial - 1984 |

1 |
Inductive Types and Strong Normalization
- Construction
- 1993
(Show Context)
Citation Context .... It is easy to be convinced of its adequacy. However, this embedding is relatively difficult to use. Examples of this embedding style An example is Altenkirch’s encoding of Girard’s System F in LEGO =-=[Alt93]-=-, which he uses to formalise a proof of strong normalisation for System F. Another example is an embedding in HOL of the dynamic semantics of the programming language Standard ML (SML) [VG94,MG94]. (D... |

1 |
et al. NuPrl as a General Logic
- Constable
(Show Context)
Citation Context ...would now require us to explicitly define the handling of substitution. With embedding style 3, the theorem prover automatically handles substitution. (A similar point is raised by Constable and Howe =-=[CH89]-=- with reference to the logic of the proof-checker NuPrl [Con86].). 2.2.4 An embedding example: value-passing CCS in LEGO This embedding illustrates a point that was briefly mentioned in the previous s... |

1 | Furio Honsell and Gordon Plotkin. A Framework for Defining Logics - Harper - 1987 |

1 |
The LEGO library. Available electronically at http://www.dcs.ed.ac.uk/packages/lego
- Jones, Maharaj
(Show Context)
Citation Context ...efore develop representations of all of these things within UTT. There are several ways in which set theory can be encoded in type theory. See for instance the encodings presented in the Lego library =-=[JM94]-=- and in previous work on embedding Z in LEGO [Mah90]. Also of interest is Aczel’s encoding of constructive set theory in Martin-Lof type theory [1]. As we have already explained, we are going to use a... |

1 |
Encoding Z-style schemas in UTT
- Maharaj
- 1994
(Show Context)
Citation Context ...m the ZRM. iisDeclaration I declare that this thesis was composed by myself, and that the work contained in it is my own except where otherwise stated. Some of this work has been published previously =-=[Mah94]-=-. iii Savitri MaharajsAcknowledgements First of all, I would like to thank my supervisor, Stuart Anderson, for his invaluable encouragement during this work. I would also like to thank Rod Burstall, w... |