## Engineering formal metatheory (2008)

### Cached

### Download Links

- [www.cis.upenn.edu]
- [homepages.inf.ed.ac.uk]
- [www.dcs.ed.ac.uk]
- [homepages.inf.ed.ac.uk]
- [www.chargueraud.org]
- [www.dcs.ed.ac.uk]
- [www.cis.upenn.edu]
- [www.cs.uwyo.edu]
- [www.cis.upenn.edu]
- [www.cs.uwyo.edu]
- [www.seas.upenn.edu]
- [www.cs.princeton.edu]
- [www.seas.upenn.edu]
- CiteULike
- DBLP

### Other Repositories/Bibliography

Venue: | In ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages |

Citations: | 87 - 10 self |

### BibTeX

@INPROCEEDINGS{Aydemir08engineeringformal,

author = {Brian Aydemir and Randy Pollack},

title = {Engineering formal metatheory},

booktitle = {In ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages},

year = {2008},

pages = {3--15},

publisher = {ACM}

}

### OpenURL

### Abstract

Machine-checked proofs of properties of programming languages have become a critical need, both for increased confidence in large and complex designs and as a foundation for technologies such as proof-carrying code. However, constructing these proofs remains a black art, involving many choices in the formulation of definitions and theorems that make a huge cumulative difference in the difficulty of carrying out large formal developments. The representation and manipulation of terms with variable binding is a key issue. We propose a novel style for formalizing metatheory, combining locally nameless representation of terms and cofinite quantification of free variable names in inductive definitions of relations on terms (typing, reduction,...). The key technical insight is that our use of cofinite quantification obviates the need for reasoning about equivariance (the fact that free names can be renamed in derivations); in particular, the structural induction principles of relations

### Citations

720 | A framework for defining logics
- Harper, Honsell, et al.
- 1993
(Show Context)
Citation Context ...ta-logic, rather than facing them anew for each object language. There is a bewildering variety of higher-order approaches, which we survey only superficially. In higher-order abstract syntax (HOAS) (=-=Harper et al. 1993-=-; Pfenning and Elliot 1988), the introduction form for lambdaabstractions has type (term->term)->term, i.e., the lambda constructor packages a function of type (term->term), which should be thought of... |

328 | System description: Twelf - a meta-logical framework for deductive systems
- Pfenning, Schürmann
- 1999
(Show Context)
Citation Context ...tation. The use of LF methodology for metatheory (as opposed to just representation) has been highly developed by Pfenning and his co-workers; the implementation of this approach is the Twelf system (=-=Pfenning and Schürmann 1999-=-), which is widely used and very successful for formalizing the metatheory of a wide variety of programming languages (Ashley-Rollman et al. 2005; Lee et al. 2007). The approach continues to be develo... |

313 | Higher-order abstract syntax - Pfenning, Elliott - 1988 |

244 | Formal certification of a compiler back-end, or: programming a compiler with a proof assistant
- Leroy
- 2006
(Show Context)
Citation Context ...stants for formalizing definitions of programming languages and checking proofs of their properties. However, despite several successful tours de force (Appel 2001; Crary 2003; Klein and Nipkow 2006; =-=Leroy 2006-=-; Lee et al. 2007, etc.), the community remains fragmented, with little synergy between groups and, for newcomers wanting to join the game, a perplexing array of choices between different logics, proo... |

242 | Foundational proof-carrying code
- Appel
- 2001
(Show Context)
Citation Context ...en burgeoning interest in the use of proof assistants for formalizing definitions of programming languages and checking proofs of their properties. However, despite several successful tours de force (=-=Appel 2001-=-; Crary 2003; Klein and Nipkow 2006; Leroy 2006; Lee et al. 2007, etc.), the community remains fragmented, with little synergy between groups and, for newcomers wanting to join the game, a perplexing ... |

231 | A new approach to abstract syntax with variable binding
- Gabbay, Pitts
- 2002
(Show Context)
Citation Context ...(Gordon 1994; McKinna and Pollack 1993, 1999; Urban et al. 2007b). The idea of reasoning about the freshness of names by considering all but those in some finite set is at the heart of nominal logic (=-=Gabbay and Pitts 2002-=-) and also appears in definitions of alpha-equivalence by Krivine (1990) and Ford and Mason (2001). Our contribution lies in the precise way that we combine and apply these ingredients. In particular,... |

199 | Self-interpretations in lambda calculus - Barendregt - 1991 |

160 | de Bruijn. Lambda calculus notation with nameless dummies, a tool for automatic formula manipulation, with application to the Church-Rosser theorem - G - 1972 |

156 |
The LEGO proof development system: A user’s manual
- Luo, Pollack
- 1992
(Show Context)
Citation Context ...as already mentioned in the conclusion of de Bruijn’s famous paper (1972). It had been used for implementation in Huet’s Constructive Engine (1989), and later in the implementations of the Coq, LEGO (=-=Luo and Pollack 1992-=-), HOL 4 (Norrish and Slind 2007), Isabelle, and EPIGRAM (McBride and McKinna 2004) proof assistants. In the context of formal proofs, Gordon (1994) appears to be the first to have used locally namele... |

111 | An algorithm for testing conversion in type theory - Coquand - 1991 |

108 | A machine-checked model for a Java-like language, virtual machine and compiler - Klein, Nipkow |

93 | Toward a foundational typed assembly language - Crary - 2003 |

80 | Towards a mechanized metatheory of Standard ML
- Lee, Crary, et al.
- 2007
(Show Context)
Citation Context ...ormalizing definitions of programming languages and checking proofs of their properties. However, despite several successful tours de force (Appel 2001; Crary 2003; Klein and Nipkow 2006; Leroy 2006; =-=Lee et al. 2007-=-, etc.), the community remains fragmented, with little synergy between groups and, for newcomers wanting to join the game, a perplexing array of choices between different logics, proof assistants, and... |

70 | Inductive families - Dybjer - 1994 |

70 | The Collected Papers of Gerhard Gentzen - Gentzen - 1969 |

57 | Some lambda calculus and type theory formalized - McKinna, Pollack - 1999 |

56 | Mechanizing metatheory in a logical framework - Harper, Licata |

46 | Pure Type Systems formalized
- McKinna, Pollack
- 1993
(Show Context)
Citation Context ...ely new. The locally nameless representation dates back to the introduction of de Bruijn indices. Several strengthened induction principles that avoid manual renaming have been proposed (Gordon 1994; =-=McKinna and Pollack 1993-=-, 1999; Urban et al. 2007b). The idea of reasoning about the freshness of names by considering all but those in some finite set is at the heart of nominal logic (Pitts 2003) and also appears in defini... |

41 | More Church-Rosser proofs (in Isabelle/HOL - Nipkow |

40 |
A formalization of the strong normalization proof for System F
- Altenkirch
- 1993
(Show Context)
Citation Context ...988) using the Boyer-Moore prover, by Huet (1994) in Coq, by Rasmussen (1995) in Isabelle/ZF, and by Nipkow (2001) in Isabelle/HOL—to harder results such as strong normalization for System F in LEGO (=-=Altenkirch 1993-=-) and formalizing Coq in Coq (Barras and Werner 1997). In de Bruijn representation, the treatment of bound variables incurs minor technical annoyances (lifting over binders, etc.), while the treatment... |

26 | The constructive engine - Huet - 1989 |

21 | André Hirschowitz. Higher-order abstract syntax in Coq - Despeyroux, Felty - 1995 |

20 | Residual theory in λ-calculus: A formal development - Huet - 2013 |

12 | Consistency of the theory of contexts - Bucalo, Hofmann, et al. - 2006 |

9 | Operational Techniques in PVS – A Preliminary Evaluation - Ford, Mason - 2001 |

9 |
Functional Pearl: I am not a Number: I am a Free Variable
- McBride, McKinna
- 2004
(Show Context)
Citation Context ...had been used for implementation in Huet’s Constructive Engine (1989), and later in the implementations of the Coq, LEGO (Luo and Pollack 1992), HOL 4 (Norrish and Slind 2007), Isabelle, and EPIGRAM (=-=McBride and McKinna 2004-=-) proof assistants. In the context of formal proofs, Gordon (1994) appears to be the first to have used locally nameless representation. Rather than reason directly with locally nameless terms, he bui... |

6 | The theory of contexts for first order and higher order abstract syntax - Honsell, Miculan, et al. - 2001 |

4 | Groote (editors), Typed lambda calculi and applications - Bezem, F - 1993 |

2 | Reasoning about languages with binding: Can we do it yet?, February 2006. Presentation, slides available from http:// homepages.inf.ed.ac.uk/rpollack - Pollack |

1 |
Submission to the POPLMARK challenge. Available from http://www.cis.upenn. edu/~plclub/mmm
- Ashley-Rollman, Crary, et al.
- 2005
(Show Context)
Citation Context ... implementation of this approach is the Twelf system (Pfenning and Schürmann 1999), which is widely used and very successful for formalizing the metatheory of a wide variety of programming languages (=-=Ashley-Rollman et al. 2005-=-; Lee et al. 2007). The approach continues to be developed foundationally as well as in practice (Harper and Licata 2007). A second main stream of work, weak higher-order encodings, gives a type such ... |

1 |
Coq in coq. Available from http: //pauillac.inria.fr/~barras/coq_work-eng.html
- Barras, Werner
- 1997
(Show Context)
Citation Context ...994) in Coq, by Rasmussen (1995) in Isabelle/ZF, and by Nipkow (2001) in Isabelle/HOL—to harder results such as strong normalization for System F in LEGO (Altenkirch 1993) and formalizing Coq in Coq (=-=Barras and Werner 1997-=-). In de Bruijn representation, the treatment of bound variables incurs minor technical annoyances (lifting over binders, etc.), while the treatment of free variables (e.g., variables bound by a typin... |

1 | Submission to the POPLMARK challenge, part 1a. Available from http://www.cs.berkeley.edu/~adamc/ poplmark - Chlipala - 2006 |

1 | Peter Homeier. A proof of the Church-Rosser theorem for the lambda calculus in higher order logic - Adbmal - 2003 |

1 |
HOL 4. Available from http://hol. sourceforge.net
- Norrish, Slind
- 2007
(Show Context)
Citation Context ...nclusion of de Bruijn’s famous paper (1972). It had been used for implementation in Huet’s Constructive Engine (1989), and later in the implementations of the Coq, LEGO (Luo and Pollack 1992), HOL 4 (=-=Norrish and Slind 2007-=-), Isabelle, and EPIGRAM (McBride and McKinna 2004) proof assistants. In the context of formal proofs, Gordon (1994) appears to be the first to have used locally nameless representation. Rather than r... |

1 |
Submission to the PoplMark challenge, parts 1 and 2. Available from http://www.cis.upenn.edu/ ∼ plclub/mmm
- Ashley-Rollman, Crary, et al.
- 2005
(Show Context)
Citation Context .... The implementation of this approach is the Twelf system (Pfenning and Schürmann 1999), which is widely used and very successful for formalizing the metatheory of a variety of programming languages (=-=Ashley-Rollman et al. 2005-=-; Lee et al. 2007). The approach continues to be developed foundationally as well as in practice (Harper and Licata 2007). A second main stream of work, weak higher-order encodings, gives a type such ... |