## A Comparison of Formalizations of the Meta-Theory of a Language with Variable Bindings in Isabelle (2001)

### Cached

### Download Links

Venue: | Supplemental Proceedings of the 14th International Conference on Theorem Proving in Higher Order Logics |

Citations: | 6 - 2 self |

### BibTeX

@TECHREPORT{Momigliano01acomparison,

author = {A. Momigliano and S. J. Ambler and R. L. Crole},

title = {A Comparison of Formalizations of the Meta-Theory of a Language with Variable Bindings in Isabelle},

institution = {Supplemental Proceedings of the 14th International Conference on Theorem Proving in Higher Order Logics},

year = {2001}

}

### OpenURL

### Abstract

Abstract. Theorem provers can be used to reason formally about programming languages and there are various general methods for the formalization of variable binding operators. Hence there are choices for the style of formalization of such languages, even within a single theorem prover. The choice of formalization can affect how easy or difficult it is to do automated reasoning. The aim of this paper is to compare and contrast three formalizations (termed de Bruijn, weak HOAS and full HOAS) of a typical functional programming language. Our contribution is a detailed report on our formalizations, a survey of related work, and a final comparative summary, in which we mention a novel approach to a hybrid de Bruijn/HOAS syntax. 1

### Citations

879 | A formulation of the simple theory of types - Church - 1940 |

716 | A framework for defining logics
- Harper, Honsell, et al.
- 1993
(Show Context)
Citation Context ... et al’s approach in the Calculus of Inductive Constructions. This too is in Isabelle/HOL. In Section 4 we restrict to the primitive Isabelle language to give a full HOAS encoding in the spirit of LF =-=[13]-=-. In Section 5 we review work related to ours. In Section 6 we summarize the results of our comparisons, and mention a novel approach to a hybrid de Bruijn/HOAS syntax. 2 The de Bruijn Method The use ... |

322 | System description: Twelf - a meta-logical framework for deductive systems
- Pfenning, Schürmann
- 1999
(Show Context)
Citation Context ...n 4 we restrict to the primitive Isabelle language to give a full HOAS encoding in the spirit of LF [14]; this has to be understood more as a simulation of what is achievable in systems such as Twelf =-=[30]-=-, rather than as a full- edge proposal to implement full HOAS in Isabelle, since a comparison with Twelf itself is complicated by the fact the latter is not biased towards interactive theorem-proving.... |

320 | Lambda-calculus notation with nameless dummies: a tool for automatic formula manipulation with application to the Church-Rosser theorem
- Bruijn
- 1972
(Show Context)
Citation Context ...ch core languages as ours (see for example [28, 20, 17]). We refer to our three methods as de Bruijn, weak HOAS and full HOAS. The de Bruijn method for describing binding operators is very well known =-=[-=-4]. It is exemplied in the Isabelle library by Nipkow's Church-Rosser's proofs [25] (see also for example [34, 2]). The method tackles some of the standard problems (such as -renaming) associated with... |

311 |
Higher-order abstract syntax
- Pfenning, Elliott
(Show Context)
Citation Context ...so we give some details|however, we assume readers are broadly familiar with the ideas. Note that HOAS is not a precisely dened system; a number of \systems"st the title which seems to appearsrst=-= in [29-=-]. The ideas underlying HOAS go back to Church and also appear in Martin-Lof's theory of arities [26]. The basic idea is that the meta-language into which an object language (such as PL) is translated... |

274 |
Programming in Martin-Löf’s Type Theory: an introduction
- Nordström, Petersson, et al.
- 1990
(Show Context)
Citation Context ...S is not a precisely dened system; a number of \systems"st the title which seems to appearsrst in [29]. The ideas underlying HOAS go back to Church and also appear in Martin-Lof's theory of ariti=-=es [26]-=-. The basic idea is that the meta-language into which an object language (such as PL) is translated will typically have a single variable binding construct (usually given by function abstraction) and ... |

188 |
An introduction to inductive definitions
- Aczel
- 1977
(Show Context)
Citation Context ...at least some form of case analysis and induction. One way to provide the former is to view a relation such as typing as a Partial Inductive Definition [12], a generalization of inductive definitions =-=[1]-=- to definiens containing parametric and hypothetical judgements. If b ⇐ G is an introduction rule for the predicate a and D(a) is the collection of the former, then the rule of Definitional Reflection... |

153 | A new approach to abstract syntax involving binders
- Gabbay, Pitts
- 1999
(Show Context)
Citation Context ...tive recursive denition which would be directly applicable to a substitution-based evaluation semantics. It is well known that this is not possible in the traditional setting of inductive denitions [7=-=, 1-=-0]. Substitution must be implemented, in the spirit of [24], as an inductive relation with rules such as s var1 subst (x : Var x) p p s var2 subst (x : Var u) p (Var u) subst S 1 t U 1 subst S 2 t U 2... |

142 |
Isabelle: A Generic Theorem
- Paulson
(Show Context)
Citation Context ...we hope oursndings will be useful to those working in related areas who wish to make informed choices about the pros and cons of formalizing variable binding. We give three formalizations in Isabelle =-=[27]-=- of the (meta)theory of a small core functional programming language. The types and terms are given respectively by A ::= Nat j A 1 ! A 2 M ::= x j lam x : M j M @ M 0 j z j s M j (case M of z )M 1 j ... |

125 | Primitive recursion for higher-order abstract syntax
- Schürmann, Despeyroux, et al.
(Show Context)
Citation Context ...tive recursive denition which would be directly applicable to a substitution-based evaluation semantics. It is well known that this is not possible in the traditional setting of inductive denitions [7=-=, 1-=-0]. Substitution must be implemented, in the spirit of [24], as an inductive relation with rules such as s var1 subst (x : Var x) p p s var2 subst (x : Var u) p (Var u) subst S 1 t U 1 subst S 2 t U 2... |

100 | Semantical analysis of higher-order abstract syntax
- Hofmann
- 1999
(Show Context)
Citation Context ...oss of the adequacy of the representation via creation of exotic terms, can come from a naive combination of higher-order induction principles in impredicative systems with the axiom of unique choice =-=[16]-=-. The main challenge is to-reintroduce some form of induction. Some recent research [30, 20] has shown that one way to make sense of this is to separate a meta-logic where we formalize our object logi... |

93 | Reasoning with higher-order abstract syntax in a logical framework
- McDowell, Miller
(Show Context)
Citation Context ...nd the equivalence of big and small step evaluation. These properties are standard, and quite elementary. However, they can be regarded as a benchmark for such core languages as ours (see for example =-=[28, 20, 17-=-]). We refer to our three methods as de Bruijn, weak HOAS and full HOAS. The de Bruijn method for describing binding operators is very well known [4]. It is exemplied in the Isabelle library by Nipkow... |

84 | Automating the Meta Theory of Deductive Systems
- Schürmann
- 2000
(Show Context)
Citation Context ...vel approach such the one in Section 4 is metatheoretically uncertain. C It is dicult to allow (primitive) recursion on higher-order syntax and especially to combine it with induction over open terms =-=[32]-=-. C No support for co-induction at this time. The simulation of Full HOAS in Isabelle's IFOL seems successful. Indeed, the proofs of subject reduction, determinism of operational semantics, and the pr... |

72 |
The formal semantics of programming languages. Foundations of Computing
- Winskel
- 1993
(Show Context)
Citation Context ...type assignments ` M : A, big step evaluation M + V where V is a value, and small step transitions M ;M 0 . The operational semantics is call-by-name; we omit the standard denitions (see for example [=-=35]-=-). We formalize type assignment, 2 A. Momigliano, S. J. Ambler & R. L. Crole evaluation (natural/big-step) and transition (single step) operational semantics, and prove some basic results, such as the... |

67 |
A framework for de logics
- Harper, Honsell, et al.
- 1993
(Show Context)
Citation Context ... et al's approach in the Calculus of Inductive Constructions. This too is in Isabelle/HOL. In Section 4 we restrict to the primitive Isabelle language to give a full HOAS encoding in the spirit of LF =-=[14]-=-; this has to be understood more as a simulation of what is achievable in systems such as Twelf [30], rather than as a full- edge proposal to implement full HOAS in Isabelle, since a comparison with T... |

65 | Cut-elimination for a logic with definitions and induction
- McDowell, Miller
(Show Context)
Citation Context ... measures. At the meta-meta level, they reason about object-level judgements formulated in second-order logic. They prove the consistency of the method by showing that F Oλ ∆IN enjoys cut-elimination =-=[17]-=-. Our approach is somewhat more naive than Miller’s in that we blur the distinction between meta-meta and meta-logic and we do not formalize an explicit logic of judgements, which we represent directl... |

57 | Some lambda calculus and type theory formalized
- McKinna, Pollack
- 1999
(Show Context)
Citation Context ...typing of s runs into problems in choosing suitably fresh names for the variables introduced in the abstraction case. A proof technique which overcomes these diculties is given by McKinna and Pollack =-=[2-=-1]. The trick is to dene a second version of the typing judgement in which the introduction rule for an abstraction has a universal quantier 8n : newIn n env ! newFor n s ! Cons(n; a) env ` inst 0 (Va... |

56 | Uni of simply typed lambda-terms as logic programming
- Miller
- 1991
(Show Context)
Citation Context ...to a substitution-based evaluation semantics. It is well known that this is not possible in the traditional setting of inductive denitions [7, 10]. Substitution must be implemented, in the spirit of [=-=-=-24], as an inductive relation with rules such as s var1 subst (x : Var x) p p s var2 subst (x : Var u) p (Var u) subst S 1 t U 1 subst S 2 t U 2 s app subst (x : App (S 1 x) (S 2 x)) t (App U 1 U 2 ) ... |

54 | Five axioms of alpha conversion
- Gordon, Melham
- 1996
(Show Context)
Citation Context ..., 21, 3]. Here we review papers that try to overcome the problems ofsrst-order encodings by using some form of HOAS; there are other intermediate approaches aimed at reducing the aforementioned issue =-=[33, 12], which we-=- do not have the space here to mention. We can distinguish two main (and not unrelated) approaches to the integration of HOAS and induction: one \functional" and the other \logical". In the ... |

46 |
The Coq proof assistant user's guide, Rapport Techniques 154
- Dowek, Felty, et al.
- 1993
(Show Context)
Citation Context ...ave carried out our study with Isabelle and Isabelle/HOL because they are systems which seem to oer most automation, but many of our observations may apply to other tactics-based systems such as Coq [=-=8]-=-. The paper is organized as follows. In section 2 we report on de Bruijn formalizations in Isabelle/HOL. In Section 3 we move to weak HOAS, by following Despeyroux et al's approach in the Calculus of ... |

44 | Higher-order abstract syntax in Coq
- Despeyroux, Felty, et al.
- 1995
(Show Context)
Citation Context ... justication for its consistency (see Section 4). A Comparison of Formalizations of a Language with Variable Bindings 5 3 The Weak HOAS Method In this section we explore Despeyroux et al.'s approach [=-=5] to -=-HOAS, which leads us to a formalization of a weak form of HOAS in Isabelle/HOL. Variable binders should be represented as functions in the meta-logic. This \requires" an inductive datatype deniti... |

41 | More Church-Rosser proofs (in Isabelle/HOL
- Nipkow
- 1996
(Show Context)
Citation Context ...ethods as de Bruijn, weak HOAS and full HOAS. The de Bruijn method for describing binding operators is very well known [4]. It is exemplied in the Isabelle library by Nipkow's Church-Rosser's proofs [=-=25-=-] (see also for example [34, 2]). The method tackles some of the standard problems (such as -renaming) associated with name-handling over concrete syntax. However, de Bruijn systems incur costs of add... |

36 | An extension to ML to handle bound variables in data structures: Preliminary report
- Miller
- 1990
(Show Context)
Citation Context ...d in Subsection 3). The aim is to preserve adequacy of representations, while still allowing \functional programming with higher-order terms". This wassrst suggested for a fragment of ML by Mille=-=r in [23]-=- and was realized for the simply-typed case in [7] and more recently for the dependentlytyped case in [6]. Here the idea is to separate at the type-theoretic level, via an S4 modal operator, the primi... |

29 |
Auto-validation d’un système de preuves avec familles inductives. Thèse de doctorat, Université Paris 7
- Barras
- 1999
(Show Context)
Citation Context ...ty of substitution. 5 Related Work In the literature, there are several large-scale machine-assisted proofs of properties of languages with variable binding usingsrst-order encodings, see for example =-=[34, 15, 21, 3]-=-. Here we review papers that try to overcome the problems ofsrst-order encodings by using some form of HOAS; there are other intermediate approaches aimed at reducing the aforementioned issue [33, 12]... |

28 |
A theory of binding structures and applications to rewriting
- Talcott
- 1993
(Show Context)
Citation Context ..., 21, 3]. Here we review papers that try to overcome the problems ofsrst-order encodings by using some form of HOAS; there are other intermediate approaches aimed at reducing the aforementioned issue =-=[33, 12], which we-=- do not have the space here to mention. We can distinguish two main (and not unrelated) approaches to the integration of HOAS and induction: one \functional" and the other \logical". In the ... |

28 |
Partial inductive definitions
- Hallnäs
- 1991
(Show Context)
Citation Context ...arly not enough for meta-reasoning, which needs at least some form of case analysis and induction. One way to provide the former is to view a relation such as typing as a Partial Inductive Definition =-=[12]-=-, a generalization of inductive definitions [1] to definiens containing parametric and hypothetical judgements. If b ⇐ G is an introduction rule for the predicate a and D(a) is the collection of the f... |

25 |
The Machine-Assisted Proof of Programming Language Properties
- VanInwegen
- 1996
(Show Context)
Citation Context ...OAS and full HOAS. The de Bruijn method for describing binding operators is very well known [4]. It is exemplied in the Isabelle library by Nipkow's Church-Rosser's proofs [25] (see also for example [=-=34, 2-=-]). The method tackles some of the standard problems (such as -renaming) associated with name-handling over concrete syntax. However, de Bruijn systems incur costs of additional programming infrastruc... |

22 |
Computation and deduction. Unpublished lecture notes
- Pfenning
- 1994
(Show Context)
Citation Context ...nd the equivalence of big and small step evaluation. These properties are standard, and quite elementary. However, they can be regarded as a benchmark for such core languages as ours (see for example =-=[28, 20, 17-=-]). We refer to our three methods as de Bruijn, weak HOAS and full HOAS. The de Bruijn method for describing binding operators is very well known [4]. It is exemplied in the Isabelle library by Nipkow... |

21 |
An axiomatic approach to metareasoning on systems in higher-order abstract syntax
- Honsell, Miculan, et al.
- 2001
(Show Context)
Citation Context ...nd the equivalence of big and small step evaluation. These properties are standard, and quite elementary. However, they can be regarded as a benchmark for such core languages as ours (see for example =-=[28, 20, 17-=-]). We refer to our three methods as de Bruijn, weak HOAS and full HOAS. The de Bruijn method for describing binding operators is very well known [4]. It is exemplied in the Isabelle library by Nipkow... |

18 |
An introduction to inductive de
- Aczel
(Show Context)
Citation Context ...s at least some form of case analysis and induction. One way to provide the former is to view a relation such as typing as a Partial Inductive Denition [13], a generalization of inductive denitions [1=-=-=-] to deniens containing parametric and hypothetical judgements. 10 A. Momigliano, S. J. Ambler & R. L. Crole If b ( G is an introduction rule for the predicate a and D(a) is the collection of the form... |

17 | A tutorial on recursive types in coq
- Gimenez
- 1998
(Show Context)
Citation Context ...us freeing the user from stating and asserting them in the theory. As well-known, induction in this setting can cause problems. For example, paradoxes such as non-termination of the logical framework =-=[1-=-1] arise when the higher-order encoding of a relation is seen as an inductive type, with corresponding strong elimination rule. It is the latter rule that allows a denition of the oending terms. Other... |

17 |
π-calculus in (co)inductive type theories
- Honsell, Miculan, et al.
- 2001
(Show Context)
Citation Context ...ntation. In fact not only are exotic terms given by case-analysis possible, but there are terms representing “free” variables, such as Var(Succ Zero), which we do not need. However, as pointed out in =-=[18]-=-, if the set of variables is not inductive, no closed exotic term is produced. In fact, in the Calculus of Construction it is possible to leave the set of variables completely unspecified (“parametric... |

14 | calculus in (Co)Inductive Type Theories
- Honsell, Miculan, et al.
(Show Context)
Citation Context ...ntation. In fact not only are exotic terms given by case-analysis possible, but there are terms representing \free" variables, such as Var(Succ Zero), which we do not need. However, as pointed ou=-=t in [18], if-=- the set of variables is not inductive, no closed exotic term is produced. In fact, in the Calculus of Construction it is possible to leave the set of variables completely unspecied (\parametric"... |

12 | Developing (meta)theory of lambda-calculus in the theory of contexts
- Miculan
- 2001
(Show Context)
Citation Context ...tegories is left to a forthcoming paper. Two main applications have been investigated so far. One is the development of the formal theory of strong late bisimilarity in the -calculus [18]. The other [=-=22-=-] is an implementation for the simply-typed -calculus which studies the same properties we have considered. In particular, the proof of totality of substitution relies essentially on the axiom of indu... |

8 |
an interactive derivation editor for the calculus of partial inductive definitions
- Pi
- 1994
(Show Context)
Citation Context ...em (i.e. not programmable by tactics). FO IN approach [20] is interactive, and brie y over-viewed in Section 4. While all the derivations mentioned in [20] have been proof-checked via the Pi editor [9=-=]-=-, an automated tool, code-named Iris, is under development. An even more recent development is Honsell et al.'ssframework [17], which explicitly embraces an axiomatic approach to meta-reasoning with H... |

8 |
A full formalization of pi-calculus theory in the Calculus of Constructions
- Hirschkoff
- 1997
(Show Context)
Citation Context ... of substitution. 5 Related Work In the literature, there are several large-scale machine-assisted proofs of properties of languages with variable binding using first-order encodings, see for example =-=[30, 14]-=-. Here we review papers that try to overcome the problems of first-order encodings by using some form of HOAS. We can distinguish two main (and not unrelated) approaches to the integration of HOAS and... |

3 |
Partial inductive de
- Hallnas
- 1991
(Show Context)
Citation Context ...early not enough for meta-reasoning, which needs at least some form of case analysis and induction. One way to provide the former is to view a relation such as typing as a Partial Inductive Denition [=-=1-=-3], a generalization of inductive denitions [1] to deniens containing parametric and hypothetical judgements. 10 A. Momigliano, S. J. Ambler & R. L. Crole If b ( G is an introduction rule for the pred... |

3 |
Cut-elimination for a logic with de and induction
- McDowell, Miller
- 1997
(Show Context)
Citation Context ...e measures. At the meta-meta level, they reason about object-level judgements formulated in second-order logic. They prove the consistency of the method by showing that FO IN enjoys cut-elimination [1=-=9]-=-. Our approach is somewhat more naive than Miller's, in that we blur the distinction between meta-meta and meta-logic and we do not formalize an explicit logic of judgements, which we represent direct... |

3 | de Bruijn. Lambda calculus notation with nameless dummies, a tool for automatic formula manipulation, with application to the Church-Rosser theorem - unknown authors - 1972 |

3 | Metatheoretic results for a modal λ-calculus
- Despeyroux, Leleu
(Show Context)
Citation Context ...g with higher-order terms”. This was first suggested for a fragment of ML by Miller in [20] and was realized first for the simply-typed case in [6] and more recently for the dependently-typed case in =-=[5]-=-. Here the idea is to separate at the type-theoretic level, via an S4 modal operator, the primitive recursive space (which encompasses functions defined via case distinction and iteration) from the pa... |

2 |
Mechanised Operational Semantics via (Co)Induction
- Ambler, Crole
- 1999
(Show Context)
Citation Context ...n/HOAS syntax. 1 Introduction Theorem provers can be used to reason about programming languages. For example, Ambler and Crole have used Isabelle to prove results about a small functional language PL =-=[2]-=-, by formalizing it within Isabelle/HOL. A key feature of PL is that variable binding is pervasive. Further, there are a number of methods which form the theoretical basis for the formalization of var... |

2 |
Metatheoretic Results for a Modal -calculus
- Leleu
- 1998
(Show Context)
Citation Context ...rogramming with higher-order terms". This wassrst suggested for a fragment of ML by Miller in [23] and was realized for the simply-typed case in [7] and more recently for the dependentlytyped cas=-=e in [6-=-]. Here the idea is to separate at the type-theoretic level, via an S4 modal operator, the primitive recursive space (which encompasses functions dened via case distinction and iteration) from the par... |

1 |
A full formalization of pi-calculus theory in the Calculus of Constructions
- Hirschko
- 1997
(Show Context)
Citation Context ...ty of substitution. 5 Related Work In the literature, there are several large-scale machine-assisted proofs of properties of languages with variable binding usingsrst-order encodings, see for example =-=[34, 15, 21, 3]-=-. Here we review papers that try to overcome the problems ofsrst-order encodings by using some form of HOAS; there are other intermediate approaches aimed at reducing the aforementioned issue [33, 12]... |

1 |
Higher-order abstract syntax with induction in Isabelle/HOL: Formalizing the -calculus and mechanizing the theory of contexts
- C, S
- 2001
(Show Context)
Citation Context ...useful in so far as it provides an induction principle over second-order terms: we can prove, for example, that substitution is a total relation (which otherwise would be, in general, unprovable). In =-=-=-[31] validity is used to prove the theory of contexts. v1 var valid1 (x : (Var v)) v1 ref valid1 (x : (Var x)) valid1 E valid1 E 0 v1 app valid1 (x : (App (E x) (E 0 x))) (8 u: valid1 (x : (E u x))) (... |

1 | Furio Honsell, Marino Miculan. -calculus in (co)inductive type theories - S - 2001 |

1 |
Furio Honsell, Marino Miculan. π-calculus in (co)inductive type theories
- S
(Show Context)
Citation Context ...ld an adequate representation. In fact not only are exotic terms given by case-analysis possible, but there are terms representing “free” variables, such as Var(Succ Zero). However, as pointed out in =-=[9]-=-, if the set of variables is not inductive, no closed exotic term is produced. In fact, in the Calculus of Construction it is possible to leave the set of variables completely unspecified (“parametric... |

1 |
Honsell F., Miculan M. An axiomatic approach to metareasoning on systems in higher-order abstract syntax
- I
- 2001
(Show Context)
Citation Context ...nd the equivalence of big and small step evaluation. These properties are standard, and quite elementary. However, they can be regarded as a benchmark for such core languages as ours (see for example =-=[25, 18, 16]-=-). We refer to our three methods as de Bruijn, weak HOAS and full HOAS. The de Bruijn method for describing binding operators is very well known [3]. It is exemplified in the Isabelle library by Nipko... |

1 |
Higher-order abstract syntax with induction in Isabelle/HOL: Formalizing the π-calculus and mechanizing the theory of contexts
- D, Berghofer
- 2001
(Show Context)
Citation Context ...lidity can be useful in so far as it provides an induction principle over second-order terms. We can prove that substitution is a total relation (which otherwise would be, in general, unprovable). In =-=[28]-=- validity is used to prove the theory of contexts. Weak HOAS does not obviously extend beyond second-order binding. Consider a third-order operator such as callcc, which in full HOAS would have the ty... |