## Program Extraction from Large Proof Developments (2003)

### Cached

### Download Links

- [www.cs.math.ist.utl.pt]
- [www.win.tue.nl]
- DBLP

### Other Repositories/Bibliography

Citations: | 6 - 4 self |

### BibTeX

@MISC{Cruz-Filipe03programextraction,

author = {Luíz Cruz-Filipe and Bas Spitters},

title = {Program Extraction from Large Proof Developments},

year = {2003}

}

### OpenURL

### Abstract

It is well known that mathematical proofs often contain (abstract) algorithms, but although these algorithms can be understood by a human, it still takes a lot of time and effort to implement this algorithm on a computer; moreover, one runs the risk of making mistakes in the process. From a fully...

### Citations

537 | Lambda calculi with types
- BARENDREGT
- 1991
(Show Context)
Citation Context ...sorts. On the one hand, there are sorts Set and Prop, representing respectively data types and types of properties; these correspond both to what is usually represented by in Pure Type System (PTS) =-=[1]-=-. On the other side, there is a family (Typei)i2IN of sorts (corresponding to in the PTS approach) which, among other things, rules how higher types are formed.3 Also the typing statements Set : Typ... |

429 | Constructive Analysis
- Bishop, Bridges
- 1985
(Show Context)
Citation Context ... reasons for preferring to use instead of < whenever possible. This is simply because , being a negative predicate, allows constructive proofs by contradiction. It should also be noted that Bishop =-=[2]-=- very carefully uses the latter in all "--denitions and -proofs for this reason.5 In summary, there are two good reasons to work with negative statements: not only do the programs become shorter, bu... |

68 | A compiled implementation of strong reduction
- Gregoire, Leroy
(Show Context)
Citation Context ...[22,21], so these principles do not have to be assumed as axioms, but can be derived for each particular instance. Finally, in the specic case of Coq, the new version will incorporate a Coq compiler =-=[12]-=-; therefore the speed of the program does not seem to be a real issue anymore. Our approach We chose to work with the Coq extraction mechanism to ML, which is an external a priori extraction. The main... |

50 |
A new extraction for Coq
- Letouzey
- 2003
(Show Context)
Citation Context ...tants. Among these, Coq currently provides a tool that translates proofs of mathematical statements into functional programs which are guaranteed to be correct. This mechanism, described in detail in =-=[13]-=-, works by assigning dierent types to terms which represent data and terms which represent properties of the data. The latter are assumed to be computationally irrelevant in the sense that they can n... |

26 | A constructive proof of the Fundamental Theorem of Algebra without using the rationals
- Geuvers, Wiedijk, et al.
- 2001
(Show Context)
Citation Context ...ted program with the algorithm which one might directly implement. The algorithm implicitly present in the Kneser proof is actually as ecient as the well known Newton-Raphson method, as was shown in =-=[11]-=-; unfortunately, the presently inecient formalization of the real numbers actually prevents the computation of zeros of a polynomial using the proof of the fta. Fortunately, two ecient formalization... |

25 |
Mathematics as a numerical language
- Bishop
- 1968
(Show Context)
Citation Context ...uction It has long been realized that constructive mathematics has computational content in the sense that proofs of existential statements actually correspond to algorithms to compute a witness, see =-=[3,14]-=-. Also intuitionistic logic, which describes the reasoning in constructive mathematics, is the natural language for type-theory based proof-assistants. Among these, Coq currently provides a tool that ... |

23 | MC2: A module calculus for pure type systems
- Courant
- 2001
(Show Context)
Citation Context ... it a specic kind of computation or a convenient way of proving theorems. If we have an adequate module system, these dierent implementations can be used in harmony. Work in this area is being done =-=[7]-=- and will probably be included in the next Coq version. In summary, the extracted program consists of: Description Size (kb) % of total \Relevant" code 110 6.5 Unfolding of C 1050 62.5 Unfolding of po... |

14 |
Abstraction and Computation
- Capretta
- 2002
(Show Context)
Citation Context ...sponding to roughly 30% of the size of the proof of the Kneser lemma. In the next step, we decided to experiment with the known distinction between subsets as propositional functions or as subsetoids =-=[4,5]-=-. We found that when using propositional functions, not only do proofs become easier to write, but also the extracted program greatly reduces in size. It also increases the internal coherence of the f... |

14 | The algebraic hierarchy of the FTA Project
- Geuvers, Pollack, et al.
- 2002
(Show Context)
Citation Context ...his data, and therefore need never be extracted. Throughout this paper, we will refer to this mechanism as program extraction. For a short overview of this, see Section 2. The fta-project in Nijmegen =-=[10]-=- was thesrst attempt to formalize a large piece of constructive mathematics, namely the Fundamental Theorem of Algebra, in Coq; therefore it was a natural testing ground for the program extraction mec... |

8 | Exact arithmetic on Stern-Brocot tree
- Niqui
- 2003
(Show Context)
Citation Context ..., the presently inecient formalization of the real numbers actually prevents the computation of zeros of a polynomial using the proof of the fta. Fortunately, two ecient formalizations of the reals =-=[6,15]-=- are almost completed. 3 Positive and negative statements The Coq type theory, based on the Calculus of Inductive Constructions [20], contains two kinds of sorts. On the one hand, there are sorts Set ... |

8 |
Minimal logic for computable functionals
- Schwichtenberg
- 2002
(Show Context)
Citation Context ...nt ways to formalize it; for more detailed information, the reader is advised to check the cited works and their references. For a more detailed overview, although in a slightly dierent setting, see =-=[19]-=-. In all approaches, however, the basic outline is the same: through the CurryHoward isomorphism, proofs are identied with programs in a given programming language. However, the resulting programs co... |

7 |
Gianantonio. A co-inductive approach to real numbers, volume 1956 of LNCS
- Ciaaglione, Di
- 2000
(Show Context)
Citation Context ..., the presently inecient formalization of the real numbers actually prevents the computation of zeros of a polynomial using the proof of the fta. Fortunately, two ecient formalizations of the reals =-=[6,15]-=- are almost completed. 3 Positive and negative statements The Coq type theory, based on the Calculus of Inductive Constructions [20], contains two kinds of sorts. On the one hand, there are sorts Set ... |

6 | Inconsistency of classical logic in type theory. http://www.cs.kun.nl/~herman/note.ps.gz See also other publications athttp://www.cs.kun.nl/~herman/pubs.html 35 - Geuvers |

5 | Marking techniques for extraction
- Prost
- 1995
(Show Context)
Citation Context ...from the computational point of view), therefore some mechanism is devised to identify this irrelevant parts and remove them from thesnal program. One approach, studied in the context of Coq by Prost =-=[18]-=-, is to look at the proof term and recursively mark its subterms according to whether they contribute to thesnal output of the program or not; this marking is done in a way that is coherent with type ... |

4 |
quotients and partial functions in martin-lof's type theory
- Subsets
- 2003
(Show Context)
Citation Context ...sponding to roughly 30% of the size of the proof of the Kneser lemma. In the next step, we decided to experiment with the known distinction between subsets as propositional functions or as subsetoids =-=[4,5]-=-. We found that when using propositional functions, not only do proofs become easier to write, but also the extracted program greatly reduces in size. It also increases the internal coherence of the f... |

3 |
Constructive mathematics and computer science
- Martin-Löf
- 1982
(Show Context)
Citation Context ...uction It has long been realized that constructive mathematics has computational content in the sense that proofs of existential statements actually correspond to algorithms to compute a witness, see =-=[3,14]-=-. Also intuitionistic logic, which describes the reasoning in constructive mathematics, is the natural language for type-theory based proof-assistants. Among these, Coq currently provides a tool that ... |

3 |
Constructivism in mathematics. An introduction. Number 123
- Troelstra, Dalen
- 1988
(Show Context)
Citation Context ...programs [8]. Moreover, realizability (extraction) can be used to strengthen results. For instance, the realizability interpretation validates both the axiom of choice and the independence of premise =-=[22,21]-=-, so these principles do not have to be assumed as axioms, but can be derived for each particular instance. Finally, in the specic case of Coq, the new version will incorporate a Coq compiler [12]; t... |

2 |
A uniform approach to program extraction: Pure type systems with ultra -types. http://www.cmat.edu.uy/ severi/publications.html
- Fernandez, Mackie, et al.
(Show Context)
Citation Context ...iginal andsnal type-systems are the same. This allows a simple implementation as additional reduction rules inside the type theory, such that the proof terms simply reduce to the appropriate programs =-=[8]-=-. Moreover, realizability (extraction) can be used to strengthen results. For instance, the realizability interpretation validates both the axiom of choice and the independence of premise [22,21], so ... |

2 |
Quotients dans le CCI
- Pottier
(Show Context)
Citation Context ...t that propositions do not all have the same type there are at least four dierent (and not equivalent) ways to write it. Moreover, the axiom A:SetA _ :A leads to an inconsistent theory, as noted in =-=[9,17]-=-. With these issues in mind, we now propose a slightly modied version of the Coq type system where these problems do not arise. Our previous discussion of the dierence between positive and negative ... |

2 |
Realizability, volume Handbook of Proof Theory
- Troelstra
- 1998
(Show Context)
Citation Context ...programs [8]. Moreover, realizability (extraction) can be used to strengthen results. For instance, the realizability interpretation validates both the axiom of choice and the independence of premise =-=[22,21]-=-, so these principles do not have to be assumed as axioms, but can be derived for each particular instance. Finally, in the specic case of Coq, the new version will incorporate a Coq compiler [12]; t... |

1 | Extracting F! 's programs from proofs in the Calulus of Constructions - Paulin-Mohring - 1989 |

1 |
Inconsistency of classical logic
- Geuvers
(Show Context)
Citation Context ...t that propositions do not all have the same type there are at least four dierent (and not equivalent) ways to write it. Moreover, the axiom A:SetA _ :A leads to an inconsistent theory, as noted in =-=[9,17]-=-. With these issues in mind, we now propose a slightly modied version of the Coq type system where these problems do not arise. Our previous discussion of the dierence between positive and negative ... |

1 |
Extracting F!'s programs from proofs in the Calulus of Constructions
- Paulin-Mohring
- 1989
(Show Context)
Citation Context ... we propose and discuss some changes to the Coq type theory. 2 An Overview of Extraction Computer implementations of program extraction have been around for about two decades now. Among these, Paulin =-=[16]-=- was thesrst to provide an extraction mechanism for Coq. There are several approaches to the issue, and several dierent ways to formalize it; for more detailed information, the reader is advised to c... |