## Towards Machine-checked Compiler Correctness for Higher-order Pure Functional Languages (1994)

Venue: | CSL '94, European Association for Computer Science Logic, Springer LNCS |

Citations: | 4 - 1 self |

### BibTeX

@INPROCEEDINGS{Lester94towardsmachine-checked,

author = {David Lester and Sava Mintchev},

title = {Towards Machine-checked Compiler Correctness for Higher-order Pure Functional Languages},

booktitle = {CSL '94, European Association for Computer Science Logic, Springer LNCS},

year = {1994}

}

### OpenURL

### Abstract

. In this paper we show that the critical part of a correctness proof for implementations of higher--order functional languages is amenable to machine--assisted proof. An extended version of the lambdacalculus is considered, and the congruence between its direct and continuation semantics is proved. The proof has been constructed with the help of a generic theorem prover --- Isabelle. The major part of the problem lies in establishing the existence of predicates which describe the congruence. This has been solved using Milne's inclusive predicate strategy [5]. The most important intermediate results and the main theorem as derived by Isabelle are quoted in the paper. Keywords: Compiler Correctness, Theorem Prover, Congruence Proof, Denotational Semantics, Lambda Calculus 1 Introduction Much of the work done previously in compiler correctness concerns restricted subsets of imperative languages. Some studies involve machine--checked correctness---e.g. Cohn [1], [2]. A lot of research h...

### Citations

473 |
Denotational Semantics: the Scott-Strachey Approach to Programming Languages Theory
- Stoy
- 1977
(Show Context)
Citation Context ...gruent in a certain sense. To this end we define predicates (Definition 2.1) to compare two values, one from each semantics. As the reader may have noticed already, we use Stoy's diacritical notation =-=[15]-=- to distinguish between objects belonging to the two semantics. We use an acute accent ' \Delta to represent an object from the direct semantics and a grave accent ` \Delta to represent an object from... |

165 |
Logic and Computation: Interactive Proof with Cambridge LCF
- Paulson
- 1987
(Show Context)
Citation Context ...ism uses higher--order resolution. Due to the flexibility of the theorem prover, various object logics have been defined in Isabelle. In our proof we have used the logic of computable functions (LCF) =-=[11]-=-, a formalization of polymorphic predicate lambda calculus (PP). In the course of the proof construction, LCF has been extended with new theories, each with its new types, constants and axioms. In the... |

51 |
Deriving Target Code as a Representation of Continuation Semantics
- Wand
- 1982
(Show Context)
Citation Context ...orrectness of a lazy functional language compiler is presented in Lester [3, 4], however, it has not been machine--checked. Methods and important results have been published by Stoy [17, 18] and Wand =-=[19]-=-. In order to present the problem in a relatively short paper, we have considered a simplified form of the problem of compiler correctness, and its mechanized proof. We hope subsequently to extend the... |

46 |
On the relation between direct and continuation semantics
- Reynolds
- 1974
(Show Context)
Citation Context ...dicates. Furthermore, as he pointed out, there isn't a rich enough language having only valid predicates as sentences. Thus existence must be proved for every recursive predicate definition. Reynolds =-=[14]-=- tackles the problem of existence by constructing explicitly the recursive domains, and defining generalized directed complete relations on them. Stoy [16] applies the more straightforward inclusive p... |

41 | Introduction to Isabelle
- Paulson
- 1993
(Show Context)
Citation Context ... the work to a full compiler. Here we discuss the use of machine--assisted proof in asserting the congruence between two definitions of a fully-fledged language of lambda expressions. We use Isabelle =-=[12]-=- --- a generic theorem prover, written in Standard ML. It has a built-in parser/pretty-printer generator and a type checker. The inference mechanism uses higher--order resolution. Due to the flexibili... |

32 |
A semantic prototyping system
- Wand
- 1984
(Show Context)
Citation Context ...me studies involve machine--checked correctness---e.g. Cohn [1], [2]. A lot of research has been devoted to the construction of compiler--compilers as in the work of Mosses [6] Paulson [10], and Wand =-=[20]-=-. A recent attempt in this field is reported in [9]. Developing a proof of compiler correctness for a higher--order functional language is made considerably more difficult by the need to use inclusive... |

27 |
Full Abstraction and Semantic Equivalence
- Mulmuley
- 1987
(Show Context)
Citation Context .... A separate (sub)section is devoted to each of these in the rest of the paper. 3 The Existence of the Predicates The importance of the problem of existence of predicates was demonstrated by Mulmuley =-=[7]-=-. He provided examples of plausible recursive definitions which do not always have solutions, i.e. do not define predicates. Furthermore, as he pointed out, there isn't a rich enough language having o... |

27 |
A semantics-directed compiler generator
- Paulson
- 1982
(Show Context)
Citation Context ...e languages. Some studies involve machine--checked correctness---e.g. Cohn [1], [2]. A lot of research has been devoted to the construction of compiler--compilers as in the work of Mosses [6] Paulson =-=[10]-=-, and Wand [20]. A recent attempt in this field is reported in [9]. Developing a proof of compiler correctness for a higher--order functional language is made considerably more difficult by the need t... |

26 | Provably Correct Compiler Generation
- Palsberg
- 1992
(Show Context)
Citation Context ...g. Cohn [1], [2]. A lot of research has been devoted to the construction of compiler--compilers as in the work of Mosses [6] Paulson [10], and Wand [20]. A recent attempt in this field is reported in =-=[9]-=-. Developing a proof of compiler correctness for a higher--order functional language is made considerably more difficult by the need to use inclusive predicates to relate an operational semantics (or ... |

15 |
Deriving correctness properties of compiled code
- Curzon
- 1992
(Show Context)
Citation Context ...alculus 1 Introduction Much of the work done previously in compiler correctness concerns restricted subsets of imperative languages. Some studies involve machine--checked correctness---e.g. Cohn [1], =-=[2]-=-. A lot of research has been devoted to the construction of compiler--compilers as in the work of Mosses [6] Paulson [10], and Wand [20]. A recent attempt in this field is reported in [9]. Developing ... |

15 | Relational properties of recursively defined domains
- Pitts
- 1993
(Show Context)
Citation Context ...mechanization we were able to correct an error in the proof of [4, Lemmas 3.18 and 3.19]. We intend to experiment with other methods of proving the existence of predicates on reflexive domains. Pitts =-=[13]-=- has proposed a method which is easier to apply than the usual inclusive predicate strategy. The essence of the method is to define simultaneously two versions of the predicate -- one with positive an... |

13 |
Combinator Graph Reduction: A Congruence and its Applications. D.Phil thesis
- LESTER
- 1989
(Show Context)
Citation Context ... predicates to relate an operational semantics (or a continuation semantics) to the direct semantics. A complete proof of the correctness of a lazy functional language compiler is presented in Lester =-=[3, 4]-=-, however, it has not been machine--checked. Methods and important results have been published by Stoy [17, 18] and Wand [19]. In order to present the problem in a relatively short paper, we have cons... |

12 |
The formal semantics of computer languages and their implementations
- Milne
- 1974
(Show Context)
Citation Context ...orem prover --- Isabelle. The major part of the problem lies in establishing the existence of predicates which describe the congruence. This has been solved using Milne's inclusive predicate strategy =-=[5]-=-. The most important intermediate results and the main theorem as derived by Isabelle are quoted in the paper. Keywords: Compiler Correctness, Theorem Prover, Congruence Proof, Denotational Semantics,... |

11 |
Some mathematical aspects of functional programming. Functional Programming and its Applications
- Stoy
- 1982
(Show Context)
Citation Context ...ete proof of the correctness of a lazy functional language compiler is presented in Lester [3, 4], however, it has not been machine--checked. Methods and important results have been published by Stoy =-=[17, 18]-=- and Wand [19]. In order to present the problem in a relatively short paper, we have considered a simplified form of the problem of compiler correctness, and its mechanized proof. We hope subsequently... |

8 |
Two-Level Functional Languages. Number 34
- Nielson, Nielson
- 1992
(Show Context)
Citation Context ...negative occurrences only -- and to prove the two versions equal using fixpoint induction. We also intend to explore the correctness of a full compiler for a lazy functional language, in the style of =-=[8]-=-. For this we will need to deal with the following points: -- Using an operational model of the implementation (e.g. Plotkin's structural operational semantics, or a concrete abstract machine) in plac... |

7 |
The G-machine as a representation of stack semantics
- Lester
- 1987
(Show Context)
Citation Context ... predicates to relate an operational semantics (or a continuation semantics) to the direct semantics. A complete proof of the correctness of a lazy functional language compiler is presented in Lester =-=[3, 4]-=-, however, it has not been machine--checked. Methods and important results have been published by Stoy [17, 18] and Wand [19]. In order to present the problem in a relatively short paper, we have cons... |

5 |
semantics implementation system
- SIS
- 1979
(Show Context)
Citation Context ...of imperative languages. Some studies involve machine--checked correctness---e.g. Cohn [1], [2]. A lot of research has been devoted to the construction of compiler--compilers as in the work of Mosses =-=[6]-=- Paulson [10], and Wand [20]. A recent attempt in this field is reported in [9]. Developing a proof of compiler correctness for a higher--order functional language is made considerably more difficult ... |

5 |
The congruence of two programming language definitions
- Stoy
- 1981
(Show Context)
Citation Context ...ery recursive predicate definition. Reynolds [14] tackles the problem of existence by constructing explicitly the recursive domains, and defining generalized directed complete relations on them. Stoy =-=[16]-=- applies the more straightforward inclusive predicate strategy of Milne to solving a similar problem. He uses retracts in building the domains, and constructs the particular predicates iteratively. Re... |

3 |
The equivalence of two semantic definitions: a case study in LCF
- Cohn
- 1983
(Show Context)
Citation Context ...bda Calculus 1 Introduction Much of the work done previously in compiler correctness concerns restricted subsets of imperative languages. Some studies involve machine--checked correctness---e.g. Cohn =-=[1]-=-, [2]. A lot of research has been devoted to the construction of compiler--compilers as in the work of Mosses [6] Paulson [10], and Wand [20]. A recent attempt in this field is reported in [9]. Develo... |

1 |
Semantic models
- Stoy
- 1982
(Show Context)
Citation Context ...ete proof of the correctness of a lazy functional language compiler is presented in Lester [3, 4], however, it has not been machine--checked. Methods and important results have been published by Stoy =-=[17, 18]-=- and Wand [19]. In order to present the problem in a relatively short paper, we have considered a simplified form of the problem of compiler correctness, and its mechanized proof. We hope subsequently... |