## A code generator framework for Isabelle/HOL (2007)

Venue: | Department of Computer Science, University of Kaiserslautern |

Citations: | 10 - 4 self |

### BibTeX

@INPROCEEDINGS{Haftmann07acode,

author = {Florian Haftmann and Tobias Nipkow},

title = {A code generator framework for Isabelle/HOL},

booktitle = {Department of Computer Science, University of Kaiserslautern},

year = {2007}

}

### OpenURL

### Abstract

Abstract. We present a code generator framework for Isabelle/HOL. It formalizes the intermediate stages between the purely logical description in terms of equational theorems and a programming language. Correctness of the translation is established by giving the intermediate languages (a subset of Haskell) an equational semantics and relating it back to the logical level. To allow code generation for SML, we present and prove correct a (dictionary-based) translation eliminating type classes. The design of our framework covers different functional target languages. 1 Introduction and related work Executing formal specifications is a well-established topic and many theorem provers support this activity by generating code in a standard programming language from a logical description, typically by translating an internal functional language to an external one:

### Citations

731 |
Isabelle/HOL: a proof assistant for higher-order logic, volume 2283
- Nipkow, Paulson, et al.
- 2002
(Show Context)
Citation Context ...rview Only the two last steps are carried out outside the logic; by making this layer as thin as possible, the amount of code to trust is kept minimal. 3 The Isabelle framework The logic Isabelle/HOL =-=[10]-=- is an extension of Isabelle’s meta logic, aminimal higher-order logic of simply typed lambda terms [12]. Propositions are terms of a distinguished type prop. Theorems are propositions constructed via... |

347 | How to Make ad-hoc Polymorphism Less ad-hoc
- Wadler, Jones
- 1989
(Show Context)
Citation Context ...dictionaries. 5 Dictionary construction We have given inst statements a semantics in terms of overloaded defining equations. In classical Haskell their semantics is given by a dictionary construction =-=[16]-=-. To justify this link, we formalize dictionary construction as a transformation of a program S within the intermediate language to a program in the same language but without any class or inst stateme... |

185 |
Isabelle: the next 700 theorem provers
- Paulson
- 1990
(Show Context)
Citation Context ...e, the amount of code to trust is kept minimal. 3 The Isabelle framework The logic Isabelle/HOL [10] is an extension of Isabelle’s meta logic, aminimal higher-order logic of simply typed lambda terms =-=[12]-=-. Propositions are terms of a distinguished type prop. Theorems are propositions constructed via some basic inference rules. Isabelle provides equality ≡ :: α → α → prop and identifies terms up to αβη... |

124 | Type Classes in Haskell
- Hall, Hammond, et al.
- 1996
(Show Context)
Citation Context ...w to transform a set of equations conforming to some implementability restrictions into a program. Note that throughout this paper type classes refer to their classical formulation (see, for example, =-=[6]-=-). Note further that we can lump Haskell and SML together because we will only guarantee partial correctness of the generated code. Somewhat related but quite different is the work by Meyer and Wolff ... |

63 | T.: Higher-order rewrite systems and their confluence
- Mayr, Nipkow
- 1998
(Show Context)
Citation Context ...class statements. For this fine-grained reasoning we move from equational logic to term rewriting. Instead of arbitrary equational proofs (ΓD,ED) ⊢ t1 ≡ t2 we consider rewrite proofs t1 ∗ →ED t2, see =-=[8]-=-. This models the evaluation of t1. More precisely, we start with some (|s|), reduce it to some t ′ ,andift ′ is of the form program transformed program data Nat = Zero | Suc of Nat data Nat = Zero | ... |

49 |
A new extraction for Coq
- Letouzey
- 2003
(Show Context)
Citation Context ...e Common Lisp code generated by PVS has been proved correct [14], although PVS code generation in general appears to have not been formalized. Code generation for Coq is studied in great detail, e.g. =-=[7]-=-. One of the key differences to our work is that Coq is already closer to a programming language than HOL, for example because it has inductive types built in. Code generation for Isabelle/HOL is desc... |

40 | Random testing in Isabelle/HOL
- Berghofer, Nipkow
- 2004
(Show Context)
Citation Context ...both from constructive proofs and explicitly defined recursive functions. – Both Isabelle/HOL [1] and HOL4 generate SML code. In the case of Isabelle this code is also used for counter example search =-=[2]-=-. – The language of the theorem prover ACL2 is a subset of Common Lisp. – PVS allows evaluation of ground terms by translation to Common Lisp [4]. Though code generation forms an increasingly vital pa... |

31 | Type checking type classes
- Nipkow, Prehofer
- 1993
(Show Context)
Citation Context ...ans that all type constructors κ in τ are applied to the required number of arguments TYP κ. – Well-sorted types Γ ⊢ τ :: s and well-typed terms Γ ⊢ t :: τ. Precise definitions can be found elsewhere =-=[11]-=-. The definition of Γ ⊢ t :: τ is standard except for constants: If Ωf = ∀α :: sk. τ and Γ ⊢ τi :: si for all i then Γ ⊢ f [τ k] ::τ[τ k/αk]. Each occurrence of a constant in a term carries the instan... |

26 | Fast and loose reasoning is morally correct
- Danielsson, Hughes, et al.
- 2006
(Show Context)
Citation Context ...uce a Haskell-like intermediate language which captures the essence of target languages and give it a semantics as an equation system (equational reasoning is a common device in the Haskell community =-=[5]-=-). The language forms a bridge between logical and operational world. Its four statements are fun, data, class and inst. The semantics of statementsisgivenbyrules〈Γ, stmt〉 −→〈Γ ′ ,E〉 where Γ denotes a... |

18 |
Computational Aspects of an Order-sorted Logic with Term Declarations
- Schmidt-Schauß
- 1989
(Show Context)
Citation Context ...eorems are propositions constructed via some basic inference rules. Isabelle provides equality ≡ :: α → α → prop and identifies terms up to αβη conversion. Isabelle’s term language is an order-sorted =-=[13]-=- typed λ-calculus with schematic polymorphism 1 : sorts s ::= c1 ∩ ...∩ cn types τ ::= κ τ m | τ1 → τ2 | α :: s — 2 terms t ::= f [τ n] | x :: τ | λx :: τ. t | t1 t2 The notation un denotes the tuple ... |

13 | Evaluating, testing, and animating PVS specifications
- Crow, Owre, et al.
- 2001
(Show Context)
Citation Context ...elle this code is also used for counter example search [2]. – The language of the theorem prover ACL2 is a subset of Common Lisp. – PVS allows evaluation of ground terms by translation to Common Lisp =-=[4]-=-. Though code generation forms an increasingly vital part of many theorem provers, its functionality is often not formalized and must be trusted. In the case of ACL2 this is justified because its logi... |

10 | Single-threaded objects in ACL2
- Boyer, Moore
(Show Context)
Citation Context ...provers, its functionality is often not formalized and must be trusted. In the case of ACL2 this is justified because its logic is a subset of Common Lisp, but the addition of single-threaded objects =-=[3]-=-, which allow destructive updates, breaks this direct correspondence. The treatment of destructive updates in the Common Lisp code generated by PVS has been proved correct [14], although PVS code gene... |

8 | Static analysis for safe destructive updates in a functional language
- Shankar
- 2001
(Show Context)
Citation Context ... single-threaded objects [3], which allow destructive updates, breaks this direct correspondence. The treatment of destructive updates in the Common Lisp code generated by PVS has been proved correct =-=[14]-=-, although PVS code generation in general appears to have not been formalized. Code generation for Coq is studied in great detail, e.g. [7]. One of the key differences to our work is that Coq is alrea... |

2 |
Executing Higher-Order Logic
- Berghofer, Nipkow
- 2002
(Show Context)
Citation Context ...ypically by translating an internal functional language to an external one: – Coq [15] can generate OCaml both from constructive proofs and explicitly defined recursive functions. – Both Isabelle/HOL =-=[1]-=- and HOL4 generate SML code. In the case of Isabelle this code is also used for counter example search [2]. – The language of the theorem prover ACL2 is a subset of Common Lisp. – PVS allows evaluatio... |

1 | WordNet 1.6 Reference Manual, Section 7: Miscellaneous Topics, WordNet database statistics -- wnstats(7WN). Available in the World-Wide Web at http://www.cogsci.princeton.edu/~wn
- unknown authors
- 2000
(Show Context)
Citation Context ...). Note further that we can lump Haskell and SML together because we will only guarantee partial correctness of the generated code. Somewhat related but quite different is the work by Meyer and Wolff =-=[9]-=-. They translate between shallow embeddings of functional programs in HOL by means of tactics, whereas we justify the translation once and for all, but do this outside HOL. There are many further diff... |

1 |
Constructive type classes
- Wenzel, Haftmann
(Show Context)
Citation Context ...anguage (i.e. outside the logic). Within our framework of order-sorted algebra, dictionary construction is described as a translation (relative to some Γ ) of order-sorted types into dictionary terms =-=[17]-=-, lifted to terms and statements: – (|τ :: c|) maps a well-sortedness judgment to a corresponding dictionary, – (|t|) introduces dictionaries into a term t, – (|S|) transforms a program to its typecla... |