Results 1  10
of
12
Bisimulations upto: beyond firstorder transition systems
"... Abstract. The bisimulation proof method can be enhanced by employing ‘bisimulations upto ’ techniques. A comprehensive theory of such enhancements has been developed for firstorder (i.e., CCSlike) labelled transition systems (LTSs) and bisimilarity, based on the notion of compatible function for ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
Abstract. The bisimulation proof method can be enhanced by employing ‘bisimulations upto ’ techniques. A comprehensive theory of such enhancements has been developed for firstorder (i.e., CCSlike) labelled transition systems (LTSs) and bisimilarity, based on the notion of compatible function for fixedpoint theory. We transport this theory onto languages whose bisimilarity and LTS go beyond those of firstorder models. The approach consists in exhibiting fully abstract translations of the more sophisticated LTSs and bisimilarities onto the firstorder ones. This allows us to reuse directly the large corpus of upto techniques that are available on firstorder LTSs. The only ingredient that has to be manually supplied is the compatibility of basic upto techniques that are specific to the new languages. We investigate the method on the picalculus, the λcalculus, and a (callbyvalue) λcalculus with references. 1
A Logical Step Forward in Parametric Bisimulations
, 2014
"... In the last several years, a number of effective methods have been developed for reasoning about program equivalence in higherorder imperative languages like ML. Most recently, we proposed parametric bisimulations (PBs), which fruitfully synthesize the direct coinductive style of bisimulations with ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
In the last several years, a number of effective methods have been developed for reasoning about program equivalence in higherorder imperative languages like ML. Most recently, we proposed parametric bisimulations (PBs), which fruitfully synthesize the direct coinductive style of bisimulations with the flexible invariants on local state afforded by Kripke logical relations, and which furthermore support transitive composition of equivalence proofs. However, the PB model of our previous work suffered from two limitations. First, it failed to validate the eta law for function values, which is important for our intended application of compiler certification. Second, it was not clear how to scale the method to reason about control effects. In this paper, we propose stuttering parametric bisimulations (SPBs), a variant of PBs that addresses their aforementioned limitations. Interestingly, despite the fact that the eta law and control effects seem like unrelated issues, our solutions to both problems hinge on the same technical device, namely the use of a “logical ” reduction semantics that permits finite but unbounded stuttering in between physical steps. This technique is closely related to the key idea in wellfounded and stuttering bisimulations, adapted here for the first time to reasoning about open, higherorder programs. We present SPBs—along with metatheoretic results and example applications—for a language with recursive types and firstclass continuations. Following our previous account of PBs, we can easily extend SPBs
Parametric Bisimulations: A Logical Step Forward
"... Abstract—In the last several years, a number of effective methods have been developed for reasoning about program equivalence in higherorder imperative languages like ML. Most recently, we proposed relation transition systems (RTSs), which fruitfully synthesize the direct coinductive style of bisim ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
Abstract—In the last several years, a number of effective methods have been developed for reasoning about program equivalence in higherorder imperative languages like ML. Most recently, we proposed relation transition systems (RTSs), which fruitfully synthesize the direct coinductive style of bisimulations with the flexible invariants on local state afforded by Kripke logical relations, and which furthermore support transitive composition of equivalence proofs. However, the RTS model of our previous work suffered from two limitations. First, it failed to validate the eta law for function values, which is important for our intended application of compiler certification. Second, it was not clear how to scale the method to reason about control effects. In this paper, we propose parametric bisimulations (PBs), which build closely on RTSs while addressing their aforementioned limitations. Interestingly, despite the fact that the eta law and control effects seem like unrelated issues, our solutions to both problems hinge on the same technical device, namely the use of a “logical” reduction semantics that permits finite but unbounded stuttering in between physical steps. This technique is closely related to the key idea in wellfounded and stuttering bisimulations, adapted here for the first time to reasoning about open, higherorder programs. We present PBs—along with metatheoretic results and example applications—for a language with recursive types and firstclass continuations. Following our previous account of RTSs, it is straightforward to extend PBs to handle abstract types and general mutable references as well (see our online appendix for details). All our results have been fully mechanized in Coq. 1
Formalization of the BisimulationUpTo Technique and its Meta Theory ⋆
"... Abstract. Bisimilarity of two processes is formally established by producing a bisimulation relation that contains those two processes and obeys certain closure properties. In many situations, particularly when the underlying labeled transition system is unbounded, these bisimulation relations can b ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
Abstract. Bisimilarity of two processes is formally established by producing a bisimulation relation that contains those two processes and obeys certain closure properties. In many situations, particularly when the underlying labeled transition system is unbounded, these bisimulation relations can be large and even infinite. The bisimulationupto technique has been developed to reduce the size of the relations being computed while retaining soundness, that is, the guarantee of the existence of a bisimulation. Such techniques make defining relations easier and they are increasingly becoming a critical ingredient in the automated checking of bisimilarity. This paper is devoted to the formalization of the meta theory of several major bisimulationupto techniques for the process calculi CCS and the πcalculus (with replication). Our formalization is based on recent work on the proof theory of least and greatest fixpoints, particularly the use of relations defined (co)inductively, and of coinductive proofs about such relations, as implemented in the Abella theorem prover. An important feature of our formalization is that our definitions of the bisimulationupto relations are, in most cases, straightforward translations of published informal definitions, and our proofs clarify several technical details of the informal descriptions. We exploit the existing facilities in Abella for reasoning about objects with binding—such as πcalculus processes—using λtree syntax and generic reasoning using the ∇quantifier. 1
A Lightweight Formalization of the Metatheory of BisimulationUpTo
"... Bisimilarity of two processes is formally established by producing a bisimulation relation that contains those two processes and obeys certain closure properties. In many situations, particularly when the underlying labeled transition system is unbounded, these bisimulation relations can be large a ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
(Show Context)
Bisimilarity of two processes is formally established by producing a bisimulation relation that contains those two processes and obeys certain closure properties. In many situations, particularly when the underlying labeled transition system is unbounded, these bisimulation relations can be large and even infinite. The bisimulationupto technique has been developed to reduce the size of the relations being computed while retaining soundness, that is, the guarantee of the existence of a bisimulation. Such techniques are increasingly becoming a critical ingredient in the automated checking of bisimilarity. This paper is devoted to the formalization of the meta theory of several major bisimulationupto techniques for the process calculi CCS and the picalculus (with replication). Our formalization is based on recent work on the proof theory of least and greatest fixpoints, particularly the use of relations defined (co)inductively, and of coinductive proofs about such relations, as implemented in the Abella theorem prover. An important feature of our formalization is that our definitions of the bisimulationupto relations are, in most cases, straightforward translations of published informal definitions, and our proofs clarify several technical details of the informal descriptions. Since the logic behind Abella also supports λtree syntax and generic reasoning using the∇quantifier, our treatment of the picalculus is both direct and natural.
Foundational Extensible Corecursion
, 2014
"... This paper presents a theoretical framework for defining corecursive functions safely in a total setting, based on corecursion upto and relational parametricity. The end product is a general corecursor that allows corecursive (and even recursive) calls under wellbehaved operations, including con ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
This paper presents a theoretical framework for defining corecursive functions safely in a total setting, based on corecursion upto and relational parametricity. The end product is a general corecursor that allows corecursive (and even recursive) calls under wellbehaved operations, including constructors. Corecursive functions that are well behaved can be registered as such, thereby increasing the corecursor’s expressiveness. To the extensible corecursor corresponds an equally flexible coinduction principle. The metatheory is formalized in the Isabelle proof assistant and forms the core of a prototype tool. The approach is foundational: The corecursor is derived from first principles, without requiring new axioms or extensions of the logic. This ensures that no inconsistencies can be introduced by omissions in a termination or productivity check.
and
, 2015
"... Effective support for custom proof automation is essential for largescale interactive proof development. However, existing languages for automation via tactics either (a) provide no way to specify the behavior of tactics within the base logic of the accompanying theorem prover, or (b) rely on adva ..."
Abstract
 Add to MetaCart
(Show Context)
Effective support for custom proof automation is essential for largescale interactive proof development. However, existing languages for automation via tactics either (a) provide no way to specify the behavior of tactics within the base logic of the accompanying theorem prover, or (b) rely on advanced typetheoretic machinery that is not easily integrated into established theorem provers. We present Mtac, a lightweight but powerful extension to Coq that supports dependently typed tactic programming. Mtac tactics have access to all the features of ordinary Coq programming, as well as a new set of typed tactical primitives. We avoid the need to touch the trusted kernel typechecker of Coq by encapsulating uses of these new tactical primitives in a monad, and instrumenting Coq so that it executes monadic tactics during type inference. 1
and
, 2014
"... Effective support for custom proof automation is essential for largescale interactive proof development. However, existing languages for automation via tactics either (a) provide no way to specify the behavior of tactics within the base logic of the accompanying theorem prover, or (b) rely on adva ..."
Abstract
 Add to MetaCart
(Show Context)
Effective support for custom proof automation is essential for largescale interactive proof development. However, existing languages for automation via tactics either (a) provide no way to specify the behavior of tactics within the base logic of the accompanying theorem prover, or (b) rely on advanced typetheoretic machinery that is not easily integrated into established theorem provers. We present Mtac, a lightweight but powerful extension to Coq that supports dependentlytyped tactic programming. Mtac tactics have access to all the features of ordinary Coq programming, as well as a new set of typed tactical primitives. We avoid the need to touch the trusted kernel typechecker of Coq by encapsulating uses of these new tactical primitives in a monad, and instrumenting Coq so that it executes monadic tactics during type inference. 1
Introducing Functional Programmers to Interactive Theorem Proving and Program Verification Teaching Experience Report ∗
"... We report on the design and preliminary evaluation of a short introductory course on interactive theorem proving and program verification using the Coq proof assistant, targeted at students with background in functional programming and software engineering. The course builds on concepts familiar fro ..."
Abstract
 Add to MetaCart
(Show Context)
We report on the design and preliminary evaluation of a short introductory course on interactive theorem proving and program verification using the Coq proof assistant, targeted at students with background in functional programming and software engineering. The course builds on concepts familiar from functional programming to develop understanding of logic and mechanized proving by means of the CurryHoward isomorphism. A particular emphasis is made of the computational nature of decidable properties of various data structures. This approach is of practical importance, as Coq’s normalization can automatically simplify or discharge such properties, thus reducing the burden of constructing the proofs by hand. As a basis for teaching this style of mechanization, we use Gonthier et al.’s Ssreflect extension of Coq and its associated libraries. In the course, we minimize the exposure to adhoc proof automation via tactics, and request that students develop proofs using only a small set of proofbuilding primitives that they should clearly understand. In addition to introducing logic as an application of functional programming, the topics covered by the course include: implementation of custom rewriting principles as instances of indexed type families, boolean reflection, implementation of algebraic structures and inheritance between them, and verification of imperative programs in separation logic and Hoare Type Theory. 1.
Distributed under a Creative Commons Attribution NoDerivatives 4.0 International License A Lightweight Formalization of the Metatheory of
, 2014
"... HAL is a multidisciplinary open access archive for the deposit and dissemination of scientific research documents, whether they are published or not. The documents may come from teaching and research institutions in France or abroad, or from public or private research centers. L’archive ouverte p ..."
Abstract
 Add to MetaCart
(Show Context)
HAL is a multidisciplinary open access archive for the deposit and dissemination of scientific research documents, whether they are published or not. The documents may come from teaching and research institutions in France or abroad, or from public or private research centers. L’archive ouverte pluridisciplinaire HAL, est destinée au dépôt et a ̀ la diffusion de documents scientifiques de niveau recherche, publiés ou non, émanant des établissements d’enseignement et de recherche français ou étrangers, des laboratoires publics ou privés.