Results 1  10
of
81
Firstclass type classes
, 2008
"... Abstract. Type Classes have met a large success in Haskell and Isabelle, as a solution for sharing notations by overloading and for specifying with abstract structures by quantification on contexts. However, both systems are limited by secondclass implementations of these constructs, and these limi ..."
Abstract

Cited by 59 (5 self)
 Add to MetaCart
(Show Context)
Abstract. Type Classes have met a large success in Haskell and Isabelle, as a solution for sharing notations by overloading and for specifying with abstract structures by quantification on contexts. However, both systems are limited by secondclass implementations of these constructs, and these limitations are only overcomed by adhoc extensions to the respective systems. We propose an embedding of type classes into a dependent type theory that is firstclass and supports some of the most popular extensions right away. The implementation is correspondingly cheap, general and integrates well inside the system, as we have experimented in Coq. We show how it can be used to help structured programming and proving by way of examples. 1
ProofCarrying Code from Certified Abstract Interpretation and Fixpoint Compression
, 2006
"... ProofCarrying Code (PCC) is a technique for downloading mobile code on a host machine while ensuring that the code adheres to the host's safety policy. We show how certified abstract interpretation can be used to build a PCC architecture where the code producer can produce program certi cates ..."
Abstract

Cited by 37 (12 self)
 Add to MetaCart
ProofCarrying Code (PCC) is a technique for downloading mobile code on a host machine while ensuring that the code adheres to the host's safety policy. We show how certified abstract interpretation can be used to build a PCC architecture where the code producer can produce program certi cates automatically. Code consumers use proof checkers derived from certi ed analysers to check certificates. Proof checkers carry their own correctness proofs and accepting a new proof checker amounts to type checking the checker in Coq. Certi cates take the form of strategies for reconstructing a xpoint and are kept small due to a technique for fixpoint compression. The PCC architecture has been implemented and evaluated experimentally on a byte code language for which we have designed an interval analysis that allows to generate certificates ascertaining that no arrayoutofbounds accesses will occur.
Proving Equalities in a Commutative Ring Done Right in Coq
 Theorem Proving in Higher Order Logics (TPHOLs 2005), LNCS 3603
, 2005
"... We present a new implementation of a reflexive tactic which solves equalities in a ring structure inside the Coq system. The e#ciency is improved to a point that we can now prove equalities that were previously beyond reach. A special care has been taken to implement e#cient algorithms while kee ..."
Abstract

Cited by 33 (1 self)
 Add to MetaCart
(Show Context)
We present a new implementation of a reflexive tactic which solves equalities in a ring structure inside the Coq system. The e#ciency is improved to a point that we can now prove equalities that were previously beyond reach. A special care has been taken to implement e#cient algorithms while keeping the complexity of the correctness proofs low.
From reductionbased to reductionfree normalization
 Proceedings of the Fourth International Workshop on Reduction Strategies in Rewriting and Programming (WRS'04
, 2004
"... We document an operational method to construct reductionfree normalization functions. Starting from a reductionbased normalization function from a reduction semantics, i.e., the iteration of a onestep reduction function, we successively subject it to refocusing (i.e., deforestation of the inte ..."
Abstract

Cited by 28 (13 self)
 Add to MetaCart
We document an operational method to construct reductionfree normalization functions. Starting from a reductionbased normalization function from a reduction semantics, i.e., the iteration of a onestep reduction function, we successively subject it to refocusing (i.e., deforestation of the intermediate successive terms in the reduction sequence), equational simplication, refunctionalization (i.e., the converse of defunctionalization), and directstyle transformation (i.e., the converse of the CPS transformation), ending with a reductionfree normalization function of the kind usually crafted by hand. We treat in detail four simple examples: calculating arithmetic expressions, recognizing Dyck words, normalizing lambdaterms with explicit substitutions and call/cc, and attening binary trees. The overall method builds on previous work by the author and his students on a syntactic correspondence between reduction semantics and abstract machines and on a functional correspondence between evaluators and abstract machines. The measure of success of these two correspondences is that each of the interderived semantic artifacts (i.e., manmade constructs) could plausibly have been written by hand, as is the actual case for several ones derived here.
Fast Reflexive Arithmetic Tactics the linear case and beyond
 in &quot;Types for Proofs and Programs (TYPES’06)&quot;, Lecture Notes in Computer Science
, 2006
"... Abstract. When goals fall in decidable logic fragments, users of proofassistants expect automation. However, despite the availability of decision procedures, automation does not come for free. The reason is that decision procedures do not generate proof terms. In this paper, we show how to design ef ..."
Abstract

Cited by 26 (5 self)
 Add to MetaCart
(Show Context)
Abstract. When goals fall in decidable logic fragments, users of proofassistants expect automation. However, despite the availability of decision procedures, automation does not come for free. The reason is that decision procedures do not generate proof terms. In this paper, we show how to design efficient and lightweight reflexive tactics for a hierarchy of quantifierfree fragments of integer arithmetics. The tactics can cope with a wide class of linear and nonlinear goals. For each logic fragment, offtheshelf algorithms generate certificates of infeasibility that are then validated by straightforward reflexive checkers proved correct inside the proofassistant. This approach has been prototyped using the Coq proofassistant. Preliminary experiments are promising as the tactics run fast and produce small proof terms. 1
A computational approach to pocklington certificates in type theory
 In Proc. of the 8th Int. Symp. on Functional and Logic Programming, volume 3945 of LNCS
, 2006
"... Abstract. Pocklington certificates are known to provide short proofs of primality. We show how to perform this in the framework of formal, mechanically checked, proofs. We present an encoding of certificates for the proof system Coq which yields radically improved performances by relying heavily on ..."
Abstract

Cited by 21 (6 self)
 Add to MetaCart
(Show Context)
Abstract. Pocklington certificates are known to provide short proofs of primality. We show how to perform this in the framework of formal, mechanically checked, proofs. We present an encoding of certificates for the proof system Coq which yields radically improved performances by relying heavily on computations inside and outside of the system (twolevel approach). 1 Formal Computational Proofs 1.1 Machines and the Quest for Correctness It is generally considered that modern mathematical logic was born towards the end of 19 th century, with the work of logicians like Frege, Peano, Russell or Zermelo, which lead to the precise definition of the notion of logical deduction and to formalisms like arithmetic, set theory or early type theory. From then on, a mathematical proof could be understood as a mathematical object itself, whose correction obeys some welldefined syntactical rules. In most formalisms, a formal proof is viewed as some treestructure; in natural deduction for instance, given to formal proofs σA and σB respectively of propositions A and B, these can be combined in order to build a proof of A ∧ B: σA σB ⊢ A ⊢ B ⊢ A ∧ B To sum things up, the logical point of view is that a mathematical statement holds in a given formalism if there exists a formal proof of this statement which follows the syntactical rules of the formalism. A traditional mathematical text can then be understood as an informal description of the formal proof. Things changed in the 1960ties, when N.G. de Bruijn’s team started to use computers to actually build formal proofs and verify their correctness. Using the fact that datastructures like formal proofs are very naturally represented in a computer’s memory, they delegated the proofverification work to the machine; their software Automath is considered as the first proofsystem and is the common
Verifying a Semantic βηConversion Test for MartinLöf Type Theory
, 2008
"... Typechecking algorithms for dependent type theories often rely on the interpretation of terms in some semantic domain of values when checking equalities. Here we analyze a version of Coquand’s algorithm for checking the βηequality of such semantic values in a theory with a predicative universe hi ..."
Abstract

Cited by 16 (10 self)
 Add to MetaCart
Typechecking algorithms for dependent type theories often rely on the interpretation of terms in some semantic domain of values when checking equalities. Here we analyze a version of Coquand’s algorithm for checking the βηequality of such semantic values in a theory with a predicative universe hierarchy and large elimination rules. Although this algorithm does not rely on normalization by evaluation explicitly, we show that similar ideas can be employed for its verification. In particular, our proof uses the new notions of contextual reification and strong semantic equality. The algorithm is part of a bidirectional type checking algorithm which checks whether a normal term has a certain semantic type, a technique notion of semantic domain in order to accommodate a variety of possible implementation techniques, such as normal forms, weak head normal forms, closures, and compiled code. Our aim is to get closer than previous work to verifying the typechecking algorithms which are actually used in practice.
Modular SMT Proofs for Fast Reflexive Checking inside Coq
 FIRST INTERNATIONAL CONFERENCE ON CERTIFIED PROGRAMS AND PROOFS
, 2011
"... We present a new methodology for exchanging unsatisfiability proofs between an untrusted SMT solver and a sceptical proof assistant with computation capabilities like Coq. We advocate modular SMT proofs that separate boolean reasoning and theory reasoning; and structure the communication between th ..."
Abstract

Cited by 15 (2 self)
 Add to MetaCart
(Show Context)
We present a new methodology for exchanging unsatisfiability proofs between an untrusted SMT solver and a sceptical proof assistant with computation capabilities like Coq. We advocate modular SMT proofs that separate boolean reasoning and theory reasoning; and structure the communication between theories using NelsonOppen combination scheme. We present the design and implementation of a Coq reflexive verifier that is modular and allows for finetuned theoryspecific verifiers. The current verifier is able to verify proofs for quantifierfree formulae mixing linear arithmetic and uninterpreted functions. Our proof generation scheme benefits from the efficiency of stateoftheart SMT solvers while being independent from a specific SMT solver proof format. Our only requirement for the SMT solver is the ability to extract unsat cores and generate boolean models. In practice, unsat cores are relatively small and their proof is obtained with a modest overhead by our proofproducing prover. We present experiments assessing the feasibility of the approach for benchmarks obtained from the SMT competition.