Results 1  10
of
42
Engineering formal metatheory
 In ACM SIGPLANSIGACT Symposium on Principles of Programming Languages
, 2008
"... Machinechecked proofs of properties of programming languages have become a critical need, both for increased confidence in large and complex designs and as a foundation for technologies such as proofcarrying code. However, constructing these proofs remains a black art, involving many choices in th ..."
Abstract

Cited by 114 (11 self)
 Add to MetaCart
Machinechecked proofs of properties of programming languages have become a critical need, both for increased confidence in large and complex designs and as a foundation for technologies such as proofcarrying code. However, constructing these proofs remains a black art, involving many choices in the formulation of definitions and theorems that make a huge cumulative difference in the difficulty of carrying out large formal developments. The representation and manipulation of terms with variable binding is a key issue. We propose a novel style for formalizing metatheory, combining locally nameless representation of terms and cofinite quantification of free variable names in inductive definitions of relations on terms (typing, reduction,...). The key technical insight is that our use of cofinite quantification obviates the need for reasoning about equivariance (the fact that free names can be renamed in derivations); in particular, the structural induction principles of relations
Isar  a Generic Interpretative Approach to Readable Formal Proof Documents
, 1999
"... We present a generic approach to readable formal proof documents, called Intelligible semiautomated reasoning (Isar). It addresses the major problem of existing interactive theorem proving systems that there is no appropriate notion of proof available that is suitable for human communication, or ..."
Abstract

Cited by 100 (16 self)
 Add to MetaCart
We present a generic approach to readable formal proof documents, called Intelligible semiautomated reasoning (Isar). It addresses the major problem of existing interactive theorem proving systems that there is no appropriate notion of proof available that is suitable for human communication, or even just maintenance. Isar's main aspect is its formal language for natural deduction proofs, which sets out to bridge the semantic gap between internal notions of proof given by stateoftheart interactive theorem proving systems and an appropriate level of abstraction for userlevel work. The Isar language is both human readable and machinecheckable, by virtue of the Isar/VM interpreter. Compared to existing declarative theorem proving systems, Isar avoids several shortcomings: it is based on a few basic principles only, it is quite independent of the underlying logic, and supports a broad range of automated proof methods. Interactive proof development is supported as well...
Some lambda calculus and type theory formalized
 Journal of Automated Reasoning
, 1999
"... Abstract. We survey a substantial body of knowledge about lambda calculus and Pure Type Systems, formally developed in a constructive type theory using the LEGO proof system. On lambda calculus, we work up to an abstract, simplified, proof of standardization for beta reduction, that does not mention ..."
Abstract

Cited by 64 (10 self)
 Add to MetaCart
(Show Context)
Abstract. We survey a substantial body of knowledge about lambda calculus and Pure Type Systems, formally developed in a constructive type theory using the LEGO proof system. On lambda calculus, we work up to an abstract, simplified, proof of standardization for beta reduction, that does not mention redex positions or residuals. Then we outline the meta theory of Pure Type Systems, leading to the strengthening lemma. One novelty is our use of named variables for the formalization. Along the way we point out what we feel has been learned about general issues of formalizing mathematics, emphasizing the search for formal definitions that are convenient for formal proof and convincingly represent the intended informal concepts.
Automated reasoning in Kleene algebra
 CADE 2007, LNCS 4603
, 2007
"... Abstract. It has often been claimed that model checking, special purpose automated deduction or interactive theorem proving are needed for formal program development. We demonstrate that offtheshelf automated proof and counterexample search is an interesting alternative if combined with the right ..."
Abstract

Cited by 25 (11 self)
 Add to MetaCart
Abstract. It has often been claimed that model checking, special purpose automated deduction or interactive theorem proving are needed for formal program development. We demonstrate that offtheshelf automated proof and counterexample search is an interesting alternative if combined with the right domain model. We implement variants of Kleene algebras axiomatically in Prover9/Mace4 and perform proof experiments about Hoare, dynamic, temporal logics, concurrency control and termination analysis. They confirm that a simple automated analysis of some important program properties is possible. Particular benefits of this novel approach include “soft ” model checking in a firstorder setting, crosstheory reasoning between standard formalisms and full automation of some (co)inductive arguments. Kleene algebras might therefore provide lightweight formal methods with heavyweight automation. 1
A Fixedpoint Approach to (Co)Inductive and (Co)Datatype Definitions
, 1997
"... This paper presents a fixedpoint approach to inductive definitions. Instead of using a syntactic test such as "strictly positive," the approach lets definitions involve any operators that have been proved monotone. It is conceptually simple, which has allowed the easy implementation of ..."
Abstract

Cited by 23 (3 self)
 Add to MetaCart
(Show Context)
This paper presents a fixedpoint approach to inductive definitions. Instead of using a syntactic test such as "strictly positive," the approach lets definitions involve any operators that have been proved monotone. It is conceptually simple, which has allowed the easy implementation of mutual recursion and iterated definitions. It also handles coinductive definitions: simply replace the least fixedpoint by a greatest fixedpoint. The method
A HeadtoHead Comparison of de Bruijn Indices and Names
 IN PROC. INT. WORKSHOP ON LOGICAL FRAMEWORKS AND METALANGUAGES: THEORY AND PRACTICE
, 2006
"... Often debates about pros and cons of various techniques for formalising lambdacalculi rely on subjective arguments, such as de Bruijn indices are hard to read for humans or nominal approaches come close to the style of reasoning employed in informal proofs. In this paper we will compare four formal ..."
Abstract

Cited by 16 (1 self)
 Add to MetaCart
(Show Context)
Often debates about pros and cons of various techniques for formalising lambdacalculi rely on subjective arguments, such as de Bruijn indices are hard to read for humans or nominal approaches come close to the style of reasoning employed in informal proofs. In this paper we will compare four formalisations based on de Bruijn indices and on names from the nominal logic work, thus providing some hard facts about the pros and cons of these two formalisation techniques. We conclude that the relative merits of the different approaches, as usual, depend on what task one has at hand and which goals one pursues with a formalisation.
Modal Kleene Algebra And Applications  A Survey
, 2004
"... Modal Kleene algebras are Kleene algebras with forward and backward modal operators defined via domain and codomain operations. They provide a concise and convenient algebraic framework that subsumes various other calculi and allows treating quite a variety of areas. We survey ..."
Abstract

Cited by 14 (6 self)
 Add to MetaCart
Modal Kleene algebras are Kleene algebras with forward and backward modal operators defined via domain and codomain operations. They provide a concise and convenient algebraic framework that subsumes various other calculi and allows treating quite a variety of areas. We survey
Proof pearl: de bruijn terms really do work
 In TPHOLs, volume 4732 of LNCS
, 2007
"... Abstract. Placing our result in a web of related mechanised results, we give a direct proof that the de Bruijn λcalculus (à laHuet,Nipkowand Shankar) is isomorphic to an αquotiented λcalculus. In order to establish the link, we introduce an “indexcarrying ” abstraction mechanism over de Bruijn t ..."
Abstract

Cited by 10 (3 self)
 Add to MetaCart
(Show Context)
Abstract. Placing our result in a web of related mechanised results, we give a direct proof that the de Bruijn λcalculus (à laHuet,Nipkowand Shankar) is isomorphic to an αquotiented λcalculus. In order to establish the link, we introduce an “indexcarrying ” abstraction mechanism over de Bruijn terms, and consider it alongside a simplified substitution mechanism. Relating the new notions to those of the αquotiented and the proper de Bruijn formalisms draws on techniques from the theory of nominal sets. 1
The Mechanisation of BarendregtStyle Equational Proofs (the Residual Perspective)
, 2001
"... We show how to mechanise equational proofs about higherorder languages by using the primitive proof principles of firstorder abstract syntax over onesorted variable names. We illustrate the method here by proving (in Isabelle/HOL) a technical property which makes the method widely applicable for ..."
Abstract

Cited by 10 (6 self)
 Add to MetaCart
We show how to mechanise equational proofs about higherorder languages by using the primitive proof principles of firstorder abstract syntax over onesorted variable names. We illustrate the method here by proving (in Isabelle/HOL) a technical property which makes the method widely applicable for the λcalculus: the residual theory of β is renamingfree upto an initiality condition akin to the socalled Barendregt Variable Convention. We use our results to give a new diagrambased proof of the development part of the strong finite development property for the λcalculus. The proof has the same equational implications (e.g., confluence) as the proof of the full property but without the need to prove SN. We account for two other uses of the proof method, as presented elsewhere. One has been mechanised in full in Isabelle/HOL.