Results 1  10
of
12
Nominal techniques in Isabelle/HOL
 Proceedings of the 20th International Conference on Automated Deduction (CADE20
, 2005
"... Abstract. In this paper we define an inductive set that is bijective with the ffequated lambdaterms. Unlike deBruijn indices, however, our inductive definition includes names and reasoning about this definition is very similar to informal reasoning on paper. For this we provide a structural induc ..."
Abstract

Cited by 101 (14 self)
 Add to MetaCart
Abstract. In this paper we define an inductive set that is bijective with the ffequated lambdaterms. Unlike deBruijn indices, however, our inductive definition includes names and reasoning about this definition is very similar to informal reasoning on paper. For this we provide a structural induction principle that requires to prove the lambdacase for fresh binders only. The main technical novelty of this work is that it is compatible with the axiomofchoice (unlike earlier nominal logic work by Pitts et al); thus we were able to implement all results in Isabelle/HOL and use them to formalise the standard proofs for ChurchRosser and strongnormalisation. Keywords. Lambdacalculus, nominal logic, structural induction, theoremassistants.
Packaging mathematical structures
 THEOREM PROVING IN HIGHER ORDER LOGICS 5674
, 2009
"... This paper proposes generic design patterns to define and combine algebraic structures, using dependent records, coercions and type inference, inside the Coq system. This alternative to telescopes in particular supports multiple inheritance, maximal sharing of notations and theories, and automated ..."
Abstract

Cited by 40 (10 self)
 Add to MetaCart
This paper proposes generic design patterns to define and combine algebraic structures, using dependent records, coercions and type inference, inside the Coq system. This alternative to telescopes in particular supports multiple inheritance, maximal sharing of notations and theories, and automated structure inference. Our methodology is robust enough to handle a hierarchy comprising a broad variety of algebraic structures, from types with a choice operator to algebraically closed fields. Interfaces for the structures enjoy the convenience of a classical setting, without requiring any axiom. Finally, we present two applications of our proof techniques: a key lemma for characterising the discrete logarithm, and a matrix decomposition problem.
A Design Structure for Higher Order Quotients
 In Proc. of the 18th International Conference on Theorem Proving in Higher Order Logics (TPHOLs), volume 3603 of LNCS
, 2005
"... Abstract. The quotient operation is a standard feature of set theory, where a set is partitioned into subsets by an equivalence relation. We reinterpret this idea for higher order logic, where types are divided by an equivalence relation to create new types, called quotient types. We present a desig ..."
Abstract

Cited by 13 (0 self)
 Add to MetaCart
(Show Context)
Abstract. The quotient operation is a standard feature of set theory, where a set is partitioned into subsets by an equivalence relation. We reinterpret this idea for higher order logic, where types are divided by an equivalence relation to create new types, called quotient types. We present a design to mechanically construct quotient types as new types in the logic, and to support the automatic lifting of constants and theorems about the original types to corresponding constants and theorems about the quotient types. This design exceeds the functionality of Harrison’s package, creating quotients of multiple mutually recursive types simultaneously, and supporting the equivalence of aggregate types, such as lists and pairs. Most importantly, this design supports the creation of higher order quotients, which enable the automatic lifting of theorems with quantification over functions of any higher order. 1
Quotients Revisited for Isabelle/HOL
 the Proc. of the 26th ACM Symposium On Applied Computing
, 2011
"... HigherOrder Logic (HOL) is based on a small logic kernel, whose only mechanism for extension is the introduction of safe definitions and of nonempty types. Both extensions are often performed in quotient constructions. To ease the work involved with such quotient constructions, we reimplemented i ..."
Abstract

Cited by 13 (2 self)
 Add to MetaCart
(Show Context)
HigherOrder Logic (HOL) is based on a small logic kernel, whose only mechanism for extension is the introduction of safe definitions and of nonempty types. Both extensions are often performed in quotient constructions. To ease the work involved with such quotient constructions, we reimplemented in the Isabelle/HOL theorem prover the quotient package by Homeier. In doing so we extended his work in order to deal with compositions of quotients and also specified completely the procedure of lifting theorems from the raw level to the quotient level. The importance for theorem proving is that many formal verifications, in order to be feasible, require a convenient reasoning infrastructure for quotient constructions.
Proof Pearl: Defining Functions Over Finite Sets. volume 3603 of LNCS
 Information and Computation
, 2005
"... Abstract. Structural recursion over sets is meaningful only if the result is independent of the order in which the set’s elements are enumerated. This paper outlines a theory of function definition for finite sets, based on the fold functionals often used with lists. The fold functional is introduce ..."
Abstract

Cited by 11 (2 self)
 Add to MetaCart
(Show Context)
Abstract. Structural recursion over sets is meaningful only if the result is independent of the order in which the set’s elements are enumerated. This paper outlines a theory of function definition for finite sets, based on the fold functionals often used with lists. The fold functional is introduced as a relation, which is then shown to denote a function under certain conditions. Applications include summation and maximum. The theory has been formalized using Isabelle/HOL. 1
Let’s get physical: Models and methods for realworld security protocols
 In Proceedings of the 22nd International Conference on Theorem Proving in Higher Order Logics, TPHOLs ’09
, 2009
"... Abstract. Traditional security protocols are mainly concerned with key establishment and principal authentication and rely on predistributed keys and properties of cryptographic operators. In contrast, new application areas are emerging that establish and rely on properties of the physical world. E ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
(Show Context)
Abstract. Traditional security protocols are mainly concerned with key establishment and principal authentication and rely on predistributed keys and properties of cryptographic operators. In contrast, new application areas are emerging that establish and rely on properties of the physical world. Examples include protocols for secure localization, distance bounding, and device pairing. We present a formal model that extends inductive, tracebased approaches in two directions. First, we refine the standard DolevYao model to account for network topology, transmission delays, and node positions. This results in a distributed intruder with restricted, but more realistic, communication capabilities. Second, we develop an abstract message theory that formalizes protocolindependent facts about messages, which hold message theory, modeling the properties of the cryptographic operators under consideration. We have formalized this model in Isabelle/HOL and used it to verify distance bounding protocols where the concrete message theory includes exclusiveor. 1
Partizan Games in Isabelle/HOLZF
"... Partizan Games (PGs) were invented by John H. Conway and are described in his book On Numbers and Games. We formalize PGs in Higher Order Logic extended with ZF axioms (HOLZF) using Isabelle, a mechanical proof assistant. We show that PGs can be defined as the unique fixpoint of a function that ar ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
Partizan Games (PGs) were invented by John H. Conway and are described in his book On Numbers and Games. We formalize PGs in Higher Order Logic extended with ZF axioms (HOLZF) using Isabelle, a mechanical proof assistant. We show that PGs can be defined as the unique fixpoint of a function that arises naturally from Conway’s original definition. While the construction of PGs in HOLZF relies heavily on the ZF axioms, operations on PGs are defined on a game type that hides its set theoretic origins. A polymorphic type of sets that are not bigger than ZF sets facilitates this. We formalize the induction principle that Conway uses throughout his proofs about games, and prove its correctness. For these purposes we examine how the notions of wellfoundedness in HOL and ZF are related in HOLZF. Finally, games (modulo equality) are added to Isabelle’s numeric types by showing that they are an instance of the axiomatic type class of partially ordered abelian groups.
Higher Order Quotients in Higher Order Logic
"... Abstract. The quotient operation is a standard feature of set theory, where a set is partitioned into subsets by an equivalence relation. We reinterpret this idea for Higher Order Logic (HOL), where types are divided by an equivalence relation to create new types, called quotient types. We present a ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
(Show Context)
Abstract. The quotient operation is a standard feature of set theory, where a set is partitioned into subsets by an equivalence relation. We reinterpret this idea for Higher Order Logic (HOL), where types are divided by an equivalence relation to create new types, called quotient types. We present a tool for the Higher Order Logic theorem prover to mechanically construct quotient types as new types in the HOL logic, and to automatically lift constants and theorems about the original types to corresponding constants and theorems about the quotient types. This package exceeds the functionality of Harrison’s package, creating quotients of multiple mutually recursive types simultaneously, and supporting the equivalence of aggregate types, such as lists and pairs. Most importantly, this package successfully creates higherorder quotients, automatically lifting theorems with quantification over functions of any higher order. This is accomplished through the use of partial equivalence relations, a possibly nonreflexive version of equivalence relations. We demonstrate this tool by lifting Abadi and Cardelli’s sigma calculus. 1
Set theory or higher order logic to represent auction concepts in isabelle
 In Intelligent Computer Mathematics
, 2014
"... Abstract When faced with the question of how to represent properties in a formal proof system any user has to make design decisions. We have proved three of the theorems from Maskin’s 2004 survey article on Auction Theory using the Isabelle/HOL system, and we have verified software code that implem ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
(Show Context)
Abstract When faced with the question of how to represent properties in a formal proof system any user has to make design decisions. We have proved three of the theorems from Maskin’s 2004 survey article on Auction Theory using the Isabelle/HOL system, and we have verified software code that implements combinatorial Vickrey auctions. A fundamental question in this was how to represent some basic concepts: since set theory is available inside Isabelle/HOL, when introducing new definitions there is often the issue of balancing the amount of settheoretical objects and of objects expressed using entities which are more typical of higher order logic such as functions or lists. Likewise, a user has often to answer the question whether to use a constructive or a nonconstructive definition. Such decisions have consequences for the proof development and the usability of the formalization. For instance, sets are usually closer to the representation that economists would use and recognize, while the other objects are closer to the extraction of computational content. We have studied the advantages and disadvantages of these approaches, and their relationship, in the concrete application setting of auction theory. In addition, we present the corresponding Isabelle library of definitions and theorems, most prominently those dealing with relations and quotients. 1
Structured Formal Development with Quotient Types in Isabelle/HOL
"... Abstract. General purpose theorem provers provide sophisticated proof methods, but lack some of the advanced structuring mechanisms found in specification languages. This paper builds on previous work extending the theorem prover Isabelle with such mechanisms. A way to build the quotient type over a ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. General purpose theorem provers provide sophisticated proof methods, but lack some of the advanced structuring mechanisms found in specification languages. This paper builds on previous work extending the theorem prover Isabelle with such mechanisms. A way to build the quotient type over a given base type and an equivalence relation on it, and a generalised notion of folding over quotiented types is given as a formalised highlevel step called a design tactic. The core of this paper are four axiomatic theories capturing the design tactic. The applicability is demonstrated by derivations of implementations for finite multisets and finite sets from lists in Isabelle. 1