DOCSLIB.ORG

Verifying a Lustre Compiler (Part 1)

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Verifying a Lustre Compiler (Part 1) Verifying a Lustre Compiler (Part 1) Timothy Bourke1;2 Lélio Brun1;2 Pierre-Évariste Dagand3 Xavier Leroy1 Marc Pouzet4;2;1 Lionel Rieg5 1. INRIA Paris 2. DI, École normale supérieure 3. CNRS 4. Univ. Pierre et Marie Curie 5. Yale University SYNCHRON Workshop, Bamberg—December 2016 1 / 20 The Coq Development Team (2016): The Coq proof Coq [assistant reference manual ] • A functional programming language; • ‘Extraction’ to OCaml programs; • A specification language (higher-order logic); • Tactic-based interactive proof. • Why not use Isabelle, PVS, ACL2, Agda, or hyour favourite tooli? CompCert: a formal model and compiler for a subset of C • A generic machine-level model of execution and memory • A verified path to assembly code Blazy, Dargaye, and Leroy (2006): “Formal Leroy (2009): “Formal verification of a Verification of a C Compiler Front-End” realistic compiler” • Computer assistance is all but essential for such detailed models. What are we doing? • Implementing a Lustre compiler in the Coq Interactive Theorem Prover • Proving that the generated code implements the dataflow semantics (Part of the ITEA 3 14014 ASSUME Project.) 2 / 20 CompCert: a formal model and compiler for a subset of C • A generic machine-level model of execution and memory • A verified path to assembly code Blazy, Dargaye, and Leroy (2006): “Formal Leroy (2009): “Formal verification of a Verification of a C Compiler Front-End” realistic compiler” • Computer assistance is all but essential for such detailed models. What are we doing? • Implementing a Lustre compiler in the Coq Interactive Theorem Prover • Proving that the generated code implements the dataflow semantics (Part of the ITEA 3 14014 ASSUME Project.) The Coq Development Team (2016): The Coq proof Coq [assistant reference manual ] • A functional programming language; • ‘Extraction’ to OCaml programs; • A specification language (higher-order logic); • Tactic-based interactive proof. • Why not use Isabelle, PVS, ACL2, Agda, or hyour favourite tooli? 2 / 20 • Computer assistance is all but essential for such detailed models. What are we doing? • Implementing a Lustre compiler in the Coq Interactive Theorem Prover • Proving that the generated code implements the dataflow semantics (Part of the ITEA 3 14014 ASSUME Project.) The Coq Development Team (2016): The Coq proof Coq [assistant reference manual ] • A functional programming language; • ‘Extraction’ to OCaml programs; • A specification language (higher-order logic); • Tactic-based interactive proof. • Why not use Isabelle, PVS, ACL2, Agda, or hyour favourite tooli? CompCert: a formal model and compiler for a subset of C • A generic machine-level model of execution and memory • A verified path to assembly code Blazy, Dargaye, and Leroy (2006): “Formal Leroy (2009): “Formal verification of a Verification of a C Compiler Front-End” realistic compiler” 2 / 20 What are we doing? • Implementing a Lustre compiler in the Coq Interactive Theorem Prover • Proving that the generated code implements the dataflow semantics (Part of the ITEA 3 14014 ASSUME Project.) The Coq Development Team (2016): The Coq proof Coq [assistant reference manual ] • A functional programming language; • ‘Extraction’ to OCaml programs; • A specification language (higher-order logic); • Tactic-based interactive proof. • Why not use Isabelle, PVS, ACL2, Agda, or hyour favourite tooli? CompCert: a formal model and compiler for a subset of C • A generic machine-level model of execution and memory • A verified path to assembly code Blazy, Dargaye, and Leroy (2006): “Formal Leroy (2009): “Formal verification of a Verification of a C Compiler Front-End” realistic compiler” • Computer assistance is all but essential for such detailed models. 2 / 20 • Implemented in Coq and (some) OCaml • Validated parser (menhir –coq) [Jourdan, Pottier, and Leroy (2012): “Validating LR(1) parsers” ] • Not yet implemented: normalization and scheduling [Auger (2013): “Compilation certifiée de SCADE/LUSTRE” ] • Elaboration toScheduled andNormalized Lustre. • Translation to intermediate Obc code. • Optimization of intermediate Obc code. • Generation of CompCert Clight code. • Rely on CompCert for compilation. The Vélus Lustre Compiler (normalized) elaboration / scheduling check parsing elaboration normalization scheduling Unannotated Lustre N-Lustre SN-Lustre Lustre dataflow translation imperative fusion optimization Obc generation Clight compilation Assembly printing 3 / 20 • Validated parser (menhir –coq) [Jourdan, Pottier, and Leroy (2012): “Validating LR(1) parsers” ] • Not yet implemented: normalization and scheduling [Auger (2013): “Compilation certifiée de SCADE/LUSTRE” ] • Elaboration toScheduled andNormalized Lustre. • Translation to intermediate Obc code. • Optimization of intermediate Obc code. • Generation of CompCert Clight code. • Rely on CompCert for compilation. The Vélus Lustre Compiler (normalized) elaboration / scheduling check parsing elaboration normalization scheduling Unannotated Lustre N-Lustre SN-Lustre Lustre dataflow translation imperative fusion optimization • Implemented in Coq and (some) OCaml Obc generation Clight compilation Assembly printing 3 / 20 • Not yet implemented: normalization and scheduling [Auger (2013): “Compilation certifiée de SCADE/LUSTRE” ] • Elaboration toScheduled andNormalized Lustre. • Translation to intermediate Obc code. • Optimization of intermediate Obc code. • Generation of CompCert Clight code. • Rely on CompCert for compilation. The Vélus Lustre Compiler (normalized) elaboration / scheduling check parsing elaboration normalization scheduling Unannotated Lustre N-Lustre SN-Lustre Lustre dataflow translation imperative fusion optimization • Implemented in Coq and (some) OCaml Obc • Validated parser (menhir –coq) [Jourdan, Pottier, and Leroy (2012): “Validating LR(1) parsers” ] generation Clight compilation Assembly printing 3 / 20 • Elaboration toScheduled andNormalized Lustre. • Translation to intermediate Obc code. • Optimization of intermediate Obc code. • Generation of CompCert Clight code. • Rely on CompCert for compilation. The Vélus Lustre Compiler (normalized) elaboration / scheduling check parsing elaboration normalization scheduling Unannotated Lustre N-Lustre SN-Lustre Lustre dataflow translation imperative fusion optimization • Implemented in Coq and (some) OCaml Obc • Validated parser (menhir –coq) [Jourdan, Pottier, and Leroy (2012): “Validating LR(1) parsers” ] generation • Not yet implemented: normalization and scheduling Clight [Auger (2013): “Compilation certifiée de SCADE/LUSTRE” ] compilation Assembly printing 3 / 20 • Translation to intermediate Obc code. • Optimization of intermediate Obc code. • Generation of CompCert Clight code. • Rely on CompCert for compilation. The Vélus Lustre Compiler (normalized) elaboration / scheduling check parsing elaboration normalization scheduling Unannotated Lustre N-Lustre SN-Lustre Lustre dataflow translation imperative fusion optimization • Implemented in Coq and (some) OCaml Obc • Validated parser (menhir –coq) [Jourdan, Pottier, and Leroy (2012): “Validating LR(1) parsers” ] generation • Not yet implemented: normalization and scheduling Clight [Auger (2013): “Compilation certifiée de SCADE/LUSTRE” ] • Elaboration toScheduled andNormalized Lustre. compilation Assembly printing 3 / 20 • Optimization of intermediate Obc code. • Generation of CompCert Clight code. • Rely on CompCert for compilation. The Vélus Lustre Compiler (normalized) elaboration / scheduling check parsing elaboration normalization scheduling Unannotated Lustre N-Lustre SN-Lustre Lustre dataflow translation imperative fusion optimization • Implemented in Coq and (some) OCaml Obc • Validated parser (menhir –coq) [Jourdan, Pottier, and Leroy (2012): “Validating LR(1) parsers” ] generation • Not yet implemented: normalization and scheduling Clight [Auger (2013): “Compilation certifiée de SCADE/LUSTRE” ] • Elaboration toScheduled andNormalized Lustre. compilation • Translation to intermediate Obc code. Assembly printing 3 / 20 • Generation of CompCert Clight code. • Rely on CompCert for compilation. The Vélus Lustre Compiler (normalized) elaboration / scheduling check parsing elaboration normalization scheduling Unannotated Lustre N-Lustre SN-Lustre Lustre dataflow translation imperative fusion optimization • Implemented in Coq and (some) OCaml Obc • Validated parser (menhir –coq) [Jourdan, Pottier, and Leroy (2012): “Validating LR(1) parsers” ] generation • Not yet implemented: normalization and scheduling Clight [Auger (2013): “Compilation certifiée de SCADE/LUSTRE” ] • Elaboration toScheduled andNormalized Lustre. compilation • Translation to intermediate Obc code. Assembly • Optimization of intermediate Obc code. printing 3 / 20 • Rely on CompCert for compilation. The Vélus Lustre Compiler (normalized) elaboration / scheduling check parsing elaboration normalization scheduling Unannotated Lustre N-Lustre SN-Lustre Lustre dataflow translation imperative fusion optimization • Implemented in Coq and (some) OCaml Obc • Validated parser (menhir –coq) [Jourdan, Pottier, and Leroy (2012): “Validating LR(1) parsers” ] generation • Not yet implemented: normalization and scheduling Clight [Auger (2013): “Compilation certifiée de SCADE/LUSTRE” ] • Elaboration toScheduled andNormalized Lustre. compilation • Translation to intermediate Obc code. Assembly • Optimization of intermediate Obc code. printing • Generation of CompCert Clight code. 3 / 20 The Vélus Lustre Compiler (normalized) elaboration / scheduling check parsing elaboration normalization scheduling
Load more

Recommended publications
  • Countability of Inductive Types Formalized in the Object-Logic Level
    Countability of Inductive Types Formalized in the Object-Logic Level QinxiangCao XiweiWu * Abstract: The set of integer number lists with finite length, and the set of binary trees with integer labels are both countably infinite. Many inductively defined types also have countably many ele- ments. In this paper, we formalize the syntax of first order inductive definitions in Coq and prove them countable, under some side conditions. Instead of writing a proof generator in a meta language, we develop an axiom-free proof in the Coq object logic. In other words, our proof is a dependently typed Coq function from the syntax of the inductive definition to the countability of the type. Based on this proof, we provide a Coq tactic to automatically prove the countability of concrete inductive types. We also developed Coq libraries for countability and for the syntax of inductive definitions, which have value on their own. Keywords: countable, Coq, dependent type, inductive type, object logic, meta logic 1 Introduction In type theory, a system supports inductive types if it allows users to define new types from constants and functions that create terms of objects of that type. The Calculus of Inductive Constructions (CIC) is a powerful language that aims to represent both functional programs in the style of the ML language and proofs in higher-order logic [16]. Its extensions are used as the kernel language of Coq [5] and Lean [14], both of which are widely used, and are widely considered to be a great success. In this paper, we focus on a common property, countability, of all first-order inductive types, and provide a general proof in Coq’s object-logic.
    [Show full text]
  • Certification of a Tool Chain for Deductive Program Verification Paolo Herms
    Certification of a Tool Chain for Deductive Program Verification Paolo Herms To cite this version: Paolo Herms. Certification of a Tool Chain for Deductive Program Verification. Other [cs.OH]. Université Paris Sud - Paris XI, 2013. English. NNT : 2013PA112006. tel-00789543 HAL Id: tel-00789543 https://tel.archives-ouvertes.fr/tel-00789543 Submitted on 18 Feb 2013 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. UNIVERSITÉ DE PARIS-SUD École doctorale d’Informatique THÈSE présentée pour obtenir le Grade de Docteur en Sciences de l’Université Paris-Sud Discipline : Informatique PAR Paolo HERMS −! − SUJET : Certification of a Tool Chain for Deductive Program Verification soutenue le 14 janvier 2013 devant la commission d’examen MM. Roberto Di Cosmo Président du Jury Xavier Leroy Rapporteur Gilles Barthe Rapporteur Emmanuel Ledinot Examinateur Burkhart Wolff Examinateur Claude Marché Directeur de Thèse Benjamin Monate Co-directeur de Thèse Jean-François Monin Invité Résumé Cette thèse s’inscrit dans le domaine de la vérification du logiciel. Le but de la vérification du logiciel est d’assurer qu’une implémentation, un programme, répond aux exigences, satis- fait sa spécification. Cela est particulièrement important pour le logiciel critique, tel que des systèmes de contrôle d’avions, trains ou centrales électriques, où un mauvais fonctionnement pendant l’opération aurait des conséquences catastrophiques.
    [Show full text]
  • Inductive Types an Proof Assistants
    Inductive Types Proof Assistants Homotopy Type Theory Radboud University Lecture 4: Inductive types an Proof Assistants H. Geuvers Radboud University Nijmegen, NL 21st Estonian Winter School in Computer Science Winter 2016 H. Geuvers - Radboud Univ. EWSCS 2016 Typed λ-calculus 1 / 58 Inductive Types Proof Assistants Homotopy Type Theory Radboud University Outline Inductive Types Proof Assistants Homotopy Type Theory H. Geuvers - Radboud Univ. EWSCS 2016 Typed λ-calculus 2 / 58 Inductive Types Proof Assistants Homotopy Type Theory Radboud University Curry-Howard-de Bruijn logic ∼ type theory formula ∼ type proof ∼ term detour elimination ∼ β-reduction proposition logic ∼ simply typed λ-calculus predicate logic ∼ dependently typed λ-calculus λP intuitionistic logic ∼ . + inductive types higher order logic ∼ . + higher types and polymorphism classical logic ∼ . + exceptions H. Geuvers - Radboud Univ. EWSCS 2016 Typed λ-calculus 3 / 58 Inductive Types Proof Assistants Homotopy Type Theory Radboud University Inductive types by examples from the Coq system • booleans • natural numbers • integers • pairs • linear lists • binary trees • logical operations H. Geuvers - Radboud Univ. EWSCS 2016 Typed λ-calculus 5 / 58 Inductive Types Proof Assistants Homotopy Type Theory Radboud University Inductive types • types • recursive functions • definition using pattern matching • ι-reduction = evaluation of recursive functions • recursion principle • proof by cases proof by induction • induction principle H. Geuvers - Radboud Univ. EWSCS 2016 Typed λ-calculus 6 / 58 Inductive Types Proof Assistants Homotopy Type Theory Radboud University Booleans: type Coq definition: Inductive bool : Set := | true : bool | false : bool. Coq produces: bool rec. bool rect. bool ind. H. Geuvers - Radboud Univ. EWSCS 2016 Typed λ-calculus 7 / 58 Inductive Types Proof Assistants Homotopy Type Theory Radboud University Booleans: elimination Check bool ind.
    [Show full text]
  • The Strength of Some Martin–Löf Type Theories
    The Strength of Some Martin{LÄofType Theories Michael Rathjen¤y Abstract One objective of this paper is the determination of the proof{theoretic strength of Martin{ LÄof's type theory with a universe and the type of well{founded trees. It is shown that this type system comprehends the consistency of a rather strong classical subsystem of second order 1 arithmetic, namely the one with ¢2 comprehension and bar induction. As Martin-LÄofintended to formulate a system of constructive (intuitionistic) mathematics that has a sound philosophical basis, this yields a constructive consistency proof of a strong classical theory. Also the proof- theoretic strength of other inductive types like Aczel's type of iterative sets is investigated in various contexts. Further, we study metamathematical relations between type theories and other frameworks for formalizing constructive mathematics, e.g. Aczel's set theories and theories of operations and classes as developed by Feferman. 0 Introduction The intuitionistic theory of types as developed by Martin-LÄofis intended to be a system for formalizing intuitionistic mathematics together with an informal semantics, called \meaning expla- nation", which enables him to justify the rules of his type theory by showing their validity with respect to that semantics. Martin-LÄof's theory gives rise to a full scale philosophy of constructivism. It is a typed theory of constructions containing types which themselves depend on the constructions contained in previously constructed types. These dependent types enable one to express the general Cartesian product of the resulting families of types, as well as the disjoint union of such a family.
    [Show full text]
  • An Introduction to Lean
    An Introduction to Lean Jeremy Avigad Leonardo de Moura Gabriel Ebner and Sebastian Ullrich Version 1fc176a, updated at 2017-01-09 14:16:26 -0500 2 Contents Contents 3 1 Overview 5 1.1 Perspectives on Lean ............................... 5 1.2 Where To Go From Here ............................. 12 2 Defining Objects in Lean 13 2.1 Some Basic Types ................................ 14 2.2 Defining Functions ................................ 17 2.3 Defining New Types ............................... 20 2.4 Records and Structures ............................. 22 2.5 Nonconstructive Definitions ........................... 25 3 Programming in Lean 27 3.1 Evaluating Expressions .............................. 28 3.2 Recursive Definitions ............................... 30 3.3 Inhabited Types, Subtypes, and Option Types . 32 3.4 Monads ...................................... 34 3.5 Input and Output ................................ 35 3.6 An Example: Abstract Syntax ......................... 36 4 Theorem Proving in Lean 38 4.1 Assertions in Dependent Type Theory ..................... 38 4.2 Propositions as Types .............................. 39 4.3 Induction and Calculation ............................ 42 4.4 Axioms ...................................... 45 5 Using Automation in Lean 46 6 Metaprogramming in Lean 47 3 CONTENTS 4 Bibliography 48 1 Overview This introduction offers a tour of Lean and its features, with a number of examples foryou to play around with and explore. If you are reading this in our online tutorial system, you can run examples like the one below by clicking the button that says “try it yourself.” #check "hello world!" The response from Lean appears in the small window underneath the editor text, and also in popup windows that you can read when you hover over the indicators in the left margin. Alternatively, if you have installed Lean and have it running in a stand-alone editor, you can copy and paste examples and try them there.
    [Show full text]
  • Collection Principles in Dependent Type Theory
    This is a repository copy of Collection Principles in Dependent Type Theory. White Rose Research Online URL for this paper: http://eprints.whiterose.ac.uk/113157/ Version: Accepted Version Proceedings Paper: Azcel, P and Gambino, N orcid.org/0000-0002-4257-3590 (2002) Collection Principles in Dependent Type Theory. In: Lecture Notes in Computer Science: TYPES 2000. International Workshop on Types for Proofs and Programs (TYPES) 2000, 08-12 Dec 2000, Durham, UK. Springer Verlag , pp. 1-23. ISBN 3-540-43287-6 © 2002, Springer-Verlag Berlin Heidelberg. This is an author produced version of a conference paper published in Lecture Notes in Computer Science: Types for Proofs and Programs. Uploaded in accordance with the publisher's self-archiving policy. Reuse Items deposited in White Rose Research Online are protected by copyright, with all rights reserved unless indicated otherwise. They may be downloaded and/or printed for private study, or other acts as permitted by national copyright laws. The publisher or other rights holders may allow further reproduction and re-use of the full text version. This is indicated by the licence information on the White Rose Research Online record for the item. Takedown If you consider content in White Rose Research Online to be in breach of UK law, please notify us by emailing [email protected] including the URL of the record and the reason for the withdrawal request. [email protected] https://eprints.whiterose.ac.uk/ Collection Principles in Dependent Type Theory⋆ Peter Aczel1 and Nicola Gambino2 1 Departments of Mathematics and Computer Science, University of Manchester, e-mail: [email protected] 2 Department of Computer Science, University of Manchester, e-mail: [email protected] Abstract.
    [Show full text]
  • Type Theory & Functional Programming
    Type Theory & Functional Programming Simon Thompson Computing Laboratory, University of Kent March 1999 c Simon Thompson, 1999 Not to be reproduced i ii To my parents Preface Constructive Type theory has been a topic of research interest to computer scientists, mathematicians, logicians and philosophers for a number of years. For computer scientists it provides a framework which brings together logic and programming languages in a most elegant and fertile way: program development and verification can proceed within a single system. Viewed in a different way, type theory is a functional programming language with some novel features, such as the totality of all its functions, its expressive type system allowing functions whose result type depends upon the value of its input, and sophisticated modules and abstract types whose interfaces can contain logical assertions as well as signature information. A third point of view emphasizes that programs (or functions) can be extracted from proofs in the logic. Up until now most of the material on type theory has only appeared in proceedings of conferences and in research papers, so it seems appropriate to try to set down the current state of development in a form accessible to interested final-year undergraduates, graduate students, research workers and teachers in computer science and related fields – hence this book. The book can be thought of as giving both a first and a second course in type theory. We begin with introductory material on logic and functional programming, and follow this by presenting the system of type theory itself, together with many examples. As well as this we go further, looking at the system from a mathematical perspective, thus elucidating a number of its important properties.
    [Show full text]
  • Failure Is Not an Option an Exceptional Type Theory
    Failure is Not an Option An Exceptional Type Theory Pierre-Marie Pédrot1 and Nicolas Tabareau2 1 MPI-SWS, Germany 2 Inria, France Abstract. We define the exceptional translation, a syntactic translation of the Calculus of Inductive Constructions (CIC) into itself, that covers full dependent elimination. The new resulting type theory features call- by-name exceptions with decidable type-checking and canonicity, but at the price of inconsistency. Then, noticing parametricity amounts to Kreisel’s realizability in this setting, we provide an additional layer on top of the exceptional translation in order to tame exceptions and ensure that all exceptions used locally are caught, leading to the parametric ex- ceptional translation which fully preserves consistency. This way, we can consistently extend the logical expressivity of CIC with independence of premises, Markov’s rule, and the negation of function extensionality while retaining η-expansion. As a byproduct, we also show that Markov’s prin- ciple is not provable in CIC. Both translations have been implemented in a Coq plugin, which we use to formalize the examples. 1 Introduction Monadic translations constitute a canonical way to add effects to pure functional languages [1]. Until recently, this technique was not available for type theories such as CIC because of complex interactions with dependency. In a recent pa- per [2], we have presented a generic way to extend the monadic translation to dependent types, using the weaning translation, as soon as the monad under con- sideration satisfies a crucial property: being self-algebraic. Indeed, in the same way that the universe of types i is itself a type (of a higher universe) in type theory, the type of algebras of a monad T ΣA : i: T A ! A needs to be itself an algebra of the monad to allow a correct translation of the universe.
    [Show full text]
  • Type Systems for Programming Languages1 (DRAFT)
    Type Systems for Programming Languages1 (DRAFT) Robert Harper School of Computer Science Carnegie Mellon University Pittsburgh, PA 15213-3891 E-mail: [email protected] WWW: http://www.cs.cmu.edu/~rwh Spring, 2000 Copyright c 1995-2000. All rights reserved. 1These are course notes Computer Science 15–814 at Carnegie Mellon University. This is an incomplete, working draft, not intended for publication. Citations to the literature are spotty at best; no results presented here should be considered original unless explicitly stated otherwise. Please do not distribute these notes without the permission of the author. ii Contents I Type Structure 1 1 Basic Types 3 1.1 Introduction . 3 1.2 Statics . 3 1.3 Dynamics . 4 1.3.1 Contextual Semantics . 4 1.3.2 Evaluation Semantics . 5 1.4 Type Soundness . 7 1.5 References . 8 2 Function and Product Types 9 2.1 Introduction . 9 2.2 Statics . 9 2.3 Dynamics . 10 2.4 Type Soundness . 11 2.5 Termination . 12 2.6 References . 13 3 Sums 15 3.1 Introduction . 15 3.2 Sum Types . 15 3.3 References . 16 4 Subtyping 17 4.1 Introduction . 17 4.2 Subtyping . 17 4.2.1 Subsumption . 18 4.3 Primitive Subtyping . 18 4.4 Tuple Subtyping . 19 4.5 Record Subtyping . 22 4.6 References . 24 iii 5 Variable Types 25 5.1 Introduction . 25 5.2 Variable Types . 25 5.3 Type Definitions . 26 5.4 Constructors, Types, and Kinds . 28 5.5 References . 30 6 Recursive Types 31 6.1 Introduction . 31 6.2 G¨odel’s T ..............................
    [Show full text]
  • Arxiv:Cs/0610066V2 [Cs.LO] 16 Sep 2013 Eusv Entos Ye Lambda-Calculus
    Inductive Data Type Systems Fr´ed´eric Blanqui, Jean-Pierre Jouannaud LRI, Bˆat. 490, Universit´eParis-Sud 91405 Orsay, FRANCE Tel: (33) 1.69.15.69.05 Fax: (33) 1.69.15.65.86 http://www.lri.fr/~blanqui/ Mitsuhiro Okada Department of Philosophy, Keio University, 108 Minatoku, Tokyo, JAPAN Abstract In a previous work (“Abstract Data Type Systems”, TCS 173(2), 1997), the last two authors presented a combined language made of a (strongly normalizing) algebraic rewrite system and a typed λ-calculus enriched by pattern-matching definitions following a certain format, called the “General Schema”, which gen- eralizes the usual recursor definitions for natural numbers and similar “basic inductive types”. This combined language was shown to be strongly normaliz- ing. The purpose of this paper is to reformulate and extend the General Schema in order to make it easily extensible, to capture a more general class of inductive types, called “strictly positive”, and to ease the strong normalization proof of the resulting system. This result provides a computation model for the combi- nation of an algebraic specification language based on abstract data types and of a strongly typed functional language with strictly positive inductive types. Keywords: Higher-order rewriting. Strong normalization. Inductive types. Recursive definitions. Typed lambda-calculus. arXiv:cs/0610066v2 [cs.LO] 16 Sep 2013 1. Introduction This work is one step in a long term program aiming at building formal spec- ification languages integrating computations and proofs within a single frame- work. We focus here on incorporating an expressive notion of equality within a typed λ-calculus.
    [Show full text]
  • Quotient Inductive-Inductive Types
    QUOTIENT INDUCTIVE-INDUCTIVE TYPES THORSTEN ALTENKIRCH, PAOLO CAPRIOTTI, GABE DIJKSTRA, NICOLAI KRAUS, AND FREDRIK NORDVALL FORSBERG Abstract. Higher inductive types (HITs) in Homotopy Type Theory (HoTT) allow the definition of datatypes which have constructors for equalities over the defined type. HITs generalise quotient types, and allow to define types which are not sets in the sense of HoTT (i.e. do not satisfy uniqueness of equality proofs) such as spheres, suspensions and the torus. However, there are also interesting uses of HITs to define sets, such as the Cauchy reals, the partiality monad, and the well-typed syntax of type theory. In each of these examples we define several types that depend on each other mutually, i.e. they are inductive-inductive definitions. We call those HITs quotient inductive- inductive types (QIITs). Although there has been recent progress on a general theory of HITs, there is not yet a theoretical foundation for the combination of equality constructors and induction-induction, despite having many interesting applications. In the present paper we present a first step towards a semantic definition of QIITs. In particular, we give an initial-algebra semantics and show that this is equivalent to the section induction principle, which justifies the intuitively expected elimination rules. 1. Introduction This paper is about Type Theory in the sense of Martin-Löf [25], a theory which proof assistants such as Coq [6] and Lean [12] as well as programming languages such as Agda [26] and Idris [7] are based on. Recently, Homotopy Type Theory (HoTT) [29] has been introduced inspired by homotopy theoretic interpretations of Type Theory by Awodey and Warren [4] and Voevodsky [21; 30].
    [Show full text]
  • Reporte Técnico RT 10-01 Representation of Metamodels
    PEDECIBA Informática Instituto de Computación – Facultad de Ingeniería Universidad de la República Montevideo, Uruguay Reporte Técnico RT 10-01 Representation of metamodels using inductive types in a Type-Theoretic Framework for MDE Daniel Calegari Carlos Luna Nora Szasz Alvaro Tasistro 2010 Representation of metamodels using inductive types in a Type-Theoretic Framework for MDE Calegari, Daniel; Luna, Carlos; Szasz, Nora; Tasistro, Alvaro ISSN 0797-6410 Reporte Técnico RT 10-01 PEDECIBA Instituto de Computación – Facultad de Ingeniería Universidad de la República Montevideo, Uruguay, 2010 Representation of Metamodels using Inductive Types in a Type-Theoretic Framework for MDE Daniel Calegari∗, Carlos Lunay, Nora Szaszy, Alvaro´ Tasistroy ∗Instituto de Computacion,´ Universidad de la Republica,´ Uruguay Email: dcalegar@fing.edu.uy yFacultad de Ingenier´ıa, Universidad ORT Uruguay Email: fluna,szasz,[email protected] Abstract—We present discussions on how to apply a type- (type) and satisfying a certain (pre-)condition, an output theoretic framework –composed out by the Calculus of In- model exists which conforms to a given metamodel and ductive Constructions and its associated tool the Coq proof which stands in a certain relation with the input model. assistant– to the formal treatment of model transformations in the context of Model-Driven Engineering. We start by studying Proofs of such propositions in the CIC are constructive and how to represent models and metamodels in the mentioned therefore it is possible to automatically extract from each theory, which leads us to a formalization in which a metamodel of them a provably correct (functional) program computing is a collection of mutually defined inductive types representing the output model from any appropriate input.
    [Show full text]