Strong normalization for System F by HOAS on top of FOAS

We present a point of view concerning HOAS (Higher-Order Abstract Syntax) and an extensive exercise in HOAS along this point of view. The point of view is that HOAS can be soundly and fruitfully regarded as a definitional extension on top of FOAS (First-Order Abstract Syntax). As such, HOAS is not only an encoding technique, but also a higher-order view of a first-order reality. A rich collection of concepts and proof principles is developed inside the standard mathematical universe to give technical life to this point of view. The exercise consists of a new proof of Strong Normalization for System F. The concepts and results presented here have been formalized in the theorem prover Isabelle/HOL

Engineering formal systems in constructive type theory

This thesis presents a practical methodology for formalizing the meta-theory of formal systems with binders and coinductive relations in constructive type theory. While constructive type theory offers support for reasoning about formal systems built out of inductive definitions, support for syntax with binders and coinductive relations is lacking. We provide this support. We implement syntax with binders using well-scoped de Bruijn terms and parallel substitutions. We solve substitution lemmas automatically using the rewriting theory of the -calculus. We present the Autosubst library to automate our approach in the proof assistant Coq. Our approach to coinductive relations is based on an inductive tower construction, which is a type-theoretic form of transfinite induction. The tower construction allows us to reduce coinduction to induction. This leads to a symmetric treatment of induction and coinduction and allows us to give a novel construction of the companion of a monotone function on a complete lattice. We demonstrate our methods with a series of case studies. In particular, we present a proof of type preservation for CC!, a proof of weak and strong normalization for System F, a proof that systems of weakly guarded equations have unique solutions in CCS, and a compiler verification for a compiler from a non-deterministic language into a deterministic language. All technical results in the thesis are formalized in Coq.In dieser Dissertation beschreiben wir praktische Techniken um Formale Systeme mit Bindern und koinduktiven Relationen in Konstruktiver Typtheorie zu implementieren. Während Konstruktive Typtheorie bereits gute Unterstützung für Induktive Definition bietet, gibt es momentan kaum Unterstützung für syntaktische Systeme mit Bindern, oder koinduktiven Definitionen. Wir kodieren Syntax mit Bindern in Typtheorie mit einer de Bruijn Darstellung und zeigen alle Substitutionslemmas durch Termersetzung mit dem -Kalkül. Wir präsentieren die Autosubst Bibliothek, die unseren Ansatz im Beweisassistenten Coq implementiert. Für koinduktive Relationen verwenden wir eine induktive Turmkonstruktion, welche das typtheoretische Analog zur Transfiniten Induktion darstellt. Auf diese Art erhalten wir neue Beweisprinzipien für Koinduktion und eine neue Konstruktion von Pous’ “companion” einer monotonen Funktion auf einem vollständigen Verband. Wir validieren unsere Methoden an einer Reihe von Fallstudien. Alle technischen Ergebnisse in dieser Dissertation sind mit Coq formalisiert

(Leftmost-Outermost) Beta Reduction is Invariant, Indeed

Slot and van Emde Boas' weak invariance thesis states that reasonable machines can simulate each other within a polynomially overhead in time. Is lambda-calculus a reasonable machine? Is there a way to measure the computational complexity of a lambda-term? This paper presents the first complete positive answer to this long-standing problem. Moreover, our answer is completely machine-independent and based over a standard notion in the theory of lambda-calculus: the length of a leftmost-outermost derivation to normal form is an invariant cost model. Such a theorem cannot be proved by directly relating lambda-calculus with Turing machines or random access machines, because of the size explosion problem: there are terms that in a linear number of steps produce an exponentially long output. The first step towards the solution is to shift to a notion of evaluation for which the length and the size of the output are linearly related. This is done by adopting the linear substitution calculus (LSC), a calculus of explicit substitutions modeled after linear logic proof nets and admitting a decomposition of leftmost-outermost derivations with the desired property. Thus, the LSC is invariant with respect to, say, random access machines. The second step is to show that LSC is invariant with respect to the lambda-calculus. The size explosion problem seems to imply that this is not possible: having the same notions of normal form, evaluation in the LSC is exponentially longer than in the lambda-calculus. We solve such an impasse by introducing a new form of shared normal form and shared reduction, deemed useful. Useful evaluation avoids those steps that only unshare the output without contributing to beta-redexes, i.e. the steps that cause the blow-up in size. The main technical contribution of the paper is indeed the definition of useful reductions and the thorough analysis of their properties.Comment: arXiv admin note: substantial text overlap with arXiv:1405.331

Formal verification of the equivalence of system F and the pure type system L2

We develop a formal proof of the equivalence of two different variants of System F. The first is close to the original presentation where expressions are separated into distinct syntactic classes of types and terms. The second, L2 (also written as λ2), is a particular pure type system (PTS) where the notions of types and terms, and the associated expressions are unified in a single syntactic class. The employed notion of equivalence is a bidirectional reduction of the respective typing relations. A machine-verified proof of this result turns out to be surprisingly intricate, since the two variants noticeably differ in their expression languages, their type systems and the binding of local variables. Most of this work is executed in the Coq theorem prover and encompasses a general development of the PTS metatheory, an equivalence result for a stratified and a PTS variant of the simply typed λ-calculus as well as the subsequent extension to the full equivalence result for System F. We utilise nameless de Bruijn syntax with parallel substitutions for the representation of variable binding and develop an extended notion of context morphism lemmas as a structured proof method for this setting. We also provide two developments of the equivalence result in the proof systems Abella and Beluga, where we rely on higher-order abstract syntax (HOAS). This allows us to compare the three proof systems, as well as HOAS and de Bruijn for the purpose of developing formal metatheory.Wir präsentieren einen maschinell verifizierten Beweis der Äquivalenz zweier Darstellungen des Lambda-Kalküls System F. Die erste unterscheidet syntaktisch zwischen Termen und Typen und entspricht somit der geläufigen Form. Die zweite, L2 bzw. λ2, ist ein sog. Pure Type System (PTS), bei welchem alle Ausdrücke in einer syntaktischen Klasse zusammen fallen. Unser Äquivalenzbegriff ist eine bidirektionale Reduktion der jeweiligen Typrelationen. Ein formaler Beweis dieser Eigenschaft ist aufgrund der Unterschiede der Ausdruckssprachen, der Typrelationen und der Bindung lokaler Variablen überraschend anspruchsvoll. Der Hauptteil dieser Arbeit wurde in dem Beweisassistenten Coq entwickelt und umfasst eine Abhandlung der PTS Metatheorie, sowie einen Äquivalenzbeweis für das einfach getypte Lambda-Kalkül, welcher dann zu dem vollen Ergebnis für System F skaliert wird. Für die Darstellung lokaler Variablenbindung verwenden wir de Bruijn Syntax, gepaart mit parallelen Substitutionen. Außerdem entwickeln wir eine generalisierte Form von Kontext-Morphismen Lemmas, welche eine strukturierte Beweismethodik in diesem Umfeld liefern. Darüber hinaus betrachten wir zwei weitere Formalisierungen des Äquivalenzresultats in den Beweissystemen Abella und Beluga, welche beide höherstufige abstrakte Syntax (HOAS) zur Darstellung lokaler Bindung verwenden. Dies ermöglicht es uns, sowohl die drei Beweissysteme, als auch den HOAS und den de Bruijn Ansatz mit Hinblick auf die Entwicklung formaler Metatheorie zu vergleichen