A Computational Interpretation of Context-Free Expressions

We phrase parsing with context-free expressions as a type inhabitation problem where values are parse trees and types are context-free expressions. We first show how containment among context-free and regular expressions can be reduced to a reachability problem by using a canonical representation of states. The proofs-as-programs principle yields a computational interpretation of the reachability problem in terms of a coercion that transforms the parse tree for a context-free expression into a parse tree for a regular expression. It also yields a partial coercion from regular parse trees to context-free ones. The partial coercion from the trivial language of all words to a context-free expression corresponds to a predictive parser for the expression

Coinductive Formal Reasoning in Exact Real Arithmetic

In this article we present a method for formally proving the correctness of the lazy algorithms for computing homographic and quadratic transformations -- of which field operations are special cases-- on a representation of real numbers by coinductive streams. The algorithms work on coinductive stream of M\"{o}bius maps and form the basis of the Edalat--Potts exact real arithmetic. We use the machinery of the Coq proof assistant for the coinductive types to present the formalisation. The formalised algorithms are only partially productive, i.e., they do not output provably infinite streams for all possible inputs. We show how to deal with this partiality in the presence of syntactic restrictions posed by the constructive type theory of Coq. Furthermore we show that the type theoretic techniques that we develop are compatible with the semantics of the algorithms as continuous maps on real numbers. The resulting Coq formalisation is available for public download.Comment: 40 page

A Formal Study of Moessner's Sieve

In this dissertation, we present a new characterization of Moessner's sieve that brings a range of new results with it. As such, we present a dual to Moessner's sieve that generates a sequence of so-called Moessner triangles, instead of a traditional sequence of successive powers, where each triangle is generated column by column, instead of row by row. Furthermore, we present a new characteristic function of Moessner's sieve that calculates the entries of the Moessner triangles generated by Moessner's sieve, without having to calculate the prefix of the sequence.We prove Moessner's theorem adapted to our new dual sieve, called Moessner's idealized theorem, where we generalize the initial configuration from a sequence of natural numbers to a seed tuple containing just one non-zero entry. We discover a new property of Moessner's sieve that connects Moessner triangles of different rank, thus acting as a dual to the existing relation between Moessner triangles of different index, thereby suggesting the presence of a 2-dimensional grid of triangles, rather than the traditional 1-dimensional sequence of values.We adapt Long's theorem to the dual sieve and obtain a simplified initial configuration of Long's theorem, consisting of a seed tuple of two non-zero entries. We conjecture a new generalization of Long's theorem that has a seed tuple of arbitrary entries for its initial configuration and connects Moessner's sieve with polynomial evaluation. Lastly, we approach the connection between Moessner's sieve and polynomial evaluation from an alternative perspective and prove an equivalence relation between the triangle creation procedures of Moessner's sieve and the repeated application of Horner's method for polynomial division.All results presented in this dissertation have been formalized in the Coq proof assistant and proved using a minimal subset of the constructs and tactics available in the Coq language. As such, we demonstrate the potential of proof assistants to inspire new results while lowering the gap between programs (in computer science) and proofs (in mathematics)

Modular, Fully-abstract Compilation by Approximate Back-translation

A compiler is fully-abstract if the compilation from source language programs to target language programs reflects and preserves behavioural equivalence. Such compilers have important security benefits, as they limit the power of an attacker interacting with the program in the target language to that of an attacker interacting with the program in the source language. Proving compiler full-abstraction is, however, rather complicated. A common proof technique is based on the back-translation of target-level program contexts to behaviourally-equivalent source-level contexts. However, constructing such a back- translation is problematic when the source language is not strong enough to embed an encoding of the target language. For instance, when compiling from STLC to ULC, the lack of recursive types in the former prevents such a back-translation. We propose a general and elegant solution for this problem. The key insight is that it suffices to construct an approximate back-translation. The approximation is only accurate up to a certain number of steps and conservative beyond that, in the sense that the context generated by the back-translation may diverge when the original would not, but not vice versa. Based on this insight, we describe a general technique for proving compiler full-abstraction and demonstrate it on a compiler from STLC to ULC. The proof uses asymmetric cross-language logical relations and makes innovative use of step-indexing to express the relation between a context and its approximate back-translation. The proof extends easily to common compiler patterns such as modular compilation and it, to the best of our knowledge, it is the first compiler full abstraction proof to have been fully mechanised in Coq. We believe this proof technique can scale to challenging settings and enable simpler, more scalable proofs of compiler full-abstraction

The Coq Proof Assistant : Reference Manual : Version 7.2

Coq is a proof assistant based on a higher-order logic. Coq allows to handle calculus mathematical assertions and to check mechanically proofs of these assertions. It helps to find formal proofs, and allows extraction of a certified program from the constructive proof of its formal specification. This document is the reference manual for the version V7.2 of Coq which is available from http://coq.inria.fr

The Coq Proof Assistant : Reference Manual : Version 7.2

Coq is a proof assistant based on a higher-order logic. Coq allows to handle calculus mathematical assertions and to check mechanically proofs of these assertions. It helps to find formal proofs, and allows extraction of a certified program from the constructive proof of its formal specification. This document is the reference manual for the version V7.2 of Coq which is available from http://coq.inria.fr

Type-based termination of recursive definitions and constructor subtyping in typed lambda calculi

Tese de doutoramento em Informática, ramo de Fundamentos da Computação.In type systems, a combination of subtyping and overloading is a way to achieve more precise typings. This thesis explores how to use these mechanisms in two directions: (i) as a way to ensure termination of recursive functions; (ii) as a way to capture in a type-theoretic context the use of subtyping as inclusion between inductively defined sets. The first part of the thesis presents a mechanism that ensures termination through types and defines a system that incorporates it. More precisely, we formalize the notion of type-based termination using a restricted form of type dependency (also known as indexed types). Every datatype is replaced by a family of approximations indexed over a set of stages; then being in a certain approximation means that a term can be seen as having a certain bound on constructor usage. We introduce λˆ, a simply typed λ-calculus à la Curry, supporting parametric inductive datatypes, case-expressions and letrec-expressions with termination ensured by types. We show that λˆ enjoys important meta-theoretical properties, including confluence, subject reduction and strong normalization. We also show that the calculus is powerful enough to encode many recursive definitions rejected by existing type systems, and give some examples. We prove that this system encompasses in a strict way Giménez' λς, a system in which termination of typable expressions is ensured by a syntactical condition constraining the uses of recursive calls in the body of definitions. The second part of the thesis studies properties of a type system featuring constructor subtyping. Constructor subtyping is a form of subtyping in which an inductive type σ is viewed as a subtype of another inductive type τ if each constructor c of σ is also a constructor of τ (but τ may have more constructors), and whenever c : θ'→σ is a declaration for τ, then c : θ'→τ is a declaration for τ with θ'→≤θ'. In this thesis we allow for this form of subtyping in the system λcs, which is a simply typed λ-calculus à la Curry, supporting mutually recursive parametric datatypes, case-expressions and letrec-expressions. We establish the properties of confluence, subject reduction and decidability of type checking for this calculus. As the system features general recursion, the reduction calculus is obviously non-terminating. However, we sketch two ways of achieving strong normalization. One way is to constrain the system to guard-by-destructors recursion, following what is done for λς. The other way is to enrich the type system with stages (following the ideas presented for λˆ) and enforcing termination through typing. Potential uses of constructor subtyping include proof assistants and functional programming languages. In particular, constructor subtyping provides a suitable foundation for extensible datatypes, and is specially adequate to re-usability. The combination of subtyping between datatypes and overloading of constructors allows the definition of new datatypes by restricting or by expanding the set of constructors of an already defined datatype. This flexibility in the definition of datatypes induces a convenient form of code reuse for recursive functions, allowing the definition of new functions by restricting or by expanding already defined ones. We enrich a calculus featuring constructor subtyping with a mechanism to define extensible overloaded recursive functions by pattern-matching, obtaining the system λcs+fun. We formalize the concept of well-formed environment of function declarations and establish that under such environments the properties of confluence, subject reduction and decidability of type-checking hold. Moreover, we prove that the requirements imposed for the well-formed environments are decidable and show how standard techniques can still be used for compiling pattern-matching into case-expressions.Em sistemas de tipos, a combinação de mecanismos de subtipagem e de sobrecarga de construtores permite alcançar tipagens mais precisas para os termos. Esta tese investiga a utilização destes mecanismos, quer como forma de assegurar a terminação de funções recursivas, quer como forma de captar subtipagem através de inclusão de conjuntos num sistema com tipos indutivos. A primeira parte da tese apresenta um sistema de tipos capaz de assegurar a terminação de funções recursivas, unicamente por tipagem. Mais concretamente, a noção de terminação baseada em tipos é formalizada utilizando uma forma restrita de dependência de tipos, também conhecida por tipos indexados. Cada tipo de dados é visto como uma família de aproximações, indexada por um conjunto de níveis, fornecendo tais níveis indicações sobre o uso de construtores na formação de termos. Esta forma de garantir terminação por tipos encontra-se formalizada no que é um cálculo lambda simplesmente tipado à la Curry, com tipos indutivos paramétricos, com expressões de ponto fixo e de análise de casos. Demonstra-se que λˆ é um cálculo bem comportado, satisfazendo as propriedades de confluência, preservação de tipos ao longo da cadeia de redução, e normalização forte. O sistema λˆ permite codificar muitas definições recursivas que são rejeitadas por outros sistemas com preocupações semelhantes de garantia de terminação. Em particular, prova-se que este cálculo engloba de modo estrito o sistema λς de Giménez, um sistema em que a terminação das expressões tipáveis é assegurada por uma condição sintáctica que restringe as chamadas recursivas de funções. Na segunda parte da tese, apresenta-se um sistema de tipos com subtipagem por construtores e estudam-se as suas propriadades. A subtipagem por construtores é uma forma de subtipagem na qual um tipo indutivo σ é visto como um subtipo de um outro tipo indutivo τ, se τ tiver mais construtores do que σ. Neste trabalho, a subtipagem por construtores está presente no sistema λcs, um cálculo lambda simplesmente tipado, à la Curry, com tipos inductivos paramétricos e mutuamente recursivos, com expressões de ponto fixo e de análise de casos. Demonstra-se que este cálculo é confluente, a tipagem é decidível e a redução preserva tipos. Para garantir a normalização forte, são propostas duas abordagens: satisfação de uma condição sintáctica nas definições recursivas (à semelhança de λς), ou enriquecimento do sistema de tipos com níveis (à semelhança de λˆ) de forma a garantir terminação por tipagem. Esta forma de subtipagem encontra aplicações nos sistemas de prova assistida e nas linguagens funcionais de programação. Em particular, a subtipagem por construtores revela-se adequada para o tratamento de tipos de dados extensíveis. A combinação da subtipagem com a sobrecarga de construtores permite que a definição de novos tipos de dados possa ser feita por restrição ou expansão do conjunto de construtores de um tipo de dados jà definido. Esta flexibilidade na definição de tipos de dados induz uma forma de re-utilização de código adequada às funções recursivas, permitindo que a definição de novas funções se possa fazer também por restrição ou expansão de funções já definidas. Estes mecanismos são estudados no âmbito do sistema λcs+fun, um cálculo lambda com subtipagem por construtores e com definições recursivas sobrecarregadas e extensíveis, definidas por concordância de padrões num ambiente global. Define-se, para este cálculo, o conceito de ambiente bem formado de funções, e demonstra-se que, para estes ambientes, as propriedades de confluência, decidibilidade de tipagem e preservação de tipos são válidas. Também se demonstra que os vários requisitos impostos para garantir a boa formação do ambiente global de funções correspondem a propriedades decidíveis. Finalmente, descreve-se um algoritmo de compilação das funções definidas por concordância de padrões para expressões com análise de casos

Detecting Prolog programming techniques using abstract interpretation

There have been a number of attempts at developing intelligent tutoring systems (ITSs) for teaching students various programming languages. An important component of such an ITS is a debugger capable of recognizing errors in the code the student writes and possibly suggesting ways of correcting such errors. The debugging process involves a wealth of knowledge about the programming language, the student and the individual problem at hand, and an automated debugging component makes use of a number of tools which apply this knowledge. Successive ITSs have incorporated a wider range of knowledge and more powerful tools. The research described in this thesis should be seen as carrying on with this succes¬ sion. Specifically, we attempt to enhance an existing Prolog ITS (PITS) debugger called APR0P0S2 developed by Looi. The enhancements take the form of a richer language with which to describe Prolog code and more powerful tools with which constructs in this language may be detected in Prolog code. The richer language is based on the notion of programming techniques—common patterns in code which capture in some sense an expert's understanding of Prolog. The tools are based on Prolog abstract interpretation—a program analysis method for inferring dynamic properties of code. Our research makes contributions to both these areas. We develop a language for describing classes of Prolog programming techniques that manipulate data-structures. We define classes in this language for common Prolog techniques such as accumulator pairs and difference structures. We use abstract interpretation to infer the dynamic features with which techniques are described. We develop a general framework for abstract interpretation which is described in Prolog, so leading directly to an implementation. We develop two abstract domains—one which infers general data flow information about the code and one which infers particularly detailed type information—and describe the implementation of the former