FRINK Linked Data Fragments server

Matches in SemOpenAlex for { <https://semopenalex.org/work/W2169776427> ?p ?o ?g. }

• W2169776427 abstract "Despite the recent interest in using computerized theorem provers to verify theorems in programming languages research, little progress has been made toward verification for real-world languages. Such undertakings encounter two difficulties: not only are the proofs larger and more complicated than in a corresponding research calculus, but the language itself typically lacks a formal specification. We attack both of these problems for OCaml, formalizing a sizable fragment of the language using Ott [5] and verifying its type soundness in HOL [4]. We take a straightforward approach and formalize the syntax of OCaml as a collection of (sometimes mutually) inductive datatypes, and OCaml’s type system and operational semantics as a collection of (sometimes mutually) inductive relations and recursive functions. Nipkow and van Oheimb[3] apply a similar methodology to Java. Since OCaml does not come with a formal specification of its type system or operational semantics, we base our semantics on the informal language manual, and on the results of experiments with the implementation. Ott allows us to express these definitions in a mathematical-style notation. It generates HOL, Coq, Isabelle/HOL, and LTEX definitions, the first of which forms the basis for our proof. In contrast to Lee et al. [2], we specify the semantics directly on the language’s source syntax, rather than using an elaboration into an internal calculus. The direct approach requires reasoning about diverse and redundant features in the verification, but the theorem prover helps us manage the process. We hypothesize that a clear connection between the source language and its semantics will facilitate verification about OCaml programs in addition the present verification about the OCaml language. Formalization Our semantics covers a large part of OCaml, but excludes the language’s module and object systems. We formalize: • let-based polymorphism with a traditional value restriction • pattern matching, with nested and “or” patterns; without guards • type definitions, including type abbreviations, generative variant and record types, parametric types, and mutual recursion • exception definitions and handling (try, raise, exception) • mutable references (ref, !, :=), but not mutable record fields • 31 bit word semantics for values of type int • polymorphic equality (=), tuples (,), and lists (::, []) • record update expressions (with) and loops (while, do). The syntax specification closely follows the OCaml manual, with several additions to support the semantics: typing contexts, stores, type schemes, names of primitive functions, etc. The type system has 156 rules in 32 relations, not including substitution and free variable functions generated by Ott. The typing relation is syntactic, but not unification-based, so special care is taken to coordinate type variables mentioned in explicit type annotations. The small-step reduction relation uses labeled transitions to express interactions with the store. The rules for the pure fragment thereby avoid mentioning the store, similar to the “state convention” of The Definition of Standard ML, but with formal rigor. This approach also simplifies the introduction of new effectful features by localizing their mention to the new rules. There are 18 rules for evaluating in contexts (they enforce right-to-left evaluation ordering), 17 for upward propagation of exceptions, and 26 for reducing expressions, 13 for primitive equality, 11 for other primitive operations, and 12 for matching values against patterns. Verification Most of the proof effort is a straightforward application of HOL’s tactic-based proof mechanisms. Ott uses HOL’s builtin facilities for datatype and inductive relation definitions, and these automatically provide ruleand structural-induction theorems, and case analysis theorems. Additionally, we have automated the construction of inversion lemmas from the provided case analysis theorems. We use HOL’s tactics for the following operations: rewriting with equational theorems, backward and forward chaining with implicational theorems, instantiating existentially quantified variables, applying induction theorems, case-splitting, and doing firstorder proof search (METIS TAC [1]). The last is used on around 500 goals in the verification; a good prover for first-order logic with equality is an immense convenience in large verifications. The proof does not require an α-aware term or type representation, but we have settled on a de Bruijn index encoding of type variables. Because the semantics never performs a reduction under a value or type variable binder, identifying names up to α-equivalence is unnecessary; the Ott-generated non-captureavoiding substitutions will never capture because the term being substituted has no free variables. Type variables, bound by polymorphic let, have the additional constraint that duplicate bindings cannot be present in the typing context. Otherwise type scheme generalization might capture a type variable introduced by a different let expression. Unfortunately, in the polymorphic let case of the weakening lemma’s proof, a new type variable might conflict with one in the weakened context. Thus, the let expression’s typing derivation must be α-renamed to introduce a non-conflicting name. Preliminary investigation of two α-unaware approaches to this dilemma showed the resulting proof obligations to be unsatisfactorily complicated. The de Bruijn index encoding sidesteps the potential for naming conflicts. Typical “locally nameless” encodings do not help here because the binding in question spans two positions in the judgment. Status We have completed the verification of the progress theorem for expressions (without type abbreviations). Except for a combination weakening/type substitution lemma, we have also completed verification of the preservation theorem for expressions using the named representation for type schemes. The total proof effort uses about 4,400 lines of tactic scripts and has taken roughly 2.5 man-months thus far (the formalization has taken an estimated .5 to 1 man-month). Ongoing work aims to replace the named representation with a de Bruijn index representation to simplify the verification of the (now separate) weakening and type substitution lemmas, and to extend the proof to handle type abbreviations. The formalization and proofs are available at http://www.cl.cam. ac.uk/∼pes20/ott/. Acknowledgments We acknowledge the support of EPSRC grants GR/T11715/01 and EP/C510712/1. References" @default.
• W2169776427 created "2016-06-24" @default.
• W2169776427 creator A5016338511 @default.
• W2169776427 creator A5049346665 @default.
• W2169776427 date "2007-01-01" @default.
• W2169776427 modified "2023-09-27" @default.
• W2169776427 title "Verifying type soundness in HOL for OCaml: the core language" @default.
• W2169776427 cites W1987755707 @default.
• W2169776427 cites W1989536180 @default.
• W2169776427 hasPublicationYear "2007" @default.
• W2169776427 type Work @default.
• W2169776427 sameAs 2169776427 @default.
• W2169776427 citedByCount "0" @default.
• W2169776427 crossrefType "journal-article" @default.
• W2169776427 hasAuthorship W2169776427A5016338511 @default.
• W2169776427 hasAuthorship W2169776427A5049346665 @default.
• W2169776427 hasConcept C108710211 @default.
• W2169776427 hasConcept C154945302 @default.
• W2169776427 hasConcept C156325763 @default.
• W2169776427 hasConcept C17435882 @default.
• W2169776427 hasConcept C184337299 @default.
• W2169776427 hasConcept C18903297 @default.
• W2169776427 hasConcept C199360897 @default.
• W2169776427 hasConcept C203265346 @default.
• W2169776427 hasConcept C206880738 @default.
• W2169776427 hasConcept C2524010 @default.
• W2169776427 hasConcept C2777299769 @default.
• W2169776427 hasConcept C33923547 @default.
• W2169776427 hasConcept C39920170 @default.
• W2169776427 hasConcept C41008148 @default.
• W2169776427 hasConcept C42383842 @default.
• W2169776427 hasConcept C44779574 @default.
• W2169776427 hasConcept C60048249 @default.
• W2169776427 hasConcept C86803240 @default.
• W2169776427 hasConcept C93682546 @default.
• W2169776427 hasConceptScore W2169776427C108710211 @default.
• W2169776427 hasConceptScore W2169776427C154945302 @default.
• W2169776427 hasConceptScore W2169776427C156325763 @default.
• W2169776427 hasConceptScore W2169776427C17435882 @default.
• W2169776427 hasConceptScore W2169776427C184337299 @default.
• W2169776427 hasConceptScore W2169776427C18903297 @default.
• W2169776427 hasConceptScore W2169776427C199360897 @default.
• W2169776427 hasConceptScore W2169776427C203265346 @default.
• W2169776427 hasConceptScore W2169776427C206880738 @default.
• W2169776427 hasConceptScore W2169776427C2524010 @default.
• W2169776427 hasConceptScore W2169776427C2777299769 @default.
• W2169776427 hasConceptScore W2169776427C33923547 @default.
• W2169776427 hasConceptScore W2169776427C39920170 @default.
• W2169776427 hasConceptScore W2169776427C41008148 @default.
• W2169776427 hasConceptScore W2169776427C42383842 @default.
• W2169776427 hasConceptScore W2169776427C44779574 @default.
• W2169776427 hasConceptScore W2169776427C60048249 @default.
• W2169776427 hasConceptScore W2169776427C86803240 @default.
• W2169776427 hasConceptScore W2169776427C93682546 @default.
• W2169776427 hasLocation W21697764271 @default.
• W2169776427 hasOpenAccess W2169776427 @default.
• W2169776427 hasPrimaryLocation W21697764271 @default.
• W2169776427 hasRelatedWork W1496369122 @default.
• W2169776427 hasRelatedWork W1587700332 @default.
• W2169776427 hasRelatedWork W1591242928 @default.
• W2169776427 hasRelatedWork W1739051165 @default.
• W2169776427 hasRelatedWork W1815469880 @default.
• W2169776427 hasRelatedWork W1827100046 @default.
• W2169776427 hasRelatedWork W1891315876 @default.
• W2169776427 hasRelatedWork W193973472 @default.
• W2169776427 hasRelatedWork W2005305279 @default.
• W2169776427 hasRelatedWork W2060914009 @default.
• W2169776427 hasRelatedWork W2083916702 @default.
• W2169776427 hasRelatedWork W2125412310 @default.
• W2169776427 hasRelatedWork W2138457764 @default.
• W2169776427 hasRelatedWork W2515420469 @default.
• W2169776427 hasRelatedWork W2560908054 @default.
• W2169776427 hasRelatedWork W2791394679 @default.
• W2169776427 hasRelatedWork W2952198901 @default.
• W2169776427 hasRelatedWork W3016159912 @default.
• W2169776427 hasRelatedWork W3103063427 @default.
• W2169776427 hasRelatedWork W91948628 @default.
• W2169776427 isParatext "false" @default.
• W2169776427 isRetracted "false" @default.
• W2169776427 magId "2169776427" @default.
• W2169776427 workType "article" @default.