Verifiable Certificates for Predicate Subtyping

Adding predicate subtyping to higher-order logic yields a very expressive language in which type-checking is undecidable, making the definition of a system of verifiable certificates challenging. This work presents a solution to this issue with a minimal formalization of predicate subtyping, named PVS-Core, together with a system of verifiable certificates for PVS-Core, named PVS-Cert. PVS-Cert is based on the introduction of proof terms and explicit coercions. Its design is similar to that of PTSs with dependent pairs, with the exception of the definition of conversion, which is based on a specific notion of reduction \(\rightarrow _{\beta *}\), corresponding to \(\beta \)-reduction combined with the erasure of coercions. The use of this reduction instead of the more standard reduction \(\rightarrow _{\beta \sigma }\) allows to establish a simple correspondence between PVS-Core and PVS-Cert. On the other hand, a type-checking algorithm is designed for PVS-Cert, built on proofs of type preservation of \(\rightarrow _{\beta \sigma }\) and strong normalization of both \(\rightarrow _{\beta \sigma }\) and \(\rightarrow _{\beta *}\). Combining these results, PVS-Cert judgements are used as verifiable certificates for predicate subtyping. In addition, the reduction \(\rightarrow _{\beta \sigma }\) is used to define a cut elimination procedure for predicate subtyping. This definition provides a new tool to study the properties of predicate subtyping, as illustrated with a proof of consistency.

[1]  Frédéric Gilbert Extending higher-order logic with predicate subtyping: Application to PVS. (Extension de la logique d'ordre supérieur avec le sous-typage par prédicats) , 2018 .

[2]  Sam Tobin-Hochstadt,et al.  Occurrence typing modulo theories , 2016, PLDI.

[3]  Richard Statman,et al.  Lambda Calculus with Types , 2013, Perspectives in logic.

[4]  Mark-Jan Nederhof,et al.  Modular proof of strong normalization for the calculus of constructions , 1991, Journal of Functional Programming.

[5]  Hugo Herbelin,et al.  Pure Type System conversion is always typable , 2012, J. Funct. Program..

[6]  Kenneth Knowles,et al.  Hybrid type checking , 2010, TOPL.

[7]  Patrick Maxim Rondon,et al.  Liquid types , 2008, PLDI '08.

[8]  Vincent van Oostrom,et al.  Combinatory Reduction Systems: Introduction and Survey , 1993, Theor. Comput. Sci..

[9]  Matthieu Sozeau,et al.  Subset Coercions in Coq , 2006, TYPES.

[10]  Zhaohui Luo,et al.  ECC, an extended calculus of constructions , 1989, [1989] Proceedings. Fourth Annual Symposium on Logic in Computer Science.

[11]  Jan Terlouw,et al.  Strong Normalization in Type Systems: A Model Theoretic Approach , 1995, Ann. Pure Appl. Log..

[12]  Gilles Barthe,et al.  Type-checking injective pure type systems , 1999, Journal of Functional Programming.

[13]  Natarajan Shankar,et al.  PVS: A Prototype Verification System , 1992, CADE.

[14]  José Meseguer,et al.  Principles of OBJ2 , 1985, POPL.

[15]  Andreas Abel,et al.  On Irrelevance and Algorithmic Equality in Predicative Type Theory , 2012, Log. Methods Comput. Sci..

[16]  Herman Geuvers,et al.  A short and flexible proof of Strong Normalization for the Calculus of Constructions , 1994, TYPES.

[17]  Shankar Natarajan,et al.  The Formal Semantics of PVS , 1999 .

[18]  Hugo Herbelin,et al.  The Coq proof assistant : reference manual, version 6.1 , 1997 .

[19]  Hendrik Pieter Barendregt,et al.  Introduction to generalized type systems , 1991, Journal of Functional Programming.

[20]  W. Tait A realizability interpretation of the theory of species , 1975 .

[21]  Natarajan Shankar,et al.  Subtypes for Specifications: Predicate Subtyping in PVS , 1998, IEEE Trans. Software Eng..

[22]  Benjamin Werner On the Strength of Proof-Irrelevant Type Theories , 2006, IJCAR.