A Formally Specified Program Logic for Higher-Order Procedural Variables and non-local Jumps

• The functional language F (which is our formulation of Gödel System T) equipped with two usual type systems, a simple type system IS and a dependent type system ID which is akin to Leivant’s M1LP [Lei90].

In particular, dependent types include arbitrary formulas of first-order arithmetic.

• The imperative language I (essentially Loop ω from [CPV09]) is an extension of Meyer and Ritchie’s Loop language [MR76] with higher-order procedural variables. Language I is also equipped with two (unusual) type systems, a pseudo-dynamic simple type system IS and a dependent type system ID.

• A compositional translation from I to F is also defined [CPV09] in both the pseudo-dynamic and dependent frameworks.

The main difference from the description given in [CP11] comes from the fact that the dependently-typed programs contain proof annotations and are actually isomorphic to proof derivations (this is required to obtain executable proof checkers from the specification of the dependent type systems in Twelf). As a simple example of such proof annotations, the dependently-typed imperative procedure for addition is given in Figure 1.

A second minor difference is a consequence of our encoding of first-order quantifiers using Twelf higher-order abstract syntax. Quantified variables have to be dealt with separately, and the elimination rule for the existential quantifier is thus split into a cut rule and a left introduction rule.

Moreover, the type systems and the translation are all executable specifications thanks to Twelf’s logic programming engine. In particular, the imperative counterpart of Filinski’s encoding of shift/reset [DF89,Fil94] described in [CP11] and the examples from [Wad94] have been mechanically checked. The correctness of third example (which requires the more general type system) is shown in full in Figure 2.

In Section 2, we present syntax of I and F, the functional simple type system FS (Section 2.1), the imperative pseudo-dynamic type system IS (Section 2.2) and the translation form IS to FS (Section 2.3). In Section 3, we present syntax of languages I and F extended with dependent types and proof annotations, the functional dependent type system FS (Section 3.1), the pseudo-dynamic imperative dependent type system ID (Section 3.2) and the translation form ID to FD (Section 3.3).

var mk := mk2 ; var g := * ; reset(q, mk ; g, mk ); var x := * ; g{0}(0, mk ; x , mk ); var y := * ; g{1}(1, mk ; y, mk ); p add{3}{2}(x :> {var 6 /nat(var 6 )}[3 = F32(0)], y :> {var 7 /nat(var 7 )}[2 = F32(1)], mk ; z , mk ); };

expression, e, p ::= expression:

Type check terms

2.1 Functional simple type system FS Formulas equality τ = τ τ = τ (form eq refl)

Terms equality t = t t = t (term eq refl)

Type check terms Σ ( t) : ( τ ) Σ () : () (tcts empty)

2.2 Imperative simple type system IS

Number translation q = t 0 = 0 (tr num 1)

Expression translation (e) = t q = t (q) = t (tr exp 1) (e) = t (s) x = t (cst x = e; s) x = let x = t in t (tr seq 3) (e) = t (s) x = t (x := e; s) x = let x = t in t (tr seq 4)

(tr seq 9)

3 Grammars and judgments for FD and ID

3.1 Functional dependent type system FD

(tc equal e)

Type check terms Σ ( t) : ( ϕ) Σ () : () (tc empty)

3.2 Imperative dependent type system ID Formula equality ψ = ψ ψ = ψ (prop eq id)

Environment equality γ = γ γ = γ (env eq id)

Type check with updated environment

Type check with updated environment

Type check with updated environment

(tc qzip ii)

ω ⊂ Ω ω = x : σ Γ; ω s ω ω = x : τ Ω x : τ = Ω Γ; Ω s Ω Γ; Ω {s}ω; s Ω (t block) y : nat ∈ Ω Γ; Ω s Ω Γ; Ω inc (y); s Ω (t inc)