Iron Lambda is a collection of ​Coq formalisations for functional languages of increasing complexity. It fills part of the gap between the end of the ​Software Foundations course and what appears in current research papers. If you are new to Coq then you would be better off starting with Software Foundations rather than this work.

We just use straight deBruijn indices for binders. Using deBruijn indices does require that we prove some lemmas about lifting and substitution, but they are very similar between languages, so the initial effort can be re-used. For more details see the blog post ​How I learned to stop worrying and love deBruijn indices.

The proofs use a "semi-​Chlipala" approach to mechanisation: most lemmas are added to the global hint and rewrite databases, but if the proof script of a particular lemma was already of a sane length, then we haven't invested time writing lemma-specific LTac code to make it smaller.

Style guidelines:

Verbose comments explaining what the main definitions and theorems are for. The scripts should be digestable by intermediate Coq users.

No unicode or infix operators for judgement forms. When I use them in my proofs they make perfect sense, but when you use them in yours they're completely unreadable.

Uses Coq bullets, as well as the Case and SCase etc tactics to add structure.

Installation

You will need a working version of ​ Coq. The proofs are known to work with Coq 8.5.

Source code is on github git clone https://github.com/DDCSF/iron

There is a top-level Makefile that will build all the proofs. For this to work coqc and coqdep need to be in your default path. $ cd iron $ make

Each Coq module should check in under two minutes. If not then the automation might have diverged, so please tell me about it. Also report any build problems.

More Information

Related Work







Current Languages

Click the headings to get to the proofs.



Simply Typed Lambda Calculus (STLC).

"Simple" here refers to the lack of polymorphism.

STLC with booleans, naturals and fixpoint.

STLC with mutable references.

The typing judgement includes a store typing.

STLC with algebraic data and case expressions.

The definition of expressions uses indirect mutual recursion. Expressions contain a list of case-alternatives, and alternatives contain expressions, but the definition of the list type is not part of the same recursive group. The proof requires that we define our own induction scheme for expressions.

Compared to STLC, the proof for SystemF needs more lifting lemmas so it can deal with deBruijn indices at the type level.

Very similar to SystemF, but with higher kinds.

SystemF2 with algebraic data and case expressions. Requires that we define simultaneous substitutions, which are used when subsituting expressions bound by pattern variables into the body of an alternative. The language allows data constructors to be applied to general expressions rather than just values, which requires more work when defining evaluation contexts.

SystemF2 with algebraic data, case expressions and a mutable store. All data is allocated into the store and can be updated with primitive polymorphic update operators.

SystemF2 with a region and effect system. Supports region extension and deallocation.