Friends with Benefits

Implementing Corecursion in Foundational Proof Assistants
  • Jasmin Christian BlanchetteEmail author
  • Aymeric Bouzy
  • Andreas Lochbihler
  • Andrei Popescu
  • Dmitriy TraytelEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10201)


We introduce AmiCo, a tool that extends a proof assistant, Isabelle/HOL, with flexible function definitions well beyond primitive corecursion. All definitions are certified by the assistant’s inference kernel to guard against inconsistencies. A central notion is that of friends: functions that preserve the productivity of their arguments and that are allowed in corecursive call contexts. As new friends are registered, corecursion benefits by becoming more expressive. We describe this process and its implementation, from the user’s specification to the synthesis of a higher-order definition to the registration of a friend. We show some substantial case studies where our approach makes a difference.


Proof Obligation Proof Assistant Proof Method Uniqueness Principle Type Constructor 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



Martin Desharnais spent months extending Isabelle’s Open image in new window command to generate a wealth of theorems, many of which were useful when implementing AmiCo. Lorenz Panny developed Open image in new window whose code provided valuable building blocks. Mathias Fleury, Mark Summerfield, Daniel Wand, and the anonymous reviewers suggested many textual improvements. We thank them all. Blanchette is supported by the European Research Council (ERC) starting grant Matryoshka (713999). Lochbihler is supported by the Swiss National Science Foundation (SNSF) grant “Formalising Computational Soundness for Protocol Implementations” (153217). Popescu is supported by the UK Engineering and Physical Sciences Research Council (EPSRC) starting grant “VOWS: Verification of Web-based Systems” (EP/N019547/1). The authors are listed in alphabetical order.


  1. 1.
    Abbott, M., Altenkirch, T., Ghani, N.: Containers: constructing strictly positive types. Theor. Comput. Sci. 342(1), 3–27 (2005)MathSciNetCrossRefzbMATHGoogle Scholar
  2. 2.
    Abel, A.: MiniAgda: integrating sized and dependent types. In: Bove, A., Komendantskaya, E., Niqui, M. (eds.) PAR 2010. EPTCS, vol. 43, pp. 14–28 (2010)Google Scholar
  3. 3.
    Abel, A.: Compositional coinduction with sized types. In: Hasuo, I. (ed.) CMCS 2016. LNCS, vol. 9608, pp. 5–10. Springer, Heidelberg (2016). doi: 10.1007/978-3-319-40370-0_2 CrossRefGoogle Scholar
  4. 4.
    Abel, A., Pientka, B.: Well-founded recursion with copatterns and sized types. J. Funct. Program. 26, e2 (2016)MathSciNetCrossRefGoogle Scholar
  5. 5.
    Abel, A., Pientka, B., Thibodeau, D., Setzer, A.: Copatterns: programming infinite structures by observations. In: Giacobazzi, R., Cousot, R. (eds.) POPL 2013, pp. 27–38. ACM (2013)Google Scholar
  6. 6.
    Adams, M.: Introducing HOL Zero. In: Fukuda, K., Hoeven, J., Joswig, M., Takayama, N. (eds.) ICMS 2010. LNCS, vol. 6327, pp. 142–143. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-15582-6_25 CrossRefGoogle Scholar
  7. 7.
    Asperti, A., Ricciotti, W., Sacerdoti Coen, C., Tassi, E.: The Matita interactive theorem prover. In: Bjørner, N., Sofronie-Stokkermans, V. (eds.) CADE 2011. LNCS (LNAI), vol. 6803, pp. 64–69. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-22438-6_7 CrossRefGoogle Scholar
  8. 8.
    Atkey, R., McBride, C.: Productive coprogramming with guarded recursion. In: Morrisett, G., Uustalu, T. (eds.) ICFP 2013, pp. 197–208. ACM (2013)Google Scholar
  9. 9.
    Berger, U., Schwichtenberg, H.: An inverse of the evaluation functional for typed lambda-calculus. In: LICS 1991, pp. 203–211. IEEE Computer Society (1991)Google Scholar
  10. 10.
    Bernardy, J.P., Jansson, P., Paterson, R.: Proofs for free: parametricity for dependent types. J. Funct. Program. 22(2), 107–152 (2012)MathSciNetCrossRefzbMATHGoogle Scholar
  11. 11.
    Bertot, Y.: Filters on coinductive streams, an application to Eratosthenes’ sieve. In: Urzyczyn, P. (ed.) TLCA 2005. LNCS, vol. 3461, pp. 102–115. Springer, Heidelberg (2005). doi: 10.1007/11417170_9 CrossRefGoogle Scholar
  12. 12.
    Bertot, Y., Casteran, P.: Interactive Theorem Proving and Program Development–Coq’Art: The Calculus of Inductive Constructions. Texts in Theoretical Computer Science. Springer, Heidelberg (2004)CrossRefzbMATHGoogle Scholar
  13. 13.
    Bertot, Y., Komendantskaya, E.: Inductive and coinductive components of corecursive functions in Coq. Electr. Notes Theor. Comput. Sci. 203(5), 25–47 (2008)MathSciNetCrossRefzbMATHGoogle Scholar
  14. 14.
    Blanchette, J.C., Bouzy, A., Lochbihler, A., Popescu, A., Traytel, D.: Archive associated with this paper.
  15. 15.
    Blanchette, J.C., Bouzy, A., Lochbihler, A., Popescu, A., Traytel, D.: Friends with benefits: implementing corecursion in foundational proof assistants. Technical report (2017).
  16. 16.
    Blanchette, J.C., Hölzl, J., Lochbihler, A., Panny, L., Popescu, A., Traytel, D.: Truly modular (co)datatypes for Isabelle/HOL. In: Klein, G., Gamboa, R. (eds.) ITP 2014. LNCS, vol. 8558, pp. 93–110. Springer, Heidelberg (2014). doi: 10.1007/978-3-319-08970-6_7 Google Scholar
  17. 17.
    Blanchette, J.C., Popescu, A., Traytel, D.: Foundational extensible corecursion: a proof assistant perspective. In: Fisher, K., Reppy, J.H. (eds.) ICFP 2015, pp. 192–204. ACM (2015)Google Scholar
  18. 18.
    Blanchette, J.C., Popescu, A., Traytel, D.: Witnessing (co)datatypes. In: Vitek, J. (ed.) ESOP 2015. LNCS, vol. 9032, pp. 359–382. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-46669-8_15 CrossRefGoogle Scholar
  19. 19.
    Bove, A., Dybjer, P., Norell, U.: A brief overview of Agda – a functional language with dependent types. In: Berghofer, S., Nipkow, T., Urban, C., Wenzel, M. (eds.) TPHOLs 2009. LNCS, vol. 5674, pp. 73–78. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-03359-9_6 CrossRefGoogle Scholar
  20. 20.
    Bulwahn, L., Krauss, A., Nipkow, T.: Finding lexicographic orders for termination proofs in Isabelle/HOL. In: Schneider, K., Brandt, J. (eds.) TPHOLs 2007. LNCS, vol. 4732, pp. 38–53. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-74591-4_5 CrossRefGoogle Scholar
  21. 21.
    Chlipala, A.: Certified Programming with Dependent Types—A Pragmatic Introduction to the Coq Proof Assistant. MIT Press, Cambridge (2013)zbMATHGoogle Scholar
  22. 22.
    Danielsson, N.A.: Beating the productivity checker using embedded languages. In: Bove, A., Komendantskaya, E., Niqui, M. (eds.) PAR 2010. EPTCS, vol. 43, pp. 29–48 (2010)Google Scholar
  23. 23.
    Dijkstra, E.W.: An exercise for Dr. R. M. Burstall. In: Dijkstra, E.W. (ed.) Selected Writings on Computing: A Personal Perspective, pp. 215–216. Texts and Monographs in Computer Science. Springer, Heidelberg (1982)CrossRefGoogle Scholar
  24. 24.
    Erwig, M., Kollmansberger, S.: Probabilistic functional programming in Haskell. J. Funct. Programm. 16(1), 21–34 (2006)CrossRefzbMATHGoogle Scholar
  25. 25.
    Gammie, P., Lochbihler, A.: The Stern-Brocot tree. Archive of Formal Proofs (2015).
  26. 26.
    Giménez, E.: Codifying guarded definitions with recursive schemes. In: Dybjer, P., Nordström, B., Smith, J. (eds.) TYPES 1994. LNCS, vol. 996, pp. 39–59. Springer, Heidelberg (1995). doi: 10.1007/3-540-60579-7_3 CrossRefGoogle Scholar
  27. 27.
    Gordon, M.J.C., Melham, T.F.: Introduction to HOL: A Theorem Proving Environment for Higher Order Logic. Cambridge University Press, Cambridge (1993)zbMATHGoogle Scholar
  28. 28.
    Gulwani, S.: Programming by examples—and its applications in data wrangling. In: Dependable Software Systems Engineering. NATO Science for Peace and Security Series D: Information and Communication Security, vol. 45, pp. 137–158. IOS Press (2016)Google Scholar
  29. 29.
    Haftmann, F., Nipkow, T.: Code generation via higher-order rewrite systems. In: Blume, M., Kobayashi, N., Vidal, G. (eds.) FLOPS 2010. LNCS, vol. 6009, pp. 103–117. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-12251-4_9 CrossRefGoogle Scholar
  30. 30.
    Hagino, T.: A categorical programming language. Ph.D. thesis, University of Edinburgh (1987)Google Scholar
  31. 31.
    Harrison, J.: Inductive definitions: automation and application. In: Thomas Schubert, E., Windley, P.J., Alves-Foss, J. (eds.) TPHOLs 1995. LNCS, vol. 971, pp. 200–213. Springer, Heidelberg (1995). doi: 10.1007/3-540-60275-5_66 CrossRefGoogle Scholar
  32. 32.
    Harrison, J.: HOL Light: an overview. In: Berghofer, S., Nipkow, T., Urban, C., Wenzel, M. (eds.) TPHOLs 2009. LNCS, vol. 5674, pp. 60–66. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-03359-9_4 CrossRefGoogle Scholar
  33. 33.
    Hinze, R.: The Bird tree. J. Func. Programm. 19(5), 491–508 (2009)MathSciNetCrossRefzbMATHGoogle Scholar
  34. 34.
    Homeier, P.V.: The HOL-Omega logic. In: Berghofer, S., Nipkow, T., Urban, C., Wenzel, M. (eds.) TPHOLs 2009. LNCS, vol. 5674, pp. 244–259. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-03359-9_18 CrossRefGoogle Scholar
  35. 35.
    Huffman, B.: HOLCF ’11: a definitional domain theory for verifying functional programs. Ph.D. thesis, Portland State University (2012)Google Scholar
  36. 36.
    Huffman, B., Kun\(\check{\rm c}\)ar, O.: Lifting and transfer: a modular design for quotients in Isabelle/HOL. In: Gonthier, G., Norrish, M. (eds.) CPP 2013. LNCS, vol. 8307, pp. 131–146. Springer, Heidelberg (2013). doi: 10.1007/978-3-319-03545-1_9
  37. 37.
    Hur, C.K., Neis, G., Dreyer, D., Vafeiadis, V.: The power of parameterization in coinductive proof. In: Giacobazzi, R., Cousot, R. (eds.) POPL 2013, pp. 193–206. ACM (2013)Google Scholar
  38. 38.
    Jeannin, J.-B., Kozen, D., Silva, A.: Language constructs for non-well-founded computation. In: Felleisen, M., Gardner, P. (eds.) ESOP 2013. LNCS, vol. 7792, pp. 61–80. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-37036-6_4 CrossRefGoogle Scholar
  39. 39.
    Jones, G., Gibbons, J.: Linear-time breadth-first tree algorithms: an exercise in the arithmetic of folds and zips. Technical report 71, Computer Science Department, University of Auckland (1993)Google Scholar
  40. 40.
    Keller, C., Lasson, M.: Parametricity in an impredicative sort. In: Cégielski, P., Durand, A. (eds.) CSL 2012. LIPIcs, vol. 16, pp. 381–395. Schloss Dagstuhl–Leibniz-Zentrum für Informatik (2012)Google Scholar
  41. 41.
    Knuth, D.E., Morris, J.H., Pratt, V.R.: Fast pattern matching in strings. SIAM J. Comput. 6(2), 323–350 (1977)MathSciNetCrossRefzbMATHGoogle Scholar
  42. 42.
    Krauss, A.: Partial recursive functions in higher-order logic. In: Furbach, U., Shankar, N. (eds.) IJCAR 2006. LNCS (LNAI), vol. 4130, pp. 589–603. Springer, Heidelberg (2006). doi: 10.1007/11814771_48 CrossRefGoogle Scholar
  43. 43.
    Krauss, A.: Recursive definitions of monadic functions. In: Bove, A., Komendantskaya, E., Niqui, M. (eds.) PAR 2010. EPTCS, vol. 43, pp. 1–13 (2010)Google Scholar
  44. 44.
    van Laarhoven, T.: Knuth-Morris-Pratt in Haskell (2007).
  45. 45.
    Leino, K.R.M.: Automating theorem proving with SMT. In: Blazy, S., Paulin-Mohring, C., Pichardie, D. (eds.) ITP 2013. LNCS, vol. 7998, pp. 2–16. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-39634-2_2 CrossRefGoogle Scholar
  46. 46.
    Leino, K.R.M., Moskal, M.: Co-induction simply: automatic co-inductive proofs in a program verifier. In: Jones, C., Pihlajasaari, P., Sun, J. (eds.) FM 2014. LNCS, vol. 8442, pp. 382–398. Springer, Heidelberg (2014). doi: 10.1007/978-3-319-06410-9_27 CrossRefGoogle Scholar
  47. 47.
    Lochbihler, A.: Probabilistic functions and cryptographic oracles in higher order logic. In: Thiemann, P. (ed.) ESOP 2016. LNCS, vol. 9632, pp. 503–531. Springer, Heidelberg (2016). doi: 10.1007/978-3-662-49498-1_20 CrossRefGoogle Scholar
  48. 48.
    Lochbihler, A., Hölzl, J.: Recursive functions on lazy lists via domains and topologies. In: Klein, G., Gamboa, R. (eds.) ITP 2014. LNCS, vol. 8558, pp. 341–357. Springer, Heidelberg (2014). doi: 10.1007/978-3-319-08970-6_22 Google Scholar
  49. 49.
  50. 50.
    Lucanu, D., Goriac, E.-I., Caltais, G., Roşu, G.: CIRC: a behavioral verification tool based on circular coinduction. In: Kurz, A., Lenisa, M., Tarlecki, A. (eds.) CALCO 2009. LNCS, vol. 5728, pp. 433–442. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-03741-2_30 CrossRefGoogle Scholar
  51. 51.
    Milius, S.: Completely iterative algebras and completely iterative monads. Inf. Comput. 196(1), 1–41 (2005)MathSciNetCrossRefzbMATHGoogle Scholar
  52. 52.
    Milius, S., Moss, L.S., Schwencke, D.: Abstract GSOS rules and a modular treatment of recursive definitions. Log. Meth. Comput. Sci. 9(3:28), 1–52 (2013)MathSciNetzbMATHGoogle Scholar
  53. 53.
    Moss, L.S.: Parametric corecursion. Theor. Comput. Sci. 260(1–2), 139–163 (2001)MathSciNetCrossRefzbMATHGoogle Scholar
  54. 54.
    de Moura, L., Kong, S., Avigad, J., van Doorn, F., von Raumer, J.: The Lean theorem prover (system description). In: Felty, A.P., Middeldorp, A. (eds.) CADE 2015. LNCS (LNAI), vol. 9195, pp. 378–388. Springer, Heidelberg (2015). doi: 10.1007/978-3-319-21401-6_26 CrossRefGoogle Scholar
  55. 55.
    Myreen, M.O.: Functional programs: conversions between deep and shallow embeddings. In: Beringer, L., Felty, A. (eds.) ITP 2012. LNCS, vol. 7406, pp. 412–417. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-32347-8_29 CrossRefGoogle Scholar
  56. 56.
    Nipkow, T., Paulson, L.C., Wenzel, M.: Isabelle/HOL: A Proof Assistant for Higher-Order Logic. Springer, Heidelberg (2002)CrossRefzbMATHGoogle Scholar
  57. 57.
    Paulson, L.C.: A fixedpoint approach to implementing (co)inductive definitions. In: Bundy, A. (ed.) CADE 1994. LNCS, vol. 814, pp. 148–161. Springer, Heidelberg (1994). doi: 10.1007/3-540-58156-1_11 CrossRefGoogle Scholar
  58. 58.
    Paulson, L.C.: Mechanizing coinduction and corecursion in higher-order logic. J. Log. Comput. 7(2), 175–204 (1997)MathSciNetCrossRefzbMATHGoogle Scholar
  59. 59.
    Pous, D.: Coinduction all the way up. In: Grohe, M., Koskinen, E., Shankar, N. (eds.) LICS 2016, pp. 307–316. ACM (2016)Google Scholar
  60. 60.
    Reynolds, J.C.: Types, abstraction and parametric polymorphism. In: Mason, R.E.A. (ed.) IFIP 1983, pp. 513–523. North-Holland/IFIP (1983)Google Scholar
  61. 61.
    Rot, J., Bonsangue, M., Rutten, J.: Coalgebraic bisimulation-up-to. In: Emde Boas, P., Groen, F.C.A., Italiano, G.F., Nawrocki, J., Sack, H. (eds.) SOFSEM 2013. LNCS, vol. 7741, pp. 369–381. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-35843-2_32 CrossRefGoogle Scholar
  62. 62.
    Rutten, J.J.M.M.: Automata and coinduction (an exercise in coalgebra). In: Sangiorgi, D., Simone, R. (eds.) CONCUR 1998. LNCS, vol. 1466, pp. 194–218. Springer, Heidelberg (1998). doi: 10.1007/BFb0055624 CrossRefGoogle Scholar
  63. 63.
    Slind, K.: Function definition in higher-order logic. In: Goos, G., Hartmanis, J., Leeuwen, J., Wright, J., Grundy, J., Harrison, J. (eds.) TPHOLs 1996. LNCS, vol. 1125, pp. 381–397. Springer, Heidelberg (1996). doi: 10.1007/BFb0105417 CrossRefGoogle Scholar
  64. 64.
    Slind, K., Norrish, M.: A brief overview of HOL4. In: Mohamed, O.A., Muñoz, C., Tahar, S. (eds.) TPHOLs 2008. LNCS, vol. 5170, pp. 28–32. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-71067-7_6 CrossRefGoogle Scholar
  65. 65.
    Thibodeau, D., Cave, A., Pientka, B.: Indexed codata types. In: Sumii, E. (ed.) ICFP 2016. ACM (2016)Google Scholar
  66. 66.
    Traytel, D.: Formal languages, formally and coinductively. In: Kesner, D., Pientka, B. (eds.) FSCD. LIPIcs, vol. 52, pp. 31:1–31:17. Schloss Dagstuhl–Leibniz-Zentrum für Informatik (2016)Google Scholar
  67. 67.
    Traytel, D., Popescu, A., Blanchette, J.C.: Foundational, compositional (co)datatypes for higher-order logic: category theory applied to theorem proving. In: LICS 2012, pp. 596–605. IEEE Computer Society (2012)Google Scholar
  68. 68.
    Turner, D.A.: Elementary strong functional programming. In: Hartel, P.H., Plasmeijer, R. (eds.) FPLE 1995. LNCS, vol. 1022, pp. 1–13. Springer, Heidelberg (1995). doi: 10.1007/3-540-60675-0_35 CrossRefGoogle Scholar
  69. 69.
    Wadler, P.: Theorems for free! In: Stoy, J.E. (ed.) FPCA 1989, pp. 347–359. ACM (1989)Google Scholar
  70. 70.
    Winskel, G.: A note on model checking the modal \(\nu \)-calculus. Theor. Comput. Sci. 83(1), 157–167 (1991)MathSciNetCrossRefzbMATHGoogle Scholar

Copyright information

© Springer-Verlag GmbH Germany 2017

Authors and Affiliations

  • Jasmin Christian Blanchette
    • 1
    • 2
    Email author
  • Aymeric Bouzy
    • 3
  • Andreas Lochbihler
    • 4
  • Andrei Popescu
    • 5
    • 6
  • Dmitriy Traytel
    • 4
    Email author
  1. 1.Vrije Universiteit AmsterdamAmsterdamThe Netherlands
  2. 2.Inria Nancy – Grand EstNancyFrance
  3. 3.Laboratoire d’informatiqueÉcole PolytechniquePalaiseauFrance
  4. 4.Department of Computer ScienceInstitute of Information SecurityETH ZürichSwitzerland
  5. 5.Department of Computer ScienceMiddlesex UniversityLondonUK
  6. 6.Institute of Mathematics Simion Stoilow of the Romanian AcademyBucharestRomania

Personalised recommendations