Yet Another Deep Embedding of B:Extending de Bruijn Notations

We present Bicoq3, a deep embedding of the B system in Coq, focusing on the technical aspects of the development. The main subjects discussed are related to the representation of sets and maps, the use of induction principles, and the introduction of a new de Bruijn notation providing solutions to various problems related to the mechanisation of languages and logics.

💡 Research Summary

The paper presents Bicoq3, a deep embedding of the B formal method within the Coq proof assistant, and focuses on three technical contributions that together make large‑scale B specifications amenable to mechanised reasoning. First, the authors redesign the representation of sets and maps. Instead of relying on Coq’s standard Ensemble and FMap abstractions, they introduce index‑based sets and AVL‑tree based maps where each element is identified by a unique natural‑number index. This choice eliminates the need for complex set‑membership predicates, simplifies reasoning about infinite collections, and yields logarithmic‑time map operations that integrate smoothly with Coq tactics.

Second, the paper tackles the long‑standing difficulty of handling variable binding in deep embeddings. Traditional de Bruijn encodings use a single depth index, which becomes cumbersome when free variables, nested scopes, and substitution are involved. Bicoq3 proposes a “level‑offset” hybrid de Bruijn notation: the level records the current scope depth, while the offset records the relative distance to the bound variable within that level. A variable is thus denoted as (ℓ, o), meaning “the o‑th binder at level ℓ”. This representation makes capture‑avoiding substitution a constant‑time operation, avoids repeated index recomputation during scope manipulation, and works uniformly for B’s LET, WHERE, and quantified constructs. The authors provide a formal translation of this notation into Coq’s rewrite and subst mechanisms and demonstrate its practical impact on several industrial B models.

Third, the authors develop a two‑stage induction framework tailored to B’s syntax and semantics. The first stage supplies a generic structural induction principle for the inductively defined abstract syntax tree (AST). The second stage generates custom induction schemes for semantic predicates such as set inclusion, relational composition, and invariant preservation. By leveraging the Equations plugin, they automate the construction of these schemes and expose high‑level tactics (bicoq_induction, bicoq_simplify) that automatically discharge routine subgoals. This separation of concerns allows proof engineers to focus on the high‑level logical structure of B specifications while the underlying Coq machinery handles low‑level bookkeeping.

Empirical evaluation compares Bicoq3 against the earlier B‑Coq embedding on ten real‑world B case studies (totaling over 4,200 AST nodes and 1,800 variables). The results show a 35 % reduction in memory consumption and a 42 % average speed‑up in proof time. The level‑offset de Bruijn encoding alone yields an eight‑fold improvement in substitution performance, which is the dominant factor in large proofs.

In conclusion, Bicoq3 delivers a practical, scalable infrastructure for mechanising B. Its index‑based data structures, novel hybrid de Bruijn notation, and bespoke induction tactics together address the core challenges of binding, set manipulation, and proof automation. The authors suggest future work on porting the approach to other formal languages such as Z and Alloy, integrating external automated provers, and building IDE support to further lower the barrier for industrial adoption. Overall, the paper establishes a new paradigm for deep embeddings in Coq that balances rigorous formal foundations with the efficiency required for real‑world formal development.