Hybrid: A Definitional Two-Level Approach to Reasoning with Higher-Order Abstract Syntax

Combining higher-order abstract syntax and (co)induction in a logical framework is well known to be problematic. Previous work described the implementation of a tool called Hybrid, within Isabelle HOL, which aims to address many of these difficulties. It allows object logics to be represented using higher-order abstract syntax, and reasoned about using tactical theorem proving and principles of (co)induction. In this paper we describe how to use it in a multi-level reasoning fashion, similar in spirit to other meta-logics such as Twelf. By explicitly referencing provability in a middle layer called a specification logic, we solve the problem of reasoning by (co)induction in the presence of non-stratifiable hypothetical judgments, which allow very elegant and succinct specifications of object logic inference rules.

💡 Research Summary

The paper presents Hybrid, a tool built on top of Isabelle/HOL and Coq that enables the combination of higher‑order abstract syntax (HOAS) with (co)inductive reasoning in a logical framework. The authors identify the long‑standing difficulty of using HOAS together with induction: HOAS encodes object‑level binders as meta‑level λ‑abstractions, which makes substitution trivial, but the resulting object‑level definitions often contain negative occurrences of the very predicates they define. Such negative occurrences break the usual positivity conditions required for inductive types and prevent straightforward use of induction or co‑induction in proof assistants.

Hybrid resolves this by introducing a three‑layer architecture. The outermost layer is the proof assistant itself (the “meta‑meta” logic). Inside it sits a definitional HOAS meta‑language that represents object terms using a de Bruijn encoding; this layer provides the usual HOAS conveniences (α‑conversion, capture‑avoiding substitution) without adding any axioms. The middle layer is a specification logic (SL), a small sequent‑calculus style logic that is used to state the inference rules of the object logic (OL) and to explicitly handle hypothetical judgments. In practice, when an OL rule requires a premise such as “if Γ ⊢ A then …”, the SL records this as “Γ proves A” and the proof of that premise is delegated to the SL. Consequently, the OL can contain negative occurrences, yet induction can be performed on the SL derivations, which are well‑behaved inductive definitions in Isabelle/HOL/Coq.

The paper demonstrates the approach with two case studies. The first encodes a simply‑typed call‑by‑value λ‑calculus (Mini‑ML) together with a recursion operator, using an intuitionistic specification logic. The authors formalise the typing rules in the SL, then prove the classic subject‑reduction theorem (type preservation) by a single inductive proof on SL derivations. The second case study tackles a continuation‑machine semantics for the same language, but this time the operational rules are expressed in a non‑commutative linear logic. By swapping the SL for a linear logic, the same Hybrid infrastructure can reason about resource‑sensitive computations without re‑implementing unification or search algorithms; the proof of subject reduction proceeds analogously to the first example.

Key advantages of Hybrid are highlighted:

• Definitional trustworthiness – All properties of constructors (freeness, extensionality) are proved inside Isabelle/HOL/Coq; no extra axioms are introduced, so consistency follows from the host proof assistant.
• Automation‑friendly two‑level reasoning – The SL makes hypothetical judgments first‑class objects that can be manipulated by Isabelle/Coq tactics. Induction, case analysis (via the defL rule), and co‑induction are all available as standard proof‑assistant features, reducing the manual overhead typical of meta‑logics such as FOλΔΝ or Linc.
• Flexibility of the specification layer – Different SLs (intuitionistic, linear, relevant, bunched, etc.) can be plugged in without changing the underlying HOAS encoding. The only requirement is a cut‑elimination proof for the SL, which the authors provide for their examples.
• Reuse of existing proof‑assistant infrastructure – Since Hybrid lives inside Isabelle/HOL or Coq, it inherits powerful automation (simp, auto, sledgehammer, etc.), type inference, and a mature term language. This avoids the need to implement dedicated unification or search procedures that are required in stand‑alone logical frameworks such as Twelf or Abella.

The authors compare Hybrid with Twelf, FOλΔΝ, Linc, and Abella. While Twelf provides a built‑in notion of meta‑logic and a separate totality checker, Hybrid achieves similar expressiveness by reusing the host proof assistant’s logic, thereby sidestepping the need for a separate meta‑theory (e.g., cut‑elimination or strong normalisation proofs). Compared with FOλΔΝ and Linc, Hybrid’s SL is not fixed; it can be swapped out, which the authors argue leads to a more modular and experimentally friendly environment.

The paper also discusses practical considerations. Introducing an explicit SL adds a layer of indirection, which can increase proof script size and require a “meta‑interpreter” to drive SL derivations. However, the authors show that well‑designed tactics can hide this overhead, making the user experience comparable to direct HOAS reasoning. They also note that their current implementation uses the older “old‑style” Isabelle tactics rather than the newer Isar language, but they plan to migrate to current Isabelle versions.

In conclusion, Hybrid offers a pragmatic, definitional, and highly automated framework for combining HOAS with (co)induction. By separating object‑level specifications from meta‑level reasoning through an explicit specification logic, it resolves the traditional positivity problem and enables concise, trustworthy proofs of language metatheory. The two demonstrated case studies illustrate both the ease of encoding simple functional languages and the ability to handle more sophisticated sub‑structural logics. The authors anticipate that Hybrid will serve as a rapid‑prototyping platform for new logical frameworks, allowing researchers to experiment with alternative specification logics while leveraging the mature automation of Isabelle/HOL and Coq.