Coq, a formal proof development environment combining logic and programming. Hugo Herbelin

Similar documents
Introduction to the Calculus of Inductive Definitions

Formal proofs and certified computation in Coq

Deductive Program Verification with Why3, Past and Future

Numerical Computations and Formal Methods

Provably Correct Software

Inductive data types (I)

Isabelle/HOL:Selected Features and Recent Improvements

Combining Programming with Theorem Proving

Synthesis of distributed mobile programs using monadic types in Coq

Induction in Coq. Nate Foster Spring 2018

Bidirectional Certified Programming

Infinite Objects and Proofs 1

Preuves Interactives et Applications

On Agda JAIST/AIST WS CVS/AIST Yoshiki Kinoshita, Yoriyuki Yamagata. Agenda

Programs and Proofs in Isabelle/HOL

Ideas over terms generalization in Coq

Mathematics for Computer Scientists 2 (G52MC2)

Functional Programming with Isabelle/HOL

Introduction to the Coq proof assistant First part

c constructor P, Q terms used as propositions G, H hypotheses scope identifier for a notation scope M, module identifiers t, u arbitrary terms

Coq quick reference. Category Example Description. Inductive type with instances defined by constructors, including y of type Y. Inductive X : Univ :=

Improving Coq Propositional Reasoning Using a Lazy CNF Conversion

Inductive data types

Introduction to dependent types in Coq

Refinements for free! 1

Functional Programming in Coq. Nate Foster Spring 2018

Types Summer School Gothenburg Sweden August Dogma oftype Theory. Everything has a type

Analysis of dependent types in Coq through the deletion of the largest node of a binary search tree

Mathematics for Computer Scientists 2 (G52MC2)

Specification, Verification, and Interactive Proof

Introduction to Coq Proof Assistant

On a few open problems of the Calculus of Inductive Constructions and on their practical consequences

SJTU SUMMER 2014 SOFTWARE FOUNDATIONS. Dr. Michael Clarkson

August 5-10, 2013, Tsinghua University, Beijing, China. Polymorphic types

Adam Chlipala University of California, Berkeley ICFP 2006

Automated verification of termination certificates

10 Years of Partiality and General Recursion in Type Theory

Automata and Formal Languages - CM0081 Introduction to Agda

A Formalization of Convex Polyhedra based on the Simplex Method

Embedding logics in Dedukti

Programming with dependent types: passing fad or useful tool?

Formalization of Incremental Simplex Algorithm by Stepwise Refinement

Coq in a Hurry. Yves Bertot

HOL DEFINING HIGHER ORDER LOGIC LAST TIME ON HOL CONTENT. Slide 3. Slide 1. Slide 4. Slide 2 WHAT IS HIGHER ORDER LOGIC? 2 LAST TIME ON HOL 1

CS 456 (Fall 2018) Scribe Notes: 2

ABriefOverviewofAgda A Functional Language with Dependent Types

Introduction to Co-Induction in Coq

λ calculus is inconsistent

The design of a programming language for provably correct programs: success and failure

Interactive Theorem Proving in Higher-Order Logics

Static and User-Extensible Proof Checking. Antonis Stampoulis Zhong Shao Yale University POPL 2012

First-Class Type Classes

Coq with Classes. Matthieu Sozeau. Journées PPS 2011 September 5th 2011 Trouville, France. Project Team πr 2 INRIA Paris

A NEW PROOF-ASSISTANT THAT REVISITS HOMOTOPY TYPE THEORY THE THEORETICAL FOUNDATIONS OF COQ USING NICOLAS TABAREAU

Functional Programming

Why. an intermediate language for deductive program verification

An intuitionistic proof of a discrete form of the Jordan Curve Theorem formalized in Coq with combinatorial hypermaps

Towards Coq Formalisation of {log} Set Constraints Resolution

Why3 where programs meet provers

CIS 500: Software Foundations

Theorem Proving Principles, Techniques, Applications Recursion

Beluga: A Framework for Programming and Reasoning with Deductive Systems (System Description)

A Coq tutorial for confirmed Proof system users

type classes & locales

ATS: a language to make typeful programming real and fun

A NEW PROOF-ASSISTANT THAT REVISITS HOMOTOPY TYPE THEORY THE THEORETICAL FOUNDATIONS OF COQ USING NICOLAS TABAREAU

Functional programming languages

Coq projects for type theory 2018

COMP 4161 Data61 Advanced Course. Advanced Topics in Software Verification. Gerwin Klein, June Andronick, Christine Rizkallah, Miki Tanaka

Programming Proofs and Proving Programs. Nick Benton Microsoft Research, Cambridge

Inductive Definitions, continued

Formal Verification of Floating-Point programs

A Certified Reduction Strategy for Homological Image Processing

LASER 2011 Summerschool Elba Island, Italy Basics of COQ

Introduction to Homotopy Type Theory

Programming with C Library Functions Safely

Deductive Program Verification with Why3

As Natural as 0, 1, 2. Philip Wadler University of Edinburgh

The type system of Axiom

CS152: Programming Languages. Lecture 11 STLC Extensions and Related Topics. Dan Grossman Spring 2011

Turning proof assistants into programming assistants

Programming with (co-)inductive types in Coq

The Coq Proof Assistant A Tutorial

Importing HOL-Light into Coq

Verification in Coq. Prof. Clarkson Fall Today s music: Check Yo Self by Ice Cube

Program Verification Through Characteristic Formulae

Design of an Interactive Digital Library of Formal Algorithmic Knowledge

Lists. Michael P. Fourman. February 2, 2010

The Lean Theorem Prover (system description)

Machine-checked proofs of program correctness

Organisatorials. About us. Binary Search (java.util.arrays) When Tue 9:00 10:30 Thu 9:00 10:30. COMP 4161 NICTA Advanced Course

Ivor, a Proof Engine

SMT-LIB for HOL. Daniel Kroening Philipp Rümmer Georg Weissenbacher Oxford University Computing Laboratory. ITP Workshop MSR Cambridge 25 August 2009

Intrinsically Typed Reflection of a Gallina Subset Supporting Dependent Types for Non-structural Recursion of Coq

CIS 500 Software Foundations. Midterm I. (Standard and advanced versions together) October 1, 2013 Answer key

Formally Certified Satisfiability Solving

Coq. LASER 2011 Summerschool Elba Island, Italy. Christine Paulin-Mohring

A Certified Implementation of a Distributed Security Logic

SOFTWARE VERIFICATION AND COMPUTER PROOF (lesson 1) Enrico Tassi Inria Sophia-Antipolis

3.4 Deduction and Evaluation: Tools Conditional-Equational Logic

Transcription:

Coq, a formal proof development environment combining logic and programming Hugo Herbelin 1

Coq in a nutshell (http://coq.inria.fr) A logical formalism that embeds an executable typed programming language: the Calculus of Inductive Constructions [Coquand-Paulin 1988] A small trustable kernel that checks that proofs are correct A high-level concrete language of functions and specifications Inductive bool := true false. Definition neg c := match c with true => false false => true end. Theorem neg_involutive : forall c:bool, neg (neg c) = c. A language of semi-interactive tactics to solve specifications and theorems Theorem neg_involutive : forall c:bool, neg (neg c) = c. Proof. induction c; auto. Qed. Libraries on arithmetics, analysis, logic, data types, algebra An extraction mechanism to ML, Haskell and Scheme 40 direct contributors to the archive over 24 years + a community of users 2

Top applications Certification of a C compiler (Xavier Leroy and the CompCert team) Full formalization of the 4-color theorem proof (Gonthier - Werner) Extensive repository of constructive mathematics (Nijmegen) Certification of a commercial JavaCard applet (Gemalto) Exact real arithmetic Hoare logic toolbox (Y-not, Boston & Cambridge) SAT certification... for an excerpt, see http://coq.inria.fr, link contributions 3

The Calculus of Inductions Constructions (CIC) Terms and types t, u, T, U ::= fun x : T t x t t let x:=t in u c λ-calculus with definitions forall x : T. T dependent types Prop Type n sortes I inductive/coinductive types Contexts of declarations Judgments match t with c x t end C fix i f := t : T cofix i f := t : T pattern-matching on constructors structural recursion Γ ::= ɛ Γ, Definition c := t : T Γ, Parameter x : T Γ, Inductive I 1 ( x : T) : T 1 := C 1 : U 1... with I n ( x : T) : T n := C n : U n Γ T : Prop means T is a formula Γ T : Type n means T is a type Γ t : T means t is a program or a data of type T (if T is a type) Γ t : T means t is a proof of T (if T is a formula) relies on the Curry-Howard identity between proofs and programs 4

The verification kernel 8 000 lines of Objective Caml code out of 190 000 lines for the full Coq CIC terms provide with a notion of cross-verifiable disk-storable proof-object Partly certified in Coq itself (Bruno Barras) 5

The high-level specification and programming languages macro-generation of induction schemes type inference termination evidence nested pattern matching module system Function add (k : key) (x : elt) (s : t elt) {struct s} : t elt := match s with nil => (k,x) :: nil (k,y) :: l => match X.compare k k with end end. LT _ => (k,x)::s EQ _ => (k,x)::l GT _ => (k,y) :: add k x l custom notations and implicit arguments 6

The proof languages A set of tactics ranging from low-level logical rules... e.g. lemma application or induction... to high-level automation tactics e.g. decision of Presburger arithmetic, closed equational reasoning, semi-decision of first-order logic, approximate decision of closed real fields, decision of equality in rings and fields,... L tac : a dedicated functional language for building tactics A mathematical-style proof language Various third-party toolboxes of tactics (written in L tac, in Coq itself, or using ML plugins, or using pipe communicating with Coq 7

The mathematical proof language Lemma even_double_n: (forall m, even (double m)). proof. assume m:nat. per induction on m. suppose it is 0. thus thesis. suppose it is (S mm) and thesis for mm. then H:(even (S (S (mm+mm)))). have (S (S (mm + mm)) = S mm + S mm) using omega. hence (even (S mm +S mm)) by H. end induction. end proof. Qed. 8

Other toolboxes or tactics Gonthier s ssreflect language for reasoning on decidable structures and more U. Penn s LNgen for reasoning on languages with binders Connections to SML solvers and Computer Algebra Systems (Z3, simplify, maple,...) Nowak s toolbox for cryptographic protocols at AIST Termination proof toolboxes The Why, Caduceus and Krakatoa specification languages for certifying ML, C and Java programs Y-not toolbox for reasoning in Hoare logic... 9

Libraries Bundled with Coq - Peano arithmetics in N - Efficient machine-word-based arithmetics in N, Z, Q - Classical real analysis - Programming libraries: lists, finite sets, finite maps - Logical axioms Third-party libraries - Constructive real analysis - Algebra - Group theory - Programming libraries: finger trees, union-find,... 10

An example 11

Advertising the first Asian Coq Summer School Dates: August 24-31, 2009 Location: Tsinghua, Beijing Organization: joint Tsinghua-INRIA team FORMES (Pr. Jean-Pierre Jouannaud and Ming Gu) Web site: http://coqschool-asia.org/wiki/start 12

Main proof assistants Dedicated to the formalization of mathematics: Mizar Dedicated to proof certification: HOL, ACL2 Hybrid systems: Isabelle-HOL and Isabelle-ZF, HOL-light, PVS Hybrid systems combining a functional language and a logic: Coq, Agda2 Other systems: Twelf, Matita,... 13

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback