Results 1 
4 of
4
Inductive Proof Automation for Coq
"... We introduce inductive proof automation for Coq that supports reasoning about inductively defined data types and recursively defined functions. This includes support for proofs involving case splits and situations where multiple inductive hypotheses appear in step case proofs. The automation uses th ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
(Show Context)
We introduce inductive proof automation for Coq that supports reasoning about inductively defined data types and recursively defined functions. This includes support for proofs involving case splits and situations where multiple inductive hypotheses appear in step case proofs. The automation uses the rippling heuristic to control rewriting in step case proofs and uses heuristics for generalising goals. Additionally, the automation caches lemmas found during proof attempts so that these lemmas may be reused in future proofs. We show that the techniques we present provide a highlevel of automation for inductive proofs that improves upon what is already available in Coq. We also discuss a technique that, by inspecting finished proofs, can identify and then remove irrelevant subformulae from cached lemmas, making the latter more reusable. Finally, we compare our work to related research in the field. 1
Foundational propertybased testing
, 2015
"... Abstract Integrating propertybased testing with a proof assistant creates an interesting opportunity: reusable or tricky testing code can be formally verified using the proof assistant itself. In this work we introduce a novel methodology for formally verified propertybased testing and implement i ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
(Show Context)
Abstract Integrating propertybased testing with a proof assistant creates an interesting opportunity: reusable or tricky testing code can be formally verified using the proof assistant itself. In this work we introduce a novel methodology for formally verified propertybased testing and implement it as a foundational verification framework for QuickChick, a port of QuickCheck to Coq. Our framework enables one to verify that the executable testing code is testing the right Coq property. To make verification tractable, we provide a systematic way for reasoning about the set of outcomes a random data generator can produce with nonzero probability, while abstracting away from the actual probabilities. Our framework is firmly grounded in a fully verified implementation of QuickChick itself, using the same underlying verification methodology. We also apply this methodology to a complex case study on testing an informationflow control abstract machine, demonstrating that our verification methodology is modular and scalable and that it requires minimal changes to existing code. 1
QuickChick: PropertyBased Testing for Coq
, 2014
"... Codesigning software or hardware systems and their formal proofs is an appealing idea, with the expectation that the rigor enforced by formal methods will percolate the whole design. In practice however, carrying out formal proofs while designing even a relatively simple system can be an exercise ..."
Abstract
 Add to MetaCart
(Show Context)
Codesigning software or hardware systems and their formal proofs is an appealing idea, with the expectation that the rigor enforced by formal methods will percolate the whole design. In practice however, carrying out formal proofs while designing even a relatively simple system can be an exercise in frustration, with a great deal of time spent attempting to prove things about broken definitions, and countless iterations for discovering the correct lemmas and strengthening inductive invariants. We believe that propertybased testing (PBT) can dramatically decrease the number of failed proof attempts and reduce the overall cost of producing formally verified systems. Despite the existence of experimental tools [Wil11], Coq is still lagging behind proof assistants like Isabelle, which provides several mature PBT tools (e.g. [Bul12]). We aim to improve the PBT support in Coq, while also investigating several innovations we could add into the mix like polarized mutation testing and a languagebased approach to custom generation. We are also exploring whether PBT could bring more confidence to the implementation of Coq itself. 1 A random testing framework for Coq As a first step, we implemented a prototype1 PBT framework for Coq, very similar to QuickCheck [CH00]. We then took a previous development that was using QuickCheck to test noninterference for increasingly
unknown title
, 2009
"... The discovery of unknown lemmas, casesplits and other so called eureka steps are challenging problems for automated theorem proving and have generally been assumed to require user intervention. This thesis is mainly concerned with the automated discovery of inductive lemmas. We have explored two ..."
Abstract
 Add to MetaCart
(Show Context)
The discovery of unknown lemmas, casesplits and other so called eureka steps are challenging problems for automated theorem proving and have generally been assumed to require user intervention. This thesis is mainly concerned with the automated discovery of inductive lemmas. We have explored two approaches based on failure recovery and theory formation, with the aim of improving automation of firstand higherorder inductive proofs in the IsaPlanner system. We have implemented a lemma speculation critic which attempts to find a missing lemma using information from a failed proofattempt. However, we found few proofs for which this critic was applicable and successful. We have also developed a program for inductive theory formation, which we call IsaCoSy. IsaCoSy was evaluated on different inductive theories about natural numbers, lists and binary trees, and found to successfully produce many relevant theorems and lemmas. Using a background theory produced by IsaCoSy, it was possible for IsaPlanner to automatically prove more new theorems than with lemma speculation.