. We want to prove "automatically" that a program is correct with respect to a set of given properties that is a specification. Proofs of specifications contain logical parts and computational parts. Programs can be seen as computational parts of proofs. They can then be extracted from proofs and be certified to be correct. We focus on the inverse problem : is it possible to reconstruct proof obligations from a program and its specification ? The framework is the type theory where a proof can be represented as a typed -term [Con86, NPS90] and particularly the Calculus of Inductive Constructions [Coq85]. A notion of coherence is introduced between a specification and a program containing annotations as in the Hoare sense. This notion is based on the definition of an extraction function called the weak extraction. Such an annotated program can give a method to reconstruct a set of proof obligations needed to have a proof of the initial specification. This can be seen either as a method o...

The system Coq is an environment for proof development based on the Calculus of Constructions extended by inductive definitions. Functional programs can be extracted from constructive proofs written in Coq. The extracted program and its corresponding proof are strongly related. The idea in this paper is to use this link to have another approach: to give a program and to generate automatically the proof from which it could be extracted. Moreover, we introduce a notion of annotated programs.

In proof checkers and theorem provers (e.g. Coq [4] and ProPre [13]) recursive de nitions of functions are shown to terminate automatically.

. The Coq and ProPre systems show the automated termination of a recursive function by first constructing a tree associated with the specification of the function which satisfies a notion of terminal property and then verifying that this construction process is formally correct. However, those two steps strongly depend on inductive principles and hence Coq and ProPre can only deal with the termination proofs that are inductive. There are however many functions for which the termination proofs are non-inductive. In this article, we attempt to extend the class of functions whose proofs can be done automatically `a la Coq and ProPre to a larger class including functions whose termination proofs are not inductive. We do this by extending the terminal property notion and replacing the verification step above by one that searches for a decreasing measure which can be used to establish the termination of the function. 1 Introduction Termination is an important property in the verification ...

We investigate an automated program synthesis system based on the paradigm of programming by proofs. To automatically extract a -term that computes a recursive function given by a set of equations the system must nd a formal proof of the totality of the given function. Because of the particular logical framework, usually such approaches make it dicult to use techniques such as those in rewriting theory. We overcome this diculty for the automated system that we consider by exploiting product types. As a consequence, this would enable the incorporation of termination techniques used in other areas while still extracting programs.

. This paper deals with a particular approach to the verification of functional programs. A specification of a program can be represented by a logical formula [Con86, NPS90]. In a constructive framework, developing a program then corresponds to proving this formula. Given a specification and a program, we focus on reconstructing a proof of the specification whose algorithmic contents corresponds to the given program. The best we can hope is to generate proof obligations on atomic parts of the program corresponding to logical properties to be verified. First, this paper studies a weak extraction of a program from a proof that keeps track of intermediate specifications. From such a program, we prove the determinism of retrieving proof obligations. Then, heuristic methods are proposed for retrieving the proof from a natural program containing only partial annotations. Finally, the implementation of this method as a tactic of the Coq proof assistant is presented. 1. Introduction A large p...

--no abstract--