Results 1  10
of
38
Formal certification of a compiler backend, or: programming a compiler with a proof assistant
 IN PROC. 33RD ACM SYMPOSIUM ON PRINCIPLES OF PROGRAMMING LANGUAGES (POPL ’06
, 2006
"... This paper reports on the development and formal certification (proof of semantic preservation) of a compiler from Cminor (a Clike imperative language) to PowerPC assembly code, using the Coq proof assistant both for programming the compiler and for proving its correctness. Such a certified compile ..."
Abstract

Cited by 226 (14 self)
 Add to MetaCart
This paper reports on the development and formal certification (proof of semantic preservation) of a compiler from Cminor (a Clike imperative language) to PowerPC assembly code, using the Coq proof assistant both for programming the compiler and for proving its correctness. Such a certified compiler is useful in the context of formal methods applied to the certification of critical software: the certification of the compiler guarantees that the safety properties proved on the source code hold for the executable compiled code as well.
Program extraction from normalization proofs
 Typed Lambda Calculi and Applications, number 664 in Lecture Notes in Computer Science
, 1993
"... This paper describes formalizations of Tait’s normalization proof for the simply typed λcalculus in the proof assistants Minlog, Coq and Isabelle/HOL. From the formal proofs programs are machineextracted that implement variants of the wellknown normalizationbyevaluation algorithm. The case stud ..."
Abstract

Cited by 60 (5 self)
 Add to MetaCart
This paper describes formalizations of Tait’s normalization proof for the simply typed λcalculus in the proof assistants Minlog, Coq and Isabelle/HOL. From the formal proofs programs are machineextracted that implement variants of the wellknown normalizationbyevaluation algorithm. The case study is used to test and compare the program extraction machineries of the three proof assistants in a nontrivial setting. 1
Ynot: Dependent types for imperative programs
 In Proceedings of ICFP 2008
, 2008
"... We describe an axiomatic extension to the Coq proof assistant, that supports writing, reasoning about, and extracting higherorder, dependentlytyped programs with sideeffects. Coq already includes a powerful functional language that supports dependent types, but that language is limited to pure, t ..."
Abstract

Cited by 36 (10 self)
 Add to MetaCart
We describe an axiomatic extension to the Coq proof assistant, that supports writing, reasoning about, and extracting higherorder, dependentlytyped programs with sideeffects. Coq already includes a powerful functional language that supports dependent types, but that language is limited to pure, total functions. The key contribution of our extension, which we call Ynot, is the added support for computations that may have effects such as nontermination, accessing a mutable store, and throwing/catching exceptions. The axioms of Ynot form a small trusted computing base which has been formally justified in our previous work on Hoare Type Theory (HTT). We show how these axioms can be combined with the powerful type and abstraction mechanisms of Coq to build higherlevel reasoning mechanisms which in turn can be used to build realistic, verified software components. To substantiate this claim, we describe here a representative series of modules that implement imperative finite maps, including support for a higherorder (effectful) iterator. The implementations range from simple (e.g., association lists) to complex (e.g., hash tables) but share a common interface which abstracts the implementation details and ensures that the modules properly implement the finite map abstraction.
Filters on coinductive streams, an application to eratosthenes’ sieve
 Typed Lambda Calculi and Applications, 7th International Conference, TLCA 2005
, 2005
"... Our objective is to describe a formal proof of correctness for the following Haskell [13] program in a type theorybased proof verification system, such as the Coq system [10, 1]. sieve (p:rest) = p:sieve [r  r < rest, r ‘rem ‘ p / = 0] primes = sieve [2..] This program is a functional implementa ..."
Abstract

Cited by 22 (5 self)
 Add to MetaCart
Our objective is to describe a formal proof of correctness for the following Haskell [13] program in a type theorybased proof verification system, such as the Coq system [10, 1]. sieve (p:rest) = p:sieve [r  r < rest, r ‘rem ‘ p / = 0] primes = sieve [2..] This program is a functional implementation of Eratosthenes ’ sieve that consists in removing all multiples of previously found primes from the sequence of natural numbers. We want to prove that the expression primes is the stream containing all the prime numbers in increasing order. This work relies on coinductive types [5, 11, 12] because the program manipulates infinite lists, also known as streams. It first uses the infinite list of natural numbers larger than 2, then the infinite list of numbers larger than 3 and containing no multiples of 2, then the infinite list of numbers larger than 4 and containing no multiples of prime numbers smaller than 4, and so on. This example was initially proposed as a challenge by G. Kahn and used as an illustration of a program and its proof of correctness in a
CCoRN, the Constructive Coq Repository at Nijmegan
"... We present CCoRN, the Constructive Coq Repository at Nijmegen. It consists of a library of constructive algebra and analysis, formalized in the theorem prover Coq. In this paper we explain the structure, the contents and the use of the library. Moreover we discuss the motivation and the (possible) ..."
Abstract

Cited by 18 (9 self)
 Add to MetaCart
We present CCoRN, the Constructive Coq Repository at Nijmegen. It consists of a library of constructive algebra and analysis, formalized in the theorem prover Coq. In this paper we explain the structure, the contents and the use of the library. Moreover we discuss the motivation and the (possible) applications of such a library.
Functors for Proofs and Programs
, 2003
"... This paper presents the formal verication with the Coq proof assistant of several applicative data structures implementing nite sets. These implementations are parameterized by an ordered type for the elements, using functors from the ML module system. The verication follows closely this scheme, ..."
Abstract

Cited by 17 (3 self)
 Add to MetaCart
This paper presents the formal verication with the Coq proof assistant of several applicative data structures implementing nite sets. These implementations are parameterized by an ordered type for the elements, using functors from the ML module system. The verication follows closely this scheme, using the newly Coq module system.
Ynot: Reasoning with the awkward squad
 In ACM SIGPLAN International Conference on Functional Programming
, 2008
"... We describe an axiomatic extension to the Coq proof assistant, that supports writing, reasoning about, and extracting higherorder, dependentlytyped programs with sideeffects. Coq already includes a powerful functional language that supports dependent types, but that language is limited to pure, t ..."
Abstract

Cited by 16 (0 self)
 Add to MetaCart
We describe an axiomatic extension to the Coq proof assistant, that supports writing, reasoning about, and extracting higherorder, dependentlytyped programs with sideeffects. Coq already includes a powerful functional language that supports dependent types, but that language is limited to pure, total functions. The key contribution of our extension, which we call Ynot, is the added support for computations that may have effects such as nontermination, accessing a mutable store, and throwing/catching exceptions. The axioms of Ynot form a small trusted computing base which has been formally justified in our previous work on Hoare Type Theory (HTT). We show how these axioms can be combined with the powerful type and abstraction mechanisms of Coq to build higherlevel reasoning mechanisms which in turn can be used to build realistic, verified software components. To substantiate this claim, we describe here a representative series of modules that implement imperative finite maps, including support for a higherorder (effectful) iterator. The implementations range from simple (e.g., association lists) to complex (e.g., hash tables) but share a common interface which abstracts the implementation details and ensures that the modules properly implement the finite map abstraction.
PROGRAMing finger trees in Coq
 In ACM SIGPLAN International Conference on Functional Programming. Association for Computing Machinery
, 2007
"... Finger Trees (Hinze and Paterson 2006) are a general purpose persistent data structure with good performance. Their genericity permits developing a wealth of structures like ordered sequences or interval trees on top of a single implementation. However, the type systems used by current functional la ..."
Abstract

Cited by 12 (0 self)
 Add to MetaCart
Finger Trees (Hinze and Paterson 2006) are a general purpose persistent data structure with good performance. Their genericity permits developing a wealth of structures like ordered sequences or interval trees on top of a single implementation. However, the type systems used by current functional languages do not guarantee the coherent parameterization and specialization of Finger Trees, let alone the correctness of their implementation.We present a certified implementation of Finger Trees solving these problems using the PROGRAM extension of COQ. We not only implement the structure but also prove its invariants along the way, which permit building certified structures on top of Finger Trees in an elegant way. Categories and Subject Descriptors D.2.4 [Software/Program
A code generator framework for Isabelle/HOL
 Department of Computer Science, University of Kaiserslautern
, 2007
"... Abstract. We present a code generator framework for Isabelle/HOL. It formalizes the intermediate stages between the purely logical description in terms of equational theorems and a programming language. Correctness of the translation is established by giving the intermediate languages (a subset of H ..."
Abstract

Cited by 10 (4 self)
 Add to MetaCart
Abstract. We present a code generator framework for Isabelle/HOL. It formalizes the intermediate stages between the purely logical description in terms of equational theorems and a programming language. Correctness of the translation is established by giving the intermediate languages (a subset of Haskell) an equational semantics and relating it back to the logical level. To allow code generation for SML, we present and prove correct a (dictionarybased) translation eliminating type classes. The design of our framework covers different functional target languages. 1 Introduction and related work Executing formal specifications is a wellestablished topic and many theorem provers support this activity by generating code in a standard programming language from a logical description, typically by translating an internal functional language to an external one:
QArith: Coq formalisation of lazy rational arithmetic
 Types for Proofs and Programs, volume 3085 of LNCS
, 2003
"... Abstract. In this paper we present the Coq formalisation of the QArith library which is an implementation of rational numbers as binary sequences for both lazy and strict computation. We use the representation also known as the SternBrocot representation for rational numbers. This formalisation use ..."
Abstract

Cited by 9 (2 self)
 Add to MetaCart
Abstract. In this paper we present the Coq formalisation of the QArith library which is an implementation of rational numbers as binary sequences for both lazy and strict computation. We use the representation also known as the SternBrocot representation for rational numbers. This formalisation uses advanced machinery of the Coq theorem prover and applies recent developments in formalising general recursive functions. This formalisation highlights the rôle of type theory both as a tool to verify handwritten programs and as a tool to generate verified programs. 1