Results 1  10
of
10
Certification of automated termination proofs
 In Proc. FroCoS’07
, 2007
"... 2 CÉDRIC – Conservatoire national des arts et métiers Abstract. Nowadays, formal methods rely on tools of different kinds: proof assistants with which the user interacts to discover a proof step by step; and fully automated tools which make use of (intricate) decision procedures. But while some pro ..."
Abstract

Cited by 20 (5 self)
 Add to MetaCart
2 CÉDRIC – Conservatoire national des arts et métiers Abstract. Nowadays, formal methods rely on tools of different kinds: proof assistants with which the user interacts to discover a proof step by step; and fully automated tools which make use of (intricate) decision procedures. But while some proof assistants can check the soundness of a proof, they lack automation. Regarding automated tools, one still has to be satisfied with their answers Yes/No/Donotknow, the validity of which can be subject to question, in particular because of the increasing size and complexity of these tools. In the context of rewriting techniques, we aim at bridging the gap between proof assistants that yield formal guarantees of reliability and highly automated tools one has to trust. We present an approach making use of both shallow and deep embeddings. We illustrate this approach with a prototype based on the CiME rewriting toolbox, which can discover involved termination proofs that can be certified by the COQ proof assistant, using the COCCINELLE library for rewriting. 1
Modular SMT Proofs for Fast Reflexive Checking inside Coq
 FIRST INTERNATIONAL CONFERENCE ON CERTIFIED PROGRAMS AND PROOFS
, 2011
"... We present a new methodology for exchanging unsatisfiability proofs between an untrusted SMT solver and a sceptical proof assistant with computation capabilities like Coq. We advocate modular SMT proofs that separate boolean reasoning and theory reasoning; and structure the communication between th ..."
Abstract

Cited by 8 (2 self)
 Add to MetaCart
We present a new methodology for exchanging unsatisfiability proofs between an untrusted SMT solver and a sceptical proof assistant with computation capabilities like Coq. We advocate modular SMT proofs that separate boolean reasoning and theory reasoning; and structure the communication between theories using NelsonOppen combination scheme. We present the design and implementation of a Coq reflexive verifier that is modular and allows for finetuned theoryspecific verifiers. The current verifier is able to verify proofs for quantifierfree formulae mixing linear arithmetic and uninterpreted functions. Our proof generation scheme benefits from the efficiency of stateoftheart SMT solvers while being independent from a specific SMT solver proof format. Our only requirement for the SMT solver is the ability to extract unsat cores and generate boolean models. In practice, unsat cores are relatively small and their proof is obtained with a modest overhead by our proofproducing prover. We present experiments assessing the feasibility of the approach for benchmarks obtained from the SMT competition.
Improving Coq Propositional Reasoning Using a Lazy CNF Conversion Scheme
"... Abstract. In an attempt to improve automation capabilities in the Coq proof assistant, we develop a tactic for the propositional fragment based on the DPLL procedure. Although formulas naturally arising in interactive proofs do not require a stateoftheart SAT solver, the conversion to clausal for ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
Abstract. In an attempt to improve automation capabilities in the Coq proof assistant, we develop a tactic for the propositional fragment based on the DPLL procedure. Although formulas naturally arising in interactive proofs do not require a stateoftheart SAT solver, the conversion to clausal form required by DPLL strongly damages the performance of the procedure. In this paper, we present a reflexive DPLL algorithm formalized in Coq which outperforms the existing tactics. It is tightly coupled with a lazy CNF conversion scheme which, unlike Tseitinstyle approaches, does not disrupt the procedure. This conversion relies on a lazy mechanism which requires slight adaptations of the original DPLL. As far as we know, this is the first formal proof of this mechanism and its Coq implementation raises interesting challenges. 1
Automated Certified Proofs with CiME3
, 2011
"... We present the rewriting toolkit CiME3. Amongst other original features, this version enjoys two kinds of engines: to handle and discover proofs of various properties of rewriting systems, and to generate COQ scripts from proofs traces input in certification proof format (CPF) (an XML format widely ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
We present the rewriting toolkit CiME3. Amongst other original features, this version enjoys two kinds of engines: to handle and discover proofs of various properties of rewriting systems, and to generate COQ scripts from proofs traces input in certification proof format (CPF) (an XML format widely accepted by the certified rewriting community) in order to certify them with a skeptical proof assistant like COQ. CiME3 may thus be used to add automation to proofs of termination or confluence in a formal development in the COQ proof assistant.
Deciding equality in the constructor theory
, 2006
"... We give a decision procedure for the satisfiability of finite sets of ground equations and disequations in the constructor theory: the terms used may contain both uninterpreted and constructor function symbols. Constructor function symbols are by definition injective and terms built with distinct ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
We give a decision procedure for the satisfiability of finite sets of ground equations and disequations in the constructor theory: the terms used may contain both uninterpreted and constructor function symbols. Constructor function symbols are by definition injective and terms built with distinct constructors are themselves distinct. This corresponds to properties of (co)inductive type constructors in inductive type theory. We do this in a framework where function symbols can be partially applied and equations between functions are allowed. We describe our algorithm as an extension of congruenceclosure and give correctness, completeness and termination arguments. We then proceed to discuss its limits and extension possibilities by describing its implementation in the Coq proof assistant.
Cooperative Integration of an Interactive Proof Assistant and an Automated Prover Abstract
, 2006
"... We propose a mechanism for semiautomated proving of theorems, using a tactic for the Coq proof assistant that consults a proofgenerating NelsonOppenstyle automated prover. Instead of simply proving or failing to prove a goal, our tactic decides on relevant case splits using theoryspecific axiom ..."
Abstract
 Add to MetaCart
We propose a mechanism for semiautomated proving of theorems, using a tactic for the Coq proof assistant that consults a proofgenerating NelsonOppenstyle automated prover. Instead of simply proving or failing to prove a goal, our tactic decides on relevant case splits using theoryspecific axioms, proves some of the resulting cases, and returns the remainder to the Coq user as subgoals. These subgoals can then be proved using inductions and lemma instantiations that are beyond the capabilities of the automated prover. We show that the Coq tactic language provides an excellent way to script this process to an extent not supported by current NelsonOppen provers. Like with any Coq proof, a separately checkable proof term in a core calculus is produced at the end of any successful proving session where our method is used, and we take advantage of the “proof by reflection ” technique to translate the specialized firstorder proofs of the automated prover into compact Coq representations.
Validated Construction of Congruence Closures
, 2005
"... It is by now well known that congruence closure (CC) algorithms can be viewed as implementing ground completion: given a set of ground equations, the CC algorithm computes a convergent rewrite system whose equational theory conservatively extends that of the original set of equations. We call such a ..."
Abstract
 Add to MetaCart
It is by now well known that congruence closure (CC) algorithms can be viewed as implementing ground completion: given a set of ground equations, the CC algorithm computes a convergent rewrite system whose equational theory conservatively extends that of the original set of equations. We call such a rewrite system a CC for the original set. This paper describes work in progress to create an implementation of a CC algorithm which is validated, in the following sense. Any nonaborting, terminating run of the implementation is guaranteed to produce a CC for the input set of equations. Note that aborting or failing to terminate can happen for implementations of CC algorithms only due to bugs in code; the algorithms themselves are usually proved terminating and correct. Validation of an implementation of a CC algorithm is achieved by implementing the algorithm in RSP1, a dependently typed programming language. Type checking ensures that proofs of convergence and conservative extension are wellformed. 1
Automatic Coq Proofs Generation from Static Analyzers by Lightweight Instrumentation
, 2011
"... This paper deals with program verification and more precisely with the question of how to provide verifiable evidence that a program verifies certain semantics properties. Program processing tools such as compiler or static analyzers are complex pieces of software which may contain errors. The idea ..."
Abstract
 Add to MetaCart
This paper deals with program verification and more precisely with the question of how to provide verifiable evidence that a program verifies certain semantics properties. Program processing tools such as compiler or static analyzers are complex pieces of software which may contain errors. The idea of using analyzers as guessing algorithms and proving the discovered properties by independent means has been proposed a decade ago. However, automatically generating the proofs without user interaction is still a major challenge. We present a methodology of instrumentation of existing static analyzers based on abstract interpretation to make them produce certificates of their results. We apply our methodology on an existing static analyzer that discovers invariants of arrayprocessing programs which can be expressed in firstorder logic. Certificates are provided as COQ proofs based on FloydHoare’s method for proving program invariants.