Results 1  10
of
30
Toward a Verified Relational Database Management System ∗
"... We report on our experience implementing a lightweight, fully verified relational database management system (RDBMS). The functional specification of RDBMS behavior, RDBMS implementation, and proof that the implementation meets the specification are all written and verified in Coq. Our contributions ..."
Abstract

Cited by 17 (2 self)
 Add to MetaCart
We report on our experience implementing a lightweight, fully verified relational database management system (RDBMS). The functional specification of RDBMS behavior, RDBMS implementation, and proof that the implementation meets the specification are all written and verified in Coq. Our contributions include: (1) a complete specification of the relational algebra in Coq; (2) an efficient realization of that model (B+ trees) implemented with the Ynot extension to Coq; and (3) a set of simple query optimizations proven to respect both semantics and runtime cost. In addition to describing the design and implementation of these artifacts, we highlight the challenges we encountered formalizing them, including the choice of representation for finite relations of typed tuples and the challenges of reasoning about data structures with complex sharing. Our experience shows that though many challenges remain, building fullyverified systems software in Coq is within reach. Categories and Subject Descriptors F.3.1 [Logics and meanings of programs]: Mechanical verification; D.2.4 [Software Engineering]:
How to make ad hoc proof automation less ad hoc
 In ICFP
, 2011
"... Most interactive theorem provers provide support for some form of usercustomizable proof automation. In a number of popular systems, such as Coq and Isabelle, this automation is achieved primarily through tactics, which are programmed in a separate language from that of the prover’s base logic. Whi ..."
Abstract

Cited by 9 (2 self)
 Add to MetaCart
Most interactive theorem provers provide support for some form of usercustomizable proof automation. In a number of popular systems, such as Coq and Isabelle, this automation is achieved primarily through tactics, which are programmed in a separate language from that of the prover’s base logic. While tactics are clearly useful in practice, they can be difficult to maintain and compose because, unlike lemmas, their behavior cannot be specified within the expressive type system of the prover itself. We propose a novel approach to proof automation in Coq that allows the user to specify the behavior of custom automated routines in terms of Coq’s own type system. Our approach involves a sophisticated application of Coq’s canonical structures, which generalize Haskell type classes and facilitate a flexible style of dependentlytyped logic programming. Specifically, just as Haskell type classes are used to infer the canonical implementation of an overloaded term at a given type, canonical structures can be used to infer the canonical proof of an overloaded lemma for a given instantiation of its parameters. We present a series of design patterns for canonical structure programming that enable one to carefully and predictably coax Coq’s type inference engine into triggering the execution of usersupplied algorithms during unification, and we illustrate these patterns through several realistic examples drawn from Hoare Type Theory. We assume no prior knowledge of Coq and describe the relevant aspects of Coq type inference from first principles.
An Efficient Coq Tactic for Deciding Kleene Algebras
, 2009
"... We present a reflexive tactic for deciding the equational theory of Kleene algebras in the Coq proof assistant. This tactic relies on a careful implementation of efficient finite automata algorithms, so that it solves casual equations almost instantaneously. The corresponding decision procedure was ..."
Abstract

Cited by 8 (2 self)
 Add to MetaCart
We present a reflexive tactic for deciding the equational theory of Kleene algebras in the Coq proof assistant. This tactic relies on a careful implementation of efficient finite automata algorithms, so that it solves casual equations almost instantaneously. The corresponding decision procedure was proved correct and complete; correctness is established w.r.t. any model (including binary relations), by formalising Kozen’s initiality theorem.
The Matita Interactive Theorem Prover
"... Abstract. Matita is an interactive theorem prover being developed by the Helm team at the University of Bologna. Its stable version 0.5.x may be downloaded at ..."
Abstract

Cited by 8 (6 self)
 Add to MetaCart
Abstract. Matita is an interactive theorem prover being developed by the Helm team at the University of Bologna. Its stable version 0.5.x may be downloaded at
A tactic for deciding Kleene algebras
 In 1st Coq Workshop. Tech. Univ
, 2009
"... We present a Coq reflexive tactic for deciding equalities or inequalities in Kleene algebras. This tactic is part of a larger project, whose aim is to provide tools for reasoning about binary relations in Coq: binary relations form a Kleene algebra, where the star operation is the reflexive transiti ..."
Abstract

Cited by 6 (2 self)
 Add to MetaCart
We present a Coq reflexive tactic for deciding equalities or inequalities in Kleene algebras. This tactic is part of a larger project, whose aim is to provide tools for reasoning about binary relations in Coq: binary relations form a Kleene algebra, where the star operation is the reflexive transitive closure. Our tactic relies on an initiality theorem, whose proof goes by replaying finite automata algorithms in an algebraic way, using matrices.
Metatheory à la carte
 In POPL ’13
, 2013
"... Formalizing metatheory, or proofs about programming languages, in a proof assistant has many wellknown benefits. However, the considerable effort involved in mechanizing proofs has prevented it from becoming standard practice. This cost can be amortized by reusing as much of an existing formalizat ..."
Abstract

Cited by 5 (1 self)
 Add to MetaCart
Formalizing metatheory, or proofs about programming languages, in a proof assistant has many wellknown benefits. However, the considerable effort involved in mechanizing proofs has prevented it from becoming standard practice. This cost can be amortized by reusing as much of an existing formalization as possible when building a new language or extending an existing one. Unfortunately reuse of components is typically adhoc, with the language designer cutting and pasting existing definitions and proofs, and expending considerable effort to patch up the results. This paper presents a more structured approach to the reuse of formalizations of programming language semantics through the composition of modular definitions and proofs. The key contribution is the development of an approach to induction for extensible Church encodings which uses a novel reinterpretation of the universal property of folds. These encodings provide the foundation for a framework, formalized in Coq, which uses type classes to automate the composition of proofs from modular components. Several interesting language features, including binders and general recursion, illustrate the capabilities of our framework. We reuse these features to build fully mechanized definitions and proofs for a number of languages, including a version of miniML. Bounded induction enables proofs of properties for noninductive semantic functions, and mediating type classes enable proof adaptation for more featurerich languages. 1.
Mechanized Verification with Sharing
"... Abstract. We consider software verification of imperative programs by theorem proving in higherorder separation logic. Of particular interest are the difficulties of encoding and reasoning about sharing and aliasing in pointerbased data structures. Both of these are difficulties for reasoning in s ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
Abstract. We consider software verification of imperative programs by theorem proving in higherorder separation logic. Of particular interest are the difficulties of encoding and reasoning about sharing and aliasing in pointerbased data structures. Both of these are difficulties for reasoning in separation logic because they rely, fundamentally, on nonseparate heaps. We show how sharing can be achieved while preserving abstraction using mechanized reasoning about fractional permissions in Hoare type theory. 1
Formalizing Domains, Ultrametric Spaces and Semantics of Programming Languages
 UNDER CONSIDERATION FOR PUBLICATION IN MATH. STRUCT. IN COMP. SCIENCE
, 2010
"... We describe a Coq formalization of constructive ωcpos, ultrametric spaces and ultrametricenriched categories, up to and including the inverselimit construction of solutions to mixedvariance recursive equations in both categories enriched over ωcppos and categories enriched over ultrametric spac ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
We describe a Coq formalization of constructive ωcpos, ultrametric spaces and ultrametricenriched categories, up to and including the inverselimit construction of solutions to mixedvariance recursive equations in both categories enriched over ωcppos and categories enriched over ultrametric spaces. We show how these mathematical structures may be used in formalizing semantics for three representative programming languages. Specifically, we give operational and denotational semantics for both a simplytyped CBV language with recursion and an untyped CBV language, establishing soundness and adequacy results in each case, and then use a Kripke logical relation over a recursivelydefined metric space of worlds to give an interpretation of types over a stepcounting operational semantics for a language with recursive types and general references.
A BIDIRECTIONAL REFINEMENT ALGORITHM FOR THE CALCULUS OF (CO)INDUCTIVE CONSTRUCTIONS
"... address: ..."
Formal verification of monad transformers
 In ICFP’12
, 2012
"... We present techniques for reasoning about constructor classes that (like the monad class) fix polymorphic operations and assert polymorphic axioms. We do not require a logic with firstclass type constructors, firstclass polymorphism, or type quantification; instead, we rely on a domaintheoretic m ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
We present techniques for reasoning about constructor classes that (like the monad class) fix polymorphic operations and assert polymorphic axioms. We do not require a logic with firstclass type constructors, firstclass polymorphism, or type quantification; instead, we rely on a domaintheoretic model of the type system in a universal domain to provide these features. These ideas are implemented in the Tycon library for the Isabelle theorem prover, which builds on the HOLCF library of domain theory. The Tycon library provides various axiomatic type constructor classes, including functors and monads. It also provides automation for instantiating those classes, and for defining further subclasses. We use the Tycon library to formalize three Haskell monad transformers: the error transformer, the writer transformer, and the resumption transformer. The error and writer transformers do not universally preserve the monad laws; however, we establish datatype invariants for each, showing that they are valid monads when viewed as abstract datatypes.