coq
play

Coq LASER 2011 Summerschool Elba Island, Italy Christine - PowerPoint PPT Presentation

May 16, 2023 •187 likes •309 views

Coq LASER 2011 Summerschool Elba Island, Italy Christine Paulin-Mohring Universit Paris Sud & INRIA Saclay - le-de-France September 2011 C. Paulin (Paris-Sud) Coq Sept. 2011 1 / 22 Introduction Outline Introduction What is C OQ ?

  1. Coq LASER 2011 Summerschool Elba Island, Italy Christine Paulin-Mohring Université Paris Sud & INRIA Saclay - Île-de-France September 2011 C. Paulin (Paris-Sud) Coq Sept. 2011 1 / 22

  2. Introduction Outline Introduction What is C OQ ? Example Basics of C OQ language First steps in C OQ C. Paulin (Paris-Sud) Coq Sept. 2011 2 / 22

  3. Introduction What is C OQ ? The proof assistant C OQ ◮ An environment for developing mathematical facts: ◮ defining objects (integers, sets, trees, functions, programs . . . ) ◮ make statements (predicates) ◮ write proofs ◮ The compiler checks the correctness: ◮ of definitions (well-formed sets, terminating functions . . . ) ◮ of proofs ◮ The environment helps with: ◮ advanced notations ◮ proof search ◮ modular developments ◮ program extraction C. Paulin (Paris-Sud) Coq Sept. 2011 3 / 22

  4. Introduction What is C OQ ? Examples done with C OQ ◮ Mathematics ◮ Fundamental theorem of Algebra (Barendregt et al) ◮ Feit-Thompson theorem on finite groups (INRIA-Microsoft Research) ◮ Mixing maths and programs ◮ Four color theorem (Gonthier-Werner) ◮ Primality checker (Théry et al) ◮ A Wave Equation Resolution Scheme (Boldo et al) ◮ Programming environments with proofs ◮ JavaCard architecture (Gemalto-Trusted Logic, EAL7 certification) ◮ Certified optimizing compiler for C (Leroy et al) ◮ Formal Proofs for Computational Cryptography (Barthe et al) ◮ Ynot library: imperative programs-separation logic (Morrisett and al) C. Paulin (Paris-Sud) Coq Sept. 2011 4 / 22

  5. Introduction What is C OQ ? Related systems ◮ C OQ is a proof assistant similar to HOL (Isabelle/HOL, HOL4,HOL-light), PVS, . . . ◮ C OQ is based on intuitionistic type theory: ◮ Similar to Epigram, Matita, . . . also Agda, NuPrl . . . ◮ Intentional behavior: functions are programs that can be computed (not binary relations). ◮ Strong correspondance between proofs and programs. C. Paulin (Paris-Sud) Coq Sept. 2011 5 / 22

  6. Introduction What is C OQ ? Practical informations on C OQ ◮ The Coq web site coq.inria.fr ◮ Official distribution (multi-platform), Reference manual ◮ Libraries and User’s contributions ◮ Reference book : the Coq’art by Yves Bertot and Pierre Castéran Interactive Theorem Proving and Program Development Coq’Art: The Calculus of Inductive Constructions Series: Texts in Theoretical Computer Science. http://www.labri.fr/perso/casteran/CoqArt ◮ See also: ◮ Software foundations by B. Pierce and al. http://www.cis.upenn.edu/~bcpierce/sf/ ◮ Certified Programming with Dependent Types by A. Chlipala. http://adam.chlipala.net/cpdt/ C. Paulin (Paris-Sud) Coq Sept. 2011 6 / 22

  7. Introduction What is C OQ ? Two levels architecture C OQ environment C OQ kernel ◮ notations ◮ extended language ◮ limited language compiled to ◮ libraries ◮ few rules ◮ tactics ◮ expressive ◮ user extensible becomes 1+1=2 @eq nat (plus (S O) (S O)) (S (S O)) C. Paulin (Paris-Sud) Coq Sept. 2011 7 / 22

  8. Introduction What is C OQ ? Using C OQ for program verification ◮ Express “ program p is correct ” as a mathematical statement in C OQ and prove it! Can be hard but proof is safe. ◮ Program your favorite program analyser (model-checking, abstract interpretation,. . . ) in C OQ , prove it correct and use it ! A big investment, but automatic result for each program instance. ◮ Represent program p as a C OQ term t and the specification as a type T such that t : T implies p is correct. Works well for functional (possibly monadic) programs. ◮ Use an external tool to generate proof obligations and then C OQ to solve obligations Less safe approach but can deal with undecidable fragments C. Paulin (Paris-Sud) Coq Sept. 2011 8 / 22

  9. Introduction What is C OQ ? Coq: outline of the courses Introduction What is C OQ ? Example Basics of C OQ language First steps in C OQ C. Paulin (Paris-Sud) Coq Sept. 2011 9 / 22

  10. Introduction Example Example of C program verification Approximate cosinus function near 0 using floating point numbers. float my_cosine(float x) { return 1.0f − x * x * 0.5f; } 2 ✵①✶✳❢❢❝✵✶✹♣✲✶ 1 0 . 9995123148 ✵①✶✳❢❢❝✵✵❝♣✲✶ 0 cos( x ) 0 . 9995120764 ✵①✶✳❢❢❝✵✵✹♣✲✶ − 1 0 . 9995118380 1 − x 2 ♠❡t❤♦❞ ❡rr♦r 2 − 2 ✵①✶✳❢❢❝♣✲✻ ✵①✶✳❢❢❞♣✲✻ ✵①✶✳❢❢❡♣✲✻ ✵①✶✳❢❢❢♣✲✻ ✵①✶♣✲✺ − 4 − 3 − 2 − 1 0 1 2 3 4 0 . 0312347412 0 . 0312385559 0 . 0312423706 0 . 0312461853 0 . 0312500000 1 Method error Floating point error near 32 C. Paulin (Paris-Sud) Coq Sept. 2011 10 / 22

  11. Introduction Example Using C OQ for C program verification Code with specification (using real numbers): /*@ requires \abs (x) <= 0x1p − 5; @ ensures \abs ( \result − \cos (x)) <= 0x1p − 23; @*/ float my_cosine(float x) { //@ assert \abs (1.0 − x*x*0.5 − \cos (x)) <= 0x1p − 24; return 1.0f − x * x * 0.5f; } Demo : Frama-C/Why/Coq C. Paulin (Paris-Sud) Coq Sept. 2011 11 / 22

Recommend

More recommend