Program -ing in Coq Matthieu Sozeau under the direction of Christine Paulin-Mohring LRI , Univ. Paris-Sud - D´ emons Team & INRIA Saclay - ProVal Project Foundations of Programming seminar February 15th 2008 University of Nottingham
The Big Picture
The Big Picture
The Big Picture
The Big Picture
The Big Picture
The Big Picture
The Big Picture
The Big Picture Inductive diveucl a b : Set := divex : ∀ q r , b > r → a = q × b + r → diveucl a b . Lemma eucl dev : ∀ n , n > 0 → ∀ m : nat , diveucl m n . Proof . intros b H a ; pattern a in ⊢ × ; apply gt wf rec ; intros n H0 . elim ( le gt dec b n ). intro lebn . elim ( H0 ( n - b )); auto with arith . intros q r g e . apply divex with ( S q ) r ; simpl in ⊢ × ; auto with arith . elim plus assoc . elim e ; auto with arith . intros gtbn . apply divex with 0 n ; simpl in ⊢ × ; auto with arith . Qed .
The Big Picture
The Curry-Howard isomorphism Programming language = Proof system
The Curry-Howard isomorphism Programming language = Proof system Program extends the Coq proof-assistant into a dependently-typed programming environment.
The Curry-Howard isomorphism Programming language = Proof system Program extends the Coq proof-assistant into a dependently-typed programming environment. Epigram PVS DML Ω mega
The Curry-Howard isomorphism Programming language = Proof system Program extends the Coq proof-assistant into a dependently-typed programming environment. ◮ Logical Framework Type Theory. Epigram PVS DML Ω mega
The Curry-Howard isomorphism Programming language = Proof system Program extends the Coq proof-assistant into a dependently-typed programming environment. ◮ Logical Framework Type Theory. Separates proofs and programs using sorts ⇒ Extraction Epigram PVS DML Ω mega
The Curry-Howard isomorphism Programming language = Proof system Program extends the Coq proof-assistant into a dependently-typed programming environment. ◮ Logical Framework Type Theory. Separates proofs and programs using sorts ⇒ Extraction ◮ Paradigm Purely functional. Epigram PVS DML Ω mega
The Curry-Howard isomorphism Programming language = Proof system Program extends the Coq proof-assistant into a dependently-typed programming environment. ◮ Logical Framework Type Theory. Separates proofs and programs using sorts ⇒ Extraction ◮ Paradigm Purely functional. Total, no separation of terms and types. Epigram PVS DML Ω mega
The Curry-Howard isomorphism Programming language = Proof system Program extends the Coq proof-assistant into a dependently-typed programming environment. ◮ Logical Framework Type Theory. Separates proofs and programs using sorts ⇒ Extraction ◮ Paradigm Purely functional. Total, no separation of terms and types. ◮ Development style and proof automation Interactive, semi-automatic proof using tactics. Epigram PVS DML Ω mega
The Curry-Howard isomorphism Programming language = Proof system Program extends the Coq proof-assistant into a dependently-typed programming environment. ◮ Logical Framework Type Theory. Separates proofs and programs using sorts ⇒ Extraction ◮ Paradigm Purely functional. Total, no separation of terms and types. ◮ Development style and proof automation Interactive, semi-automatic proof using tactics. ◮ Phase distinction none Epigram PVS DML Ω mega
The Curry-Howard isomorphism Programming language = Proof system Program extends the Coq proof-assistant into a dependently-typed programming environment. ◮ Logical Framework Type Theory. Separates proofs and programs using sorts ⇒ Extraction ◮ Paradigm Purely functional. Total, no separation of terms and types. ◮ Development style and proof automation Interactive, semi-automatic proof using tactics. ◮ Phase distinction ⇒ in Program Epigram PVS DML Ω mega
1 The idea A simple idea From PVS to Coq 2 Theoretical development Russell Interpretation in Coq Inductive types 3 Program Architecture Hello world Extensions 4 Conclusion M. Sozeau (LRI) Program -ing in Coq 4 / 27
A simple idea Definition { x : T | P } is the set of objects of set T verifying property P . ◮ Useful for specifying, widely used in mathematics ; ◮ Links object and property. M. Sozeau (LRI) Program -ing in Coq 5 / 27
A simple idea Definition { x : T | P } is the set of objects of set T verifying property P . ◮ Useful for specifying, widely used in mathematics ; ◮ Links object and property. Adapting the idea t : T P [ t/x ] t : { x : T | P } t : T t : { x : T | P } M. Sozeau (LRI) Program -ing in Coq 5 / 27
A simple idea Definition { x : T | P } is the set of objects of set T verifying property P . ◮ Useful for specifying, widely used in mathematics ; ◮ Links object and property. Adapting the idea t : T p : P [ t/x ] t : { x : T | P } proj t : T ( t, p ) : { x : T | P } M. Sozeau (LRI) Program -ing in Coq 5 / 27
From “ Predicate subtyping ”. . . PVS ◮ Specialized typing algorithm for subset types, generating Type-checking conditions . t : { x : T | P } used as t : T ok t : T used as t : { x : T | P } if P [ t/x ] M. Sozeau (LRI) Program -ing in Coq 6 / 27
From “ Predicate subtyping ”. . . PVS ◮ Specialized typing algorithm for subset types, generating Type-checking conditions . t : { x : T | P } used as t : T ok t : T used as t : { x : T | P } if P [ t/x ] + Practical success ; M. Sozeau (LRI) Program -ing in Coq 6 / 27
From “ Predicate subtyping ”. . . PVS ◮ Specialized typing algorithm for subset types, generating Type-checking conditions . t : { x : T | P } used as t : T ok t : T used as t : { x : T | P } if P [ t/x ] + Practical success ; – No strong safety guarantee in PVS . M. Sozeau (LRI) Program -ing in Coq 6 / 27
. . . to Subset coercions 1 A property-irrelevant language ( Russell ) with decidable typing ; Γ ⊢ t : { x : T | P } Γ ⊢ t : T Γ ⊢ t : T Γ , x : T ⊢ P : Prop Γ ⊢ t : { x : T | P } M. Sozeau (LRI) Program -ing in Coq 7 / 27
. . . to Subset coercions 1 A property-irrelevant language ( Russell ) with decidable typing ; 2 A total interpretation to Coq terms with holes ; Γ ⊢ t : { x : T | P } Γ ⊢ proj t : T Γ ⊢ t : T Γ , x : T ⊢ P : Prop Γ ⊢ ? : P [ t/x ] Γ ⊢ ( t, ?) : { x : T | P } M. Sozeau (LRI) Program -ing in Coq 7 / 27
. . . to Subset coercions 1 A property-irrelevant language ( Russell ) with decidable typing ; 2 A total interpretation to Coq terms with holes ; 3 A mechanism to turn the holes into proof obligations and manage them. Γ ⊢ t : { x : T | P } Γ ⊢ proj t : T Γ ⊢ t : T Γ , x : T ⊢ P : Prop Γ ⊢ p : P [ t/x ] Γ ⊢ ( t, p ) : { x : T | P } M. Sozeau (LRI) Program -ing in Coq 7 / 27
1 The idea A simple idea From PVS to Coq 2 Theoretical development Russell Interpretation in Coq Inductive types 3 Program Architecture Hello world Extensions 4 Conclusion M. Sozeau (LRI) Program -ing in Coq 8 / 27
Russell syntax x ∈ V s, t, u, v ::= x | Set | Prop | Type M. Sozeau (LRI) Program -ing in Coq 9 / 27
Russell syntax x ∈ V s, t, u, v ::= x | Set | Prop | Type | λx : s.t | s t | Π x : s.t M. Sozeau (LRI) Program -ing in Coq 9 / 27
Russell syntax x ∈ V s, t, u, v ::= x | Set | Prop | Type | λx : s.t | s t | Π x : s.t | ( u, v ) Σ x : s.t | π 1 s | π 2 s | Σ x : s.t M. Sozeau (LRI) Program -ing in Coq 9 / 27
Russell syntax x ∈ V s, t, u, v ::= x | Set | Prop | Type | λx : s.t | s t | Π x : s.t | ( u, v ) Σ x : s.t | π 1 s | π 2 s | Σ x : s.t | { x : s | t } M. Sozeau (LRI) Program -ing in Coq 9 / 27
Russell typing ⊢ and coercion � Calculus of Constructions with Γ ⊢ t : U Γ ⊢ U ≡ βπ T : s Γ ⊢ t : T M. Sozeau (LRI) Program -ing in Coq 10 / 27
Russell typing ⊢ and coercion � Calculus of Constructions with Γ ⊢ T ≡ βπ U : s Γ ⊢ t : U Γ ⊢ U � T : s Γ ⊢ t : T Γ ⊢ T � U : s M. Sozeau (LRI) Program -ing in Coq 10 / 27
Russell typing ⊢ and coercion � Calculus of Constructions with Γ ⊢ T ≡ βπ U : s Γ ⊢ t : U Γ ⊢ U � T : s Γ ⊢ t : T Γ ⊢ T � U : s Γ ⊢ U � V : Set Γ , x : U ⊢ P : Prop Γ ⊢ { x : U | P } � V : Set Γ ⊢ U � V : Set Γ , x : V ⊢ P : Prop Γ ⊢ U � { x : V | P } : Set M. Sozeau (LRI) Program -ing in Coq 10 / 27
Russell typing ⊢ and coercion � Calculus of Constructions with Γ ⊢ T ≡ βπ U : s Γ ⊢ t : U Γ ⊢ U � T : s Γ ⊢ t : T Γ ⊢ T � U : s Γ ⊢ U � V : Set Γ , x : U ⊢ P : Prop Γ ⊢ { x : U | P } � V : Set Γ ⊢ U � V : Set Γ , x : V ⊢ P : Prop Γ ⊢ U � { x : V | P } : Set Γ ⊢ 0 : N Γ ⊢ N � { x : N | x � = 0 } : Set Example Γ ⊢ 0 : { x : N | x � = 0 } M. Sozeau (LRI) Program -ing in Coq 10 / 27
Russell typing ⊢ and coercion � Calculus of Constructions with Γ ⊢ T ≡ βπ U : s Γ ⊢ t : U Γ ⊢ U � T : s Γ ⊢ t : T Γ ⊢ T � U : s Γ ⊢ U � V : Set Γ , x : U ⊢ P : Prop Γ ⊢ { x : U | P } � V : Set Γ ⊢ U � V : Set Γ , x : V ⊢ P : Prop Γ ⊢ U � { x : V | P } : Set Γ ⊢ 0 : N Γ ⊢ N � { x : N | x � = 0 } : Set Example Γ ⊢ 0 : { x : N | x � = 0 } Γ ⊢ ? : 0 � = 0 M. Sozeau (LRI) Program -ing in Coq 10 / 27
Recommend
More recommend