Presentation is loading. Please wait.

Presentation is loading. Please wait.

Thoughts on Programming with Proof Assistants Adam Chlipala University of California, Berkeley PLPV Workshop.

Published byDinah Jackson Modified over 7 years ago

Similar presentations

Presentation on theme: "Thoughts on Programming with Proof Assistants Adam Chlipala University of California, Berkeley PLPV Workshop."— Presentation transcript:

1 Thoughts on Programming with Proof Assistants Adam Chlipala University of California, Berkeley PLPV Workshop

2 Not Ready for Prime Time? Proof assistants like Coq are useful for doing math, but they're far too inconvenient for serious dependently typed programming! Or are they? Cons ● No imperativity, general recursion, or exceptions ● Very primitive dependent pattern matching Pros ● Easy to combine programming with tactic-based proving ● A mature set of tools for proof organization and automation Program analysis goes well with language purity in general. Just using “refinement types” already brings a lot of advantage without the complexities of dependent types in general. This Talk: Capsule summary of my experiences implementing Proof-Carrying Code-style program verifiers in Coq using dependent types to guarantee total correctness. Dealing with machine code, so there are lots of details that we don't want to worry about!Need to span many levels of abstraction, so good modularization is key to feasibility

3 Mixing Programming with Tactics Definition isEven : forall n, [even(n)]. refine (fix isEven (n : nat) : [even(n)] := match n return [even(n)] with O -> Yes | S O -> No | S (S n) -> proof <- isEven n; Yes); auto. Qed. Step 1. Declare the function we mean to write as a proof search goal. Step 2. Give the “program part” of the implementation. The type of an optional proof of a proposition Step 3. Generate the “proof part” of the implementation using tactics. Generate a proof obligation Monadic notation: fail if the recursive call fails; otherwise, bind proof in the body. Result: A term in the Calculus of Inductive Constructions

4 Missing? Imperativity?Pure functional data structures worked well for all of the situations I encountered. Non-termination and general recursion? The kinds of program analysis algorithms I needed were naturally primitive recursive. Exceptions? Failure monads provide a cleaner alternative to “exceptional” uses of exceptions. Fancy dependent pattern matching? Sticking to refinement types, vanilla pattern matching is good enough.

5 Reflective Proofs Theorem check : forall (p : program), verify p = true -> safe p. check p (refl_equal (verify p)) Typecheck verify p = verify p verify p = true Computational reduction via definitional equality safe p

6 Other Benefits ● Module system ● Lots of pre-written proof-generating decision procedures ● Expressive tactical language ● Extensible goal-directed proof search mechanism ● Extraction to OCaml (and from there to fast native code)

7 Conclusion ● Consider using Coq for your next dependently typed program if large non-syntax-directed proofs are a large part of it. ● It seems worthwhile to keep in mind potential overlaps between programming environments and proof assistants in developing new PLPV tools. For more info: See my talk at ICFP next month!

Download ppt "Thoughts on Programming with Proof Assistants Adam Chlipala University of California, Berkeley PLPV Workshop."

Similar presentations

xUnit Test Patterns (Some) xUnit Test Patterns (in practice) by Adam Czepil.

xUnit Test Patterns (Some) xUnit Test Patterns (in practice) by Adam Czepil.
Type Inference David Walker COS 320. Criticisms of Typed Languages Types overly constrain functions & data polymorphism makes typed constructs useful.

Type Inference David Walker COS 320. Criticisms of Typed Languages Types overly constrain functions & data polymorphism makes typed constructs useful.
Static and User-Extensible Proof Checking Antonis StampoulisZhong Shao Yale University POPL 2012.

Static and User-Extensible Proof Checking Antonis StampoulisZhong Shao Yale University POPL 2012.
Proofs and Programs Wei Hu 11/01/2007. Outline  Motivation  Theory  Lambda calculus  Curry-Howard Isomorphism  Dependent types  Practice  Coq Wei.

Proofs and Programs Wei Hu 11/01/2007. Outline  Motivation  Theory  Lambda calculus  Curry-Howard Isomorphism  Dependent types  Practice  Coq Wei.
Introducing Formal Methods, Module 1, Version 1.1, Oct., 1998 1 Formal Specification and Analytical Verification L 5.

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.
CSE 331 SOFTWARE DESIGN & IMPLEMENTATION DEBUGGING Autumn 2011 Bug-Date: Sept 9, 1947.

CSE 331 SOFTWARE DESIGN & IMPLEMENTATION DEBUGGING Autumn 2011 Bug-Date: Sept 9, 1947.
Simplified Gated Assignment Surinder Jain Supervisor : Bernhard Scholz Assignment 3 – INFO5993.

Simplified Gated Assignment Surinder Jain Supervisor : Bernhard Scholz Assignment 3 – INFO5993.
1 Dependent Types for Termination Verification Hongwei Xi University of Cincinnati.

1 Dependent Types for Termination Verification Hongwei Xi University of Cincinnati.
CSE341: Programming Languages Lecture 16 Datatype-Style Programming With Lists or Structs Dan Grossman Winter 2013.

CSE341: Programming Languages Lecture 16 Datatype-Style Programming With Lists or Structs Dan Grossman Winter 2013.
LIFE CYCLE MODELS FORMAL TRANSFORMATION

LIFE CYCLE MODELS FORMAL TRANSFORMATION
Lightweight Abstraction for Mathematical Computation in Java 1 Pavel Bourdykine and Stephen M. Watt Department of Computer Science Western University London.

Lightweight Abstraction for Mathematical Computation in Java 1 Pavel Bourdykine and Stephen M. Watt Department of Computer Science Western University London.
VeriML: Revisiting the Foundations of Proof Assistants Zhong Shao Yale University MacQueen Fest May 13, 2012 (Joint work with Antonis Stampoulis)

VeriML: Revisiting the Foundations of Proof Assistants Zhong Shao Yale University MacQueen Fest May 13, 2012 (Joint work with Antonis Stampoulis)
Code-Carrying Proofs Aytekin Vargun Rensselaer Polytechnic Institute.

Code-Carrying Proofs Aytekin Vargun Rensselaer Polytechnic Institute.
May 11, 2009 1 ACL2 Panel: What is the Future of Theorem Proving? Arvind Computer Science & Artificial Intelligence Laboratory.

May 11, ACL2 Panel: What is the Future of Theorem Proving? Arvind Computer Science & Artificial Intelligence Laboratory.
1 Introduction to Computability Theory Lecture15: Reductions Prof. Amos Israeli.

1 Introduction to Computability Theory Lecture15: Reductions Prof. Amos Israeli.
Proof Points Key ideas when proving mathematical ideas.

Proof Points Key ideas when proving mathematical ideas.
What’s left in the course. The course in a nutshell Logics Techniques Applications.

What’s left in the course. The course in a nutshell Logics Techniques Applications.
Administrative stuff On Thursday, we will start class at 11:10, and finish at 11:55 This means that each project will get a 10 minute presentation + 5.

Administrative stuff On Thursday, we will start class at 11:10, and finish at 11:55 This means that each project will get a 10 minute presentation + 5.
Recursion Chapter 7. Chapter 7: Recursion2 Chapter Objectives To understand how to think recursively To learn how to trace a recursive method To learn.

Recursion Chapter 7. Chapter 7: Recursion2 Chapter Objectives To understand how to think recursively To learn how to trace a recursive method To learn.
Recursion Chapter 7. Chapter 7: Recursion2 Chapter Objectives To understand how to think recursively To learn how to trace a recursive method To learn.

Recursion Chapter 7. Chapter 7: Recursion2 Chapter Objectives To understand how to think recursively To learn how to trace a recursive method To learn.

Similar presentations

Ads by Google