B. Barras, S. Boutin, C. Cornes, J. Courant, Y. Coscoy, D. Delahaye, D. de Rauglaudre, J.C. Filli^atre, E. Gimenez, H. Herbelin, G. Huet, H. Laulhere, P. Loiseleur, C. Mu noz, C. Murthy, C. Parent, C. Paulin, A. Sabi, and B. Werner. The Coq Proof Assistant Reference Manual { Version 6.3. INRIA Rocquencourt (France), 1999. Available at http://coq.inria.- fr/.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....Introduction One of the most fascinating properties of constructive logic is that a proof of a speci cation contains an algorithm which, by construction, satis es this speci cation. This idea forms the basis for program extraction mechanisms, which can be found in theorem provers such as Coq [3] or Nuprl [11] To date, program extraction has mainly been restricted to theorem provers based on expressive dependent type theories such as the Calculus of Constructions [12] A notable exception is the Minlog System by Schwichtenberg [5] which is based on minimal rst order logic. Although ....

....(nat rec f1 f2 nat) nat 5 Example: Warshall s algorithm As a larger example, we show how Warshall s algorithm for computing the transitive closure of a relation can be derived using program extraction. The formalization is inspired by Berger et al. 7] It has also been treated in the Coq system [3] by Paulin Mohring [18] In the sequel, a relation will be a function mapping two elements of a type to a boolean value. datatype b = T j F types a rel = a ) b To emphasize that the relation has to be decidable, we use the datatype b instead of the built in type bool of HOL for this ....

[Article contains additional citation context not shown here]

B. Barras, S. Boutin, C. Cornes, J. Courant, Y. Coscoy, D. Delahaye, D. de Rauglaudre, J.-C. Filli^atre, E. Gimenez, H. Herbelin, G. Huet, H. Laulhere, C. Mu~noz, C. Murthy, C. Parent-Vigouroux, P. Loiseleur, C. Paulin-Mohring, A. Sabi, and B. Werner. The Coq proof assistant reference manual { version 7.2. Technical Report 0255, INRIA, February 2002. 16

....connection between the reference implementation and the real one, we can proceed from there on in a completely formal indeed, machine checked manner. To demonstrate this, we have formalized the reference implementation as a set of inductive de nitions in the language of the Coq proof assistant [2] and showed that it satis es all the conditions in Sections 4 and 7. We also formalized the proofs of the properties of the speci cation in Section 5 this was a much smaller job. Besides increasing our con dence in the Unison implementation, this formalization exercise revealed a subtle bug in ....

B. Barras, S. Boutin, C. Cornes, J. Courant, J.-C. Filliatre, E. Gimenez, H. Herbelin, G. Huet, C. Munoz, C. Murthy, C. Parent, C. Paulin-Mohring, A. Saibi, and B. Werner. The Coq proof assistant reference manual : Version 6.1. Technical Report RT-0203, Inria (Institut National de Recherche en Informatique et en Automatique), France, 1997.

....convince any third party that the result of verification is correct. Both goals can be achieved by producing a formal proof in some trusted proof assistant. Our aim in this paper is to report on experience we gained in producing formal proofs of correctness of computations on tree automata in Coq [1]. As we shall see, there are many possible approaches to this apparently simple problem, and several unexpected pitfalls to each. We survey related work in Section 2, recall the features of Coq that we shall use in Section 3, and give a short introduction to finite tree automata in Section 4. We ....

B. Barras, S. Boutin, C. Cornes, J. Courant, J.-C. Filliatre, E. Gimenez, H. Herbelin, G. Huet, C. Munoz, C. Murthy, C. Parent, C. Paulin-Mohring, A. Saibi, and B. Werner. The Coq proof assistant reference manual: Version 6.3.1. Technical report, INRIA, France, 1999.

....HOL) can be encoded in this meta logic, this immediately yields proof terms for those logics as well. We start with a disclaimer: the idea of proof terms based on typed calculus has been around for some time now and is the basis of a number of proof assistants for type theory, for example Coq [2]. Even more, with the advent of pure type systems and the cube [1] it became clear what proof terms for HOL look like in principle (although this seems to have had little impact on the HOL world) What we have done is to re introduce the strict syntactic separation between terms, types, and ....

B. Barras, S. Boutin, C. Cornes, J. Courant, Y. Coscoy, D. Delahaye, D. de Rauglaudre, J.-C. Filli^atre, E. Gimenez, H. Herbelin, G. Huet, H. Laulhere, C. Mu~noz, C. Murthy, C. Parent-Vigouroux, P. Loiseleur, C. Paulin-Mohring, A. Sabi, and B. Werner. The Coq proof assistant reference manual { version 6.3.1. Technical report, INRIA, 1999.

....to avoid explicit polymorphic instantiations, and (partial) term reconstruction, to suppress annotations on abstractions. For these, we use the term elaboration. The inverse process that removes redundant subterms is called erasure. Ad hoc argument synthesis, implemented in the proof assistant Coq [Bar99], uses explicit placeholders to mark omitted subterms that should be inferred. The above example can be written in Coq as (cons 1(cons 2(nil ) using the placeholder symbol . In addition, Coq supports the automatic insertion of placeholders. This is done by analyzing the types of global ....

B. Barras et al. The Coq proof assistant reference manual -- Version 6.3.1. Technical report, INRIA, France, 1999.

.... ys = 3; 4] as input, the output being the list zs = 1; 2; 3; 4] We may as well give a list zs = 1; 2; 3; 4] as an input, the output being a sequence of pairs of lists xs and ys , where zs is the result of appending xs and ys , namely xs = 1; 2; 3; 4] and ys = or xs = 1; 2; 3] and ys = [4], or xs = 1; 2] and ys = 3; 4] etc. Mode assignment A speci c direction of data ow is called a mode. We describe a mode of a predicate by a set of indices, which denote the positions of the input arguments. In the above example, the two modes described were f1; 2g and f3g. Given a set of ....

....programming language. Other theorem provers Aagaard et al. [1] introduce a functional language called , together with a suitable theorem prover. Thanks to a lifting mechanism, their system supports both execution of functions as well as reasoning about functions in a seamless way. Coq [4] is a type theoretic proof assistant based on the Calculus of Inductive Constructions. Type theory allows for the uniform treatment of both proofs and programs within the same framework. In contrast to HOL, where computable and non computable objects can be arbitrarily mixed, Coq strictly ....

B. Barras, S. Boutin, C. Cornes, J. Courant, Y. Coscoy, D. Delahaye, D. de Rauglaudre, J.-C. Filli^atre, E. Gimenez, H. Herbelin, G. Huet, H. Laulhere, C. Mu~noz, C. Murthy, C. Parent-Vigouroux, P. Loiseleur, C. Paulin-Mohring, A. Sabi, and B. Werner. The Coq proof assistant reference manual { version 6.3.1. Technical report, INRIA, 1999.

....go about developing a significantly sized piece of software. Caldwell [2] explains how to extract small recursive programs from inductive proofs in Nuprl. The most significant extraction in Coq to date appears to be Thery s synthesis of Buchberger s algorithm [13] 3 Coq The Coq proof assistant [1] is an implementation of the Calculus of Inductive Constructions, allowing interactive proof development. The type theory is sufficiently powerful to concisely formalise logical and programming concepts. It is a lambda calculus extended with inductive definitions [8] Declaring a type to be ....

B. Barras, S. Boutin, C. Cornes, J.-C. Filliatre, E. Gimenez, H. Herbelin, G. Huet, C. Munoz, C. Murthy, C. Parent, C. Paulin-Mohring, A. Saibi, and B. Werner. The Coq Proof Assistant Reference Manual: Version 6.1. Technical Report RT-0203, Inria, Aug. 1997.

....of # and # at the level of types. The main virtue of these type theories is precisely that they are constructive. A constructive proof that two arbitrary numbers always have a greatest common divisor provides an algorithm for computing it [Thompson 1991] Researchers, using tools such as Coq [Barras et al. 1997] and Nuprl [Constable et al. 1986] are investigating whether this can lead to a practical method of synthesizing programs. You can perform classical reasoning in a constructive type theory by adding P # P as an axiom. The resulting system will probably be strong enough to handle any ....

Barras, B., Boutin, S., Cornes, C., Courant, J., Fillibtre, J.-C., Giminez, E., Herbelin, H., Huet, G., Muqoz, C., Murthy, C., Parent, C., Paulin-Mohring, C., Saobi, A., and Werner, B. 1997. The Coq proof assistant reference manual : Version 6.1. Technical Report RT-0203 (May), INRIA-Rocquencourt. Version 5.8.

....to design libraries for theorem proving systems that are both sufficiently complete and relatively easy to use in a wide range of applications (see e.g. 6, 26] A library for abstract datatypes, in particular, is an essential component of every proof development system. The libraries of the Coq [1] and the Lego [13] system, for example, include a number of functions, theorems, and proofs for common datatypes like natural numbers or polymorphic lists. In these systems, myriads of mostly trivial developments are carried out separately for each datatype under consideration. This increases the ....

B. Barras, S. Boutin, C. Cornes, J. Courant, Y. Coscoy, D. Delahaye, D. de Rauglaudre J.C. Fillatre, E. Gim'enez, H. Herbelin, G. Huet, H. Laulh`ere, C. Mu~noz, C. Murthy, C. Parent-Vigouroux, C. Paulin-Mohring, A. Saibi, and B. Werner. The Coq Proof Assistant Reference Manual - Version 6.2.4. INRIA, Rocquencourt, January 1998.

....about circuits where one has to cope with infinitely long temporal sequences. This work presents a general methodology to specifying and proving synchronous sequential circuits in the Calculus of Inductive Constructions (enriched with Co inductive types) implemented in the Coq proof assistant [1]. It is a continuation of [5] where we made heavy use of dependent types. We go deeply into this direction, introducing dependent types systematically whenever this leads to more precise and reliable specifications. But the main point we focus on in this paper is the use of Coq co inductive ....

....3 is dedicated to the description of a generic toolbox implementing the automata theory. Then, in section 4, we present an application of our methodology to the ATM Switch Fabric. Finally, in the last section, we compare our study to other related work. 2 An Overview of Coq The Coq system [1] is based on the Calculus of Constructions [4] 3] enriched with inductive [14] and co inductive definitions [9] Coq s logic is a higher order constructive logic which relies on the Curry Howard isomorphism and which makes both objects and propositions to be terms of the Lamba Calculus. The rules ....

B. Barras and al. The Coq Proof Assistant Reference Manual : Version 6.1. Technical Report 0203, INRIA-Rocquencourt, CNRS-ENS Lyon, France, Dec. 1997.

....a unified model which formalises all aspects of the development of a reactive system using the underlying programmingmethodologyof synchronous languages. This model uses basic notions of preorder theory and category theory and has been partially specified and validated using the Coq theorem prover [3]. Synchronous structures allow to model non determinism with imaginary signals and clocks. The set of clocks is completed with imaginary clocks to form a boolean lattice. Thus, any pair of clocks always has a least upper bound. In our model, absence is not manipulated as a special value which is ....

Bruno Barras and al. The Coq Proof Assistant Reference Manual - Version 6.2. INRIA, 1998.

....is to define a mathematical model which gives a unified formalization of all the aspects of a synchronous methodology and which contains each of them in isolation. The model uses basic notions of set theory and order theory. It has been specified and validated using the Coq proof assistant [7]. This implementation is part of a certified, reference compiler of the Signal language. It completes and extends the results of [12] on the definition of a co inductive trace semantics of Signal in Coq. Influential Analogy. In 1545, the great Italian mathematician Gerolamo Cardano wrote an ....

Bruno Barras et al. The Coq Proof Assistant Reference Manual - Version 6.2. INRIA, Rocquencourt, May 1998.

....on signals; and a minimal kernel of primitive operators. A signal represents an in nite ow of data. At every instant, it can be absent or present with a value. The instants when values are present are determined by its associated clock. Interested reader may nd more about Signal in [4] Coq [7] is a proof assistant for higher order logic. It allows the development of computer programs that are consistent with their formal speci cation. The logical language used in Coq is a variety of type theory, the Calculus of Inductive Constructions [15] It has been extended with co inductive types ....

B. Barras et al. The Coq Proof Assistant Reference Manual - Version 6.2. INRIA, Rocquencourt, May 1998.

No context found.

B. Barras, S. Boutin, C. Cornes, J. Courant, Y. Coscoy, D. Delahaye, D. de Rauglaudre, J.C. Filli^atre, E. Gimenez, H. Herbelin, G. Huet, H. Laulhere, P. Loiseleur, C. Mu noz, C. Murthy, C. Parent, C. Paulin, A. Sabi, and B. Werner. The Coq Proof Assistant Reference Manual { Version 6.3. INRIA Rocquencourt (France), 1999. Available at http://coq.inria.- fr/.

No context found.

B. Barras, S. Boutin, C. Cornes, J. Courant, J.-C. Filliatre, E. Gimenez, H. Herbelin, G. Huet, C. Munoz, C. Murthy, C. Parent, C. Paulin-Mohring, A. Saibi, and B. Werner. The Coq proof assistant reference manual : Version 6.1. Technical Report RT-0203, Inria (Institut National de Recherche en Informatique et en Automatique), France, 1997.

No context found.

B. Barras, S. Boutin, C. Cornes, J. Courant, D. Delahaye, D. de Rauglaudre, J.-C. Filli#tre, E. Gim#nez, H. Herbelin, G. Huet, P. Loiseleur, C. Mu#oz, C. Murthy, C. Parent, C. Paulin-Mohring, A. Sa#bi, and B. Werner. The Coq Proof Assistant Reference Manual Version 6.2. INRIARocquencourt -CNRS-Universit# Paris Sud- ENS Lyon, May 1998. 14

No context found.

B. Barras, S. Boutin, C. Cornes, J. Courant, Y. Coscoy, D. Delahaye, D. de Rauglaudre, J.-C. Filliatre, E. Gimenez, H. Herbelin, G. Huet, H. Laulhere, C. Munoz, C. Murthy, C. Parent-Vigouroux, P. Loiseleur, C. Paulin-Mohring, A. Sabi, and B. Werner. The Coq proof assistant reference manual -- version 6.3.1. Technical report, INRIA, 1999.

No context found.

B. Barras, S. Boutin, C. Cornes, J. Courant, J.-C. Filliatre, H. Herbelin, G. Huet, P. Manoury, C. Munoz, C. Murthy, C. Parent, C. Paulin-Mohring, A. Sabi, and B. Werner. The Coq Proof Assistant Reference Manual Version 6.1. INRIA-Rocquencourt-CNRS-ENS Lyon, December 1996.

No context found.

B. Barras, S. Boutin, C. Cornes, J. Courant, Y. Coscoy, D. Delahaye, D. de Rauglaudre, J.-C. Filliatre, E. Gimenez, H. Herbelin, G. Huet, H. Laulhere, C. Munoz, C. Murthy, C. Parent-Vigouroux, P. Loiseleur, C. Paulin-Mohring, A. Sabi, and B. Werner. The Coq proof assistant reference manual -- version 6.3.1. Technical report, INRIA, 1999.

No context found.

B. Barras, S. Boutin, C. Cornes, J. Courant, D. Delahaye, D. de Rauglaudre, J.-C. Filliatre, E. Gimenez, H. Herbelin, G. Huet, P. Loiseleur, C. M. noz, C. Murthy, C. Parent, C. Paulin-Mohring, A. Sabi, and B. Werner. The Coq Proof Assistant Reference Manual Version 6.2. INRIARocquencourt -CNRS-Universite Paris Sud- ENS Lyon, May 1998.

No context found.

B. Barras, S. Boutin, C. Cornes, J. Courant, Y. Coscoy, D. Delahaye, D. de Rauglaudre, J.-C. Filliatre, E. Gimenez, H. Herbelin, G. Huet, H. Laulhere, C. Munoz, C. Murthy, C. Parent-Vigouroux, P. Loiseleur, C. Paulin-Mohring, A. Sabi, and B. Werner. The Coq proof assistant reference manual -- version 7.2. Technical Report 0255, INRIA, February 2002. 16

No context found.

Bruno Barras, Samuel Boutin, Cristina Cornes, Jean-Christophe Filliatre, Eduardo Gim'enez, Hugo Herbelin, Gerard Huet, Cesar Mu~noz, Chetan Murthy, Catherine Parent, Christine Paulin-Mohring, Amokrane Saibi, and Benjamin Werner. The Coq Proof Assistant Reference Manual: Version 6.1. Technical Report RT-0203, Inria, May 1997.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC