coq coq codet
play

Coq Coq Codet! Towards a Verified Toolchain for Coq in MetaCoq - PowerPoint PPT Presentation

May 27, 2023 •869 likes •1.31k views

Coq Coq Codet! Towards a Verified Toolchain for Coq in MetaCoq Matthieu Sozeau . r 2 , Inria Paris Yannick Forster Saarland University Simon Boulier, Th eo Winterhalter, Nicolas Tabareau Gallinette, Inria Nantes Coq Workshop 2019

  1. Coq Coq Codet! Towards a Verified Toolchain for Coq in MetaCoq Matthieu Sozeau π . r 2 , Inria Paris Yannick Forster Saarland University Simon Boulier, Th´ eo Winterhalter, Nicolas Tabareau Gallinette, Inria Nantes Coq Workshop 2019 September 8 Sozeau, Forster, Boulier, Tabareau, Winterhalter Coq Coq Codet! Coq WS 2019 – Sep 8 1

  2. The implementation of Coq (idealised) untrusted code type inference type classes tactics plugins trusted code base parsing extraction kernel type checking Sozeau, Forster, Boulier, Tabareau, Winterhalter Coq Coq Codet! Coq WS 2019 – Sep 8 2

  3. The underlying type theory PCUIC: Polymorphic, CUmulative calculus of Inductive Constructions No inconsistency found for 30 years, up-to-date consistency proof by Timany and Sozeau [2017] Sozeau, Forster, Boulier, Tabareau, Winterhalter Coq Coq Codet! Coq WS 2019 – Sep 8 3

  4. The implementation of Coq (reality) 200 000 lines of OCaml code – the kernel still has 18 000 lines About 1 critical bug per year ⇒ The kernel should really, really be verified Sozeau, Forster, Boulier, Tabareau, Winterhalter Coq Coq Codet! Coq WS 2019 – Sep 8 4

  5. Coq Coq Codet! Formalise PCUIC in Coq implement simple, executable type checker for PCUIC in Coq implement type and proof erasure Sozeau, Forster, Boulier, Tabareau, Winterhalter Coq Coq Codet! Coq WS 2019 – Sep 8 5

  6. Outline 1 MetaCoq & Template-Coq 2 Metatheory of PCUIC 3 Verified type checker 4 Verified erasure Sozeau, Forster, Boulier, Tabareau, Winterhalter Coq Coq Codet! Coq WS 2019 – Sep 8 6

  7. What’s up with the title?! Sozeau, Forster, Boulier, Tabareau, Winterhalter Coq Coq Codet! Coq WS 2019 – Sep 8 7

  8. The MetaCoq project Sozeau, Forster, Boulier, Tabareau, Winterhalter Coq Coq Codet! Coq WS 2019 – Sep 8 7

  9. Related projects Coq in Coq [Barras, 1999]: Formalisation of an idealised version of Coq, rather than the current implementation. MTac/MTac2 [Ziliani et al., 2015, Kaiser et al., 2018]: A typed metaprogramming environment for writing typed tactics. Template-Coq [Malecha, 2014]: now part of the MetaCoq project Idris, Agda and Lean have similar meta-programming frameworks. Sozeau, Forster, Boulier, Tabareau, Winterhalter Coq Coq Codet! Coq WS 2019 – Sep 8 8

  10. Sozeau, Forster, Boulier, Tabareau, Winterhalter Coq Coq Codet! Coq WS 2019 – Sep 8 9

  11. Reification and denotation: Template-Coq Sozeau, Forster, Boulier, Tabareau, Winterhalter Coq Coq Codet! Coq WS 2019 – Sep 8 9

  12. Template-Coq Initially developed by G. Malecha Faithful representation of Coq terms as inductive type in Coq Essentially a translation of the OCaml constr type to Coq Differences: Strings for global_reference and lists instead of arrays. But native integers and arrays are coming soon to Coq. Sozeau, Forster, Boulier, Tabareau, Winterhalter Coq Coq Codet! Coq WS 2019 – Sep 8 10

  13. Template-Coq Demonstration Sozeau, Forster, Boulier, Tabareau, Winterhalter Coq Coq Codet! Coq WS 2019 – Sep 8 11

  14. Formalising Coq’s type theory: PCUIC Sozeau, Forster, Boulier, Tabareau, Winterhalter Coq Coq Codet! Coq WS 2019 – Sep 8 11

  15. The need for an abstraction (Template) Coq: tmApp : term → list term → term invariant: list is non-empty and term is no application In PCUIC: tmApp : term → term → term Sozeau, Forster, Boulier, Tabareau, Winterhalter Coq Coq Codet! Coq WS 2019 – Sep 8 12

  16. Meta-theory of Coq in Coq Weakening and Substitution Confluence Subject reduction Validity We assume strong normalisation of reduction (i.e. a strong form of consistency) Sozeau, Forster, Boulier, Tabareau, Winterhalter Coq Coq Codet! Coq WS 2019 – Sep 8 13

  17. Typing Inductive typing (Sigma : global_context) (Gamma : context) : term → term → Type := | type_Rel n decl : All_local_env ( ↑ _typing typing Σ ) Γ → nth_error Γ n = Some decl → Σ ; Γ ⊢ tRel n : ↑ 0 (S n) decl.(decl_type) | type_Sort l : All_local_env ( ↑ _typing typing Σ ) Γ → Σ ; Γ ⊢ tSort l : tSort (super l) | type_Lambda na A t s1 B : Σ ; Γ ⊢ A : tSort s1 → Σ ; Γ ,, vass x A ⊢ t : B → Σ ; Γ ⊢ (tLambda x A t) : tProd x A B | type_App t na A B u : Σ ; Γ ⊢ t : tProd na A B → Σ ; Γ ⊢ u : A → Σ ; Γ ⊢ (tApp t u) : B{0 := u} | type_Conv t A B : Σ ; Γ ⊢ t : A → (isWfArity typing Σ Γ B + {s & Σ ; Γ ⊢ B : tSort s}) → Σ ; Γ ⊢ A <= B → Σ ; Γ ⊢ t : B | ... (* remaining definitions for constants, inductive and coinductive types *) where " Σ ; Γ ⊢ t : T " := (typing Σ Γ t T). Sozeau, Forster, Boulier, Tabareau, Winterhalter Coq Coq Codet! Coq WS 2019 – Sep 8 14

  18. Reduction Inductive red1 Σ ( Γ : context) : term → term → Type := | red_beta na t b a : Σ ; Γ ⊢ tApp (tLambda na t b) a ≻ subst10 a b | red_zeta na b t b’ : Σ ; Γ ⊢ tLetIn na b t b’ ≻ subst10 b b’ | red_rel i body : option_map decl_body (nth_error Γ i) = Some (Some body) → Σ ; Γ ⊢ tRel i ≻ ↑ 0 (S i) body | red_iota ind pars c u args p brs : Σ ; Γ ⊢ tCase (ind, pars) p (mkApps (tConstruct ind c u) args) brs ≻ iota_red pars c args brs | red_fix mfix idx args narg fn : unfold_fix mfix idx = Some (narg, fn) → is_constructor narg args = true → Σ ; Γ ⊢ mkApps (tFix mfix idx) args ≻ mkApps fn args | red_cofix_case ip p mfix idx args narg fn brs : unfold_cofix mfix idx = Some (narg, fn) → Σ ; Γ ⊢ tCase ip p (mkApps (tCoFix mfix idx) args) brs ≻ tCase ip p (mkApps fn args) brs | red_delta c decl body (isdecl : declared_constant Σ c decl) u : decl.(cst_body) = Some body → Σ ; Γ ⊢ tConst c u ≻ subst_instance_constr u body | ... (* remaining definitions are congruence rules *) where " Σ ; Γ ⊢ t ≻ u " := (red1 Σ Γ t u). Sozeau, Forster, Boulier, Tabareau, Winterhalter Coq Coq Codet! Coq WS 2019 – Sep 8 15

  19. Cumulativity Inductive cumul (Sigma : global_context) (Gamma : context) : term → term → Type := | cumul_refl t u : leq_term (snd Σ ) t u → Σ ; Γ ⊢ t <= u | cumul_red_l t u v : fst Σ ; Γ ⊢ t ≻ v → Σ ; Γ ⊢ v <= u → Σ ; Γ ⊢ t <= u | cumul_red_r t u v : Σ ; Γ ⊢ t <= v → fst Σ ; Γ ⊢ u ≻ v → Σ ; Γ ⊢ t <= u where " Σ ; Γ ⊢ t <= u " := (cumul Σ Γ t u). Definition leq_term phi t u := eq_term_upto_univ (leq_universe phi) t u. Sozeau, Forster, Boulier, Tabareau, Winterhalter Coq Coq Codet! Coq WS 2019 – Sep 8 16

  20. Big-step evaluation Inductive eval : term → term → Type := (** Reductions *) (** Beta *) | eval_beta f na t b a a’ res : eval f (tLambda na t b) → eval a a’ → eval (subst10 a’ b) res → eval (tApp f a) res (** Let *) | eval_zeta na b0 b0’ t b1 res : eval b0 b0’ → eval (subst10 b0’ b1) res → eval (tLetIn na b0 t b1) res (* ... *). Sozeau, Forster, Boulier, Tabareau, Winterhalter Coq Coq Codet! Coq WS 2019 – Sep 8 17

  21. Universes Inductive ConstraintType : Set := Lt | Le | Eq. Definition univ_constraint : Set := Level * ConstraintType * Level. Record valuation := { valuation_mono : string → positive ; valuation_poly : nat → nat }. Definition val (v : valuation) (l : Level) : Z := match l with | lProp ⇒ -1 | lSet ⇒ 0 | Level s ⇒ Zpos (v.(valuation_mono) s) | Var x ⇒ Z.of_nat (v.(valuation_poly) x) end. Inductive satisfies0 (v : valuation) : univ_constraint → Prop := | satisfies0_Lt l l’ : val v l < val v l’ → satisfies0 v (l, Lt, l’) | satisfies0_Le l l’ : val v l <= val v l’ → satisfies0 v (l, Le, l’) | satisfies0_Eq l l’ : val v l = val v l’ → satisfies0 v (l, Eq, l’). Definition satisfies v : constraints → Prop := For_all (satisfies0 v). Definition consistent ctrs := ∃ v, satisfies v ctrs. Sozeau, Forster, Boulier, Tabareau, Winterhalter Coq Coq Codet! Coq WS 2019 – Sep 8 18

  22. Strict positivity and guard condition The positivity check and the guard condition are specified as syntactic oracles which must be preserved by reduction and substitution and ensure strong normalisation. Long term goal: Assume SN for Coq + eliminators, prove SN for Coq + heuristic guard condition currently implemented Sozeau, Forster, Boulier, Tabareau, Winterhalter Coq Coq Codet! Coq WS 2019 – Sep 8 19

  23. Verified type checker Sozeau, Forster, Boulier, Tabareau, Winterhalter Coq Coq Codet! Coq WS 2019 – Sep 8 19

  24. A sound type checker 1 decide untyped conversion (on typed terms) ⇒ implement weak head-reduction using a stack machine (3400 loc) 2 infer type of a term ⇒ implement structural type inference procedure (1400 loc) 3 obtain sound type checker ⇒ implement type comparison up to cumulativity using conversion Sozeau, Forster, Boulier, Tabareau, Winterhalter Coq Coq Codet! Coq WS 2019 – Sep 8 20

  25. Safe conversion By (clever) recursion on SN assumption for PCUIC Takes welltypedness certificate as argument Extracted: Certificate disappears, partial function sound on typed terms Mutually recursive functions: reduce to whnf, compare heads, compare stacks Sozeau, Forster, Boulier, Tabareau, Winterhalter Coq Coq Codet! Coq WS 2019 – Sep 8 21

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

S CODET A SIA 2010 The various tips provided in this paper come from the authors,

S CODET A SIA 2010 The various tips provided in this paper come from the authors,

S CODET A SIA 2010 EFFECTIVE POSTER PREP A R ATION &amp; PRESENT ATION SITARAM DIXIT Corporate Manager Fragrances, S. H. Kelkar &amp; Company Pvt. Ltd. INTRODUCTION People attend a professional conference for a variety of reasons. It can be to

277 views • 9 slides
Suns dynamics Earths atmosphere Solar Wind ARs CMEs Electromagnetic emission in

Suns dynamics Earths atmosphere Solar Wind ARs CMEs Electromagnetic emission in

Solar Spectral Irradiance (SSI) from CODET model and their relation with Earths upper atmosphere Jenny Marcela Rodrguez Gmez PhD in Space Geophysics (INPE) Collaborators: Luis Eduardo Antunes Vieira Alisson Dal Lago Judith Palacios

488 views • 23 slides
Learning ancestral atom of structured dictionary via sparse coding Bernoulli Society Satellite

Learning ancestral atom of structured dictionary via sparse coding Bernoulli Society Satellite

Learning ancestral atom of structured dictionary via sparse coding Bernoulli Society Satellite Meeting Noboru Murata Waseda University 2 September, 2013 joint work with Toshimitsu Aritake, Hideitsu Hino 1 / 25 sparse coding a methodology

513 views • 25 slides
METADISCOURSE AS UNQUOTATION CHUNG-CHIEH SHAN 29 SEPTEMBER 2012 January 2009 1. Depicting as

METADISCOURSE AS UNQUOTATION CHUNG-CHIEH SHAN 29 SEPTEMBER 2012 January 2009 1. Depicting as

METADISCOURSE AS UNQUOTATION CHUNG-CHIEH SHAN 29 SEPTEMBER 2012 January 2009 1. Depicting as a method of communication 2. Rational ways of speaking Herbert H. Clark 4/14 January 2009 774 LANGUAGE, VOLUME 66, NUMBER 4 (1990)

495 views • 32 slides
Lecture 10: Larger-than-Memory Databases 1 / 53 Larger-than-Memory Databases Recap

Lecture 10: Larger-than-Memory Databases 1 / 53 Larger-than-Memory Databases Recap

Larger-than-Memory Databases Lecture 10: Larger-than-Memory Databases 1 / 53 Larger-than-Memory Databases Recap Compression Recap 2 / 53 Larger-than-Memory Databases Recap Compression Nave Compression Choice 1: Entropy Encoding

1.07k views • 53 slides
We use standards and standards need support Wikimedia Foundation Gerard Meijssen

We use standards and standards need support Wikimedia Foundation Gerard Meijssen

We use standards and standards need support Wikimedia Foundation Gerard Meijssen Internationalization / Localization outreach consultant What our communities do There is a Wikipedia in 283 languages A request has been made for

645 views • 7 slides
Two camps of program verifjcation Interactive Theorem Provers (ITPs): Coq, Agda, Lean, Idris, ...

Two camps of program verifjcation Interactive Theorem Provers (ITPs): Coq, Agda, Lean, Idris, ...

Guido Martnez Nik Swamy ECI 2019 1 / 15 An introduction to Meta- F Two camps of program verifjcation Interactive Theorem Provers (ITPs): Coq, Agda, Lean, Idris, ... Program Verifjers: Dafny, VCC, Liquid Haskell, ... Verifjcation

759 views • 55 slides
Ontology for Indian Music: An Approach for ontology learning from online music forums

Ontology for Indian Music: An Approach for ontology learning from online music forums

3 rd CompMusic Workshop, IIT Madras, Chennai Ontology for Indian Music: An Approach for ontology learning from online music forums Supervisors Joe Cheri Ross Prof. Pushpak Bhattacharyya Prof. Preeti Rao IIT Bombay 1 Objective Augment

891 views • 30 slides
The System Catalog Every database system must have a meta-database of information on the schemata

The System Catalog Every database system must have a meta-database of information on the schemata

The System Catalog Every database system must have a meta-database of information on the schemata which it contains. This includes, for each schema, at least the following: The names of the relations in the schema. The names of the columns

383 views • 16 slides
VDM : Mathematical Structures for Formal Methods Andrew Butterfield 19th May 2000 Abstract

VDM : Mathematical Structures for Formal Methods Andrew Butterfield 19th May 2000 Abstract

VDM : Mathematical Structures for Formal Methods Andrew Butterfield 19th May 2000 Abstract This talk describes the philosophy and work of the Irish School of the Vienna Development Method ( VDM ). It starts by placing the Irish

1.2k views • 106 slides
DYNAMIC: DONT BE AFRAID Hadi Hariri JetBrains Agenda The What, the Why, the How A Tale as

DYNAMIC: DONT BE AFRAID Hadi Hariri JetBrains Agenda The What, the Why, the How A Tale as

DYNAMIC: DONT BE AFRAID Hadi Hariri JetBrains Agenda The What, the Why, the How A Tale as Old as Time... A tale as old as time Static vs Dynamic Static vs Dynamic Discussion Threads Blog Blog Posts Posts and more blog posts In

852 views • 64 slides
How Not to Write an x86 Platform Driver Core-kernel dev plays with device drivers.... October 24,

How Not to Write an x86 Platform Driver Core-kernel dev plays with device drivers.... October 24,

How Not to Write an x86 Platform Driver Core-kernel dev plays with device drivers.... October 24, 2013 Darren Hart &lt;darren.hart@intel.com&gt; ELC-E Edinburgh 2013 Agenda Platform MinnowBoard Examples Lessons Learned

799 views • 36 slides
A BIG MULTILINGUAL TERMINOLOGICAL DATA SPACE Rodolfo Maslias (EU TermCoord) and Roberto Navigli

A BIG MULTILINGUAL TERMINOLOGICAL DATA SPACE Rodolfo Maslias (EU TermCoord) and Roberto Navigli

A Big Multilingual Terminological Data Space Rodolfo Maslias and Roberto Navigli A BIG MULTILINGUAL TERMINOLOGICAL DATA SPACE Rodolfo Maslias (EU TermCoord) and Roberto Navigli (Sapienza University of Rome) MultilingualWeb Workshop Riga

628 views • 18 slides
Learning to rank search results Voting algorithms, rank combination methods Web Search Andr

Learning to rank search results Voting algorithms, rank combination methods Web Search Andr

Learning to rank search results Voting algorithms, rank combination methods Web Search Andr Mouro, Joo Magalhes 1 2 How can we merge these results? Which model should we select for our production system? Not trivial. Would

616 views • 40 slides
Chapter 3: Top-k Query Processing and Indexing 3.1 Top-k Algorithms 3.2 Approximate Top-k Query

Chapter 3: Top-k Query Processing and Indexing 3.1 Top-k Algorithms 3.2 Approximate Top-k Query

Chapter 3: Top-k Query Processing and Indexing 3.1 Top-k Algorithms 3.2 Approximate Top-k Query Processing 3.3 Index Access Scheduling 3.4 Index Organization and Advanced Query Types 3-1 IRDM WS 2005 3.1 Top-k Query Processing with Scoring

592 views • 36 slides
Scalable Data Services with mongoDB High Performance High Availability for... Managers

Scalable Data Services with mongoDB High Performance High Availability for... Managers

Scalable Data Services with mongoDB High Performance High Availability for... Managers Architects Developers (Web) Admins Data ... http://www.flickr.com/photos/annarbor/4350618884/in/set- 72157623414542180/ Data Services ... services

607 views • 50 slides
Interoperability Challenges in Libraries Adam Brin Digital Antiquity Back in Time How did you

Interoperability Challenges in Libraries Adam Brin Digital Antiquity Back in Time How did you

Learning from 20+ Years of Interoperability Challenges in Libraries Adam Brin Digital Antiquity Back in Time How did you do your research? Spirs SOAP WebSpirs SRW/SRU Z39.50 Metasearch Telnet Google Scholar

292 views • 16 slides
Merging Results from Multiple Sources in Video Retrieval Wei-Hao Lin Language Technologies

Merging Results from Multiple Sources in Video Retrieval Wei-Hao Lin Language Technologies

Merging Results from Multiple Sources in Video Retrieval Wei-Hao Lin Language Technologies Institute School of Computer Science Carnegie Mellon University whlin@cs.cmu.edu Multiple-Source Video Retrieval CNN Query: Find video segments

380 views • 14 slides
Federated Search Diagram Solution 1: Federate Searching aka MetaSearch

Federated Search Diagram Solution 1: Federate Searching aka MetaSearch

Thoughts on Federated and Aggregated Search Architectures Information Scatter Internal Local and remote file shares Email CMS /DMS Application portals Knowledge bases

443 views • 5 slides
Lecture 1: Semantic Web and RDF Aidan Hogan aidhog@gmail.com THE WEB The Web is now 26 years

Lecture 1: Semantic Web and RDF Aidan Hogan aidhog@gmail.com THE WEB The Web is now 26 years

Lecture 1: Semantic Web and RDF Aidan Hogan aidhog@gmail.com THE WEB The Web is now 26 years old Evolution of the Web The Future of the Web? THE SEMANTIC WEB The Semantic Web what is the Semantic Web? Semantic Web?

1.35k views • 99 slides
Parameterized Complexity of Kemeny Rankings Nadja Betzler Friedrich-Schiller-Universit at Jena

Parameterized Complexity of Kemeny Rankings Nadja Betzler Friedrich-Schiller-Universit at Jena

Introduction Kemeny ranking Parameterizations Average distance Conclusion Parameterized Complexity of Kemeny Rankings Nadja Betzler Friedrich-Schiller-Universit at Jena joint work with Michael R. Fellows, Jiong Guo, Rolf Niedermeier,

509 views • 25 slides
The Latest Progress of Chinese-Italian Culture Heritage Project - presented by Sijin QIAN (Peking

The Latest Progress of Chinese-Italian Culture Heritage Project - presented by Sijin QIAN (Peking

Xian Jiaotong University Xian Jiaotong University Xian Jiaotong University The Latest Progress of Chinese-Italian Culture Heritage Project - presented by Sijin QIAN (Peking University) on behalf of Chinese partners in the project

747 views • 41 slides
Search Engines Issues Avi Rappoport Search Tools Consulting Search Issues Enterprise Search

Search Engines Issues Avi Rappoport Search Tools Consulting Search Issues Enterprise Search

Search Engines Issues Avi Rappoport Search Tools Consulting Search Issues Enterprise Search Engines Corporate and institutional sites E-commerce Intranets P2P, Meta search and distributed search CMSs and Search Engines

429 views • 25 slides
Web Engineering availability and reliability = money large global enterprises, e.g. Prof.

Web Engineering availability and reliability = money large global enterprises, e.g. Prof.

Availability E-Commerce (simplified) server down = sales down Web Engineering availability and reliability = money large global enterprises, e.g. Prof. Dr. Dr. h.c. mult. Gerhard Krger, Albrecht Schmidt www.amazone.com the

832 views • 13 slides

More recommend