![:
ISO/IEC 15408 EAL7
CompCert sel4 JavaCard
Coq TLS OpenSSL
[ 14]](https://image.slidesharecdn.com/document-160709151043/85/Coq-for-ML-users-3-320.jpg)
![Peano
Inductive nat : Set :=
O : nat
| S : nat -> nat.
Inductive list {A : Type} : Type :=
nil : list A
| cons : A -> list A -> list A.
[], :: Notaion
Fixpoint length {A : Set } (xs : list A) :=
match xs with
| [] => O
| x :: xs’ => S (length xs’)
end.](https://image.slidesharecdn.com/document-160709151043/85/Coq-for-ML-users-5-320.jpg)
![Coq
Goal forall (A B:Set)(f: A->B)(xs: list A),
length(map f xs) = length xs.
Proof.
intros A B f xs.
---------> length (map f xs) = length xs
induction xs as [|x xs’].
(* xs = nil *)
---------> length (map f nil) = length nil
- simpl.
---------> 0 = 0
auto.
(* xs = x :: xs’ *)
IHxs’ : length (map f xs’) = length xs’
list
---------> length (map f (x :: xs’)) = length (x :: xs’)
- simpl.
---------> S (length (map f xs’)) = S (length xs’)
auto.
Qed.](https://image.slidesharecdn.com/document-160709151043/85/Coq-for-ML-users-7-320.jpg)
![Why3
ML Java, C, Atlier B
/ Coq
Coq
(for )
OCaml
let max_sum (a: array int) (n: int) =
{ 0 <= n = length a / forall i:int. 0 <= i < n -> a[i] >= 0 }
let sum = ref 0 in
let max = ref 0 in
for i = 0 to n - 1 do
invariant { !sum <= i * !max }
if !max < a[i] then max := a[i];
sum := !sum + a[i]
done;
(!sum, !max)
{ let (sum, max) = result in sum <= n * max }
=) Coq](https://image.slidesharecdn.com/document-160709151043/85/Coq-for-ML-users-8-320.jpg)
Coq for ML users
- 1. ML Coq @tmiya_ July 09, 2016
- 2. Coq Coq OCaml OCaml ML ) Coq omega
- 3. : ISO/IEC 15408 EAL7 CompCert sel4 JavaCard Coq TLS OpenSSL [ 14]
- 4. Curry-Howard () – A () A A () A a : A A ^ B () A; B A _ B () A; B A ! B () A B () 8a : A; B () A a , Bfx=ag 9a : A; B () a : A Bfa=xg A ! B () () tactic () )
- 5. Peano Inductive nat : Set := O : nat | S : nat -> nat. Inductive list {A : Type} : Type := nil : list A | cons : A -> list A -> list A. [], :: Notaion Fixpoint length {A : Set } (xs : list A) := match xs with | [] => O | x :: xs’ => S (length xs’) end.
- 6. map length Goal forall (A B:Set)(f: A->B)(xs: list A), length(map f xs) = length xs. Proof. intros; induction xs; simpl; auto. Qed. map OCaml let rec map f = function | Nil -> Nil | Cons (a, t) -> Cons ((f a), (map f t)) OCaml coqio (IO ) @yoshihiro503
- 7. Coq Goal forall (A B:Set)(f: A->B)(xs: list A), length(map f xs) = length xs. Proof. intros A B f xs. ---------> length (map f xs) = length xs induction xs as [|x xs’]. (* xs = nil *) ---------> length (map f nil) = length nil - simpl. ---------> 0 = 0 auto. (* xs = x :: xs’ *) IHxs’ : length (map f xs’) = length xs’ list ---------> length (map f (x :: xs’)) = length (x :: xs’) - simpl. ---------> S (length (map f xs’)) = S (length xs’) auto. Qed.
- 8. Why3 ML Java, C, Atlier B / Coq Coq (for ) OCaml let max_sum (a: array int) (n: int) = { 0 <= n = length a / forall i:int. 0 <= i < n -> a[i] >= 0 } let sum = ref 0 in let max = ref 0 in for i = 0 to n - 1 do invariant { !sum <= i * !max } if !max < a[i] then max := a[i]; sum := !sum + a[i] done; (!sum, !max) { let (sum, max) = result in sum <= n * max } =) Coq
- 9. : “Coq: The world s best macro assembler?” Coq X86 X86 state monad ! DFA ! X86 RET | RETOP offset => let! oldSP = getRegFromProcState ESP; let! IP = getDWORDFromProcState oldSP; do! setRegInProcState ESP (addB (oldSP+#4) (zeroExtend 16 offset)); setRegInProcState EIP IP max Definition max (r1 r2: Reg) : program := LOCAL Bigger; CMP r1, r2;; JG Bigger;; MOV r1, r2;; Bigger:; .
- 10. Coq “Coq’Art” tactic goal twitter/ Garrigue TAPL ) Pierce ) Why3 CFML ) Garrigue Affeldt SSReflect “Coq Winter School 2016” ) “Certified Programming with Dependent Types” “Proof by Reflection” /
- 11. Coq SF : Pierce +¸ connpass #readcoqart 7/24(Sun) Coq ProofCafe : ProofSummit 2016 ProofSummit 9/25(Sun) ICFP 2016 (9/17-24 )