Compiling Programs and Proofs: FoCaLiZe Internals

Designing a tool to ease the development of high-level security or safety systems must consider to facilitate not only design and coding but also formal demonstrations of correctness and compliance to standards. This entails some requirements on the tool as these demonstrations ask to link together computational and logical aspects of the development. These requirements are briefly considered and a solution is proposed: functions, statements and proofs are handled in a unique language, offering inheritance and parametrized modules. The FoCaLiZe environment implements this language, which remains simple enough to be used in a usual engineering process. The code generation produces an executable functional code (in OCaml) and a checkable term of a logical Type Theory (verified by Coq), close enough to truly ease traceability. It ensures that OCaml and Coq produced codes are error-free and provides compact generated code. The main contribution of this paper is a detailed presentation of the compilation scheme, which is supported by an original treatment of the dependencies induced by the combination of computational and logical constructs. As the whole source code is translated to a logical term verified by Coq, we get a strong assurance in the correctness of the generated code, hence avoiding the need to prove correctness of the compiler itself

Proof Contexts with Late Binding

The focal language (formerly Foc) allows one to incrementally build modules and to prove formally their correctness. focal encourages a development process by refinement, deriving step-by-step implementations from specifications. This refinement process is realized using an inheritance mechanism on structures which can mix primitive operations, axioms, algorithms and proofs. Inheriting from existing structures allows to reuse their components under some conditions, statically checked by the compiler. This paper presents two formal semantics for encoding focal constructions in the Coq proof assistant. The first one is a shallow embedding which gives a practical way to use Coq to check proofs in focal libraries. The second one formalizes the focal structures as Coq types (called mixDrecs) and shows that the informal semantics of focal libraries is coherent with respect to Coq logic. In the last part of the paper, we prove that the first embedding is conform to the mixDrecs model

Proof Contexts with Late Binding

The focal language (formerly Foc) allows one to incrementally build modules and to prove formally their correctness. focal encourages a development process by refinement, deriving step-by-step implementations from specifications. This refinement process is realized using an inheritance mechanism on structures which can mix primitive operations, axioms, algorithms and proofs. Inheriting from existing structures allows to reuse their components under some conditions, statically checked by the compiler. This paper presents two formal semantics for encoding focal constructions in the Coq proof assistant. The first one is a shallow embedding which gives a practical way to use Coq to check proofs in focal libraries. The second one formalizes the focal structures as Coq types (called mixDrecs) and shows that the informal semantics of focal libraries is coherent with respect to Coq logic. In the last part of the paper, we prove that the first embedding is conform to the mixDrecs model