A New Elimination Rule for the Calculus of Inductive Constructions

Published in the post-proceedings of TYPES but actually not presented orally to the conferenceInternational audienceIn Type Theory, definition by dependently-typed case analysis can be expressed by means of a set of equations — the semantic approach — or by an explicit pattern-matching construction — the syntactic approach. We aim at putting together the best of both approaches by extending the pattern-matching construction found in the Coq proof assistant in order to obtain the expressivity and flexibility of equation-based case analysis while remaining in a syntax-based setting, thus making dependently-typed programming more tractable in the Coq system. We provide a new rule that permits the omission of impossible cases, handles the propagation of inversion constraints, and allows to derive Streicher's K axiom. We show that subject reduction holds, and sketch a proof of relative consistency

Verifying Strong Eventual Consistency in Distributed Systems

Data replication is used in distributed systems to maintain up-to-date copies of shared data across multiple computers in a network. However, despite decades of research, algorithms for achieving consistency in replicated systems are still poorly understood. Indeed, many published algorithms have later been shown to be incorrect, even some that were accompanied by supposed mechanised proofs of correctness. In this work, we focus on the correctness of Conflict-free Replicated Data Types (CRDTs), a class of algorithm that provides strong eventual consistency guarantees for replicated data. We develop a modular and reusable framework in the Isabelle/HOL interactive proof assistant for verifying the correctness of CRDT algorithms. We avoid correctness issues that have dogged previous mechanised proofs in this area by including a network model in our formalisation, and proving that our theorems hold in all possible network behaviours. Our axiomatic network model is a standard abstraction that accurately reflects the behaviour of real-world computer networks. Moreover, we identify an abstract convergence theorem, a property of order relations, which provides a formal definition of strong eventual consistency. We then obtain the first machine-checked correctness theorems for three concrete CRDTs: the Replicated Growable Array, the Observed-Remove Set, and an Increment-Decrement Counter. We find that our framework is highly reusable, developing proofs of correctness for the latter two CRDTs in a few hours and with relatively little CRDT-specific code

定理証明支援系Coqにおける手続き的証明から宣言的証明への変換

　定理証明支援系Coqにおける証明は、一般に手続き的証明と呼ばれる形式で記述される。これは対話的証明を前提としており、自然言語による証明記述と大きく異なるため、可読性が高いものではない。この問題を解決するためにCoq用宣言的証明言語C-zarが開発された。宣言的証明は可読性が高く、また外部ツールを導入し易い。しかし、C-zar は手続き的証明に対して記述量が多い上に柔軟性が低く、Coq ユーザに受け入れられなかった。本研究では、Coq の手続き的証明からC-zarの証明を生成することで、両者間の橋渡しを行う。一般に手続き的証明から宣言的証明への変換手法としては、証明項や証明木のような中間表現を経由する方法が考えられ、既に定理証明支援系Matitaでは証明項を経由する手続き的証明から宣言的証明への変換が存在する。しかし、中間表現は元の証明と比べて詳細かつ巨大になり、元の手続き的証明1ステップに対して数百ステップの宣言的証明が生成されてしまう場合もある。一方で、C-zar は手続き的証明で用いられるタクティックと呼ばれるコマンドを利用することができ、これによって手続き的証明の1ステップは、多くの場合C-zarの数ステップと対応させることができる。本研究では、元の手続き的証明と証明項の両方を用いて変換を行うことで、元の証明に近い粒度の宣言的証明の生成を実現する。電気通信大学201

Représentation coinductive des graphes

Nous nous intéressons à la représentation de graphes dans le prouveur Coq. Nous avons choisi de les représenter par des types coinductifs dont nous voulions explorer l'utilisation. Ceux-ci permettent de rendre succincte et élégante la représentation et d'obtenir la navigabilité par construction. Nous avons dû contourner la condition de garde dont le but est d'assurer la validité des opérations effectuées sur les objets coinductifs. Son implantation dans Coq est restrictive et interdit parfois des définitions sémantiquement correctes. Une formalisation canonique des graphes dépasse ainsi l'expressivité directe de Coq. Nous avons donc proposé une solution respectant ces limitations, puis nous avons défini une relation sur les graphes nous permettant d'obtenir la même notion d'équivalence qu'avec une représentation classique tout en gardant les avantages de la coinduction. Nous montrons qu'elle est équivalente à une relation basée sur des observations finies.We are interested in graph representation in the theorem prover Coq. We have chosen to represent graphs using coinductive types. We wanted to explore their use in Coq. Indeed, they make the graph representation succinct and elegant. Moreover, navigability is ensured by construction. We had to overcome the guardedness condition whose objective is to ensure validity of all operations made on coinductive objects. Its implementation in Coq is restrictive and sometimes forbids definitions, even semantically correct ones. A canonical formalization of graphs thus surmounts Coq's direct expressivity. We have designed a solution respecting these limitations. Then, we have defined a relation on graphs close to the notion of equivalence obtained on a classical representation, keeping however the advantages offered by coinduction. We show that this relation is equivalent to another one based on finite observations of the graphs

A Machine-checked Proof of the Average-case Complexity of Quicksort in Coq

Item does not contain fulltextTypes for Proofs International Conference, TYPES 2008 Torino, Italy, 26 maart 200