Formalizing Stalmarck's algorithm in Coq

International audienceWe present the development of a machine-checked implementation of Stalmarck's algorithm. First, we prove the correctness and the completeness of an abstract representation of the algorithm. Then, we give an effective implementation of the algorithm that we prove correct

TRX: A Formally Verified Parser Interpreter

Parsing is an important problem in computer science and yet surprisingly little attention has been devoted to its formal verification. In this paper, we present TRX: a parser interpreter formally developed in the proof assistant Coq, capable of producing formally correct parsers. We are using parsing expression grammars (PEGs), a formalism essentially representing recursive descent parsing, which we consider an attractive alternative to context-free grammars (CFGs). From this formalization we can extract a parser for an arbitrary PEG grammar with the warranty of total correctness, i.e., the resulting parser is terminating and correct with respect to its grammar and the semantics of PEGs; both properties formally proven in Coq.Comment: 26 pages, LMC

Total Haskell is Reasonable Coq

We would like to use the Coq proof assistant to mechanically verify properties of Haskell programs. To that end, we present a tool, named hs-to-coq, that translates total Haskell programs into Coq programs via a shallow embedding. We apply our tool in three case studies -- a lawful Monad instance, "Hutton's razor", and an existing data structure library -- and prove their correctness. These examples show that this approach is viable: both that hs-to-coq applies to existing Haskell code, and that the output it produces is amenable to verification.Comment: 13 pages plus references. Published at CPP'18, In Proceedings of 7th ACM SIGPLAN International Conference on Certified Programs and Proofs (CPP'18). ACM, New York, NY, USA, 201

Clinical Chorioamnionitis and Neurodevelopment at 5 Years of Age in Children Born Preterm: The EPIPAGE-2 Cohort Study.

OBJECTIVE To assess the association between clinical chorioamnionitis and neurodevelopmental disorders at 5 years of age in children born preterm. STUDY DESIGN EPIPAGE 2 is a national, population-based cohort study of children born before 35 weeks of gestation in France in 2011. We included infants born alive between 24+0 and 34+6 weeks following preterm labor (PTL) or preterm premature rupture of membranes (PPROM). Clinical chorioamnionitis was defined as maternal fever before labor (>37.8°C) with at least two of the following criteria: maternal tachycardia, hyperleukocytosis, uterine contractions, purulent amniotic fluid, or fetal tachycardia. The primary outcome was a composite including cerebral palsy, coordination disorders, cognitive disorders, sensory disorders, or behavioral disorders. We also analyzed each of these disorders separately as secondary outcomes. We performed a multivariable analysis using logistic regression models. We accounted for the non-independence of twins and missing data by generalized estimating equation models and multiple imputations, respectively. RESULTS Among 2927 children alive at 5 years of age, 124 (3%) were born in a context of clinical chorioamnionitis. Overall, 8.2% and 9.6% of children exposed and unexposed respectively to clinical chorioamnionitis had moderate-to-severe neurodevelopmental disorders. After multiple imputations and multivariable analysis, clinical chorioamnionitis was not associated with the occurrence of moderate-to-severe neurodevelopmental disorders (adjusted odds ratio = 0.9, 95%CI: 0.5-1.8). CONCLUSION We did not find any association between clinical chorioamnionitis and neurodevelopmental disorders at 5 years of age in children born before 35 weeks of gestation after PTL or PPROM

Wave Equation Numerical Resolution: a Comprehensive Mechanized Proof of a C Program

We formally prove correct a C program that implements a numerical scheme for the resolution of the one-dimensional acoustic wave equation. Such an implementation introduces errors at several levels: the numerical scheme introduces method errors, and floating-point computations lead to round-off errors. We annotate this C program to specify both method error and round-off error. We use Frama-C to generate theorems that guarantee the soundness of the code. We discharge these theorems using SMT solvers, Gappa, and Coq. This involves a large Coq development to prove the adequacy of the C program to the numerical scheme and to bound errors. To our knowledge, this is the first time such a numerical analysis program is fully machine-checked.Comment: No. RR-7826 (2011

Programmation fonctionnelle certifiée : <br />L'extraction de programmes dans l'assistant Coq

This work concerns the generation of programs which are certifiedto be correct by construction. These programs are obtained by extracting relevant information from constructive proofs made withthe Coq proof assistant. Such a translation, named ``extraction'', of constructive proofs intofunctional programs is not new, and corresponds to an isomorphismknown as Curry-Howard's. An extraction tool has been part of Coqassistant for a long time. But this old extraction tool suffered fromseveral limitations: in particular, some Coq proofs were refused byit, whereas some others led to incorrect programs.In order to overcome these limitations, we built a completely newextraction tool for Coq, including both a new theory and a newimplementation. Concerning theory, we developed new correctnessproofs for this extraction mechanism. These new proofs are both complex and original. Concerning implementation, we focused on the generation of efficient and realistic code, which can be integrated in large-scale software developments, using modules and interfaces.Finally, we also present several case studies illustrating thecapabilities of our new extraction. For example, we describe thecertification of a modular library of finite set structures, and the production of programs about real exact arithmetic, starting from aformalization of constructive real analysis. These examples show the progress already achieved, even if the situation is not perfect yet,in particular in the last study.Nous nous intéressons ici à la génération de programmes certifiéscorrects par construction. Ces programmes sont obtenus enextrayant l'information pertinente de preuves constructives réaliséesdans l'assistant de preuves Coq.Une telle traduction, ou "extraction", des preuves constructivesen programmes fonctionnels n'est pas nouvelle, elle correspond à un isomorphisme bien connu sous le nom de Curry-Howard. Etl'assistant Coq comporte depuis longtemps un tel outil d'extraction. Mais l'outil précédent présentait d'importantes limitations. Certaines preuves Coq étaient ainsi hors de son champ d'application, alors que d'autres engendraient des programmes incorrects.Afin de résoudre ces limitations, nous avons effectué une refontecomplète de l'extraction dans Coq, tant du point de vue de la théorieque de l'implantation. Au niveau théorique, cette refonte a entraînéla réalisation de nouvelles preuves de correction de ce mécanismed'extraction, preuves à la fois complexes et originales. Concernantl'implantation, nous nous sommes efforcés d'engendrer du code extrait efficace et réaliste, pouvant en particulier être intégré dans desdéveloppement logiciels de plus grande échelle, par le biais demodules et d'interfaces.Enfin, nous présentons également plusieurs études de cas illustrantles possibilités de notre nouvelle extraction. Nous décrivons ainsi lacertification d'une bibliothèque modulaire d'ensembles finis, et l'obtention de programmes d'arithmétique réelle exacte à partir d'une formalisation d'analyse réelle constructive. Même si des progrès restent encore à obtenir, surtout dans ce dernier cas, ces exemples mettent en évidence le chemin déjà parcouru