Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Contribute to GitLab
Sign in
Toggle navigation
C
cpdt
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
research
cpdt
Commits
3968a69c
Commit
3968a69c
authored
Jul 25, 2012
by
Adam Chlipala
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Pass through StackMachine, to incorporate new coqdoc features
parent
c7a85fe2
Changes
4
Expand all
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
24 additions
and
34 deletions
+24
-34
InductiveTypes.v
src/InductiveTypes.v
+1
-1
Intro.v
src/Intro.v
+1
-1
StackMachine.v
src/StackMachine.v
+21
-31
Universes.v
src/Universes.v
+1
-1
No files found.
src/InductiveTypes.v
View file @
3968a69c
...
...
@@ -74,7 +74,7 @@ One of the first types we introduce will be [bool], with constructors [true] and
(
**
*
Enumerations
*
)
(
**
Coq
inductive
types
generalize
the
%
\
index
{
algebraic
datatypes
}%
algebraic
datatypes
found
in
%
\
index
{
Haskell
}%
Haskell
and
%
\
index
{
ML
}%
ML
.
Confusingly
enough
,
inductive
types
also
generalize
%
\
index
{
generalized
algebraic
datatypes
}%
generalized
algebraic
datatypes
(
GADT
'
s
)
,
by
adding
the
possibility
for
type
dependency
.
Even
so
,
it
is
worth
backing
up
from
the
examples
of
the
last
chapter
and
going
over
basic
,
algebraic
datatype
uses
of
inductive
datatypes
,
because
the
chance
to
prove
things
about
the
values
of
these
types
adds
new
wrinkles
beyond
usual
practice
in
Haskell
and
ML
.
(
**
Coq
inductive
types
generalize
the
%
\
index
{
algebraic
datatypes
}%
algebraic
datatypes
found
in
%
\
index
{
Haskell
}%
Haskell
and
%
\
index
{
ML
}%
ML
.
Confusingly
enough
,
inductive
types
also
generalize
%
\
index
{
generalized
algebraic
datatypes
}%
generalized
algebraic
datatypes
(
GADTs
)
,
by
adding
the
possibility
for
type
dependency
.
Even
so
,
it
is
worth
backing
up
from
the
examples
of
the
last
chapter
and
going
over
basic
,
algebraic
datatype
uses
of
inductive
datatypes
,
because
the
chance
to
prove
things
about
the
values
of
these
types
adds
new
wrinkles
beyond
usual
practice
in
Haskell
and
ML
.
The
singleton
type
[
unit
]
is
an
inductive
type
:%
\
index
{
Gallina
terms
!
unit
}
\
index
{
Gallina
terms
!
tt
}%
*
)
...
...
src/Intro.v
View file @
3968a69c
...
...
@@ -16,7 +16,7 @@
We
would
all
like
to
have
programs
check
that
our
programs
are
correct
.
Due
in
no
small
part
to
some
bold
but
unfulfilled
promises
in
the
history
of
computer
science
,
today
most
people
who
write
software
,
practitioners
and
academics
alike
,
assume
that
the
costs
of
formal
program
verification
outweigh
the
benefits
.
The
purpose
of
this
book
is
to
convince
you
that
the
technology
of
program
verification
is
mature
enough
today
that
it
makes
sense
to
use
it
in
a
support
role
in
many
kinds
of
research
projects
in
computer
science
.
Beyond
the
convincing
,
I
also
want
to
provide
a
handbook
on
practical
engineering
of
certified
programs
with
the
Coq
proof
assistant
.
Almost
every
subject
covered
is
also
relevant
to
interactive
computer
theorem
-
proving
in
general
,
such
as
for
traditional
mathematical
theorems
.
In
fact
,
I
hope
to
demonstrate
how
verified
programs
are
useful
as
building
blocks
in
all
sorts
of
formalizations
.
Research
into
mechanized
theorem
proving
began
around
the
1970
'
s
,
and
some
of
the
earliest
practical
work
involved
Nqthm
%~
\
cite
{
Nqthm
}
\
index
{
Nqthm
}%,
the
"Boyer-Moore Theorem Prover,"
which
was
used
to
prove
such
theorems
as
correctness
of
a
complete
hardware
and
software
stack
%~
\
cite
{
Piton
}%.
ACL2
%~
\
cite
{
CAR
}
\
index
{
ACL2
}%,
Nqthm
'
s
successor
,
has
seen
significant
industry
adoption
,
for
instance
,
by
AMD
to
verify
correctness
of
floating
-
point
division
units
%~
\
cite
{
AMD
}%.
Research
into
mechanized
theorem
proving
began
around
the
1970
s
,
and
some
of
the
earliest
practical
work
involved
Nqthm
%~
\
cite
{
Nqthm
}
\
index
{
Nqthm
}%,
the
"Boyer-Moore Theorem Prover,"
which
was
used
to
prove
such
theorems
as
correctness
of
a
complete
hardware
and
software
stack
%~
\
cite
{
Piton
}%.
ACL2
%~
\
cite
{
CAR
}
\
index
{
ACL2
}%,
Nqthm
'
s
successor
,
has
seen
significant
industry
adoption
,
for
instance
,
by
AMD
to
verify
correctness
of
floating
-
point
division
units
%~
\
cite
{
AMD
}%.
Around
the
beginning
of
the
21
st
century
,
the
pace
of
progress
in
practical
applications
of
interactive
theorem
proving
accelerated
significantly
.
Several
well
-
known
formal
developments
have
been
carried
out
in
Coq
,
the
system
that
this
book
deals
with
.
In
the
realm
of
pure
mathematics
,
Georges
Gonthier
built
a
machine
-
checked
proof
of
the
four
color
theorem
%~
\
cite
{
4
C
}%,
a
mathematical
problem
first
posed
more
than
a
hundred
years
before
,
where
the
only
previous
proofs
had
required
trusting
ad
-
hoc
software
to
do
brute
-
force
checking
of
key
facts
.
In
the
realm
of
program
verification
,
Xavier
Leroy
led
the
CompCert
project
to
produce
a
verified
C
compiler
back
-
end
%~
\
cite
{
CompCert
}%
robust
enough
to
use
with
real
embedded
software
.
...
...
src/StackMachine.v
View file @
3968a69c
This diff is collapsed.
Click to expand it.
src/Universes.v
View file @
3968a69c
...
...
@@ -527,7 +527,7 @@ let sym_ex = __
In
this
example
,
the
[
ex
]
type
itself
is
in
[
Prop
]
,
so
whole
[
ex
]
packages
are
erased
.
Coq
extracts
every
proposition
as
the
(
Coq
-
specific
)
type
%
\
texttt
{
\
_
\
_
}%
#
<
tt
>
__
</
tt
>
#
,
whose
single
constructor
is
%
\
texttt
{
\
_
\
_
}%
#
<
tt
>
__
</
tt
>
#
.
Not
only
are
proofs
replaced
by
[
__
]
,
but
proof
arguments
to
functions
are
also
removed
completely
,
as
we
see
here
.
Extraction
is
very
helpful
as
an
optimization
over
programs
that
contain
proofs
.
In
languages
like
Haskell
,
advanced
features
make
it
possible
to
program
with
proofs
,
as
a
way
of
convincing
the
type
checker
to
accept
particular
definitions
.
Unfortunately
,
when
proofs
are
encoded
as
values
in
GADT
'
s
%~
\
cite
{
GADT
}%,
these
proofs
exist
at
runtime
and
consume
resources
.
In
contrast
,
with
Coq
,
as
long
as
all
proofs
are
kept
within
[
Prop
]
,
extraction
is
guaranteed
to
erase
them
.
Extraction
is
very
helpful
as
an
optimization
over
programs
that
contain
proofs
.
In
languages
like
Haskell
,
advanced
features
make
it
possible
to
program
with
proofs
,
as
a
way
of
convincing
the
type
checker
to
accept
particular
definitions
.
Unfortunately
,
when
proofs
are
encoded
as
values
in
GADTs
%~
\
cite
{
GADT
}%,
these
proofs
exist
at
runtime
and
consume
resources
.
In
contrast
,
with
Coq
,
as
long
as
all
proofs
are
kept
within
[
Prop
]
,
extraction
is
guaranteed
to
erase
them
.
Many
fans
of
the
%
\
index
{
Curry
-
Howard
correspondence
}%
Curry
-
Howard
correspondence
support
the
idea
of
_
extracting
programs
from
proofs_
.
In
reality
,
few
users
of
Coq
and
related
tools
do
any
such
thing
.
Instead
,
extraction
is
better
thought
of
as
an
optimization
that
reduces
the
runtime
costs
of
expressive
typing
.
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment