Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Contribute to GitLab
Sign in
Toggle navigation
C
cpdt
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
research
cpdt
Commits
45eb4b90
Commit
45eb4b90
authored
Feb 13, 2013
by
Adam Chlipala
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Finished last pass through the book before beginning the MIT Press editorial process
parent
8e0a6f1b
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
27 additions
and
12 deletions
+27
-12
cpdt.bib
latex/cpdt.bib
+19
-6
Conclusion.v
src/Conclusion.v
+1
-1
ProgLang.v
src/ProgLang.v
+6
-4
Universes.v
src/Universes.v
+1
-1
No files found.
latex/cpdt.bib
View file @
45eb4b90
...
@@ -73,6 +73,7 @@
...
@@ -73,6 +73,7 @@
title = {{seL4}: Formal Verification of an {OS} Kernel},
title = {{seL4}: Formal Verification of an {OS} Kernel},
booktitle = {Proceedings of the 22nd {ACM Symposium on Operating Systems Principles}},
booktitle = {Proceedings of the 22nd {ACM Symposium on Operating Systems Principles}},
year = {2009},
year = {2009},
pages = {207--220}
}
}
@Book{Isabelle/HOL,
@Book{Isabelle/HOL,
...
@@ -113,6 +114,7 @@
...
@@ -113,6 +114,7 @@
title = {Inductive Definitions in the System {Coq} - Rules and Properties},
title = {Inductive Definitions in the System {Coq} - Rules and Properties},
year = {1993},
year = {1993},
booktitle = {Proceedings of the International Conference on {Typed Lambda Calculi and Applications}},
booktitle = {Proceedings of the International Conference on {Typed Lambda Calculi and Applications}},
pages = {328--345}
}
}
@inproceedings{SetsInTypes,
@inproceedings{SetsInTypes,
...
@@ -120,6 +122,7 @@
...
@@ -120,6 +122,7 @@
title = {Sets in Types, Types in Sets},
title = {Sets in Types, Types in Sets},
booktitle = {Proceedings of the Third International Symposium on Theoretical Aspects of Computer Software},
booktitle = {Proceedings of the Third International Symposium on Theoretical Aspects of Computer Software},
year = {1997},
year = {1997},
pages = {530--546}
}
}
@article{CoC,
@article{CoC,
...
@@ -133,8 +136,9 @@
...
@@ -133,8 +136,9 @@
@inproceedings{GADT,
@inproceedings{GADT,
author = {Hongwei Xi and Chiyan Chen and Gang Chen},
author = {Hongwei Xi and Chiyan Chen and Gang Chen},
title = {Guarded Recursive Datatype Constructors},
title = {Guarded Recursive Datatype Constructors},
booktitle = {Proceedings of the 30th ACM SIGPLAN Symposium on Principles of Programming Languages},
booktitle = {Proceedings of the 30th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages},
year = {2003}
year = {2003},
pages = {224--235}
}
}
@article{Curry,
@article{Curry,
...
@@ -162,7 +166,7 @@
...
@@ -162,7 +166,7 @@
title = {Higher-order abstract syntax},
title = {Higher-order abstract syntax},
booktitle = {Proceedings of the ACM SIGPLAN 1988 Conference on Programming Language Design and Implementation},
booktitle = {Proceedings of the ACM SIGPLAN 1988 Conference on Programming Language Design and Implementation},
year = {1988},
year = {1988},
% pages = {199--208},
pages = {199--208}
}
}
@article{HOU,
@article{HOU,
...
@@ -187,6 +191,7 @@
...
@@ -187,6 +191,7 @@
title = {The essence of functional programming},
title = {The essence of functional programming},
booktitle = {Proceedings of the 19th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages},
booktitle = {Proceedings of the 19th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages},
year = {1992},
year = {1992},
pages = {1--14}
}
}
@inproceedings{IO,
@inproceedings{IO,
...
@@ -194,13 +199,15 @@
...
@@ -194,13 +199,15 @@
title = {Imperative functional programming},
title = {Imperative functional programming},
booktitle = {Proceedings of the 20th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages},
booktitle = {Proceedings of the 20th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages},
year = {1993},
year = {1993},
pages = {71--84}
}
}
@InProceedings{separation,
@InProceedings{separation,
author = {John C. Reynolds},
author = {John C. Reynolds},
title = {Separation Logic: A Logic for Shared Mutable Data Structures},
title = {Separation Logic: A Logic for Shared Mutable Data Structures},
booktitle = {Proceedings of the IEEE Symposium on Logic in Computer Science},
booktitle = {Proceedings of the IEEE Symposium on Logic in Computer Science},
year = {2002}
year = {2002},
pages = {55--74}
}
}
@article{Okasaki,
@article{Okasaki,
...
@@ -235,6 +242,7 @@
...
@@ -235,6 +242,7 @@
title = {Proof-carrying code},
title = {Proof-carrying code},
booktitle = {Proceedings of the 24th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages},
booktitle = {Proceedings of the 24th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages},
year = {1997},
year = {1997},
pages = {106--119}
}
}
@inproceedings{XCAP,
@inproceedings{XCAP,
...
@@ -242,6 +250,7 @@
...
@@ -242,6 +250,7 @@
title = {Certified assembly programming with embedded code pointers},
title = {Certified assembly programming with embedded code pointers},
booktitle = {Proceedings of the 33rd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages},
booktitle = {Proceedings of the 33rd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages},
year = {2006},
year = {2006},
pages = {320--333}
}
}
@TechReport{IT,
@TechReport{IT,
...
@@ -257,7 +266,8 @@
...
@@ -257,7 +266,8 @@
author = {Xavier Leroy and Herv\'e Grall},
author = {Xavier Leroy and Herv\'e Grall},
title = {Coinductive big-step operational semantics},
title = {Coinductive big-step operational semantics},
year = {2006},
year = {2006},
booktitle = {Proceedings of the 15th European Symposium on Programming}
booktitle = {Proceedings of the 15th European Symposium on Programming},
pages = {54--68}
}
}
@InBook{WinskelDomains,
@InBook{WinskelDomains,
...
@@ -300,7 +310,7 @@
...
@@ -300,7 +310,7 @@
title = {How to make ad-hoc polymorphism less ad hoc},
title = {How to make ad-hoc polymorphism less ad hoc},
booktitle = {Proceedings of the 16th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages},
booktitle = {Proceedings of the 16th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages},
year = {1989},
year = {1989},
% pages = {60--76},
pages = {60--76}
}
}
@inproceedings{reflection,
@inproceedings{reflection,
...
@@ -308,6 +318,7 @@
...
@@ -308,6 +318,7 @@
title = {Using reflection to build efficient and certified decision procedures},
title = {Using reflection to build efficient and certified decision procedures},
booktitle = {Proceedings of the Third International Symposium on Theoretical Aspects of Computer Software},
booktitle = {Proceedings of the Third International Symposium on Theoretical Aspects of Computer Software},
year = {1997},
year = {1997},
pages = {515--529}
}
}
@inproceedings{JMeq,
@inproceedings{JMeq,
...
@@ -359,6 +370,7 @@ author = {Adam Chlipala},
...
@@ -359,6 +370,7 @@ author = {Adam Chlipala},
title = {A Verified Compiler for an Impure Functional Language},
title = {A Verified Compiler for an Impure Functional Language},
booktitle = {Proceedings of the 37th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages},
booktitle = {Proceedings of the 37th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages},
year = {2010},
year = {2010},
pages = {93--106}
}
}
@inproceedings{Isar,
@inproceedings{Isar,
...
@@ -366,6 +378,7 @@ year = {2010},
...
@@ -366,6 +378,7 @@ year = {2010},
title = {Isar - A Generic Interpretative Approach to Readable Formal Proof Documents},
title = {Isar - A Generic Interpretative Approach to Readable Formal Proof Documents},
booktitle = {Proceedings of the 12th International Conference on Theorem Proving in Higher Order Logics},
booktitle = {Proceedings of the 12th International Conference on Theorem Proving in Higher Order Logics},
year = {1999},
year = {1999},
pages = {167--184}
}
}
@article{continuations,
@article{continuations,
...
...
src/Conclusion.v
View file @
45eb4b90
...
@@ -9,7 +9,7 @@
...
@@ -9,7 +9,7 @@
(
**
%
\
addcontentsline
{
toc
}{
chapter
}{
Conclusion
}
\
chapter
*{
Conclusion
}%
*
)
(
**
%
\
addcontentsline
{
toc
}{
chapter
}{
Conclusion
}
\
chapter
*{
Conclusion
}%
*
)
(
**
I
have
designed
this
book
to
present
the
key
ideas
needed
to
get
started
with
productive
use
of
Coq
.
Many
people
have
learned
to
use
Coq
through
a
variety
of
resources
,
yet
there
is
a
distinct
lack
of
agreement
on
structuring
principles
and
techniques
for
easing
the
evolution
of
Coq
developments
over
time
.
Here
I
have
emphasized
two
unusual
techniques
:
programming
with
dependent
types
,
and
proving
with
scripted
proof
automation
.
I
have
also
tried
to
present
other
material
following
my
own
take
on
how
to
keep
Coq
code
beautiful
and
scalable
.
(
**
I
have
designed
this
book
to
present
the
key
ideas
needed
to
get
started
with
productive
use
of
Coq
.
Many
people
have
learned
to
use
Coq
through
a
variety
of
resources
,
yet
there
is
a
distinct
lack
of
agreement
on
structuring
principles
and
techniques
for
easing
the
evolution
of
Coq
developments
over
time
.
Here
I
have
emphasized
two
unusual
techniques
:
programming
with
dependent
types
and
proving
with
scripted
proof
automation
.
I
have
also
tried
to
present
other
material
following
my
own
take
on
how
to
keep
Coq
code
beautiful
and
scalable
.
Part
of
the
attraction
of
Coq
and
similar
tools
is
that
their
logical
foundations
are
small
.
A
few
pages
of
%
\
LaTeX
{}%
#
LaTeX
#
code
suffice
to
define
CIC
,
Coq
'
s
logic
,
yet
there
do
not
seem
to
be
any
practical
limits
on
which
mathematical
concepts
may
be
encoded
on
top
of
this
modest
base
.
At
the
same
time
,
the
_
pragmatic_
foundation
of
Coq
is
vast
,
encompassing
tactics
,
libraries
,
and
design
patterns
for
programs
,
theorem
statements
,
and
proof
scripts
.
I
hope
the
preceding
chapters
have
given
a
sense
of
just
how
much
there
is
to
learn
before
it
is
possible
to
drive
Coq
with
the
same
ease
with
which
many
readers
write
informal
proofs
!
The
pay
-
off
of
this
learning
process
is
that
many
proofs
,
especially
those
with
many
details
to
check
,
become
much
easier
to
write
than
they
are
on
paper
.
Further
,
the
truth
of
such
theorems
may
be
established
with
much
greater
confidence
,
even
without
reading
proof
details
.
Part
of
the
attraction
of
Coq
and
similar
tools
is
that
their
logical
foundations
are
small
.
A
few
pages
of
%
\
LaTeX
{}%
#
LaTeX
#
code
suffice
to
define
CIC
,
Coq
'
s
logic
,
yet
there
do
not
seem
to
be
any
practical
limits
on
which
mathematical
concepts
may
be
encoded
on
top
of
this
modest
base
.
At
the
same
time
,
the
_
pragmatic_
foundation
of
Coq
is
vast
,
encompassing
tactics
,
libraries
,
and
design
patterns
for
programs
,
theorem
statements
,
and
proof
scripts
.
I
hope
the
preceding
chapters
have
given
a
sense
of
just
how
much
there
is
to
learn
before
it
is
possible
to
drive
Coq
with
the
same
ease
with
which
many
readers
write
informal
proofs
!
The
pay
-
off
of
this
learning
process
is
that
many
proofs
,
especially
those
with
many
details
to
check
,
become
much
easier
to
write
than
they
are
on
paper
.
Further
,
the
truth
of
such
theorems
may
be
established
with
much
greater
confidence
,
even
without
reading
proof
details
.
...
...
src/ProgLang.v
View file @
45eb4b90
...
@@ -299,7 +299,7 @@ Module FirstOrder.
...
@@ -299,7 +299,7 @@ Module FirstOrder.
induction
e
;
pl
.
induction
e
;
pl
.
Qed
.
Qed
.
(
**
The
lemma
statement
is
a
mouthful
,
with
all
its
details
of
typing
contexts
and
substitutions
.
It
is
usually
prudent
to
state
a
final
theorem
in
as
simple
a
way
as
possible
,
to
help
your
readers
believe
that
you
have
proved
what
they
expect
.
We
do
that
here
for
the
simple
case
of
terms
with
empty
typing
contexts
.
*
)
(
**
The
lemma
statement
is
a
mouthful
,
with
all
its
details
of
typing
contexts
and
substitutions
.
It
is
usually
prudent
to
state
a
final
theorem
in
as
simple
a
way
as
possible
,
to
help
your
readers
believe
that
you
have
proved
what
they
expect
.
We
follow
that
advice
here
for
the
simple
case
of
terms
with
empty
typing
contexts
.
*
)
Theorem
unletSound
:
forall
t
(
e
:
term
nil
t
)
,
Theorem
unletSound
:
forall
t
(
e
:
term
nil
t
)
,
termDenote
(
unlet
e
HNil
)
HNil
=
termDenote
e
HNil
.
termDenote
(
unlet
e
HNil
)
HNil
=
termDenote
e
HNil
.
...
@@ -313,7 +313,7 @@ End FirstOrder.
...
@@ -313,7 +313,7 @@ End FirstOrder.
(
**
*
Parametric
Higher
-
Order
Abstract
Syntax
*
)
(
**
*
Parametric
Higher
-
Order
Abstract
Syntax
*
)
(
**
In
contrast
to
first
-
order
encodings
,%
\
index
{
higher
-
order
syntax
}%
_
higher
-
order_
encodings
avoid
explicit
modeling
of
variable
identity
.
Instead
,
the
binding
constructs
of
an
%
\
index
{
object
language
}%
_
object
language_
(
the
language
being
formalized
)
can
be
represented
using
the
binding
constructs
of
the
%
\
index
{
meta
language
}%
_
meta
language_
(
the
language
in
which
the
formalization
is
done
)
.
The
best
known
higher
-
order
encoding
is
called
%
\
index
{
higher
-
order
abstract
syntax
}
\
index
{
HOAS
}
%
_
higher
-
order
abstract
syntax_
(
HOAS
)
%
\
cite
{
HOAS
}%,
and
we
can
start
by
attempting
to
apply
it
directly
in
Coq
.
*
)
(
**
In
contrast
to
first
-
order
encodings
,%
\
index
{
higher
-
order
syntax
}%
_
higher
-
order_
encodings
avoid
explicit
modeling
of
variable
identity
.
Instead
,
the
binding
constructs
of
an
%
\
index
{
object
language
}%
_
object
language_
(
the
language
being
formalized
)
can
be
represented
using
the
binding
constructs
of
the
%
\
index
{
meta
language
}%
_
meta
language_
(
the
language
in
which
the
formalization
is
done
)
.
The
best
known
higher
-
order
encoding
is
called
%
\
index
{
higher
-
order
abstract
syntax
}%
_
higher
-
order
abstract
syntax_
(
HOAS
)
%
\
cite
{
HOAS
}%,
and
we
can
start
by
attempting
to
apply
it
directly
in
Coq
.
*
)
Module
HigherOrder
.
Module
HigherOrder
.
...
@@ -332,7 +332,7 @@ Module HigherOrder.
...
@@ -332,7 +332,7 @@ Module HigherOrder.
However
,
Coq
rejects
this
definition
for
failing
to
meet
the
%
\
index
{
strict
positivity
requirement
}%
strict
positivity
restriction
.
For
instance
,
the
constructor
[
Abs
]
takes
an
argument
that
is
a
function
over
the
same
type
family
[
term
]
that
we
are
defining
.
Inductive
definitions
of
this
kind
can
be
used
to
write
non
-
terminating
Gallina
programs
,
which
breaks
the
consistency
of
Coq
'
s
logic
.
However
,
Coq
rejects
this
definition
for
failing
to
meet
the
%
\
index
{
strict
positivity
requirement
}%
strict
positivity
restriction
.
For
instance
,
the
constructor
[
Abs
]
takes
an
argument
that
is
a
function
over
the
same
type
family
[
term
]
that
we
are
defining
.
Inductive
definitions
of
this
kind
can
be
used
to
write
non
-
terminating
Gallina
programs
,
which
breaks
the
consistency
of
Coq
'
s
logic
.
An
alternate
higher
-
order
encoding
is
%
\
index
{
parametric
higher
-
order
abstract
syntax
}
\
index
{
PHOAS
}%
_
parametric
HOAS_
,
as
introduced
by
Washburn
and
Weirich
%~
\
cite
{
BGB
}%
for
Haskell
and
tweaked
by
me
%~
\
cite
{
PhoasICFP08
}%
for
use
in
Coq
.
Here
the
idea
is
to
parameterize
the
syntax
type
by
a
type
family
standing
for
a
_
representation
of
variables_
.
*
)
An
alternate
higher
-
order
encoding
is
%
\
index
{
parametric
higher
-
order
abstract
syntax
}
\
index
{
PHOAS
|
see
{
parametric
higher
-
order
abstract
syntax
}
}%
_
parametric
HOAS_
,
as
introduced
by
Washburn
and
Weirich
%~
\
cite
{
BGB
}%
for
Haskell
and
tweaked
by
me
%~
\
cite
{
PhoasICFP08
}%
for
use
in
Coq
.
Here
the
idea
is
to
parameterize
the
syntax
type
by
a
type
family
standing
for
a
_
representation
of
variables_
.
*
)
Section
var
.
Section
var
.
Variable
var
:
type
->
Type
.
Variable
var
:
type
->
Type
.
...
@@ -367,7 +367,7 @@ Module HigherOrder.
...
@@ -367,7 +367,7 @@ Module HigherOrder.
Example
three_the_hard_way
:
Term
Nat
:=
fun
var
=>
Example
three_the_hard_way
:
Term
Nat
:=
fun
var
=>
App
(
App
(
add
var
)
(
Const
1
))
(
Const
2
)
.
App
(
App
(
add
var
)
(
Const
1
))
(
Const
2
)
.
(
**
The
argument
[
var
]
does
not
even
appear
in
the
function
body
for
[
add
]
.
How
can
that
be
?
By
giving
our
terms
expressive
types
,
we
allow
Coq
to
infer
many
arguments
for
us
.
In
fact
,
we
do
not
even
need
to
name
the
[
var
]
argument
!
Even
though
these
formal
parameters
appear
as
underscores
,
they
_
are_
mentioned
in
the
function
bodies
that
type
inference
calculates
.
*
)
(
**
The
argument
[
var
]
does
not
even
appear
in
the
function
body
for
[
add
]
.
How
can
that
be
?
By
giving
our
terms
expressive
types
,
we
allow
Coq
to
infer
many
arguments
for
us
.
In
fact
,
we
do
not
even
need
to
name
the
[
var
]
argument
!
*
)
Example
add
'
:
Term
(
Func
Nat
(
Func
Nat
Nat
))
:=
fun
_
=>
Example
add
'
:
Term
(
Func
Nat
(
Func
Nat
Nat
))
:=
fun
_
=>
Abs
(
fun
x
=>
Abs
(
fun
y
=>
Plus
(
Var
x
)
(
Var
y
)))
.
Abs
(
fun
x
=>
Abs
(
fun
y
=>
Plus
(
Var
x
)
(
Var
y
)))
.
...
@@ -375,6 +375,8 @@ Module HigherOrder.
...
@@ -375,6 +375,8 @@ Module HigherOrder.
Example
three_the_hard_way
'
:
Term
Nat
:=
fun
_
=>
Example
three_the_hard_way
'
:
Term
Nat
:=
fun
_
=>
App
(
App
(
add
'
_
)
(
Const
1
))
(
Const
2
)
.
App
(
App
(
add
'
_
)
(
Const
1
))
(
Const
2
)
.
(
**
Even
though
the
[
var
]
formal
parameters
appear
as
underscores
,
they
_
are_
mentioned
in
the
function
bodies
that
type
inference
calculates
.
*
)
(
**
**
Functional
Programming
with
PHOAS
*
)
(
**
**
Functional
Programming
with
PHOAS
*
)
...
...
src/Universes.v
View file @
45eb4b90
...
@@ -371,7 +371,7 @@ Error: Impossible to unify "?35 = ?34" with "unit = unit".
...
@@ -371,7 +371,7 @@ Error: Impossible to unify "?35 = ?34" with "unit = unit".
Coq
tells
us
that
we
cannot
,
in
fact
,
apply
our
lemma
[
symmetry
]
here
,
but
the
error
message
seems
defective
.
In
particular
,
one
might
think
that
[
apply
]
should
unify
[
?
35
]
and
[
?
34
]
with
[
unit
]
to
ensure
that
the
unification
goes
through
.
In
fact
,
the
issue
is
in
a
part
of
the
unification
problem
that
is
_
not_
shown
to
us
in
this
error
message
!
Coq
tells
us
that
we
cannot
,
in
fact
,
apply
our
lemma
[
symmetry
]
here
,
but
the
error
message
seems
defective
.
In
particular
,
one
might
think
that
[
apply
]
should
unify
[
?
35
]
and
[
?
34
]
with
[
unit
]
to
ensure
that
the
unification
goes
through
.
In
fact
,
the
issue
is
in
a
part
of
the
unification
problem
that
is
_
not_
shown
to
us
in
this
error
message
!
The
following
command
is
the
secret
to
getting
better
error
messages
in
such
cases
:
*
)
The
following
command
is
the
secret
to
getting
better
error
messages
in
such
cases
:
%
\
index
{
Vernacular
commands
!
Set
Printing
All
}%
*
)
Set
Printing
All
.
Set
Printing
All
.
(
**
%
\
vspace
{-
.15
in
}%
[[
(
**
%
\
vspace
{-
.15
in
}%
[[
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment