I will go out on a limb and guess that the reader is a fan of some programming language and may even have been involved in teaching that language to undergraduates. In building such proofs, a mature system for scripted proof automation is invaluable. An example is a compiler correctness proof, which probably proceeds by induction on program execution traces, which have no simple relationship with the structure of the compiler or the structure of the programs it compiles. Informally, proving is unavoidable when any correctness proof for a program has a structure that does not mirror the structure of the program itself. Nonetheless, almost any interesting certified programming project will benefit from some activity that deserves to be called proving, and many interesting projects absolutely require semi-automated proving, to protect the sanity of the programmer. Dependent types are great, because they often help you prove deep theorems without doing anything that feels like proving. Agda and Epigram are designed and marketed more as programming languages than proof assistants. None of the competition has well-developed systems for tactic-based theorem proving. Any certifying program can be composed with a proof checker to produce a certified program, and this book focuses on the certified case, while also introducing principles and techniques of general interest for stating and proving theorems in Coq. ![]() For compilers and other programs that run in batch mode, the notion of a certifying program is also common, where each run of the program outputs both an answer and a proof that the answer is correct. We trust the definition of a foundational mathematical logic, we trust an implementation of that logic, and we trust that we have encoded our informal intent properly in formal specifications, but few other opportunities remain to certify incorrect software. Government certification procedures rarely provide strong mathematical guarantees, while certified programming provides guarantees about as strong as anything we could hope for. Rather, this concept of certification, a standard one in the programming languages and formal methods communities, has to do with the idea of a certificate, or formal mathematical artifact proving that a program meets its specification. Here the word "certified" does not refer to governmental rules for how the reliability of engineered systems may be demonstrated to sufficiently high standards. The idea of certified program features prominently in this book's title.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |