Semantics with applications: a formal introduction
Semantics with applications: a formal introduction
Automating Inversion of Inductive Predicates in Coq
TYPES '95 Selected papers from the International Workshop on Types for Proofs and Programs
Inverting Inductively Defined Relations in LEGO
TYPES '96 Selected papers from the International Workshop on Types for Proofs and Programs
TYPES '00 Selected papers from the International Workshop on Types for Proofs and Programs
Interactive Theorem Proving and Program Development
Interactive Theorem Proving and Program Development
Formal verification of a realistic compiler
Communications of the ACM - Barbara Liskov: ACM's A.M. Turing Award Winner
First steps towards the certification of an ARM simulator using compcert
CPP'11 Proceedings of the First international conference on Certified Programs and Proofs
Hi-index | 0.00 |
When reasoning on formulas involving large-size inductively defined relations, such as the semantics of a real programming language, many steps require the inversion of a hypothesis. The built-in "inversion" tactic of Coq can then be used, but it suffers from severe controllability, maintenance and efficiency issues, which makes it unusable in practice in large applications. To circumvent this issue, we propose a proof technique based on the combination of an antidiagonal argument and the impredicative encoding of inductive data-structures. We can then encode suitable helper tactics in LTac, yielding scripts which are much shorter (as well as corresponding proof terms) and, more importantly, much more robust against changes in version changes in the background software. This is illustrated on correctness proofs of non-trivial C programs according to the operational semantics of C defined in CompCert.