ImpureDemo: importing OCaml functions as non-deterministic ones.

This repository contains a few demonstrations of using Impure library located here at coq_src/Impure/ as a git-subrepo.

The principle of the Impure library is to encode the type A -> B of an OCaml function as a type A -> ?? B in Coq, where ?? B is the type of an axiomatized monad that can be interpreted as B -> Prop. In other word, this encoding abstracts an OCaml function as a function returning a postcondition on its possible results (ie a relation between its parameter and its result). Side-effects are simply ignored. And reasoning on such a function is only possible in partial correctness.

A major feature of this cooperation between Coq and OCaml typechecker is to provide very simple parametric proofs about polymorphic OCaml functions. They correspond here to prove, by reasoning only on their type, that these functions preserve some invariants. As an example, we prove the partial correctness of a generic memoizing fixpoint operator: see rec_correct lemma at the end of ImpLoops. This lemma is applied in FibExample to prove the partial correctness of a memoized version of the naive Fibonacci function. However, currently, the soundness of these parametric proofs is still a conjecture.

A more significant use case of Impure is provided by satans-cert -- a certified checker of (Boolean) sat-solver answers. The ancester of Impure is also present in the Verified Polyhedra Library.

See a draft paper on this work.

Credits

Sylvain Boulmé.

Installation

Requirements

1. ocaml. Tested with versions >= 4.05 and <= 4.07.1. (But other versions should work too).

2. ocamlbuild. Tested with version 0.12.0 and 0.14.0. (But other versions should work too).

3. coq. Tested with versions >= 8.8.2 and <= 8.9.0. Here, other versions are likely to not work !

Compilation

After cloning, just change directory for a building directory (see below), and run make.

Code Overview

coq_src/ contains the Coq sources. Other directories aims to build examples of binaries.

• FibExample/ builds an executable from coq_src/FibExample.v. It illustrates the use of ImpLoops in order to certify in Coq the memoized version of a naive recursive definition of Fibonacci's function.

• CanonNatExample/ builds an executable from coq_src/CanonNatExample.v. It illustrates the use of ImpHCons in order to define in Coq a hconsed Peano's numbers.

• BasicImpExample/ builds an executable from coq_src/BasicImpExample.v. It explores basic features/limitations of the Impure library.