bd92c1cbb3
In section 13.3, the type of Loop is defined as: Loop : forall a, a -> (a -> cmd (outcome a)) -> cmd a However, the operational semantics provided in sections 14.1 and 18.1 invoke the loop body function using "Again(i)" (type "outcome a"). They should instead use simply "i" (type "a"). Changing to "f(i)" also matches the StepLoop formalizations in SeparationLogic.v and ConcurrentSeparationLogic.v, which invoke simply "body init" (rather than "body (Again init)"). |
||
---|---|---|
.gitignore | ||
_CoqProject | ||
_CoqProject.fraplib | ||
AbstractInterpret.v | ||
AbstractInterpretation.v | ||
BasicSyntax.v | ||
BasicSyntax_template.v | ||
CompilerCorrectness.v | ||
CompilerCorrectness_template.v | ||
ConcurrentSeparationLogic.v | ||
ConcurrentSeparationLogic_template.v | ||
Connecting.v | ||
DataAbstraction.v | ||
DataAbstraction_template.v | ||
DeepAndShallowEmbeddings.v | ||
DeepAndShallowEmbeddings_template.v | ||
DeeperInterp.ml | ||
DeeperWithFailInterp.ml | ||
DeepInterp.ml | ||
DependentInductiveTypes.v | ||
DependentInductiveTypes_template.v | ||
FirstClassFunctions.v | ||
FirstClassFunctions_template.v | ||
Frap.v | ||
frap_book.tex | ||
FrapWithoutSets.v | ||
HoareLogic.v | ||
HoareLogic_template.v | ||
Imp.v | ||
index.html | ||
Interpreters.v | ||
Interpreters_template.v | ||
IntroToProofScripting.v | ||
IntroToProofScripting_template.v | ||
Invariant.v | ||
LambdaCalculusAndTypeSoundness.v | ||
LambdaCalculusAndTypeSoundness_template.v | ||
LICENSE | ||
LogicProgramming.v | ||
LogicProgramming_template.v | ||
Makefile | ||
Makefile.fraplib | ||
Map.v | ||
MessagesAndRefinement.v | ||
ModelCheck.v | ||
ModelChecking.v | ||
ModelChecking_sol.v | ||
ModelChecking_template.v | ||
OperationalSemantics.v | ||
OperationalSemantics_template.v | ||
Polymorphism.v | ||
Polymorphism_template.v | ||
ProgramDerivation.v | ||
ProgramDerivation_template.v | ||
ProofByReflection.v | ||
ProofByReflection_template.v | ||
README.md | ||
Relations.v | ||
SeparationLogic.v | ||
SeparationLogic_template.v | ||
SepCancel.v | ||
SessionTypes.v | ||
Sets.v | ||
SharedMemory.v | ||
SubsetTypes.v | ||
SubsetTypes_template.v | ||
TransitionSystems.v | ||
TransitionSystems_template.v | ||
TypesAndMutation.v | ||
Var.v |
Formal Reasoning About Programs
This is an in-progress, open-source book by Adam Chlipala simultaneously introducing the Coq proof assistant and techniques for proving correctness of programs. That is, the game is doing completely rigorous, machine-checked mathematical proofs, showing that programs meet their specifications.
Just run make
here to build everything, including the book frap_book.pdf
and the accompanying Coq source modules. Alternatively, run make lib
to build just the book library, not the chapter example files or PDF.
Code associated with the different chapters
The main narrative, also present in the book PDF, presents standard program-proof ideas, without rigorous proofs. Matching Coq files here show how to make it rigorous. Interleaved with that narrative, there are also other lectures' worth of material, for building up more practical background on Coq itself. That secondary track appears in this list, too, at a higher level of indentation.
- Chapter 2:
BasicSyntax.v
Polymorphism.v
: polymorphism and generic data structures
- Chapter 3:
DataAbstraction.v
- Chapter 4:
Interpreters.v
FirstClassFunctions.v
: functions as data; continuations and continuation-passing style
- Chapter 5:
TransitionSystems.v
IntroToProofScripting.v
: writing scripts to find proofs in Coq
- Chapter 6:
ModelChecking.v
ProofByReflection.v
: writing verified proof procedures in Coq
- Chapter 7:
OperationalSemantics.v
LogicProgramming.v
: 'eauto' and friends, to automate proofs via logic programming
- Chapter 8:
AbstractInterpretation.v
- Chapter 9:
CompilerCorrectness.v
- Chapter 10:
LambdaCalculusAndTypeSoundness.v
- Chapter 11:
TypesAndMutation.v
- Chapter 12:
HoareLogic.v
- Chapter 13:
DeepAndShallowEmbeddings.v
- Chapter 14:
SeparationLogic.v
- Chapter 15:
Connecting.v
- Chapter 16:
ProgramDerivation.v
- Chapter 17:
SharedMemory.v
- Chapter 18:
ConcurrentSeparationLogic.v
- Chapter 19:
MessagesAndRefinement.v
There are also two supplementary files that are independent of the main narrative, for introducing programming with dependent types, a distinctive Coq feature that we neither use nor recommend for the problem sets, but which many students find interesting (and useful in other contexts).
SubsetTypes.v
: a first introduction to dependent types by attaching predicates to normal types (used afterCompilerCorrectness.v
in the last course offering)DependentInductiveTypes.v
: building type dependency into datatype definitions (used afterLambdaCalculusAndTypeSoundness.v
in the last course offering)