Abstract
Well-established dependently-typed languages like Agda and Coq provide reliable ways to build and check formal proofs. Several other dependently-typed languages such as Aura, ATS, Cayenne, Epigram, F*, F7, Fine, Guru, PCML5, and Ur also explore reliable ways to develop and verify programs. All these languages shine in their own regard, but their implementations do not themselves enjoy the degree of safety provided by machine-checked verification. We propose a general technique called self-certification that allows a typechecker for a suitably expressive language to be certified for correctness. We have implemented this technique for F*, a dependently typed language on the .NET platform. Self-certification involves implementing a typechecker for F* in F*, while using all the conveniences F* provides for the compiler-writer (e.g., partiality, effects, implicit conversions, proof automation, libraries). This typechecker is given a specification (in~F*) strong enough to ensure that it computes valid typing derivations. We obtain a typing derivation for the core typechecker by running it on itself, and we export it to Coq as a type-derivation certificate. By typechecking this derivation (in Coq) and applying the F* metatheory (also mechanized in Coq), we conclude that our type checker is correct. Once certified in this manner, the F* typechecker is emancipated from Coq.
Self-certification leads to an efficient certification scheme---we no longer depend on verifying certificates in Coq---as well as a more broadly applicable one. For instance, the self-certified F* checker is suitable for use in adversarial settings where Coq is not intended for use, such as run-time certification of mobile code.
Supplemental Material
- T. Acar, C. Fournet, and D. Shumow. Design and verification of a cryptoagile distributed key manager. Technical report, MSR, 2010.Google Scholar
- A.W. Appel. Axiomatic bootstrapping: a guide for compiler hackers. ACM TOPLAS, 16, November 1994. Google Scholar
Digital Library
- M. Armand, B. Gregoire, A. Spiwack, and L. Thery. Extending Coq with imperative features and its application to SAT verification. In ITP, 2010. Google Scholar
Digital Library
- L. Augustsson. Cayenne: A language with dependent types. In ICFP, 1998. Google Scholar
Digital Library
- K. Avijit, A. Datta, and R. Harper. Distributed programming with distributed authorization. In TLDI, 2010. Google Scholar
Digital Library
- B. Aydemir, A. Chargueraud, B. C. Pierce, R. Pollack, and S. Weirich. Engineering formal metatheory. In POPL, 2008. Google Scholar
Digital Library
- B. Barras. Sets in coq, coq in sets. J. Formalized Reasoning, 2010.Google Scholar
- J. Bengtson, K. Bhargavan, C. Fournet, A. D. Gordon, and S. Maffeis. Refinement types for secure implementations. In CSF, 2008. Google Scholar
Digital Library
- K. Bhargavan, R. Corin, P.-M. Denielou, C. Fournet, and J. Leifer. Cryptographic protocol synthesis and verification for multiparty sessions. In CSF, 2009. Google Scholar
Digital Library
- K. Bhargavan, C. Fournet, and A. D. Gordon. Modular verification of security protocol code by typing. In POPL, 2010. Google Scholar
Digital Library
- C. Casinghino, H. D. Eades, G. Kimmell, V. Sjoberg, T. Sheard, A. Stump, and S. Weirich. The preliminary design of the Trellys core language. In PLPV, 2011.Google Scholar
- J. Chen, R. Chugh, and N. Swamy. Type-preserving compilation of end-toend verification of security enforcement. In PLDI, 2010. Google Scholar
Digital Library
- A. Chlipala. A verified compiler for an impure functional language. In POPL, 2010a. Google Scholar
Digital Library
- A. Chlipala. Ur: statically-typed metaprogramming with type-level record computation. PLDI, 2010b. Google Scholar
Digital Library
- C. Colby, P. Lee, G. C. Necula, F. Blau, M. Plesko, and K. Cline. A certifying compiler for Java. In PLDI, 2000. Google Scholar
Digital Library
- J. Davis. A self-verifying theorem prover. PhD thesis, U.T. Austin, 2009. Google Scholar
Digital Library
- L. de Moura and N. Bjørner. Z3: An efficient SMT solver. In TACAS, 2008. Google Scholar
Digital Library
- T. Dierks and E. Rescorla. The Transport Layer Security (TLS) Protocol Version 1.2, 2008.Google Scholar
- T. Hart and M. Levin. The new compiler. AI Memo 39, MIT, 1962. Google Scholar
Digital Library
- L. Jia, J. Vaughan, K. Mazurak, J. Zhao, L. Zarko, J. Schorr, and S. Zdancewic. Aura: A programming language for authorization and audit. In ICFP, 2008. Google Scholar
Digital Library
- C. Keller and B. Werner. Importing HOL Light into Coq. In ITP, 2010. Google Scholar
Digital Library
- X. Leroy. A locally nameless solution to the POPLmark challenge. Research report 6098, INRIA, Jan. 2007.Google Scholar
- X. Leroy. The CompCert verified compiler, software and commented proof, Mar. 2011.Google Scholar
- P. Letouzey. Coq extraction, an overview. In LTA '08, volume 5028 of Lecture Notes in Computer Science. Springer-Verlag, 2008.Google Scholar
- S. Maffeis, M. Abadi, C. Fournet, and A. D. Gordon. Code-carrying authorization. In ESORICS '08, 2008. Google Scholar
Digital Library
- C. McBride. Epigram: Practical programming with dependent types. In Advanced Functional Programming School, 2004. Google Scholar
Digital Library
- G. Morrisett, D. Walker, K. Crary, and N. Glew. From System F to typed assembly language. ACM Trans. Program. Lang. Syst., 21(3), 1999. Google Scholar
Digital Library
- M. Moskal. Rocket-fast proof checking for SMT solvers. In TACAS, 2008. Google Scholar
Digital Library
- M. O. Myreen and J. Davis. A verified runtime for a verified theorem prover. In Interactive Theorem Proving, Aug. 2011. Google Scholar
Digital Library
- A. Nanevski, G. Morrisett, A. Shinnar, P. Govereau, and L. Birkedal. Ynot: dependent types for imperative programs. In ICFP, 2008. Google Scholar
Digital Library
- U. Norell. Towards a practical programming language based on dependent type theory. PhD thesis, Chalmers Institute of Technology, 2007.Google Scholar
- R. Pollack. How to believe a machine-checked proof. In G. Sambin and J. Smith, editors, Twenty-Five Years of Constructive Type Theory. 1998.Google Scholar
- M. Sozeau. Equations: A dependent pattern-matching compiler. LNCS, 6172, 2010. Google Scholar
Digital Library
- A. Stump, M. Deters, A. Petcher, T. Schiller, and T. Simpson. Verified programming in Guru. In PLPV, 2008. Google Scholar
Digital Library
- N. Swamy, B. J. Corcoran, and M. Hicks. Fable: A language for enforcing user-defined security policies. In S&P, 2008. Google Scholar
Digital Library
- N. Swamy, J. Chen, and R. Chugh. Enforcing stateful authorization and information flow policies in Fine. In ESOP, 2010. Google Scholar
Digital Library
- N. Swamy, J. Chen, C. Fournet, P.-Y. Strub, K. Bhargavan, and J. Yang. Secure distributed programming with value-dependent types. In ICFP, Sept. 2011. See also the full paper at MSR-TR-2011-37. Google Scholar
Digital Library
- The Coq Development Team. The Coq Proof Assistant Reference Manual - Version 8.3. INRIA, 2011. At URL http://coq.inria.fr/.Google Scholar
- H. Xi. Applied type system: Extended abstract. In Types for Proofs and Programs, pages 394--408, 2003.Google Scholar
Index Terms
Self-certification: bootstrapping certified typecheckers in F* with Coq
Recommendations
Self-certification: bootstrapping certified typecheckers in F* with Coq
POPL '12: Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languagesWell-established dependently-typed languages like Agda and Coq provide reliable ways to build and check formal proofs. Several other dependently-typed languages such as Aura, ATS, Cayenne, Epigram, F*, F7, Fine, Guru, PCML5, and Ur also explore reliable ...
Compositional reasoning and decidable checking for dependent contract types
PLPV '09: Proceedings of the 3rd workshop on Programming languages meets program verificationSimple type systems perform compositional reasoning in that the type of a term depends only on the types of its subterms, and not on their semantics. Contracts offer more expressive abstractions, but static contract checking systems typically violate ...
Refinement types for Haskell
PLPV '14: Proceedings of the ACM SIGPLAN 2014 Workshop on Programming Languages meets Program VerificationWe present LiquidHaskell (http://goto.ucsd.edu/liquid), an automatic verifier for Haskell. LiquidHaskell uses Refinement types, a restricted form of dependent types where relationships between values are encoded by decorating types with logical ...







Comments