Preface

• Welcome
• Overview
  • Logic
  • Proof Assistants
  • Functional Programming
  • Program Verification
  • Type Systems
• Practicalities
  • Chapter Dependencies
  • System Requirements
  • Exercises
  • Downloading the Coq Files
• Note for Instructors
• Translations

Basics: Functional Programming in Coq

• Introduction
• Enumerated Types
  • Days of the Week
  • Booleans
  • Function Types
  • Modules
  • Numbers
• Proof by Simplification
• Proof by Rewriting
• Proof by Case Analysis
  • More on Notation (Optional)
  • Fixpoints and Structural Recursion (Optional)
• More Exercises

Induction: Proof by Induction

• Proof by Induction
• Proofs Within Proofs
• More Exercises
• Formal vs. Informal Proof (Optional)

Lists: Working with Structured Data

• Pairs of Numbers
• Lists of Numbers
• Reasoning About Lists
  • Induction on Lists
  • SearchAbout
  • List Exercises, Part 1
  • List Exercises, Part 2
• Options
• Partial Maps

Poly: Polymorphism and Higher-Order Functions

• Polymorphism
  • Polymorphic Lists
  • Polymorphic Pairs
  • Polymorphic Options
• Functions as Data
  • Higher-Order Functions
  • Filter
  • Anonymous Functions
  • Map
  • Fold
  • Functions That Construct Functions
• Additional Exercises

Tactics: More Basic Tactics

• The apply Tactic
• The apply ... with ... Tactic
• The inversion tactic
• Using Tactics on Hypotheses
• Varying the Induction Hypothesis
• Unfolding Definitions
• Using destruct on Compound Expressions
• Review
• Additional Exercises

Logic: Logic in Coq

• Logical Connectives
  • Conjunction
  • Disjunction
  • Falsehood and Negation
  • Truth
  • Logical Equivalence
  • Existential Quantification
• Programming with Propositions
• Applying Theorems to Arguments
• Coq vs. Set Theory
  • Functional Extensionality
  • Propositions and Booleans
  • Classical vs. Constructive Logic

IndProp: Inductively Defined Propositions

• Inductively Defined Propositions
• Using Evidence in Proofs
  • Inversion on Evidence
  • Induction on Evidence
• Inductive Relations
• Case Study: Regular Expressions
  • The remember Tactic
• Improving Reflection
• Additional Exercises

Maps: Total and Partial Maps

• The Coq Standard Library
• Identifiers
• Total Maps
• Partial maps

ProofObjects: The Curry-Howard Correspondence

• Proof Scripts
• Quantifiers, Implications, Functions
• Connectives as Inductive Types
  • Conjunction
  • Disjunction
  • Existential Quantification
  • True and False
• Programming with Tactics
• Equality
  • Inversion, Again

IndPrinciples: Induction Principles

• Basics
• Polymorphism
• Induction Hypotheses
• More on the induction Tactic
• Induction Principles in Prop
• Formal vs. Informal Proofs by Induction
  • Induction Over an Inductively Defined Set
  • Induction Over an Inductively Defined Proposition

SfLib: Software Foundations Library

Rel: Properties of Relations

• Basic Properties
• Reflexive, Transitive Closure

Imp: Simple Imperative Programs

• Arithmetic and Boolean Expressions
  • Syntax
  • Evaluation
  • Optimization
• Coq Automation
  • Tacticals
  • Defining New Tactic Notations
  • The omega Tactic
  • A Few More Handy Tactics
• Evaluation as a Relation
  • Inference Rule Notation
  • Equivalence of the Definitions
  • Computational vs. Relational Definitions
• Expressions With Variables
  • States
  • Syntax
  • Evaluation
• Commands
  • Syntax
  • Examples
• Evaluation
  • Evaluation as a Function (Failed Attempt)
  • Evaluation as a Relation
  • Determinism of Evaluation
• Reasoning About Imp Programs
• Additional Exercises

ImpParser: Lexing and Parsing in Coq

• Internals
  • Lexical Analysis
  • Parsing
• Examples

ImpCEvalFun: Evaluation Function for Imp

• A Broken Evaluator
• A Step-Indexed Evaluator
• Relational vs. Step-Indexed Evaluation
• Determinism of Evaluation Again

Extraction: Extracting ML from Coq

• Basic Extraction
• Controlling Extraction of Specific Types
• A Complete Example
• Discussion

Equiv: Program Equivalence

• Behavioral Equivalence
  • Definitions
  • Examples
• Properties of Behavioral Equivalence
  • Behavioral Equivalence is an Equivalence
  • Behavioral Equivalence is a Congruence
• Program Transformations
  • The Constant-Folding Transformation
  • Soundness of Constant Folding
• Proving That Programs Are Not Equivalent
• Extended Exercise: Nondeterministic Imp
• Additional Exercises

Hoare: Hoare Logic, Part I

• Assertions
• Hoare Triples
• Proof Rules
  • Assignment
  • Consequence
  • Digression: The eapply Tactic
  • Skip
  • Sequencing
  • Conditionals
  • Recap
  • Loops
• Summary
• Additional Exercises

Hoare2: Hoare Logic, Part II

• Decorated Programs
  • Example: Swapping Using Addition and Subtraction
  • Example: Simple Conditionals
  • Example: Reduce to Zero
  • Example: Division
• Finding Loop Invariants
  • Example: Slow Subtraction
  • Exercise: Slow Assignment
  • Exercise: Slow Addition
  • Example: Parity
  • Example: Finding Square Roots
  • Example: Squaring
  • Exercise: Factorial
  • Exercise: Min
  • Exercise: Power Series
• Weakest Preconditions (Optional)
• Formal Decorated Programs (Optional)
  • Syntax
  • Extracting Verification Conditions
  • Automation
  • Examples

HoareAsLogic: Hoare Logic as a Logic

• Definitions
• Properties

Smallstep: Small-step Operational Semantics

• A Toy Language
• Relations
  • Values
  • Strong Progress and Normal Forms
• Multi-Step Reduction
  • Examples
  • Normal Forms Again
  • Equivalence of Big-Step and Small-Step Reduction
  • Additional Exercises
• Small-Step Imp
• Concurrent Imp
• A Small-Step Stack Machine

Auto: More Automation

• The auto and eauto tactics
• Searching Hypotheses

Types: Type Systems

• Typed Arithmetic Expressions
  • Syntax
  • Operational Semantics
  • Normal Forms and Values
  • Typing
  • Progress
  • Type Preservation
  • Type Soundness
• Aside: the normalize Tactic
  • Additional Exercises

Stlc: The Simply Typed Lambda-Calculus

• The Simply Typed Lambda-Calculus
  • Overview
  • Syntax
  • Operational Semantics
  • Typing

StlcProp: Properties of STLC

• Canonical Forms
• Progress
• Preservation
  • Free Occurrences
  • Substitution
  • Main Theorem
• Type Soundness
• Uniqueness of Types
• Additional Exercises
  • Exercise: STLC with Arithmetic

MoreStlc: More on the Simply Typed Lambda-Calculus

• Simple Extensions to STLC
  • Numbers
  • let-bindings
  • Pairs
  • Unit
  • Sums
  • Lists
  • General Recursion
  • Records
• Exercise: Formalizing the Extensions
  • Examples
  • Properties of Typing

Sub: Subtyping

• Concepts
  • A Motivating Example
  • Subtyping and Object-Oriented Languages
  • The Subsumption Rule
  • The Subtype Relation
  • Exercises
• Formal Definitions
  • Core Definitions
  • Subtyping
  • Typing
  • Typing examples
• Properties
  • Inversion Lemmas for Subtyping
  • Canonical Forms
  • Progress
  • Inversion Lemmas for Typing
  • Context Invariance
  • Substitution
  • Preservation
  • Records, via Products and Top
  • Exercises
• Exercise: Adding Products

Typechecking

• MoreStlc: A Typechecker for STLC
  • Comparing Types
  • The Typechecker
  • Properties

Records: Adding Records to STLC

• Adding Records
• Formalizing Records
  • Examples
  • Properties of Typing

References: Typing Mutable References

• Definitions
• Syntax
• Pragmatics
  • Side Effects and Sequencing
  • References and Aliasing
  • Shared State
  • Objects
  • References to Compound Types
  • Null References
  • Garbage Collection
• Operational Semantics
  • Locations
  • Stores
  • Reduction
• Typing
  • Store typings
  • The Typing Relation
• Properties
  • Well-Typed Stores
  • Extending Store Typings
  • Preservation, Finally
  • Substitution lemma
  • Assignment Preserves Store Typing
  • Weakening for Stores
  • Preservation!
  • Progress
• References and Nontermination
• Additional Exercises

RecordSub: Subtyping with Records

• Core Definitions
• Subtyping
  • Definition
  • Subtyping Examples and Exercises
  • Properties of Subtyping
• Typing
  • Typing Examples
  • Properties of Typing
  • Exercises on Typing

Norm: Normalization of STLC

• Language
• Normalization
  • Membership in R_T is invariant under evaluation
  • Closed instances of terms of type T belong to R_T

LibTactics: A Collection of Handy General-Purpose Tactics

• Tools for programming with Ltac
  • Identity continuation
  • Untyped arguments for tactics
  • Optional arguments for tactics
  • Wildcard arguments for tactics
  • Position markers
  • List of arguments for tactics
  • Databases of lemmas
  • On-the-fly removal of hypotheses
  • Numbers as arguments
  • Testing tactics
  • Check no evar in goal
  • Helper function for introducing evars
  • Tagging of hypotheses
  • Tagging of hypotheses
  • Deconstructing terms
  • Action at occurence and action not at occurence
  • An alias for eq
• Common tactics for simplifying goals like intuition
• Backward and forward chaining
  • Application
  • Assertions
  • Instantiation and forward-chaining
  • Experimental tactics for application
  • Adding assumptions
  • Application of tautologies
  • Application modulo equalities
  • Absurd goals
• Introduction and generalization
  • Introduction
  • Generalization
  • Naming
• Rewriting
  • Replace
  • Change
  • Renaming
  • Unfolding
  • Simplification
  • Evaluation
  • Substitution
  • Tactics to work with proof irrelevance
  • Proving equalities
• Inversion
  • Basic inversion
  • Inversion with substitution
  • Injection with substitution
  • Inversion and injection with substitution —rough implementation
  • Case analysis
• Induction
• Coinduction
• Decidable equality
• Equivalence
• N-ary Conjunctions and Disjunctions
• Tactics to prove typeclass instances
• Tactics to invoke automation
  • Definitions for parsing compatibility
  • hint to add hints local to a lemma
  • jauto, a new automation tactics
  • Definitions of automation tactics
  • Parsing for light automation
  • Parsing for strong automation
• Tactics to sort out the proof context
  • Hiding hypotheses
  • Sorting hypotheses
  • Clearing hypotheses
• Tactics for development purposes
  • Skipping subgoals
• Compatibility with standard library
• Additional notations for Coq
  • N-ary Existentials —TODO: DEPRECATED, Coq now supports it.
  • 'let bindings (EXPERIMENTAL).

UseTactics: Tactic Library for Coq: A Gentle Introduction

• Tactics for introduction and case analysis
  • The tactic introv
  • The tactic inverts
• Tactics for n-ary connectives
  • The tactic splits
  • The tactic branch
  • The tactic ∃
• Tactics for working with equality
  • The tactics asserts_rewrite and cuts_rewrite
  • The tactic substs
  • The tactic fequals
  • The tactic applys_eq
• Some convenient shorthands
  • The tactic unfolds
  • The tactics false and tryfalse
  • The tactic gen
  • The tactics skip, skip_rewrite and skip_goal
  • The tactic sort
• Tactics for advanced lemma instantiation
  • Working of lets
  • Working of applys, forwards and specializes
  • Example of instantiations
• Summary

UseAuto: Theory and Practice of Automation in Coq Proofs

• Basic Features of Proof Search
  • Strength of Proof Search
  • Basics
  • Conjunctions
  • Disjunctions
  • Existentials
  • Negation
  • Equalities
• How Proof Search Works
  • Search Depth
  • Backtracking
  • Adding Hints
  • Integration of Automation in Tactics
• Examples of Use of Automation
  • Determinism
  • Preservation for STLC
  • Progress for STLC
  • BigStep and SmallStep
  • Preservation for STLCRef
  • Progress for STLCRef
  • Subtyping
• Advanced Topics in Proof Search
  • Stating Lemmas in the Right Way
  • Unfolding of Definitions During Proof-Search
  • Automation for Proving Absurd Goals
  • Automation for Transitivity Lemmas
• Decision Procedures
  • Omega
  • Ring
  • Congruence
• Summary

PE: Partial Evaluation

• Generalizing Constant Folding
  • Partial States
  • Arithmetic Expressions
  • Boolean Expressions
• Partial Evaluation of Commands, Without Loops
  • Assignment
  • Conditional
  • The Partial Evaluation Relation
  • Examples
  • Correctness of Partial Evaluation
• Partial Evaluation of Loops
  • Examples
  • Correctness
• Partial Evaluation of Flowchart Programs
  • Basic blocks
  • Flowchart programs
  • Partial evaluation of basic blocks and flowchart programs

Postscript

• Looking back...
• Looking forward...