coq-club AT inria.fr
Subject: The Coq mailing list
List archive
- From: Vincent Semeria <vincent.semeria AT gmail.com>
- To: coq-club AT inria.fr
- Subject: Re: [Coq-Club] meaning of formal specifications
- Date: Mon, 25 Jan 2021 19:16:57 +0100
- Authentication-results: mail2-smtp-roc.national.inria.fr; spf=None smtp.pra=vincent.semeria AT gmail.com; spf=Pass smtp.mailfrom=vincent.semeria AT gmail.com; spf=None smtp.helo=postmaster AT mail-oi1-f181.google.com
- Ironport-phdr: 9a23:r0C6Yx/7RZ8u1P9uRHKM819IXTAuvvDOBiVQ1KB20+8cTK2v8tzYMVDF4r011RmVBNSdsakP0rKI++C4ACpcuMnH6ChDOLV3FDY9wf0MmAIhBMPXQWbaF9XNKxIAIcJZSVV+9Gu6O0UGUOz3ZlnVv2HgpWVKQka3OgV6PPn6FZDPhMqrye+y54fTYwJVjzahfL9+Nhq7oRjVu8UMn4dvJKk9xgbVrnZJZu9awX9kKU+Jkxvz+8u9/oRv/zhMt/4k6sVNTbj0c6MkQLJCET8oKXo15MrltRnCSQuA+H4RWXgInxRLHgbI8gj0Uo/+vSXmuOV93jKaPdDtQrAvRTui9aZrRwT2hyoBKjU07XvYis10jKJcvRKhuxlyyJPabY2JKPZzeL7WcNUHTmRDQ8lRTTRMDYyyb4QND+QPM+VWoZTjqVQSthaxHxWgCfn1xzNUmnP736s32PkhHwHc2wwgGsoDv3vVrNXzKKgdT+a1zLXVxjvecfxW3Cny6JLJch87vPqBWqxwccvXyUYzCQzFiEmQpZb+PzyL0+QCrXKb7+t6Wu+0hG4nrht+ojmrxss2lobJgYcVx0nC+C5kz4k7Oce2R1RnYd64DpRQrSeaOpN4T84sQ2xmtiQ3x6MGt5OlYSQH1ZYqygDCZ/CabYSF4hztWfiQLDtlmn9reLKyiwqs/EW8y+DxVcq53UtXoydKlNTHq34D1xvW6sedS/t9+F+s2SuX1w/N7OFEJ1o4mrTGJJ48xLM7i5kdsVzbEyPohEn7iLWae0Yk9+Sy9ujqY7frqoWBO4J3lw3zNLkllNalDuQiKAcOWnCW+eSi273n+k30WLBKgec3kqndqZzaIsUbqrOgDw9bz4ou6AuzAy2p0NQfmnkHI1ZFdwydg4f1PFHOJej0Dfa5g1uyjDdm3+7KMqHlD5nXLXXOkK3tcat85kNe0gY/0NNS649MBrEEOv3zW0vxtNLCDh8+Ngy52/jnCNR71owCR22PBLOZPLnJsVCW4+IgPfOMZI4PtzvmJPgl4uThjX49mVMHYaap2p4XZGiiHvt6O0WZfWbsgtAZHGgWuQo+VfXmh0GGUT5OfHm/RLk85zE+CIK+F4jPXIGtgLqb3Ce6BJJafG5GCkrfWUvvIo6DQrIHbD+YCs5niD0NE7a7GKE70hT7ig78wLdhMqLv9ygVr5PqnIxr5uvYmBcusyd5CsmH0milQGR9n2dOTDgzivMs6Xdhw0uOhPAry8dTEsZesqsQD1UKcKXExuk/MOjcHwLMetDTFgSjS9SiRDYwF5c/mo9XJUl6HNqmg1bI2C/4W+ZExYzOP4Q99+fn51a0Is98z3jc06x41gspR8JOMSutgastrlGPVb6MqF2QkuORTYpZxDTErT7Rwm+HvUUeWwl1A/3I
Could we defend that the specification is the type, and the implementation is the proof ?
For example the theorem of decomposition into prime numbers,
forall n:nat, { p:nat, Prime p /\ n mod p = 0 }
This is a type of functions in Coq, saying that for all natural number n, there exists a natural number p such as p is prime and p divides n. This can also be read as a specification : "for a natural number n, find me a number p such as p is prime and p divides n". And now the proof of this theorem is a term of the above type. If this term is coded in Coq without axioms, it is also an algorithm that computes the number p in question, so it is an implementation of the specification.
On Mon, Jan 25, 2021 at 6:13 PM Xavier Leroy <Xavier.Leroy AT inria.fr> wrote:
On Mon, Jan 25, 2021 at 4:39 PM Fritjof <fritjof AT uni-bremen.de> wrote:Hi,
I have a question regarding what formal specification exactly means in the
proof assistant context.
First *formal verification* means an implementation satisfies its formal specification.
The satisfiability is shown using formal methods of mathematics, e.g., a constructed proof
in Coq.
So we have the following terms:
1) implementation
2) formal specification
3) constructed proofs
In the context of proof assistants, e.g., Coq, I would describe:
1) implementation - as the *program*, collection of function definitions and data types
2) formal specification - as the properties that argue about the program, e.g., theorems, lemmas or axioms
3) constructed proofs - statements of the LTac language(or any other way to construct proof terms, by the way.)I agree with your description above.In a stepwise refinement approach (which the DeepSpec project is, to some extent), the implementation of refinement step N is the specification of step N+1.However, I have also read that the implementation part is referred to as a formal specification:
- https://www.cis.upenn.edu/~bcpierce/papers/pierce-etaps2018.pdf
or the combination of 1,2 and 3 is referred to as a formal specification, like in: a program in haskell
is extracted from this formal specification.Maybe code extraction / automatic code generation is not the best example of a refinement step, causing some confusion in terminology.Hope this helps,- Xavier Leroy
Am I right, that the term *formal specification* often donetes the combination of 1,2 and 3, or just 1
or am I missing something?
Kind Regards,
fritjof
- [Coq-Club] meaning of formal specifications, Fritjof, 01/25/2021
- Re: [Coq-Club] meaning of formal specifications, Ian Atol, 01/25/2021
- Re: [Coq-Club] meaning of formal specifications, Benoît Viguier, 01/25/2021
- Re: [Coq-Club] meaning of formal specifications, Abhishek Anand, 01/26/2021
- Re: [Coq-Club] meaning of formal specifications, Benoît Viguier, 01/25/2021
- Re: [Coq-Club] meaning of formal specifications, Agnishom Chattopadhyay, 01/25/2021
- Re: [Coq-Club] meaning of formal specifications, Adam Chlipala, 01/25/2021
- Re: [Coq-Club] meaning of formal specifications, Michael Soegtrop, 01/25/2021
- Re: [Coq-Club] meaning of formal specifications, Adam Chlipala, 01/27/2021
- Re: [Coq-Club] meaning of formal specifications, Michael Soegtrop, 01/25/2021
- Re: [Coq-Club] meaning of formal specifications, Xavier Leroy, 01/25/2021
- Re: [Coq-Club] meaning of formal specifications, Vincent Semeria, 01/25/2021
- Re: [Coq-Club] meaning of formal specifications, Adam Chlipala, 01/27/2021
- Re: [Coq-Club] meaning of formal specifications, Vincent Semeria, 01/27/2021
- Re: [Coq-Club] meaning of formal specifications, Fritjof, 01/29/2021
- Re: [Coq-Club] meaning of formal specifications, Vincent Semeria, 01/27/2021
- Re: [Coq-Club] meaning of formal specifications, Adam Chlipala, 01/27/2021
- Re: [Coq-Club] meaning of formal specifications, Vincent Semeria, 01/25/2021
- Re: [Coq-Club] meaning of formal specifications, Milad Ketabii, 01/25/2021
- Re: [Coq-Club] meaning of formal specifications, Pierre Courtieu, 01/26/2021
- Re: [Coq-Club] meaning of formal specifications, Ian Atol, 01/25/2021
Archive powered by MHonArc 2.6.19+.