Benjamin Werner

Bio: Benjamin Werner is an academic researcher from École Polytechnique. The author has contributed to research in topics: Type theory & Transcendental function. The author has an hindex of 18, co-authored 33 publications receiving 2499 citations. Previous affiliations of Benjamin Werner include University of Paris & French Institute for Research in Computer Science and Automation.

The Coq proof assistant : reference manual, version 6.1

Abstract: Coq is a proof assistant based on a higher-order logic allowing powerful definitions of functions. Coq V6.1 is available by anonymous ftp at ftp.inria.fr:/INRIA/Projects/coq/V6.1 and ftp.ens-lyon.fr:/pub/LIP/COQ/V6.1

A modular integration of SAT/SMT solvers to coq through proof witnesses

Abstract: We present a way to enjoy the power of SAT and SMT provers in Coq without compromising soundness. This requires these provers to return not only a yes/no answer, but also a proof witness that can be independently rechecked. We present such a checker, written and fully certified in Coq. It is conceived in a modular way, in order to tame the proofs' complexity and to be extendable. It can currently check witnesses from the SAT solver ZChaff and from the SMT solver veriT. Experiments highlight the efficiency of this checker. On top of it, new reflexive Coq tactics have been built that can decide a subset of Coq's logic by calling external provers and carefully checking their answers.

Une theorie des constructions inductives

Abstract: L'objet de cette these est la meta-theorie du Calcul des Constructions Inductives (CCI), c'est a dire les Calcul des Constructions etendu par des types et des predicats inductifs. Le Calcul des Constructions a ete presente en 1985 par Thierry Coquand. Il s'agit d'un lambda-calcul type qui, a travers l'isomorphisme dit de Curry-Howard, peut-etre vu comme un formalisme logique. Ce systeme qui etend a la fois la logique d'ordre superieur de Church et les systemes de Martin-Lof est particulierement expressif du point de vue algorithmique et peut facilement etre mis en oeuvre sur ordinateur. Dans le Calcul des Constructions originel, les types de donnees (entiers, listes, sommes, etc) sont representes dans le lambda-calcul a travers un codage impredicatif. Cette solution est elegante mais conduit a un certain nombre de difficultes pratiques et theoriques. Pour y remedier, Thierry Coquand et Christine Paulin-Mohring on propose d'etendre le formalisme par un mecanisme generique de definitions inductives. C'est cette extension, utilisee dans le systeme Coq, qui est etudiee dans cette these. Le resultat essentiel est que le systeme verifie bien la propriete de normalisation forte. On en deduit les proprietes de coherence logique, de confluence et de decidabilite du typage. L'aspect le plus spectaculaire de l'extension par des types inductifs est la possibilite de definir de nouveaux types et de nouvelles propositions par recurrence structurelle (elimination forte). Cette caracteristique, qui donne toute sa signification a la notion de types dependants, augmente enormement le pouvoir de la regle de conversion, et par la, la difficulte de la preuve de normalisation. L'interpretation de l'elimination forte dans une preuve de normalisation par reductibilite est la nouveaute essentielle de ce travail. De plus, nous considerons ici un systeme avec eta-conversion. Une consequence est que la propriete de confluence n'est plus combinatoire et doit etre prouvee apres la normalisation, ce qui augmente a nouveau la difficulte de la preuve de celle-ci. A ce titre, nous presentons egalement quelques resultats nouveaux sur des systemes non-normalisants qui montrent que pour des lambda-calculs types, la propriete de confluence est logique et non combinatoire.

Types and Programming Languages

Abstract: A type system is a syntactic method for automatically checking the absence of certain erroneous behaviors by classifying program phrases according to the kinds of values they compute. The study of type systems -- and of programming languages from a type-theoretic perspective -- has important applications in software engineering, language design, high-performance compilers, and security.This text provides a comprehensive introduction both to type systems in computer science and to the basic theory of programming languages. The approach is pragmatic and operational; each new concept is motivated by programming examples and the more theoretical sections are driven by the needs of implementations. Each chapter is accompanied by numerous exercises and solutions, as well as a running implementation, available via the Web. Dependencies between chapters are explicitly identified, allowing readers to choose a variety of paths through the material.The core topics include the untyped lambda-calculus, simple type systems, type reconstruction, universal and existential polymorphism, subtyping, bounded quantification, recursive types, kinds, and type operators. Extended case studies develop a variety of approaches to modeling the features of object-oriented languages.

Model checking programs

Abstract: The majority of the work carried out in the formal methods community throughout the last three decades has (for good reasons) been devoted to special languages designed to make it easier to experiment with mechanized formal methods such as theorem provers and model checkers. In this paper, we give arguments for why we believe it is time for the formal methods community to shift some of its attention towards the analysis of programs written in modern programming languages. In keeping with this philosophy, we have developed a verification and testing environment for Java, called Java PathFinder (JPF), which integrates model checking, program analysis and testing. Part of this work has consisted of building a new Java Virtual Machine that interprets Java bytecode. JPF uses state compression to handle large states, and partial order reduction, slicing, abstraction and run-time analysis techniques to reduce the state space. JPF has been applied to a real-time avionics operating system developed at Honeywell, illustrating an intricate error, and to a model of a spacecraft controller, illustrating the combination of abstraction, run-time analysis and slicing with model checking.

Formal methods: state of the art and future directions

Abstract: Hardware and software systems will inevitably grow in scale and functionality. Because of this increase in complexity, the likelihood of subtle errors is much greater. Moreover, some of these errors may cause catastrophic loss of money, time, or even human life. A major goal of software engineering is to enable developers to construct systems that operate reliably despite this complexity. One way of achieving this goal is by using formal methods, which are mathematically based languages, techniques, and tools for specifying and verifying such systems. Use of formal methods does not a priori guarantee correctness. However, they can greatly increase our understanding of a system by revealing inconsistencies, ambiguities, and incompleteness that might otherwise go undetected. The first part of this report assesses the state of the art in specification and verification. For verification, we highlight advances in model checking and theorem proving. In the three sections on specification, model checking, and theorem proving, we explain what we mean by the general technique and briefly describe some successful case studies and well-known tools. The second part of this report outlines future directions in fundamental concepts, new methods and tools, integration of methods, and education and technology transfer. We close with summary remarks and pointers to resources for more information.

The Coq proof assistant : reference manual, version 6.1

Abstract: Coq is a proof assistant based on a higher-order logic allowing powerful definitions of functions. Coq V6.1 is available by anonymous ftp at ftp.inria.fr:/INRIA/Projects/coq/V6.1 and ftp.ens-lyon.fr:/pub/LIP/COQ/V6.1