Information
- Lecturer : Kalmer Apinis (kalmer.apinis@ut.ee)
- Lectures : Thursdays, 10:15-12:15, in Delta-1008
- Each week there will be a (max 1.5h) video in addition to the lecture
- Homework : see Homework, submit to moodle
- Discussion : Zulip (log into courses to see link)
- Final exam:
- open book e-exam (including the internet) + face-to-face Q&A if needed
- example
- Final grade
- max. 70 points for autograded HW (less if incorrect or submited late)
- max. 30 points for autograded exam+Q&A
- 0..50 → F, 51..60 → E, 61..70 → D, 71..80 → C, 81..90 → B, 91..100 → A
Book recommendation
- Verified Functional Algorithms by Andrew W. Appel
- Logical Foundations by Benjamin C. Pierce et al
- "Certified Programming with Dependent Types", Adam Chlipala, 2019
- Program Logics for Certified Compilers by Andrew W. Appel et al., 2014
- Formal Reasoning About Programs by Adam Chlipala, 2017
- Computer Arithmetic and Formal Proofs by S. Boldo and G. Melquiond, 2017
- Binomial Queues by Andrew by W. Appel, 2016
- Efficient Verified Red-Black Trees by Andrew W. Appel, 2011
Preparation for the course
We will be using Rocq together with VS Code/Codium.
- Install Opam, the package manager for the OCaml programming language.
- Initialize
~/.opam. Run via terminal:
opam init eval $(opam env)
- Install Rocq
opam pin add rocq-prover 9.1.0 opam install vsrocq-language-server
- Install VSCodium and install the extension VsRocq
Why verified algorithms?
While many application domains require us to "move fast and break things," there are important industries, such as avionics, space, and medical devices, where such a stuck accelerator pedal approach is not desired. In this course, we will learn how software correctness guarantees are achieved through the Rocq system, whose many industrial uses include the certified compiler (CompCert) used by Airbus. All of this may seem like hard work, but it will pay off, just as the focus on quality assurance has paid off for Airbus.
What is interactive theorem proving
An interactive theorem prover such as Rocq is a system where you can write propositions (such as "forall l1 l2, rev (l1 ++ l2) = rev l2 ++ rev l1") and prove them interactively. Proving something interactively means that the system keeps track of your goals as you apply logic rules and proof tactics. In the background, the system checks that the rules you have chosen are applicable and prohibits you from using rules that make no sense. This means that Rocq proofs are machine-checked.
Why interactive theorem provers?
As code becomes easier to generate, it is increasingly important to precisely specify, clearly understand, and thoroughly verify the correctness of our programs. Thus, tools like Rocq complement tools like ChatGPT and Copilot by requiring proofs and checking that provided proofs are indeed valid. Look at our experiment, where ChatGPT generates a buggy implementation for the simple problem of finding the maximal element in a binary tree.
Is Rocq the right tool?
In this course, we use the Rocq system, but other similar tools exist. Rocq can be used to formalize mathematics in general, but it can also be used to prove the correctness of programs. This fact makes Rocq interesting for computer scientists.
Rocq is not a toy or just a program that teaches students about logic. It is a mature tool with 30 years of research behind it. It is actively used for formalizing complicated proofs. Wikipedia lists its main achievements as
- Four color theorem: formal proof using Rocq was completed in September 2004.
- Disjoint-set data structure: correctness proof in Rocq was published in 2007.
- Feit–Thompson theorem: formal proof using Rocq was completed in September 2012.
- CompCert: an optimizing compiler for a subset of the C programming language, which is fully programmed and proved in Rocq.
In this course, we learn to write programs in Rocq, prove logical propositions, and reason about small imperative and functional programs. As an added benefit, the Rocq systems will provide instant feedback on whether your homework solution is correct.
Forms of learning
During the recorded lecture, I will solve the majority of exercises from Logical Foundations and Verified Functional Algorithms. These are the same exercises you must solve and submit as homework. You can choose, according to your preference, how closely you want to follow the lectures.
In addition to lectures, there will be a Zulip chat room for cases where you get stuck with details or understand "the big picture."
The homework will have quite strict deadlines as extra motivation to not fall behind too much.
Scope of the course
We expect that you understand programming and algorithms at a basic level. For example, you should understand what merge sort does.
No previous knowledge about proofs or Rocq is needed. Some knowledge of logic and proofs will come in handy. We start at the beginning: the basics of Rocq. Then, we learn all the required proof tactics and apply them to prove the correctness of functional algorithms such as sorting, search trees, and priority queues. I am not obsessed with covering all "Verified Functional Algorithms" chapters, but we should aim to reach Red-Black tree operations.
Motivation for taking the course
- Being able to use interactive theorem provers (including Rocq) is useful. There are high-paying jobs in Europe for writing provably correct software. Also, proving something interesting is a suitable topic for your PhD. Rocq might never go mainstream, but provably correct software is the future. :-)
- Surprisingly few people in Estonia use it. Stand out among your peers with uncommon know-how/interests.
- As Rocq is able to check your proofs, you get instant progress feedback on your course- and homework. By solving all the exercises in a timely manner, you are almost guaranteed to get a good result on the exam, as the exam is about proving similar theorems as homework.
- You will get a better intuition about correct algorithms.
- You will be able to write provably correct code.