Gradual Certified Programming in Coq

TL;DR

This paper introduces a method for gradual certified programming in Coq, allowing postponement of proofs and runtime property checks without modifying Coq itself, thus easing adoption of high-assurance software development.

Contribution

It demonstrates how to implement gradual certified programming in Coq using existing features like type classes and axioms, enabling runtime checks and proof postponement without extensions.

Findings

Supports postponing proofs and runtime verification of properties.

Integrates casts with Coq's implicit coercion mechanism.

Enables lifting properties into runtime checks during extraction.

Abstract

Expressive static typing disciplines are a powerful way to achieve high-quality software. However, the adoption cost of such techniques should not be under-estimated. Just like gradual typing allows for a smooth transition from dynamically-typed to statically-typed programs, it seems desirable to support a gradual path to certified programming. We explore gradual certified programming in Coq, providing the possibility to postpone the proofs of selected properties, and to check "at runtime" whether the properties actually hold. Casts can be integrated with the implicit coercion mechanism of Coq to support implicit cast insertion a la gradual typing. Additionally, when extracting Coq functions to mainstream languages, our encoding of casts supports lifting assumed properties into runtime checks. Much to our surprise, it is not necessary to extend Coq in any way to support gradual certified programming. A simple mix of type classes and axioms makes it possible to bring gradual certified programming to Coq in a straightforward manner.