Typed TEMPLATE-COQ

Abhishek Anand - CORNELL


Simon Boulier & Nicolas Tabareau - INRIA NANTES

Matthieu Sozeau - INRIA PARIS

CoqPL’18
Los Angeles, CA, USA
January 13th 2018
 TEMPLATE-COQ
๏ Quoting and unquoting of terms and declarations
๏ Quote Definition quoted_t : Ast.t := t.
๏ Denote denoted_t := quoted_t.
๏ Ideally “faithful” representation of Coq terms

๏ Differences: Strings for global_reference and

lists instead of arrays. But see M. Dénès native
int and arrays…

๏ Initially developed by G. Malecha, with contribs

from A. Anand and myself.

Typed Template-Coq 2
 Template-Coq

๏ One option “Set Template Cast Propositions”,

reifies (t : T : Prop) into

tCast (reify t : reify T : reify Prop)

Typed Template-Coq 3
 Application: CERTICOQ
๏ A certified compiler for Gallina terms (everything
except cofix):

๏ compile : Ast.term -> Compcert.Csyntax

๏ forall t : Ast.term, closed t -> t ~>_wcbv u ->

compile t ~>_C compile u /\ 

obs_equivalence Coq C t (compile u).

๏ Compilation first erases proofs (as in Extraction), type

labels, types, parameters of constructors, and lambdas
of match branches (after eta expanding them if
necessary).

๏ Then CPS, closure conversion, shrink reduction and

beta-reductions, optimisation of constructor
representations and binding to a certified gc.

Typed Template-Coq 4
 Application: CERTICOQ
Extraction-Based Path

๏ Extract compile and bind it to CompCert

๏ Implement a reifier in ML from Coq constr to

Template-Coq’s *extracted* Ast.t and use it as the
frontend:

๏ Voilà: “CertiCoq Compile foobar” gives the value of

foobar, adding only Extraction to the TCB.

Typed Template-Coq 5
 Application: CERTICOQ
TCB reduction

We could try bootstrapping à la CakeML / Oeuf, using:

Eval compute in (compile quoted_compile)

TCB: Coq’s kernel + quoter + printing. Note done yet.

Typed Template-Coq 6
 A Certified Typechecker?

๏ To prove CERTICOQ’S semantics preservation theorem,

we need to start from a spec of CIC’s reduction.

๏ Current focus: extend Template-Coq with (inductive)

specifications of typing, conversion and reduction for
the Ast.

๏ Extract it or CertiCoq Compile it to get a verified type

checker for Coq in ML or as a certified binary.

Typed Template-Coq 7
 Byproducts

๏ Requires to formally specify the actual implementation

of COQ’s type inference and its correspondence with the
formal semantics defined as a typing judgment.

๏ WIP: A (partial) typechecker and conversion test for

Ast.term (based on fuel, totality needs SN). You’re
very welcome to comment / suggest changes to
this formulation.

๏ Disclaimer: Currently none of the hard parts done

(positivity condition, guardedness checking).

Typed Template-Coq 8
 Certified Translations

๏ Ast can be used to define definitional translations from

TT to TT, e.g. forcing, weaning, parametricity… and
derive plugins.

๏ Two parametricity translations defined: standard binary

(S. Boulier, using de Bruijn and calling type inference)
and the Uniform Propositions of A. Anand’s and
Morrisett’s (switching to a named representation).

๏ Such translations can also be plugged on top of

CERTICOQ ! CERTIFIED SCHEME BUILDERS !

Typed Template-Coq 9
 The CertiCoq Monad

๏ Similar to MetaCoq’s monad

๏ Allows crawling the environment and modifying it,

calling the type checker etc…

Write your plugins in Coq!

Certify them in Coq!
Run them natively!

Typed Template-Coq 10
 Demo

Typed Template-Coq 11