Skip to Main content Skip to Navigation
Preprints, Working Papers, ...

Embedding Untrusted Imperative ML Oracles into Coq Verified Code

Abstract : This paper investigates a lightweight approach-combining Coq and OCaml typecheckers-in order to formally verify higher-order imperative programs in partial correctness. In this approach, the user does never formally reason about effects of imperative functions, but only about their results. Formal guarantees are obtained by combining parametric reasoning over polymorphic functions (i.e. "theorems for free" a la Wadler) with verified defensive programming. This paper illustrates the approach on several examples. Among them: first, the certification of a polymorphic memoized fixpoint operator using untrusted hash-tables; second, a certified Boolean SAT-solver, invoking internally any untrusted but state-of-the-art SAT-solver (itself generally programmed in C/C++).
Complete list of metadata

Cited literature [40 references]  Display  Hide  Download
Contributor : Sylvain Boulmé <>
Submitted on : Tuesday, July 16, 2019 - 10:10:25 PM
Last modification on : Tuesday, May 11, 2021 - 11:37:03 AM


Files produced by the author(s)


  • HAL Id : hal-02062288, version 2



Sylvain Boulmé, Thomas Vandendorpe. Embedding Untrusted Imperative ML Oracles into Coq Verified Code. 2019. ⟨hal-02062288v2⟩