Navigating the Coq Development

WiSE is a symbolic execution based bug finder implemented an proven correct in Coq. Coq is a purely functional programming language that can also be used as a proof assistant to formalize mathematics and prove theorems. This document aims at guiding the readers through the Coq sources of WiSE.

How to read WiSE sources

The source code of WiSE is composed of 3 sorts of objects: code that can be executed, mathematical definitions, and mathematical proofs.

Code and definitions

Code and mathematical definitions are written in the purely functional language of Coq, and resembles OCaml, Haskell or any other functional language. For example, an inductive data type definition looks like this:

        
Inductive expr : Type :=
  | Var (s : string)
  | Add (e1 e2 : expr)
  | ...
        
      

Functions are defined using the keywords Definition or Fixpoint (for recursive functions). Below are 2 examples of function definitions :

        
Definition Double (e : expr) : expr := Add e e.

Fixpoint eq_expr (e1 e2 : expr) : bool :=
  match e1, e2 with
  | Var s1, Var s2 => s1 =? s2
  | ...
        
      

Theorems and proofs

Theorems and their proofs start with the keyword Theorem or Lemma, followed by the name of the theorem, and then followed by a proof script.

        
Lemma eq_expr_correct:
  forall e1 e2, eq_expr e1 e2 = true <-> e1 = e2.
Proof.
  induction e1, e2.
  ...
Qed.
        
      

Note that proof scripts are not necessarily meant to be read. When the sources are compiled, the Coq compiler checks the validity of all proofs.

How to navigate WiSE sources

To navigate the Coq sources, we strongly recommend to use the interactive web documentation and to go through the following selection of files in this order (from top to bottom):

Module Name Type of source Description
WiSE.lang.imp code The definition of the target programming language IMP (AST)
WiSE.lang.imp definitions A mathematical description of IMP’s execution model (concrete semantics)
WiSE.symbolic.symex definitions A mathematical description of IMP’s symbolic execution model (symbolic semantics)
WiSE.symbolic.symex proofs A formal proof that the symbolic execution model is consistent with respect to the concrete one
WiSE.implem.bugfinder code A purely functional and executable implementation of a bug finder based on the symbolic execution model
WiSE.implem.bugfinder_proof proofs A proof that the bug finder implementation only finds true bugs and can eventually discover all bugs

The other Coq files contain auxillary definitions that are not relevant to the understanding of the development. Nonetheless, all files are extensively documented