A Why3 Framework for Reflection Proofs and Its Application to GMP’s Algorithms

  • Guillaume MelquiondEmail author
  • Raphaël Rieu-Helft
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10900)


Earlier work showed that automatic verification of GMP’s algorithms using Why3 exceeds the current capabilities of automatic solvers. To complete this verification, numerous cut indications had to be supplied by the user, slowing the project to a crawl. This paper shows how we have extended Why3 with a framework for proofs by reflection, with minimal impact on the trusted computing base. This framework makes it easy to write dedicated decision procedures that make full use of Why3’s imperative features and are formally verified. We evaluate how much work could have been saved when verifying GMP’s algorithms, had this framework been available. This approach opens the way to efficiently tackling the further verification of GMP’s algorithms.


Decision procedures Proofs by reflection Deductive program verification Nonlinear integer arithmetic 


  1. 1.
    Besson, F.: Fast reflexive arithmetic tactics the linear case and beyond. In: Altenkirch, T., McBride, C. (eds.) TYPES 2006. LNCS, vol. 4502, pp. 48–62. Springer, Heidelberg (2007). Scholar
  2. 2.
    Blanc, R.W., Kneuss, E., Kuncak, V., Suter, P.: An overview of the Leon verification system: verification by translation to recursive functions. In: 4th Annual Scala Workshop (2013)Google Scholar
  3. 3.
    Chaieb, A., Nipkow, T.: Proof synthesis and reflection for linear arithmetic. J. Autom. Reason. 41(1), 33–59 (2008)MathSciNetCrossRefGoogle Scholar
  4. 4.
    Claret, G., del Carmen González Huesca, L., Régis-Gianas, Y., Ziliani, B.: Lightweight proof by reflection using a posteriori simulation of effectful computation. In: Blazy, S., Paulin-Mohring, C., Pichardie, D. (eds.) ITP 2013. LNCS, vol. 7998, pp. 67–83. Springer, Heidelberg (2013). Scholar
  5. 5.
    Clochard, M., Gondelman, L., Pereira, M.: The matrix reproved. J. Autom. Reason. 60(3), 365–383 (2017)MathSciNetCrossRefGoogle Scholar
  6. 6.
    Ebner, G., Ullrich, S., Roesch, J., Avigad, J., de Moura, L.: A metaprogramming framework for formal verification. In: 22nd ACM SIGPLAN International Conference on Functional Programming, Oxford, UK, pp. 34:1–34:29, September 2017CrossRefGoogle Scholar
  7. 7.
    Filliâtre, J.-C., Paskevich, A.: Why3—where programs meet provers. In: Felleisen, M., Gardner, P. (eds.) ESOP 2013. LNCS, vol. 7792, pp. 125–128. Springer, Heidelberg (2013). Scholar
  8. 8.
    Grégoire, B., Mahboubi, A.: Proving equalities in a commutative ring done right in Coq. In: Hurd, J., Melham, T. (eds.) 18th International Conference on Theorem Proving in Higher Order Logics, Oxford, UK, pp. 98–113, August 2005zbMATHGoogle Scholar
  9. 9.
    Harrison, J.: Metatheory and reflection in theorem proving: a survey and critique. Technical report CRC-053, SRI International Cambridge Computer Science Research Centre (1995)Google Scholar
  10. 10.
    Leino, K.R.M.: Dafny: an automatic program verifier for functional correctness. In: Clarke, E.M., Voronkov, A. (eds.) LPAR 2010. LNCS (LNAI), vol. 6355, pp. 348–370. Springer, Heidelberg (2010). Scholar
  11. 11.
    Moller, N., Granlund, T.: Improved division by invariant integers. IEEE Trans. Comput. 60(2), 165–175 (2011)MathSciNetCrossRefGoogle Scholar
  12. 12.
    Rieu-Helft, R., Marché, C., Melquiond, G.: How to get an efficient yet verified arbitrary-precision integer library. In: Paskevich, A., Wies, T. (eds.) VSTTE 2017. LNCS, vol. 10712, pp. 84–101. Springer, Cham (2017). Scholar
  13. 13.
    Ziliani, B., Dreyer, D., Krishnaswami, N.R., Nanevski, A., Vafeiadis, V.: Mtac: a monad for typed tactic programming in Coq. J. Funct. Program. 25, 1–59 (2015)MathSciNetCrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Inria, Université Paris-SaclayPalaiseauFrance
  2. 2.TrustInSoftParisFrance

Personalised recommendations