
Many interesting programs can be verified with zero manual proof effort, in stark contrast to most Coq developments. Mostly automated: Tactics automate verification condition generation (in a form inspired by separation logic) and most of the process of discharging those conditions.
For example, adding high-level syntax for your own calling convention or exception handling construct is relatively straightforward and does not require tweaking the core library code.
Structured: Bedrock is an extensible programming language: any client program may add new control flow constructs by providing their proof rules. Bedrock supports that model, backed by the full expressive power of Coq's usual programming language. Computational: Many useful functions are specified most effectively by comparing with "reference implementations" in a pure functional language. Higher-order: Bedrock facilitates quite pleasant reasoning about code pointers as data. That is, you don't need to trust that the verification framework is bug-free rather, you need to trust the usual Coq proof-checker and the formalization of the machine language semantics. Mike Nahass Coq Tutorial Started 2012-Nov-06 Version 1.2, 2019-Jan-22 Tested with Coq version 8.10+alpha Dedicated to Kernighan and Ritchie, who wrote a magnificent introduction to a programming language. Foundational: The output of a Bedrock verification is a theorem whose statement depends only on the predicates you choose to use in the key specifications and on the operational semantics of a simple cross-platform machine language. Low-level: You can verify programs that, for performance reasons or otherwise, can't tolerate any abstraction beyond that associated with assembly language.
Bedrock, a Coq library for verified low-level programming Bedrock, a Coq library for verified low-level programmingīedrock is a library that turns Coq into a tool much like classical verification systems (e.g., ESC, Boogie), but niftier.