The syntax of an imperative language does not mention explicitly the state,while its denotational semantics has to mention it. In this paper we present aframework for the verification in Coq of properties of programs manipulatingthe global state effect. These properties are expressed in a proof system whichis close to the syntax, as in effect systems, in the sense that the state doesnot appear explicitly in the type of expressions which manipulate it. Rather,the state appears via decorations added to terms and to equations. In thissystem, proofs of programs thus present two aspects: properties can be verified{\em up to effects} or the effects can be taken into account. The design of ourCoq library consequently reflects these two aspects: our framework is centeredaround the construction of two inductive and dependent types, one for terms upto effects and one for the manipulation of decorations.
展开▼
