Previous | 
Home
Section: New Results
From Sets to Bits in Coq
Sets form the building block of mathematics, while finite sets are a fundamental data structure of computer science. In the world of mathematics, finite sets enjoy appealing mathematical properties, such as a proof-irrelevant equality and extensionality of functions. Computer scientists, on the other hand, have devised efficient algorithms for set operations based on the representation of finite sets as bit vectors and on bit twiddling, exploiting the hardware's ability to efficiently process machine words.
With interactive theorem provers, sets are reinstituted as mathematical objects. While there are several finite set libraries in Coq , these implementations are far removed from those used in efficient code. Recent work on modeling low-level architectures, such as x86 [41] processors, however, have brought the world of bit twiddling within reach of our proof assistants. We are now able to specify and reason about low-level programs.
In this work, we have implemented bitsets and their associated
operations in the Coq proof assistant, thus allowing us to
transparently navigate between the concrete world of bit vectors and
the abstract world of finite sets. This work grew from a puzzled look
at the first page of Warren's Hacker's
Delight [77] , where lies the cryptic
formula
In our work, we have established a bijection between bitsets and sets
over finite types. Following a refinement approach, we have shown that
a significant part of SSReflect finset library can be refined to
operations manipulating bitsets. We have also developed a trustworthy
extraction of bitsets down to OCaml's machine integers. While we were
bound to axiomatize machine integers, we adopted a methodology based
on exhaustive testing to gain greater confidence in our
model. Finally, we have demonstrateed the usefulness of our library
through two applications, a certified implementation of Bloom filters
and a verified implementation of the