Cogent is a restricted functional language designed to reduce the cost of developing verified systems code. However, Cogent does not support recursion nor iteration, and its type system imposes restrictions that are sometimes too strong for low-level system programming. To overcome these restrictions, Cogent provides a foreign function interface (FFI) between Cogent and C which allows for implementing those parts of the system which cannot be expressed in Cogent, such as data structures and iterators over these data structures, to be implemented in C and called from Cogent. The Cogent framework automatically guarantees correctness of the overall Cogent-C system when provided proofs that the C components are functionally correct and satisfy Cogent's FFI constraints. We previously implemented file systems in Cogent and verified key file system operations. However, the C components and the FFI constraints that define the Cogent-C interoperability were axiomatized. In this paper, we verify the correctness and FFI constraints of the C implementation of word arrays used in the file systems. We demonstrate how these proofs modularly compose with existing Cogent theorems and result in a functional correctness theorem of the overall Cogent-C system. This demonstrates that Cogent 's FFI constraints ensure correct and safe inter-language interoperability.

中文翻译：

---

克服约束：使用Cogent的原则外函数接口进行模块化优化

Cogent是一种受限制的功能语言，旨在减少开发经过验证的系统代码的成本。但是，Cogent不支持递归或迭代，并且其类型系统施加了有时对于低级系统编程而言过于强大的限制。为了克服这些限制，Cogent在Cogent和C之间提供了一个外来函数接口（FFI），该接口允许实现无法用Cogent表示的系统部分，例如数据结构和这些数据结构上的迭代器，将在C中实现并从Cogent那里打电话来。当提供证明C组件功能正确且满足Cogent FFI约束的证据时，Cogent框架会自动保证整个Cogent-C系统的正确性。我们先前在Cogent中实现了文件系统，并验证了关键文件系统的操作。但是，公理化了定义Cogent-C互操作性的C组件和FFI约束。在本文中，我们验证了文件系统中使用的单词数组的C实现的正确性和FFI约束。我们演示了这些证明如何与现有的Cogent定理模块化组合，并得出整个Cogent-C系统的功能正确性定理。这表明Cogent的FFI约束确保正确和安全的语言间互操作性。我们演示了这些证明如何与现有的Cogent定理模块化组合，并得出整个Cogent-C系统的功能正确性定理。这表明Cogent的FFI约束确保了正确和安全的跨语言互操作性。我们演示了这些证明如何与现有的Cogent定理模块化组合，并得出整个Cogent-C系统的功能正确性定理。这表明Cogent的FFI约束确保了正确和安全的跨语言互操作性。