

Distributed data structures with Coq - cmeiklejohn
http://christophermeiklejohn.com/coq/2013/06/11/distributed-data-structures.html

======
edwintorok
Here are some interesting projects that use Coq proofs, I'll leave it up to
you to judge how real world they are.

Generate OCaml code from Coq: [https://github.com/msgpack/msgpack-
ocaml/tree/master/proof](https://github.com/msgpack/msgpack-
ocaml/tree/master/proof)

Proof algorithms written in OCaml using Coq:
[http://www.chargueraud.org/softs/cfml/](http://www.chargueraud.org/softs/cfml/)

Write program specification and use multiple provers (including Coq):
[http://why3.lri.fr/](http://why3.lri.fr/)

Write certified programs, and verify proofs using Coq:
[http://focalize.inria.fr/](http://focalize.inria.fr/)

Language semantics / type system proofs of languages:
[http://www.cl.cam.ac.uk/~so294/ocaml/](http://www.cl.cam.ac.uk/~so294/ocaml/)
(for a subset of OCaml)

[http://gallium.inria.fr/~protzenk/mezzo-
lang/](http://gallium.inria.fr/~protzenk/mezzo-lang/)

Books on Coq: [http://adam.chlipala.net/cpdt/](http://adam.chlipala.net/cpdt/)
[http://www.cis.upenn.edu/~bcpierce/sf/](http://www.cis.upenn.edu/~bcpierce/sf/)

~~~
doublec
There's also the "Featherweight Firefox" browser model in Coq [http://www.the-
inconsistency-principle.com/upenn//browser-mo...](http://www.the-
inconsistency-principle.com/upenn//browser-model/)

------
goldfeld
Been eyeing Coq for a while, and this is fascinating and motivating for me to
take it up (well, after Rust, Clojure and Racket, that is.) Can anyone point
me toward projects or tutorials where Coq's proofs are used to build great
practical real-world systems? My thinking is i'd love to delve into induction
and logics while building something useful.

I just wish HN were more about this and less about "iOS7". Sometimes the
amount of Apple zealots around here frightens me, who would support a company
like that, and the NSA stuff sharing space with their stuff is quite a fit.

~~~
betterunix
I am not aware of Coq being used in the real world, but I have been told that
Microsoft is using a similar tool in key parts of the Windows kernel (and that
doing so has drastically reduced the number of BSODs people are seeing). There
is also this company, though they are not using Coq per se:

[https://en.wikipedia.org/wiki/Altran_Praxis](https://en.wikipedia.org/wiki/Altran_Praxis)

~~~
octo_t
Microsofts driver development tool uses something called SLAM[1] to verify
device drivers (which are the primary cause of system crashes), which uses Z3
as an SMT[2] solver.

SLAM basically models the NT kernel and the Win32 API and checks for loads of
bugs.

[1] [http://msdn.microsoft.com/en-
us/library/windows/hardware/gg4...](http://msdn.microsoft.com/en-
us/library/windows/hardware/gg487498.aspx) [2] Satisfiability Modulo Theories

------
mjb
I've experimented quite a lot with Coq, and am still struggling to get value
from it in a distributed systems context. TLA+
([http://research.microsoft.com/en-
us/um/people/lamport/tla/tl...](http://research.microsoft.com/en-
us/um/people/lamport/tla/tla.html)), on the other hand, was useful to me from
the first day that I tried to use it. It's model seems better suited to
demonstrating properties of distributed systems, and often the exhaustive
testing approach of TLC provides much of the same value that Coq's proofs do.

Coq and TLA+ obviously solve different problems, so comparing them directly
isn't possible. For a first step into formal methods for distributed systems
engineers, however, I'd recommend TLA+ based on my experiences.

------
draugadrotten
I am sorry, but "Coq" is competing right up there with "Megapussi" potato
chips and "Wack off" insect repellant for the worst named product.

What on earth were you thinking naming it "Coq"?

[http://www.oddee.com/item_96682.aspx](http://www.oddee.com/item_96682.aspx)

~~~
betterunix
Do you also giggle at the name "Johnson?" I mean seriously, "cock" is widely
used to refer to male birds. Yes, I would have laughed hysterically at this in
_middle school_ but we all have to grow up some time. Here is "cock" in an
appropriate context:

> At this stage of the chicks' development, the cocks usually has begun to
> enter the nest to help his hen in caring and feeding the chicks.

[http://greatbudgies.webs.com/aboutbudgies.htm](http://greatbudgies.webs.com/aboutbudgies.htm)

"Cock" as a word is no different from "bitch" or "stud:"

[https://en.wikipedia.org/wiki/Cock_%28bird%29](https://en.wikipedia.org/wiki/Cock_%28bird%29)

[http://classic.akc.org/breeders/resp_breeding/Articles/carea...](http://classic.akc.org/breeders/resp_breeding/Articles/careandfeeding.cfm)

[https://en.wikipedia.org/wiki/Stud_%28animal%29](https://en.wikipedia.org/wiki/Stud_%28animal%29)

~~~
Mindless2112
The name isn't doing the language any favors though. "I love Coq" isn't going
to garner the same response as "I love Rust" despite how sincere you are about
maturity.

~~~
akuchling
So pronounce it like "Coke".

