
Concrete Semantics - nextos
http://www.concrete-semantics.org/
======
nextos
The literature on formal methods has evolved a lot. In particular there is
some great broad introductory material using either Coq or Isabelle:

* [https://softwarefoundations.cis.upenn.edu/](https://softwarefoundations.cis.upenn.edu/)

* [http://www.concrete-semantics.org/](http://www.concrete-semantics.org/)

* [http://adam.chlipala.net/frap/](http://adam.chlipala.net/frap/)

Even the Little series covers types and proofs now:

* [https://mitpress.mit.edu/books/little-typer](https://mitpress.mit.edu/books/little-typer)

* [https://mitpress.mit.edu/books/little-prover](https://mitpress.mit.edu/books/little-prover)

Plus some topic-specific classics:

* [https://mitpress.mit.edu/books/principles-model-checking](https://mitpress.mit.edu/books/principles-model-checking)

* [https://www.springer.com/gp/book/9783540654100](https://www.springer.com/gp/book/9783540654100)

* [https://www.cis.upenn.edu/~bcpierce/tapl/](https://www.cis.upenn.edu/~bcpierce/tapl/)

And some constructive foundations:

* [https://www.cambridge.org/core/books/conceptual-mathematics/...](https://www.cambridge.org/core/books/conceptual-mathematics/00772F4CC3D4268200C5EC86B39D415A)

* [https://www.cambridge.org/core/books/sets-for-mathematics/E8...](https://www.cambridge.org/core/books/sets-for-mathematics/E899F592AD8FBA9A550B1ED3E1E61EC3)

* [https://www.paultaylor.eu/~pt/prafm/](https://www.paultaylor.eu/~pt/prafm/)

* [https://www.cs.cmu.edu/~rwh/pfpl/](https://www.cs.cmu.edu/~rwh/pfpl/)

~~~
Gajurgensen
I highly recommend people interested in Coq start with Pierce's Logical
Foundations. It is by far the most accessible introduction to Coq I've found.
I'm working through Chlipala's books next. CPDT is a great deep-dive into more
advanced use cases of Coq as well as its theoretical underpinnings. I'll be
taking a class this semester based on FRAP, my understanding is it hits those
formal methods and language topics without specifically emphasizing Coq,
except for the exercises.

As an aside, since Coq is the only theorem proving language I know well, I am
curious what the pros/cons are as compared to Isabelle/HOL, F*, Lean, etc. Coq
has been around for a while, but I keep seeing new theorem provers pop up.
What are the alleged weaknesses of Coq that other languages are trying to fix?

~~~
Cladode

       pros/cons 
    

The main issue is proof automation. Curry-Howard based provers (Coq, Agda,
Lean etc) are nice for teaching but if you want to get work done (e.g. you
want to verify an OS kernel), you need to automate as much as possible.
Isabelle/HOL currently has by far the most powerful automation. This is partly
because, like Coq, it is an old system (unlike Lean and Agda) and lots of
automation has been built in the past, but _also_ because a lot of automation
is much easier to adapt to provers based on classical logic (as opposed to the
constructive logics that Curry-Howard needs (yes, I know that classical
reasoning can be done within constructive logic)). Adapting proof automation
that has been available for a while for Isabelle/HOL to Curry-Howard is at
least in parts an open research problem. Lean has been created in parts
because of the urgency of given Curry-Howard systems much better proof
automation.

There is an additional dimension which is strength of the logic at hand. The
logics Coq, Lean et al are based on are more expressive in various dimensions.
Whether that's relevant to your use case depends on what kind of maths you are
trying to formalise. If it is higher category theory, it matters a great deal,
for program verification it tends not to be important b/c most program
verification can be done in rather weak logics.

~~~
kd0amg
How does being classical help with automation? I'm more familiar with ACL2,
which seems to gain a lot more on the automation front from being first-order
than from anything else (though it has sort of a weird take on the excluded
middle).

~~~
Cladode
That's a subtle and deep question. One example are nominal techniques.
Consider Nominal Isabelle. It is known that nominal techniques _are_
contructive. However, when adding nominal techniques to a classical logic, it
is natural to express some of this using double negation, leading to only a
small blowup in formula size. Existing proof automation can easily handle this
blowuip. Doing the same in a _simple minded_ constructive way, leads to a
massive formula size increase, defeating (at the time) existing proof
automation.

This was a while back, maybe the problem has been solved now, I have not
followed this field. But as far as I'm aware, the 'hammering' approach to
proof automation that has been working well with Isabelle/HOL has been
successfully ported to Coq/Agda etc.

------
rkagerer
Came here expecting an obscure dictionary of aggregate and cements.

~~~
carapace
Or a "pattern language" for concrete structures, parametric generative
Brutalist architecture?

