
Coq: Certified Programming with Dependent Types - lobo_tuerto
http://adam.chlipala.net/cpdt/
======
kestert
I found
[http://adam.chlipala.net/cpdt/html/Hoas.html](http://adam.chlipala.net/cpdt/html/Hoas.html)
to be very useful. It looks like it was once a chapter of the book, but was
replaced by the final chapter
[http://adam.chlipala.net/cpdt/html/ProgLang.html](http://adam.chlipala.net/cpdt/html/ProgLang.html)

I found the first version much more useful so I'm posting it here for others.

------
infruset
Worth noting, lest the name scare you away from a great computer science
achievement:

[https://coq.inria.fr/news/114.html](https://coq.inria.fr/news/114.html)

------
reirob
From the Intro, the prerequisites:

"I try to keep the required background knowledge to a minimum in this book. I
will assume familiarity with the material from usual discrete math and logic
courses taken by undergraduate computer science majors, and I will assume that
readers have significant experience programming in one of the ML dialects, in
Haskell, or in some other, closely related language. Experience with only
dynamically typed functional languages might lead to befuddlement in some
places, but a reader who has come to understand Scheme deeply will probably be
fine."

Then it is not for me, I am still struggling with Haskell.

~~~
eli_gottlieb
I learned ML -> Coq -> Haskell. Still working on getting really good at
Haskell.

------
userbinator
The code appears to be presented in a mix of fixed-width, proportional,
italic, bold, and sans-serif fonts, with a bit of colour thrown in. I don't
think that's particularly readable...

------
weavie
So would a bog standard web developer gain anything by learning Coq? Or is it
something just for academics?

~~~
chriswarbo
If you're just plugging together library components to produce regular CRUD
sites, then it won't have any direct relevance. Hopefully those components
will have strong types to make sure they're being used in valid ways, but
that's about as far as it's worth going.

If you're building those libraries, then you might want to use some clever
type system tricks to bridge the gap between a friendly external API and an
internal representation with strong guarantees. Some of those clever tricks
might be done with dependent types, and you might use Coq to do them.

If you're building core infrastructure stuff, like crypto libraries,
communication protocols, data storage/retrieval, language interpreters, etc.
where something as trivial as an off-by-one error might cause large problems,
then you might benefit from using Coq to formally prove that your
implementations satisfy their specification.

~~~
weavie
I see. Quite often regular CRUD sites have business logic in them. Stuff such
as Tax software has very rigid logic - the stronger guarantees you can make as
to their correctness the better.

So would you actually write the library in Coq - or do you somehow use Coq to
prove that your eg. C++ code is correct?

I've not come across any libraries written in Coq yet.

~~~
chriswarbo
> Stuff such as Tax software has very rigid logic - the stronger guarantees
> you can make as to their correctness the better.

> So would you actually write the library in Coq

It depends how complex the algorithms are. You would need to write a
specification* _and_ an implementation; there's not much point unless the
specification is much simpler than the implementation. For example, if the
specification of the tax software says things like:

    
    
        If the FOO is less than 1000, then BAR is 12. If FOO is greater than or equal to 1000 then BAR is 20. 
    

Then there's not much point using Coq: the specification is basically a step-
by-step description of what to execute. All you need to do is rewrite it in a
machine-readable form. You're just as likely to make mistakes translating it
to Coq's specification (type) language as you are translating it straight to,
eg., Haskell.

If the specification less algorithmic, then it might be useful. For example,
if it dictates things like:

    
    
        The sum of FOO and BAR should never exceed BAZ.
        QUUX can increase or decrease by 10% each year, providing that the difference between year N and year N+5 is less than 5%, and that there are no consecutive increases of length 3 or more.
    

Then you might consider implementing the core calculations in a language like
Coq. Once you've proven your algorithms correct, you can "extract" them into
some other language, eg. in Haskell, and call out to that from your regular
code.

> or do you somehow use Coq to prove that your eg. C++ code is correct?

That's far too difficult at the moment. You could use Coq to prove the
correctness of some algorithm or protocol or whatever, in an abstract form,
then go off and implement that algorithm in C++. You would have no guarantees
that the C++ is correct (ie. whether it implements the algorithm/protocol
faithfully); all you would know is that you're not wasting time trying to
implement a flawed algorithm :)

* Well, you don't _need_ to write a specification, but there's no point using Coq otherwise ;)

~~~
weavie
Great explanation. Many thanks.

------
solomatov
It's the best (and only) intermediate level Coq book around.

~~~
throwaway999666
Does Software Foundations assume a less or more advanced background from its
readers?

~~~
solomatov
Software foundations is very introductory level text on Coq which is very
accessible for people without formal proof experience.

------
bencollier49
I assume that this wasn't originally created by an English-speaking dev team?
Or at least a very serious and formal one?

~~~
throwaway999666
The language and ideas behind it seems pretty serious. But they might consider
pissing off particularly prudish Americans to be a bonus.

~~~
justinpombrio
A few timid speakers will mispronounce it like "coke", but everyone knows
they're saying it wrong.

~~~
eli_gottlieb
It's pronounced identically to "caulk", though, not "cock".

~~~
Afton
In my idiolect, those two words are homonyms. When I worked construction, you
couldn't ask someone for caulk without raucous laughter.

[http://dictionary.reference.com/browse/caulk](http://dictionary.reference.com/browse/caulk)

this link seems to agree, with the word represented in IPA as [kɔːk]

