
Interview with Xavier Leroy - panic
http://www.cs.cmu.edu/~popl-interviews/leroy.html
======
110011
Nice interview. What a tremendous achievement to formally prove the
correctness of a C compiler! It boggles my mind why more people are not
involved in this direction.

I hope to live to see the day when lots of commercial software will be written
with formal proofs and zero tests. It may just be that we don't have the right
tools at this point. If theorem provers could figure out details for
themselves for the most part and the programmer has to only specify a few key
invariants and rough sketches of the hypotheses and the end guarantees then I
cannot begin to imagine how much more productive programming can become.

~~~
kazinator
> _It boggles my mind why more people are not involved in this direction._

Because only a vanishingly rare amount of the incorrectness in compiled C
programs comes from a bug in the compiler.

Also, some code coaxes a desired behavior out of the object code while bending
the rules of the language.

The compiler being proven over correct code (i.e. free of any undefined
behaviors) is useless in that situation, unless the prover actually works with
an extended language definition (specific to that compiler) which defines
those behaviors.

~~~
nickbauman
Formal proof of behavior is hard and probably specious.

There cannot be a formally logical explication of code for even "common sense
problems", like, say, how to safely drive a car. It doesn't exist because it's
probably impossible but it's at least not feasible. Instead we use sampling of
real world data to train models to solve this problem. This is the story of
Data over Logic.

~~~
Jweb_Guru
> Formal proof of behavior is hard and probably specious.

Utter nonsense. Formal proofs are specious because you can't do a formal proof
of problems that are so ill-defined, we don't even have algorithms that solve
them in enough cases to be road-safe yet? If you restrict your focus to
software that actually exists, almost all of it is amenable to formal
modeling.

~~~
nickbauman
You're making a philosophical argument about problem definition being the
reason why we can't use formal proofs for many common sense problems. I wish
you the best of luck.

My claim is that proving that software is correct using formal logical proofs
is tautologically specious unless you extend the software to the problem it's
trying to solve. Once those problems are of sufficient complexity (or
interest, I might add), logic fails.

~~~
Jweb_Guru
A best-in-class, hard-real-time, preemptible operating system has been
formally verified (along with many other components). CompCert exists. Iris
progresses apace. Every day, newer and more complex formal systems are proved
correct. I don't really buy the "logic fails at sufficient complexity"
argument. By all accounts, it's succeeded where people have put in the effort.

------
cdancette
I learned caml in France during my studies, as stated in the article. But it's
far from being the language "everyone teaches in french schools". It's only
taught in a specific specialization (computer science) before engineering
school, so that's about 1000-2000 students every year.

I think the most taught languages are still Java and python by far.

I really liked this language though, it's very elegant and concise to write
cs-related algorithms, and to do symbolic manipulation.

~~~
gaius
_I learned caml in France during my studies, as stated in the article. But it
's far from being the language "everyone teaches in french schools". It's only
taught in a specific specialization (computer science) before engineering
school, so that's about 1000-2000 students every year._

I never understood this. OCaml is a world-class language, if the French threw
the weight of their education system behind it, mandated it as the language
for government IT work to build a critical mass, they would have a killer
advantage. But I guess the demise of Le Minitel has made them afraid of home-
grown technologies, it is a huge missed opportunity.

It's the same as if the British government had had the foresight to back the
Acorn ecosystem. We would be 15-20 years ahead of where we are now. An
Archimedes on every desktop...

~~~
emmelaich
Maybe they're once bitten (by Minitel) twice shy.

~~~
angry_octet
Why do you say Minitel was so bad? From an outside perspective it is
brilliant. It was late '90s before the internet had anything like the
penetration of Minitel. Arguably, the French should have continued inovating
Minitel. Re-written the terminal software in OCaml.

------
systems
Might be important to mention (in the title) that Xavier Leroy, is the lead
OCaml developer

Not everyone might be familiar with the name

~~~
seanmcdirmid
On the other hand, anyone in PL academics should be familiar with his name.

~~~
d215
On the other hand there are scores of people not in PL academics that are
interested in OCaml. People that might have heard of Reason for example.

------
gwenzek
> I also wanted to talk about how OCaml came about. Did you expect it to be
> the language everyone taught in French schools?

Since 2012 most students learn Python, which is a shame IMHO. Learning OCaml
will make you a better programmer for the rest of your life, while learning
Python doesn't teach you much about programming.

~~~
wiz21c
Yep, Python made me productive, Java made me collaborative but only Scheme
made me understand.

(In fact it's another way around : I learned basic at 10, assembly at 14,
pascal at 16 then I learned Scheme (continuations, tunks, parallelism, etc) at
22 at university and realized "now I understand what I've been doing the last
10 years)

