Been eyeing Coq for a while, and this is fascinating and motivating for me to take it up (well, after Rust, Clojure and Racket, that is.) Can anyone point me toward projects or tutorials where Coq's proofs are used to build great practical real-world systems? My thinking is i'd love to delve into induction and logics while building something useful.
I just wish HN were more about this and less about "iOS7". Sometimes the amount of Apple zealots around here frightens me, who would support a company like that, and the NSA stuff sharing space with their stuff is quite a fit.
I love the idea at least of CompCert, but I really wish it was open source. I could drive adoption within Red Hat and in key open source projects tomorrow if it was.
...why not duplicate the effort as an open source project? Coq, ACL2, and PVS are all open source. Writing a C compiler is certainly not trivial, but it should not take a good programmer more than a few months to do so (including the time needed to learn Coq/ACL2/PVS).
Formally verifying software takes much more time than just writing it, perhaps a factor of 10. For instance, the seL4 project[1] states that they used 2.2 person-years to write the kernel itself, and 20 person-years on the proof.
Apparently the version of CompCert from 2007 (before any optimizations) took 2 person-years to write[2]. But some of those persons were pretty impressive.
I think that really trivializes the tremendous effort the CompCert team put into that work. You don't just need to write a C compiler, or learn a bit of a proof assistant, you need to do the actual work of proving the compiler correct.
This took person-years of time from people who already were Coq experts.
I am not aware of Coq being used in the real world, but I have been told that Microsoft is using a similar tool in key parts of the Windows kernel (and that doing so has drastically reduced the number of BSODs people are seeing). There is also this company, though they are not using Coq per se:
Microsofts driver development tool uses something called SLAM[1] to verify device drivers (which are the primary cause of system crashes), which uses Z3 as an SMT[2] solver.
SLAM basically models the NT kernel and the Win32 API and checks for loads of bugs.
Depending on your definition of "real world", Benjamin Pierce (of TAPL fame) wrote a book about typing semantics using Coq. Of interest to compiler designers. http://www.cis.upenn.edu/~bcpierce/sf/toc.html
I've experimented quite a lot with Coq, and am still struggling to get value from it in a distributed systems context. TLA+ (http://research.microsoft.com/en-us/um/people/lamport/tla/tl...), on the other hand, was useful to me from the first day that I tried to use it. It's model seems better suited to demonstrating properties of distributed systems, and often the exhaustive testing approach of TLC provides much of the same value that Coq's proofs do.
Coq and TLA+ obviously solve different problems, so comparing them directly isn't possible. For a first step into formal methods for distributed systems engineers, however, I'd recommend TLA+ based on my experiences.
"The word coq means "rooster" in French, and stems from a tradition of naming French research development tools with animal names.[4] It is also a reference to Thierry Coquand, who developed the aforementioned calculus of constructions along with Gérard Huet. Also, at first it was simply called Coc, the acronym of calculus of construction."
Do you also giggle at the name "Johnson?" I mean seriously, "cock" is widely used to refer to male birds. Yes, I would have laughed hysterically at this in middle school but we all have to grow up some time. Here is "cock" in an appropriate context:
> At this stage of the chicks' development, the cocks usually has begun to enter the nest to help his hen in caring and feeding the chicks.
The name isn't doing the language any favors though.
"I love Coq" isn't going to garner the same response as "I love Rust" despite how sincere you are about maturity.
I just wish HN were more about this and less about "iOS7". Sometimes the amount of Apple zealots around here frightens me, who would support a company like that, and the NSA stuff sharing space with their stuff is quite a fit.