On proof-verification using Coq









up vote
35
down vote

favorite
7












So i recently learnt that there is now a certain software called ''Coq'' by which one can check the validity of mathematical proofs. My questions are:



  1. Are there limitations on the kinds of proofs that Coq can verify?


  2. How long on average does Coq take to verify a proof?


  3. Do math journals use Coq?


  4. How do I go about it if I want to verify a proof using Coq?










share|cite|improve this question



















  • 2




    Maybe some of the suggestions here might be useful for you: Wanted: a “Coq for the working mathematician”.
    – Martin Sleziak
    Nov 11 at 9:08










  • @MartinSleziak, thanks.
    – Software enthusiast
    Nov 11 at 9:29






  • 2




    Also potentially of interest to you is this post (although it's about Lean and not Coq): mathoverflow.net/questions/311071/…
    – Timothy Chow
    Nov 11 at 20:00














up vote
35
down vote

favorite
7












So i recently learnt that there is now a certain software called ''Coq'' by which one can check the validity of mathematical proofs. My questions are:



  1. Are there limitations on the kinds of proofs that Coq can verify?


  2. How long on average does Coq take to verify a proof?


  3. Do math journals use Coq?


  4. How do I go about it if I want to verify a proof using Coq?










share|cite|improve this question



















  • 2




    Maybe some of the suggestions here might be useful for you: Wanted: a “Coq for the working mathematician”.
    – Martin Sleziak
    Nov 11 at 9:08










  • @MartinSleziak, thanks.
    – Software enthusiast
    Nov 11 at 9:29






  • 2




    Also potentially of interest to you is this post (although it's about Lean and not Coq): mathoverflow.net/questions/311071/…
    – Timothy Chow
    Nov 11 at 20:00












up vote
35
down vote

favorite
7









up vote
35
down vote

favorite
7






7





So i recently learnt that there is now a certain software called ''Coq'' by which one can check the validity of mathematical proofs. My questions are:



  1. Are there limitations on the kinds of proofs that Coq can verify?


  2. How long on average does Coq take to verify a proof?


  3. Do math journals use Coq?


  4. How do I go about it if I want to verify a proof using Coq?










share|cite|improve this question















So i recently learnt that there is now a certain software called ''Coq'' by which one can check the validity of mathematical proofs. My questions are:



  1. Are there limitations on the kinds of proofs that Coq can verify?


  2. How long on average does Coq take to verify a proof?


  3. Do math journals use Coq?


  4. How do I go about it if I want to verify a proof using Coq?







soft-question mathematical-software proof-assistants coq






share|cite|improve this question















share|cite|improve this question













share|cite|improve this question




share|cite|improve this question








edited Nov 12 at 22:46









Andrej Bauer

29.6k477163




29.6k477163










asked Nov 11 at 9:05









Software enthusiast

17914




17914







  • 2




    Maybe some of the suggestions here might be useful for you: Wanted: a “Coq for the working mathematician”.
    – Martin Sleziak
    Nov 11 at 9:08










  • @MartinSleziak, thanks.
    – Software enthusiast
    Nov 11 at 9:29






  • 2




    Also potentially of interest to you is this post (although it's about Lean and not Coq): mathoverflow.net/questions/311071/…
    – Timothy Chow
    Nov 11 at 20:00












  • 2




    Maybe some of the suggestions here might be useful for you: Wanted: a “Coq for the working mathematician”.
    – Martin Sleziak
    Nov 11 at 9:08










  • @MartinSleziak, thanks.
    – Software enthusiast
    Nov 11 at 9:29






  • 2




    Also potentially of interest to you is this post (although it's about Lean and not Coq): mathoverflow.net/questions/311071/…
    – Timothy Chow
    Nov 11 at 20:00







2




2




Maybe some of the suggestions here might be useful for you: Wanted: a “Coq for the working mathematician”.
– Martin Sleziak
Nov 11 at 9:08




Maybe some of the suggestions here might be useful for you: Wanted: a “Coq for the working mathematician”.
– Martin Sleziak
Nov 11 at 9:08












@MartinSleziak, thanks.
– Software enthusiast
Nov 11 at 9:29




@MartinSleziak, thanks.
– Software enthusiast
Nov 11 at 9:29




2




2




Also potentially of interest to you is this post (although it's about Lean and not Coq): mathoverflow.net/questions/311071/…
– Timothy Chow
Nov 11 at 20:00




Also potentially of interest to you is this post (although it's about Lean and not Coq): mathoverflow.net/questions/311071/…
– Timothy Chow
Nov 11 at 20:00










1 Answer
1






active

oldest

votes

















up vote
62
down vote













Coq is a proof assistant, and not the only one. Other popular ones are Agda, Isabelle and the related HOL light. They all use type theory as a mathematical foundation (as opposed to first-order logic and set theory), although there is a version of Isabelle that builds ZFC on top of its type theory. And I should mention the venerable Mizar system, which is based on set-theory but it is organized in Bourbaki-style structuralism (I hope I am not misrepresenting Mizar too badly, as I never used it).



Many of these tools were developed by theoretical computer scientists, often for the purpose of verifying proofs of correctness of software. This explains why there is such an emphasis on type theory, but also quite independently of any applications, type theory seems to also be well-suited for organization of mathematics.



Anyhow, the point is that in order to use Coq, you have to learn a new language which sits somewhere between a logic and a programming language. This is not such a small up-front investment. Once you know a bit about Coq, you will discover that there exists a sizable collection of formalized mathematics, which however is minuscule compared to the entire body of mathematical knowledge. Chances are, that your particular topic of interest has not been formalized yet. This presents a problem because a typical working mathematician relies on a large amount of pre-existing knowledge. In fact, a typical mathematician never digs all the way down to the foundations of mathematics, and so is at a loss when presented with the task of building up from scratch their own branch of mathematics. Organization of mathematics is a serious problem, akin to software engineering, and is essentially unsolved.



Let me also answer your specific questions:



  1. "Are there limitations on the kinds of proofs that Coq can verify?" No, not anything you would notice, unless you are a logician or set theorist who makes proofs that are sensitive to the details of the underlying foundations. Coq by default is intuitionistic, but it's easy enough to just add excluded middle and the axiom of choice to it. And you get a lot of universes to play with, in case you want very large collections of objects.



  2. "How long on average does Coq take to verify a proof?" That depends a little bit on what you are doing, but is somewhere between instantaneous and several seconds. Anything longer than that gets people nervous and they start optimizing the proof script. In a larger development long verification times can become a problem. There are a number of techniques to speed up verification, but they rarely have anything to do with mathematics. They're about the internals of Coq and how it goes about checking proofs.



    [Note: I originally misunderstood the question as asking how long it takes humans to develop Coq proofs. Here is the original answer.] That depends on how complicated the proof is and how well-versed the user is. Coq is an assistant, which means that a human user directs the proof by breaking it up into chunks that Coq can do by itself. The better you are at directing Coq, the more helpful it will be. A novice will struggle with something like $x + (y + 0) = y + x$ because they will not know which library to use. On the other side of the spectrum is large-scale formalization by teams of experts. I recommend reading the report on the six-year effort to formalize the Odd order theorem, and on the formal proof of the Kepler conjecture, which was another large formalization effort.



  3. "Do math journals use Coq?" Not to my knowledge, except for Formalized mathmatics. However, some conferences in theoretical computer science, e.g. POPL accept formalized proofs as supplementary material.



  4. "How do I go about it if I want to verify a proof using Coq?" The honest answer?



    1. Take a course on Coq from a computer science department.

    2. Contact some people who know how to use Coq for formalization of mathematics.

    3. If unlucky, spend some years formalizing your branch of mathematics.

    4. Prove your theorem.


It's sad but true that formalized mathematics is not ready for the mainstream mathematician, and the mainstream mathematician is not ready for formalized mathematics.






share|cite|improve this answer


















  • 3




    Great answer. But I think that Question 2 was asking about computer runtime, not programming person-hours. For most "ordinary" proofs of "ordinary" theorems the running time is essentially instantaneous. However, there can be exceptions, e.g., Flyspeck. If part of the proof is a huge computer calculation, then Coq may have to rerun the entire computation, and it will be a lot slower than if you simply programmed it in C, since Coq has to verify the formal correctness of every step of the computation.
    – Timothy Chow
    Nov 11 at 18:01











  • Ah, I misunderstood the question. I will supplement the answer.
    – Andrej Bauer
    Nov 11 at 19:07










Your Answer





StackExchange.ifUsing("editor", function ()
return StackExchange.using("mathjaxEditing", function ()
StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix)
StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["$", "$"], ["\\(","\\)"]]);
);
);
, "mathjax-editing");

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "504"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);













draft saved

draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fmathoverflow.net%2fquestions%2f315060%2fon-proof-verification-using-coq%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
62
down vote













Coq is a proof assistant, and not the only one. Other popular ones are Agda, Isabelle and the related HOL light. They all use type theory as a mathematical foundation (as opposed to first-order logic and set theory), although there is a version of Isabelle that builds ZFC on top of its type theory. And I should mention the venerable Mizar system, which is based on set-theory but it is organized in Bourbaki-style structuralism (I hope I am not misrepresenting Mizar too badly, as I never used it).



Many of these tools were developed by theoretical computer scientists, often for the purpose of verifying proofs of correctness of software. This explains why there is such an emphasis on type theory, but also quite independently of any applications, type theory seems to also be well-suited for organization of mathematics.



Anyhow, the point is that in order to use Coq, you have to learn a new language which sits somewhere between a logic and a programming language. This is not such a small up-front investment. Once you know a bit about Coq, you will discover that there exists a sizable collection of formalized mathematics, which however is minuscule compared to the entire body of mathematical knowledge. Chances are, that your particular topic of interest has not been formalized yet. This presents a problem because a typical working mathematician relies on a large amount of pre-existing knowledge. In fact, a typical mathematician never digs all the way down to the foundations of mathematics, and so is at a loss when presented with the task of building up from scratch their own branch of mathematics. Organization of mathematics is a serious problem, akin to software engineering, and is essentially unsolved.



Let me also answer your specific questions:



  1. "Are there limitations on the kinds of proofs that Coq can verify?" No, not anything you would notice, unless you are a logician or set theorist who makes proofs that are sensitive to the details of the underlying foundations. Coq by default is intuitionistic, but it's easy enough to just add excluded middle and the axiom of choice to it. And you get a lot of universes to play with, in case you want very large collections of objects.



  2. "How long on average does Coq take to verify a proof?" That depends a little bit on what you are doing, but is somewhere between instantaneous and several seconds. Anything longer than that gets people nervous and they start optimizing the proof script. In a larger development long verification times can become a problem. There are a number of techniques to speed up verification, but they rarely have anything to do with mathematics. They're about the internals of Coq and how it goes about checking proofs.



    [Note: I originally misunderstood the question as asking how long it takes humans to develop Coq proofs. Here is the original answer.] That depends on how complicated the proof is and how well-versed the user is. Coq is an assistant, which means that a human user directs the proof by breaking it up into chunks that Coq can do by itself. The better you are at directing Coq, the more helpful it will be. A novice will struggle with something like $x + (y + 0) = y + x$ because they will not know which library to use. On the other side of the spectrum is large-scale formalization by teams of experts. I recommend reading the report on the six-year effort to formalize the Odd order theorem, and on the formal proof of the Kepler conjecture, which was another large formalization effort.



  3. "Do math journals use Coq?" Not to my knowledge, except for Formalized mathmatics. However, some conferences in theoretical computer science, e.g. POPL accept formalized proofs as supplementary material.



  4. "How do I go about it if I want to verify a proof using Coq?" The honest answer?



    1. Take a course on Coq from a computer science department.

    2. Contact some people who know how to use Coq for formalization of mathematics.

    3. If unlucky, spend some years formalizing your branch of mathematics.

    4. Prove your theorem.


It's sad but true that formalized mathematics is not ready for the mainstream mathematician, and the mainstream mathematician is not ready for formalized mathematics.






share|cite|improve this answer


















  • 3




    Great answer. But I think that Question 2 was asking about computer runtime, not programming person-hours. For most "ordinary" proofs of "ordinary" theorems the running time is essentially instantaneous. However, there can be exceptions, e.g., Flyspeck. If part of the proof is a huge computer calculation, then Coq may have to rerun the entire computation, and it will be a lot slower than if you simply programmed it in C, since Coq has to verify the formal correctness of every step of the computation.
    – Timothy Chow
    Nov 11 at 18:01











  • Ah, I misunderstood the question. I will supplement the answer.
    – Andrej Bauer
    Nov 11 at 19:07














up vote
62
down vote













Coq is a proof assistant, and not the only one. Other popular ones are Agda, Isabelle and the related HOL light. They all use type theory as a mathematical foundation (as opposed to first-order logic and set theory), although there is a version of Isabelle that builds ZFC on top of its type theory. And I should mention the venerable Mizar system, which is based on set-theory but it is organized in Bourbaki-style structuralism (I hope I am not misrepresenting Mizar too badly, as I never used it).



Many of these tools were developed by theoretical computer scientists, often for the purpose of verifying proofs of correctness of software. This explains why there is such an emphasis on type theory, but also quite independently of any applications, type theory seems to also be well-suited for organization of mathematics.



Anyhow, the point is that in order to use Coq, you have to learn a new language which sits somewhere between a logic and a programming language. This is not such a small up-front investment. Once you know a bit about Coq, you will discover that there exists a sizable collection of formalized mathematics, which however is minuscule compared to the entire body of mathematical knowledge. Chances are, that your particular topic of interest has not been formalized yet. This presents a problem because a typical working mathematician relies on a large amount of pre-existing knowledge. In fact, a typical mathematician never digs all the way down to the foundations of mathematics, and so is at a loss when presented with the task of building up from scratch their own branch of mathematics. Organization of mathematics is a serious problem, akin to software engineering, and is essentially unsolved.



Let me also answer your specific questions:



  1. "Are there limitations on the kinds of proofs that Coq can verify?" No, not anything you would notice, unless you are a logician or set theorist who makes proofs that are sensitive to the details of the underlying foundations. Coq by default is intuitionistic, but it's easy enough to just add excluded middle and the axiom of choice to it. And you get a lot of universes to play with, in case you want very large collections of objects.



  2. "How long on average does Coq take to verify a proof?" That depends a little bit on what you are doing, but is somewhere between instantaneous and several seconds. Anything longer than that gets people nervous and they start optimizing the proof script. In a larger development long verification times can become a problem. There are a number of techniques to speed up verification, but they rarely have anything to do with mathematics. They're about the internals of Coq and how it goes about checking proofs.



    [Note: I originally misunderstood the question as asking how long it takes humans to develop Coq proofs. Here is the original answer.] That depends on how complicated the proof is and how well-versed the user is. Coq is an assistant, which means that a human user directs the proof by breaking it up into chunks that Coq can do by itself. The better you are at directing Coq, the more helpful it will be. A novice will struggle with something like $x + (y + 0) = y + x$ because they will not know which library to use. On the other side of the spectrum is large-scale formalization by teams of experts. I recommend reading the report on the six-year effort to formalize the Odd order theorem, and on the formal proof of the Kepler conjecture, which was another large formalization effort.



  3. "Do math journals use Coq?" Not to my knowledge, except for Formalized mathmatics. However, some conferences in theoretical computer science, e.g. POPL accept formalized proofs as supplementary material.



  4. "How do I go about it if I want to verify a proof using Coq?" The honest answer?



    1. Take a course on Coq from a computer science department.

    2. Contact some people who know how to use Coq for formalization of mathematics.

    3. If unlucky, spend some years formalizing your branch of mathematics.

    4. Prove your theorem.


It's sad but true that formalized mathematics is not ready for the mainstream mathematician, and the mainstream mathematician is not ready for formalized mathematics.






share|cite|improve this answer


















  • 3




    Great answer. But I think that Question 2 was asking about computer runtime, not programming person-hours. For most "ordinary" proofs of "ordinary" theorems the running time is essentially instantaneous. However, there can be exceptions, e.g., Flyspeck. If part of the proof is a huge computer calculation, then Coq may have to rerun the entire computation, and it will be a lot slower than if you simply programmed it in C, since Coq has to verify the formal correctness of every step of the computation.
    – Timothy Chow
    Nov 11 at 18:01











  • Ah, I misunderstood the question. I will supplement the answer.
    – Andrej Bauer
    Nov 11 at 19:07












up vote
62
down vote










up vote
62
down vote









Coq is a proof assistant, and not the only one. Other popular ones are Agda, Isabelle and the related HOL light. They all use type theory as a mathematical foundation (as opposed to first-order logic and set theory), although there is a version of Isabelle that builds ZFC on top of its type theory. And I should mention the venerable Mizar system, which is based on set-theory but it is organized in Bourbaki-style structuralism (I hope I am not misrepresenting Mizar too badly, as I never used it).



Many of these tools were developed by theoretical computer scientists, often for the purpose of verifying proofs of correctness of software. This explains why there is such an emphasis on type theory, but also quite independently of any applications, type theory seems to also be well-suited for organization of mathematics.



Anyhow, the point is that in order to use Coq, you have to learn a new language which sits somewhere between a logic and a programming language. This is not such a small up-front investment. Once you know a bit about Coq, you will discover that there exists a sizable collection of formalized mathematics, which however is minuscule compared to the entire body of mathematical knowledge. Chances are, that your particular topic of interest has not been formalized yet. This presents a problem because a typical working mathematician relies on a large amount of pre-existing knowledge. In fact, a typical mathematician never digs all the way down to the foundations of mathematics, and so is at a loss when presented with the task of building up from scratch their own branch of mathematics. Organization of mathematics is a serious problem, akin to software engineering, and is essentially unsolved.



Let me also answer your specific questions:



  1. "Are there limitations on the kinds of proofs that Coq can verify?" No, not anything you would notice, unless you are a logician or set theorist who makes proofs that are sensitive to the details of the underlying foundations. Coq by default is intuitionistic, but it's easy enough to just add excluded middle and the axiom of choice to it. And you get a lot of universes to play with, in case you want very large collections of objects.



  2. "How long on average does Coq take to verify a proof?" That depends a little bit on what you are doing, but is somewhere between instantaneous and several seconds. Anything longer than that gets people nervous and they start optimizing the proof script. In a larger development long verification times can become a problem. There are a number of techniques to speed up verification, but they rarely have anything to do with mathematics. They're about the internals of Coq and how it goes about checking proofs.



    [Note: I originally misunderstood the question as asking how long it takes humans to develop Coq proofs. Here is the original answer.] That depends on how complicated the proof is and how well-versed the user is. Coq is an assistant, which means that a human user directs the proof by breaking it up into chunks that Coq can do by itself. The better you are at directing Coq, the more helpful it will be. A novice will struggle with something like $x + (y + 0) = y + x$ because they will not know which library to use. On the other side of the spectrum is large-scale formalization by teams of experts. I recommend reading the report on the six-year effort to formalize the Odd order theorem, and on the formal proof of the Kepler conjecture, which was another large formalization effort.



  3. "Do math journals use Coq?" Not to my knowledge, except for Formalized mathmatics. However, some conferences in theoretical computer science, e.g. POPL accept formalized proofs as supplementary material.



  4. "How do I go about it if I want to verify a proof using Coq?" The honest answer?



    1. Take a course on Coq from a computer science department.

    2. Contact some people who know how to use Coq for formalization of mathematics.

    3. If unlucky, spend some years formalizing your branch of mathematics.

    4. Prove your theorem.


It's sad but true that formalized mathematics is not ready for the mainstream mathematician, and the mainstream mathematician is not ready for formalized mathematics.






share|cite|improve this answer














Coq is a proof assistant, and not the only one. Other popular ones are Agda, Isabelle and the related HOL light. They all use type theory as a mathematical foundation (as opposed to first-order logic and set theory), although there is a version of Isabelle that builds ZFC on top of its type theory. And I should mention the venerable Mizar system, which is based on set-theory but it is organized in Bourbaki-style structuralism (I hope I am not misrepresenting Mizar too badly, as I never used it).



Many of these tools were developed by theoretical computer scientists, often for the purpose of verifying proofs of correctness of software. This explains why there is such an emphasis on type theory, but also quite independently of any applications, type theory seems to also be well-suited for organization of mathematics.



Anyhow, the point is that in order to use Coq, you have to learn a new language which sits somewhere between a logic and a programming language. This is not such a small up-front investment. Once you know a bit about Coq, you will discover that there exists a sizable collection of formalized mathematics, which however is minuscule compared to the entire body of mathematical knowledge. Chances are, that your particular topic of interest has not been formalized yet. This presents a problem because a typical working mathematician relies on a large amount of pre-existing knowledge. In fact, a typical mathematician never digs all the way down to the foundations of mathematics, and so is at a loss when presented with the task of building up from scratch their own branch of mathematics. Organization of mathematics is a serious problem, akin to software engineering, and is essentially unsolved.



Let me also answer your specific questions:



  1. "Are there limitations on the kinds of proofs that Coq can verify?" No, not anything you would notice, unless you are a logician or set theorist who makes proofs that are sensitive to the details of the underlying foundations. Coq by default is intuitionistic, but it's easy enough to just add excluded middle and the axiom of choice to it. And you get a lot of universes to play with, in case you want very large collections of objects.



  2. "How long on average does Coq take to verify a proof?" That depends a little bit on what you are doing, but is somewhere between instantaneous and several seconds. Anything longer than that gets people nervous and they start optimizing the proof script. In a larger development long verification times can become a problem. There are a number of techniques to speed up verification, but they rarely have anything to do with mathematics. They're about the internals of Coq and how it goes about checking proofs.



    [Note: I originally misunderstood the question as asking how long it takes humans to develop Coq proofs. Here is the original answer.] That depends on how complicated the proof is and how well-versed the user is. Coq is an assistant, which means that a human user directs the proof by breaking it up into chunks that Coq can do by itself. The better you are at directing Coq, the more helpful it will be. A novice will struggle with something like $x + (y + 0) = y + x$ because they will not know which library to use. On the other side of the spectrum is large-scale formalization by teams of experts. I recommend reading the report on the six-year effort to formalize the Odd order theorem, and on the formal proof of the Kepler conjecture, which was another large formalization effort.



  3. "Do math journals use Coq?" Not to my knowledge, except for Formalized mathmatics. However, some conferences in theoretical computer science, e.g. POPL accept formalized proofs as supplementary material.



  4. "How do I go about it if I want to verify a proof using Coq?" The honest answer?



    1. Take a course on Coq from a computer science department.

    2. Contact some people who know how to use Coq for formalization of mathematics.

    3. If unlucky, spend some years formalizing your branch of mathematics.

    4. Prove your theorem.


It's sad but true that formalized mathematics is not ready for the mainstream mathematician, and the mainstream mathematician is not ready for formalized mathematics.







share|cite|improve this answer














share|cite|improve this answer



share|cite|improve this answer








edited Nov 12 at 0:14









jeq

1,24841316




1,24841316










answered Nov 11 at 10:52









Andrej Bauer

29.6k477163




29.6k477163







  • 3




    Great answer. But I think that Question 2 was asking about computer runtime, not programming person-hours. For most "ordinary" proofs of "ordinary" theorems the running time is essentially instantaneous. However, there can be exceptions, e.g., Flyspeck. If part of the proof is a huge computer calculation, then Coq may have to rerun the entire computation, and it will be a lot slower than if you simply programmed it in C, since Coq has to verify the formal correctness of every step of the computation.
    – Timothy Chow
    Nov 11 at 18:01











  • Ah, I misunderstood the question. I will supplement the answer.
    – Andrej Bauer
    Nov 11 at 19:07












  • 3




    Great answer. But I think that Question 2 was asking about computer runtime, not programming person-hours. For most "ordinary" proofs of "ordinary" theorems the running time is essentially instantaneous. However, there can be exceptions, e.g., Flyspeck. If part of the proof is a huge computer calculation, then Coq may have to rerun the entire computation, and it will be a lot slower than if you simply programmed it in C, since Coq has to verify the formal correctness of every step of the computation.
    – Timothy Chow
    Nov 11 at 18:01











  • Ah, I misunderstood the question. I will supplement the answer.
    – Andrej Bauer
    Nov 11 at 19:07







3




3




Great answer. But I think that Question 2 was asking about computer runtime, not programming person-hours. For most "ordinary" proofs of "ordinary" theorems the running time is essentially instantaneous. However, there can be exceptions, e.g., Flyspeck. If part of the proof is a huge computer calculation, then Coq may have to rerun the entire computation, and it will be a lot slower than if you simply programmed it in C, since Coq has to verify the formal correctness of every step of the computation.
– Timothy Chow
Nov 11 at 18:01





Great answer. But I think that Question 2 was asking about computer runtime, not programming person-hours. For most "ordinary" proofs of "ordinary" theorems the running time is essentially instantaneous. However, there can be exceptions, e.g., Flyspeck. If part of the proof is a huge computer calculation, then Coq may have to rerun the entire computation, and it will be a lot slower than if you simply programmed it in C, since Coq has to verify the formal correctness of every step of the computation.
– Timothy Chow
Nov 11 at 18:01













Ah, I misunderstood the question. I will supplement the answer.
– Andrej Bauer
Nov 11 at 19:07




Ah, I misunderstood the question. I will supplement the answer.
– Andrej Bauer
Nov 11 at 19:07

















draft saved

draft discarded
















































Thanks for contributing an answer to MathOverflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid


  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.

Use MathJax to format equations. MathJax reference.


To learn more, see our tips on writing great answers.





Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


Please pay close attention to the following guidance:


  • Please be sure to answer the question. Provide details and share your research!

But avoid


  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fmathoverflow.net%2fquestions%2f315060%2fon-proof-verification-using-coq%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







這個網誌中的熱門文章

How to read a connectionString WITH PROVIDER in .NET Core?

Node.js Script on GitHub Pages or Amazon S3

Museum of Modern and Contemporary Art of Trento and Rovereto