On proof-verification using Coq











up vote
34
down vote

favorite
7












So i recently learnt that there is now a certain software called ''Coq'' by which one can check the validity of mathematical proofs. My questions are:




  1. Are there limitations on the kinds of proofs that Coq can verify?


  2. How long on average does Coq take to verify a proof?


  3. Do math journals use Coq?


  4. How do I go about it if I want to verify a proof using Coq?











share|cite|improve this question









New contributor




Software enthusiast is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
















  • 2




    Maybe some of the suggestions here might be useful for you: Wanted: a “Coq for the working mathematician”.
    – Martin Sleziak
    2 days ago










  • @MartinSleziak, thanks.
    – Software enthusiast
    2 days ago






  • 2




    Also potentially of interest to you is this post (although it's about Lean and not Coq): mathoverflow.net/questions/311071/…
    – Timothy Chow
    2 days ago















up vote
34
down vote

favorite
7












So i recently learnt that there is now a certain software called ''Coq'' by which one can check the validity of mathematical proofs. My questions are:




  1. Are there limitations on the kinds of proofs that Coq can verify?


  2. How long on average does Coq take to verify a proof?


  3. Do math journals use Coq?


  4. How do I go about it if I want to verify a proof using Coq?











share|cite|improve this question









New contributor




Software enthusiast is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
















  • 2




    Maybe some of the suggestions here might be useful for you: Wanted: a “Coq for the working mathematician”.
    – Martin Sleziak
    2 days ago










  • @MartinSleziak, thanks.
    – Software enthusiast
    2 days ago






  • 2




    Also potentially of interest to you is this post (although it's about Lean and not Coq): mathoverflow.net/questions/311071/…
    – Timothy Chow
    2 days ago













up vote
34
down vote

favorite
7









up vote
34
down vote

favorite
7






7





So i recently learnt that there is now a certain software called ''Coq'' by which one can check the validity of mathematical proofs. My questions are:




  1. Are there limitations on the kinds of proofs that Coq can verify?


  2. How long on average does Coq take to verify a proof?


  3. Do math journals use Coq?


  4. How do I go about it if I want to verify a proof using Coq?











share|cite|improve this question









New contributor




Software enthusiast is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











So i recently learnt that there is now a certain software called ''Coq'' by which one can check the validity of mathematical proofs. My questions are:




  1. Are there limitations on the kinds of proofs that Coq can verify?


  2. How long on average does Coq take to verify a proof?


  3. Do math journals use Coq?


  4. How do I go about it if I want to verify a proof using Coq?








soft-question mathematical-software proof-assistants coq






share|cite|improve this question









New contributor




Software enthusiast is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











share|cite|improve this question









New contributor




Software enthusiast is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









share|cite|improve this question




share|cite|improve this question








edited yesterday









Andrej Bauer

29.3k477161




29.3k477161






New contributor




Software enthusiast is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









asked 2 days ago









Software enthusiast

17414




17414




New contributor




Software enthusiast is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





New contributor





Software enthusiast is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.






Software enthusiast is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.








  • 2




    Maybe some of the suggestions here might be useful for you: Wanted: a “Coq for the working mathematician”.
    – Martin Sleziak
    2 days ago










  • @MartinSleziak, thanks.
    – Software enthusiast
    2 days ago






  • 2




    Also potentially of interest to you is this post (although it's about Lean and not Coq): mathoverflow.net/questions/311071/…
    – Timothy Chow
    2 days ago














  • 2




    Maybe some of the suggestions here might be useful for you: Wanted: a “Coq for the working mathematician”.
    – Martin Sleziak
    2 days ago










  • @MartinSleziak, thanks.
    – Software enthusiast
    2 days ago






  • 2




    Also potentially of interest to you is this post (although it's about Lean and not Coq): mathoverflow.net/questions/311071/…
    – Timothy Chow
    2 days ago








2




2




Maybe some of the suggestions here might be useful for you: Wanted: a “Coq for the working mathematician”.
– Martin Sleziak
2 days ago




Maybe some of the suggestions here might be useful for you: Wanted: a “Coq for the working mathematician”.
– Martin Sleziak
2 days ago












@MartinSleziak, thanks.
– Software enthusiast
2 days ago




@MartinSleziak, thanks.
– Software enthusiast
2 days ago




2




2




Also potentially of interest to you is this post (although it's about Lean and not Coq): mathoverflow.net/questions/311071/…
– Timothy Chow
2 days ago




Also potentially of interest to you is this post (although it's about Lean and not Coq): mathoverflow.net/questions/311071/…
– Timothy Chow
2 days ago










1 Answer
1






active

oldest

votes

















up vote
60
down vote













Coq is a proof assistant, and not the only one. Other popular ones are Agda, Isabelle and the related HOL light. They all use type theory as a mathematical foundation (as opposed to first-order logic and set theory), although there is a version of Isabelle that builds ZFC on top of its type theory. And I should mention the venerable Mizar system, which is based on set-theory but it is organized in Bourbaki-style structuralism (I hope I am not misrepresenting Mizar too badly, as I never used it).



Many of these tools were developed by theoretical computer scientists, often for the purpose of verifying proofs of correctness of software. This explains why there is such an emphasis on type theory, but also quite independently of any applications, type theory seems to also be well-suited for organization of mathematics.



Anyhow, the point is that in order to use Coq, you have to learn a new language which sits somewhere between a logic and a programming language. This is not such a small up-front investment. Once you know a bit about Coq, you will discover that there exists a sizable collection of formalized mathematics, which however is minuscule compared to the entire body of mathematical knowledge. Chances are, that your particular topic of interest has not been formalized yet. This presents a problem because a typical working mathematician relies on a large amount of pre-existing knowledge. In fact, a typical mathematician never digs all the way down to the foundations of mathematics, and so is at a loss when presented with the task of building up from scratch their own branch of mathematics. Organization of mathematics is a serious problem, akin to software engineering, and is essentially unsolved.



Let me also answer your specific questions:




  1. "Are there limitations on the kinds of proofs that Coq can verify?" No, not anything you would notice, unless you are a logician or set theorist who makes proofs that are sensitive to the details of the underlying foundations. Coq by default is intuitionistic, but it's easy enough to just add excluded middle and the axiom of choice to it. And you get a lot of universes to play with, in case you want very large collections of objects.



  2. "How long on average does Coq take to verify a proof?" That depends a little bit on what you are doing, but is somewhere between instantaneous and several seconds. Anything longer than that gets people nervous and they start optimizing the proof script. In a larger development long verification times can become a problem. There are a number of techniques to speed up verification, but they rarely have anything to do with mathematics. They're about the internals of Coq and how it goes about checking proofs.



    [Note: I originally misunderstood the question as asking how long it takes humans to develop Coq proofs. Here is the original answer.] That depends on how complicated the proof is and how well-versed the user is. Coq is an assistant, which means that a human user directs the proof by breaking it up into chunks that Coq can do by itself. The better you are at directing Coq, the more helpful it will be. A novice will struggle with something like $x + (y + 0) = y + x$ because they will not know which library to use. On the other side of the spectrum is large-scale formalization by teams of experts. I recommend reading the report on the six-year effort to formalize the Odd order theorem, and on the formal proof of the Kepler conjecture, which was another large formalization effort.



  3. "Do math journals use Coq?" Not to my knowledge, except for Formalized mathmatics. However, some conferences in theoretical computer science, e.g. POPL accept formalized proofs as supplementary material.



  4. "How do I go about it if I want to verify a proof using Coq?" The honest answer?




    1. Take a course on Coq from a computer science department.

    2. Contact some people who know how to use Coq for formalization of mathematics.

    3. If unlucky, spend some years formalizing your branch of mathematics.

    4. Prove your theorem.




It's sad but true that formalized mathematics is not ready for the mainstream mathematician, and the mainstream mathematician is not ready for formalized mathematics.






share|cite|improve this answer



















  • 3




    Great answer. But I think that Question 2 was asking about computer runtime, not programming person-hours. For most "ordinary" proofs of "ordinary" theorems the running time is essentially instantaneous. However, there can be exceptions, e.g., Flyspeck. If part of the proof is a huge computer calculation, then Coq may have to rerun the entire computation, and it will be a lot slower than if you simply programmed it in C, since Coq has to verify the formal correctness of every step of the computation.
    – Timothy Chow
    2 days ago












  • Ah, I misunderstood the question. I will supplement the answer.
    – Andrej Bauer
    2 days ago











Your Answer





StackExchange.ifUsing("editor", function () {
return StackExchange.using("mathjaxEditing", function () {
StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix) {
StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["$", "$"], ["\\(","\\)"]]);
});
});
}, "mathjax-editing");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "504"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});






Software enthusiast is a new contributor. Be nice, and check out our Code of Conduct.










 

draft saved


draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fmathoverflow.net%2fquestions%2f315060%2fon-proof-verification-using-coq%23new-answer', 'question_page');
}
);

Post as a guest
































1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
60
down vote













Coq is a proof assistant, and not the only one. Other popular ones are Agda, Isabelle and the related HOL light. They all use type theory as a mathematical foundation (as opposed to first-order logic and set theory), although there is a version of Isabelle that builds ZFC on top of its type theory. And I should mention the venerable Mizar system, which is based on set-theory but it is organized in Bourbaki-style structuralism (I hope I am not misrepresenting Mizar too badly, as I never used it).



Many of these tools were developed by theoretical computer scientists, often for the purpose of verifying proofs of correctness of software. This explains why there is such an emphasis on type theory, but also quite independently of any applications, type theory seems to also be well-suited for organization of mathematics.



Anyhow, the point is that in order to use Coq, you have to learn a new language which sits somewhere between a logic and a programming language. This is not such a small up-front investment. Once you know a bit about Coq, you will discover that there exists a sizable collection of formalized mathematics, which however is minuscule compared to the entire body of mathematical knowledge. Chances are, that your particular topic of interest has not been formalized yet. This presents a problem because a typical working mathematician relies on a large amount of pre-existing knowledge. In fact, a typical mathematician never digs all the way down to the foundations of mathematics, and so is at a loss when presented with the task of building up from scratch their own branch of mathematics. Organization of mathematics is a serious problem, akin to software engineering, and is essentially unsolved.



Let me also answer your specific questions:




  1. "Are there limitations on the kinds of proofs that Coq can verify?" No, not anything you would notice, unless you are a logician or set theorist who makes proofs that are sensitive to the details of the underlying foundations. Coq by default is intuitionistic, but it's easy enough to just add excluded middle and the axiom of choice to it. And you get a lot of universes to play with, in case you want very large collections of objects.



  2. "How long on average does Coq take to verify a proof?" That depends a little bit on what you are doing, but is somewhere between instantaneous and several seconds. Anything longer than that gets people nervous and they start optimizing the proof script. In a larger development long verification times can become a problem. There are a number of techniques to speed up verification, but they rarely have anything to do with mathematics. They're about the internals of Coq and how it goes about checking proofs.



    [Note: I originally misunderstood the question as asking how long it takes humans to develop Coq proofs. Here is the original answer.] That depends on how complicated the proof is and how well-versed the user is. Coq is an assistant, which means that a human user directs the proof by breaking it up into chunks that Coq can do by itself. The better you are at directing Coq, the more helpful it will be. A novice will struggle with something like $x + (y + 0) = y + x$ because they will not know which library to use. On the other side of the spectrum is large-scale formalization by teams of experts. I recommend reading the report on the six-year effort to formalize the Odd order theorem, and on the formal proof of the Kepler conjecture, which was another large formalization effort.



  3. "Do math journals use Coq?" Not to my knowledge, except for Formalized mathmatics. However, some conferences in theoretical computer science, e.g. POPL accept formalized proofs as supplementary material.



  4. "How do I go about it if I want to verify a proof using Coq?" The honest answer?




    1. Take a course on Coq from a computer science department.

    2. Contact some people who know how to use Coq for formalization of mathematics.

    3. If unlucky, spend some years formalizing your branch of mathematics.

    4. Prove your theorem.




It's sad but true that formalized mathematics is not ready for the mainstream mathematician, and the mainstream mathematician is not ready for formalized mathematics.






share|cite|improve this answer



















  • 3




    Great answer. But I think that Question 2 was asking about computer runtime, not programming person-hours. For most "ordinary" proofs of "ordinary" theorems the running time is essentially instantaneous. However, there can be exceptions, e.g., Flyspeck. If part of the proof is a huge computer calculation, then Coq may have to rerun the entire computation, and it will be a lot slower than if you simply programmed it in C, since Coq has to verify the formal correctness of every step of the computation.
    – Timothy Chow
    2 days ago












  • Ah, I misunderstood the question. I will supplement the answer.
    – Andrej Bauer
    2 days ago















up vote
60
down vote













Coq is a proof assistant, and not the only one. Other popular ones are Agda, Isabelle and the related HOL light. They all use type theory as a mathematical foundation (as opposed to first-order logic and set theory), although there is a version of Isabelle that builds ZFC on top of its type theory. And I should mention the venerable Mizar system, which is based on set-theory but it is organized in Bourbaki-style structuralism (I hope I am not misrepresenting Mizar too badly, as I never used it).



Many of these tools were developed by theoretical computer scientists, often for the purpose of verifying proofs of correctness of software. This explains why there is such an emphasis on type theory, but also quite independently of any applications, type theory seems to also be well-suited for organization of mathematics.



Anyhow, the point is that in order to use Coq, you have to learn a new language which sits somewhere between a logic and a programming language. This is not such a small up-front investment. Once you know a bit about Coq, you will discover that there exists a sizable collection of formalized mathematics, which however is minuscule compared to the entire body of mathematical knowledge. Chances are, that your particular topic of interest has not been formalized yet. This presents a problem because a typical working mathematician relies on a large amount of pre-existing knowledge. In fact, a typical mathematician never digs all the way down to the foundations of mathematics, and so is at a loss when presented with the task of building up from scratch their own branch of mathematics. Organization of mathematics is a serious problem, akin to software engineering, and is essentially unsolved.



Let me also answer your specific questions:




  1. "Are there limitations on the kinds of proofs that Coq can verify?" No, not anything you would notice, unless you are a logician or set theorist who makes proofs that are sensitive to the details of the underlying foundations. Coq by default is intuitionistic, but it's easy enough to just add excluded middle and the axiom of choice to it. And you get a lot of universes to play with, in case you want very large collections of objects.



  2. "How long on average does Coq take to verify a proof?" That depends a little bit on what you are doing, but is somewhere between instantaneous and several seconds. Anything longer than that gets people nervous and they start optimizing the proof script. In a larger development long verification times can become a problem. There are a number of techniques to speed up verification, but they rarely have anything to do with mathematics. They're about the internals of Coq and how it goes about checking proofs.



    [Note: I originally misunderstood the question as asking how long it takes humans to develop Coq proofs. Here is the original answer.] That depends on how complicated the proof is and how well-versed the user is. Coq is an assistant, which means that a human user directs the proof by breaking it up into chunks that Coq can do by itself. The better you are at directing Coq, the more helpful it will be. A novice will struggle with something like $x + (y + 0) = y + x$ because they will not know which library to use. On the other side of the spectrum is large-scale formalization by teams of experts. I recommend reading the report on the six-year effort to formalize the Odd order theorem, and on the formal proof of the Kepler conjecture, which was another large formalization effort.



  3. "Do math journals use Coq?" Not to my knowledge, except for Formalized mathmatics. However, some conferences in theoretical computer science, e.g. POPL accept formalized proofs as supplementary material.



  4. "How do I go about it if I want to verify a proof using Coq?" The honest answer?




    1. Take a course on Coq from a computer science department.

    2. Contact some people who know how to use Coq for formalization of mathematics.

    3. If unlucky, spend some years formalizing your branch of mathematics.

    4. Prove your theorem.




It's sad but true that formalized mathematics is not ready for the mainstream mathematician, and the mainstream mathematician is not ready for formalized mathematics.






share|cite|improve this answer



















  • 3




    Great answer. But I think that Question 2 was asking about computer runtime, not programming person-hours. For most "ordinary" proofs of "ordinary" theorems the running time is essentially instantaneous. However, there can be exceptions, e.g., Flyspeck. If part of the proof is a huge computer calculation, then Coq may have to rerun the entire computation, and it will be a lot slower than if you simply programmed it in C, since Coq has to verify the formal correctness of every step of the computation.
    – Timothy Chow
    2 days ago












  • Ah, I misunderstood the question. I will supplement the answer.
    – Andrej Bauer
    2 days ago













up vote
60
down vote










up vote
60
down vote









Coq is a proof assistant, and not the only one. Other popular ones are Agda, Isabelle and the related HOL light. They all use type theory as a mathematical foundation (as opposed to first-order logic and set theory), although there is a version of Isabelle that builds ZFC on top of its type theory. And I should mention the venerable Mizar system, which is based on set-theory but it is organized in Bourbaki-style structuralism (I hope I am not misrepresenting Mizar too badly, as I never used it).



Many of these tools were developed by theoretical computer scientists, often for the purpose of verifying proofs of correctness of software. This explains why there is such an emphasis on type theory, but also quite independently of any applications, type theory seems to also be well-suited for organization of mathematics.



Anyhow, the point is that in order to use Coq, you have to learn a new language which sits somewhere between a logic and a programming language. This is not such a small up-front investment. Once you know a bit about Coq, you will discover that there exists a sizable collection of formalized mathematics, which however is minuscule compared to the entire body of mathematical knowledge. Chances are, that your particular topic of interest has not been formalized yet. This presents a problem because a typical working mathematician relies on a large amount of pre-existing knowledge. In fact, a typical mathematician never digs all the way down to the foundations of mathematics, and so is at a loss when presented with the task of building up from scratch their own branch of mathematics. Organization of mathematics is a serious problem, akin to software engineering, and is essentially unsolved.



Let me also answer your specific questions:




  1. "Are there limitations on the kinds of proofs that Coq can verify?" No, not anything you would notice, unless you are a logician or set theorist who makes proofs that are sensitive to the details of the underlying foundations. Coq by default is intuitionistic, but it's easy enough to just add excluded middle and the axiom of choice to it. And you get a lot of universes to play with, in case you want very large collections of objects.



  2. "How long on average does Coq take to verify a proof?" That depends a little bit on what you are doing, but is somewhere between instantaneous and several seconds. Anything longer than that gets people nervous and they start optimizing the proof script. In a larger development long verification times can become a problem. There are a number of techniques to speed up verification, but they rarely have anything to do with mathematics. They're about the internals of Coq and how it goes about checking proofs.



    [Note: I originally misunderstood the question as asking how long it takes humans to develop Coq proofs. Here is the original answer.] That depends on how complicated the proof is and how well-versed the user is. Coq is an assistant, which means that a human user directs the proof by breaking it up into chunks that Coq can do by itself. The better you are at directing Coq, the more helpful it will be. A novice will struggle with something like $x + (y + 0) = y + x$ because they will not know which library to use. On the other side of the spectrum is large-scale formalization by teams of experts. I recommend reading the report on the six-year effort to formalize the Odd order theorem, and on the formal proof of the Kepler conjecture, which was another large formalization effort.



  3. "Do math journals use Coq?" Not to my knowledge, except for Formalized mathmatics. However, some conferences in theoretical computer science, e.g. POPL accept formalized proofs as supplementary material.



  4. "How do I go about it if I want to verify a proof using Coq?" The honest answer?




    1. Take a course on Coq from a computer science department.

    2. Contact some people who know how to use Coq for formalization of mathematics.

    3. If unlucky, spend some years formalizing your branch of mathematics.

    4. Prove your theorem.




It's sad but true that formalized mathematics is not ready for the mainstream mathematician, and the mainstream mathematician is not ready for formalized mathematics.






share|cite|improve this answer














Coq is a proof assistant, and not the only one. Other popular ones are Agda, Isabelle and the related HOL light. They all use type theory as a mathematical foundation (as opposed to first-order logic and set theory), although there is a version of Isabelle that builds ZFC on top of its type theory. And I should mention the venerable Mizar system, which is based on set-theory but it is organized in Bourbaki-style structuralism (I hope I am not misrepresenting Mizar too badly, as I never used it).



Many of these tools were developed by theoretical computer scientists, often for the purpose of verifying proofs of correctness of software. This explains why there is such an emphasis on type theory, but also quite independently of any applications, type theory seems to also be well-suited for organization of mathematics.



Anyhow, the point is that in order to use Coq, you have to learn a new language which sits somewhere between a logic and a programming language. This is not such a small up-front investment. Once you know a bit about Coq, you will discover that there exists a sizable collection of formalized mathematics, which however is minuscule compared to the entire body of mathematical knowledge. Chances are, that your particular topic of interest has not been formalized yet. This presents a problem because a typical working mathematician relies on a large amount of pre-existing knowledge. In fact, a typical mathematician never digs all the way down to the foundations of mathematics, and so is at a loss when presented with the task of building up from scratch their own branch of mathematics. Organization of mathematics is a serious problem, akin to software engineering, and is essentially unsolved.



Let me also answer your specific questions:




  1. "Are there limitations on the kinds of proofs that Coq can verify?" No, not anything you would notice, unless you are a logician or set theorist who makes proofs that are sensitive to the details of the underlying foundations. Coq by default is intuitionistic, but it's easy enough to just add excluded middle and the axiom of choice to it. And you get a lot of universes to play with, in case you want very large collections of objects.



  2. "How long on average does Coq take to verify a proof?" That depends a little bit on what you are doing, but is somewhere between instantaneous and several seconds. Anything longer than that gets people nervous and they start optimizing the proof script. In a larger development long verification times can become a problem. There are a number of techniques to speed up verification, but they rarely have anything to do with mathematics. They're about the internals of Coq and how it goes about checking proofs.



    [Note: I originally misunderstood the question as asking how long it takes humans to develop Coq proofs. Here is the original answer.] That depends on how complicated the proof is and how well-versed the user is. Coq is an assistant, which means that a human user directs the proof by breaking it up into chunks that Coq can do by itself. The better you are at directing Coq, the more helpful it will be. A novice will struggle with something like $x + (y + 0) = y + x$ because they will not know which library to use. On the other side of the spectrum is large-scale formalization by teams of experts. I recommend reading the report on the six-year effort to formalize the Odd order theorem, and on the formal proof of the Kepler conjecture, which was another large formalization effort.



  3. "Do math journals use Coq?" Not to my knowledge, except for Formalized mathmatics. However, some conferences in theoretical computer science, e.g. POPL accept formalized proofs as supplementary material.



  4. "How do I go about it if I want to verify a proof using Coq?" The honest answer?




    1. Take a course on Coq from a computer science department.

    2. Contact some people who know how to use Coq for formalization of mathematics.

    3. If unlucky, spend some years formalizing your branch of mathematics.

    4. Prove your theorem.




It's sad but true that formalized mathematics is not ready for the mainstream mathematician, and the mainstream mathematician is not ready for formalized mathematics.







share|cite|improve this answer














share|cite|improve this answer



share|cite|improve this answer








edited 2 days ago









jeq

1,17341216




1,17341216










answered 2 days ago









Andrej Bauer

29.3k477161




29.3k477161








  • 3




    Great answer. But I think that Question 2 was asking about computer runtime, not programming person-hours. For most "ordinary" proofs of "ordinary" theorems the running time is essentially instantaneous. However, there can be exceptions, e.g., Flyspeck. If part of the proof is a huge computer calculation, then Coq may have to rerun the entire computation, and it will be a lot slower than if you simply programmed it in C, since Coq has to verify the formal correctness of every step of the computation.
    – Timothy Chow
    2 days ago












  • Ah, I misunderstood the question. I will supplement the answer.
    – Andrej Bauer
    2 days ago














  • 3




    Great answer. But I think that Question 2 was asking about computer runtime, not programming person-hours. For most "ordinary" proofs of "ordinary" theorems the running time is essentially instantaneous. However, there can be exceptions, e.g., Flyspeck. If part of the proof is a huge computer calculation, then Coq may have to rerun the entire computation, and it will be a lot slower than if you simply programmed it in C, since Coq has to verify the formal correctness of every step of the computation.
    – Timothy Chow
    2 days ago












  • Ah, I misunderstood the question. I will supplement the answer.
    – Andrej Bauer
    2 days ago








3




3




Great answer. But I think that Question 2 was asking about computer runtime, not programming person-hours. For most "ordinary" proofs of "ordinary" theorems the running time is essentially instantaneous. However, there can be exceptions, e.g., Flyspeck. If part of the proof is a huge computer calculation, then Coq may have to rerun the entire computation, and it will be a lot slower than if you simply programmed it in C, since Coq has to verify the formal correctness of every step of the computation.
– Timothy Chow
2 days ago






Great answer. But I think that Question 2 was asking about computer runtime, not programming person-hours. For most "ordinary" proofs of "ordinary" theorems the running time is essentially instantaneous. However, there can be exceptions, e.g., Flyspeck. If part of the proof is a huge computer calculation, then Coq may have to rerun the entire computation, and it will be a lot slower than if you simply programmed it in C, since Coq has to verify the formal correctness of every step of the computation.
– Timothy Chow
2 days ago














Ah, I misunderstood the question. I will supplement the answer.
– Andrej Bauer
2 days ago




Ah, I misunderstood the question. I will supplement the answer.
– Andrej Bauer
2 days ago










Software enthusiast is a new contributor. Be nice, and check out our Code of Conduct.










 

draft saved


draft discarded


















Software enthusiast is a new contributor. Be nice, and check out our Code of Conduct.













Software enthusiast is a new contributor. Be nice, and check out our Code of Conduct.












Software enthusiast is a new contributor. Be nice, and check out our Code of Conduct.















 


draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fmathoverflow.net%2fquestions%2f315060%2fon-proof-verification-using-coq%23new-answer', 'question_page');
}
);

Post as a guest




















































































Popular posts from this blog

How to change which sound is reproduced for terminal bell?

Can I use Tabulator js library in my java Spring + Thymeleaf project?

Title Spacing in Bjornstrup Chapter, Removing Chapter Number From Contents