coq

What would be some useful guidelines for converting Coq source to Idris (e.g. how similar are their type systems and what can be made of translating the proofs)? From what I gather, Idris' built-in library of tactics is minimal yet extendable, so I suppose with some extra work this should be possible. I've recently translated a chunk of Software Foundations and did a partial port of {P|N|Z}Arith , some observations I've made in the process: Generally using Idris tactics (in their Pruvloj / Elab.Reflection form) is not really recommended at the moment, this facility is somewhat fragile, and

As the title says, can Coq be used as a model checker? Can I mix model checking with Coq proving? Is this usual? Google talks about a "µ-calculus", does anyone have experience with this or something similar? Is it advised to use Coq in this way, or should I look for another tool? A proof assistant like Coq will verify that your proof is sound and that any theorems you propose can (or cannot) be derived using axioms and previously proven results. It will also provide you with support in proposing proof steps to reduce the effort you have to make to discharging the proofs. A model checker, in

There are two conventions I've found in Coq's SSReflect extension that seem particularly useful but which I haven't seen widely adopted in newer dependently-typed languages (Lean, Agda, Idris). Firstly, where possible predicates are expressed as boolean-returning functions rather than inductively defined datatypes. This brings decidability by default, opens up more opportunities for proof by computation, and improves checking performance by avoiding the need for the proof engine to carry around large proof terms. The main disadvantage I see is the need to use reflection lemmas to manipulate

Ever since I learned a little bit of Coq I wanted to learn to write a Coq proof of the so-called division algorithm that is actually a logical proposition: forall n m : nat, exists q : nat, exists r : nat, n = q * m + r I recently accomplished that task using what I learned from Software Foundations . Coq being a system for developing constructive proofs, my proof is in effect a method to construct suitable values q and r from values m and n . Coq has an intriguing facility for "extracting" an algorithm in Coq's algorithm language (Gallina) to general-purpose functional programming languages

As there are non-Turing complete languages out there, and given I didn't study Comp Sci at university, could someone explain something that a Turing-incomplete language (like Coq ) cannot do? Or is the completeness/incompleteness of no real practical interest (i.e. does it not make much difference in practice)? EDIT - I'm looking for an answer along the lines of you cannot build a hash table in a non-Turing complete language due to X , or something like that! First, I assume you've already heard of the Church-Turing thesis , which states that anything we call “computation” is something that

I'm new to Coq. Here's my problem. I have a statement says: H : forall x : term, ~ (exists y : term, P x y /\ ~ P y x) I guess it is equivalent to: forall x y : term, (P x y /\ ~ P y x) -> false But which tactic can I use to convert the hypothesis? I don't know of a tactic to turn not-exists into forall-not, but you can always just assert and prove it. (If you need that repeatedly, you can pack that up into an Ltac tactic definition or a simple theorem[1].) Here's three ways of getting this proved. (You should be able to just copy/paste this transcript into CoqIDE or Emacs/ProofGeneral and