formal-methods

I came upon the Curry-Howard Isomorphism relatively late in my programming life, and perhaps this contributes to my being utterly fascinated by it. It implies that for every programming concept there exists a precise analogue in formal logic, and vice versa. Here's a "basic" list of such analogies, off the top of my head: program/definition | proof type/declaration | proposition inhabited type | theorem/lemma function | implication function argument | hypothesis/antecedent function result | conclusion/consequent function application | modus ponens recursion | induction identity function |

I am trying to find an example axiom in Coq of something like the line axiom in geometry: If given two points, there exist a line between those two points. I would like to see how this could be defined in Coq. Inherently choosing this simple line axiom to see how something very primitive is defined, because I'm having a hard time defining it outside natural language. Specifically, I have seen these two axioms and would like to know how in Coq to define both: Any two distinct points always determine a line Any two distinct points of a line determine this line uniquely It almost seems like you

Does Isabelle/HOL proof assistant have any weaknesses and strengths compared to Coq? I am mostly familiar with Coq, and do not have much experience with Isabelle/HOL, but I might be able to help a little bit. Perhaps others with more experience on Isabelle/HOL can help improve this. There are two big points of divergence between the two systems: the underlying theories and the style of interaction . I'll try to give a brief overview of the main differences in each case. Theories Both Coq and Isabelle/HOL are based on powerful, very expressive higher-order logics. These logics, however, differ

When using formal aspects to create some code is there a generic method of determining a loop invariant or will it be completely different depending on the problem? It has already been pointed out that one same loop can have several invariants, and that Calculability is against you. It doesn't mean that you cannot try. You are, in fact, looking for an inductive invariant : the word invariant may also be used for a property that is true at each iteration but for which is it not enough to know that it hold at one iteration to deduce that it holds at the next. If I is an inductive invariant, then