coq-club AT inria.fr
Subject: The Coq mailing list
List archive
- From: Wouter Swierstra <wss AT cs.nott.ac.uk>
- To: Adam Chlipala <adamc AT hcoop.net>
- Cc: coq-club AT pauillac.inria.fr
- Subject: Re: [Coq-Club] Re: Simple example.
- Date: Fri, 20 Feb 2009 15:11:47 +0100
- List-archive: <http://pauillac.inria.fr/pipermail/coq-club/>
On the issue of proofs, I think the proof scripts in both your (Adam Koprowski's) code and the code of the mysterious "muad" are manual enough that I would refuse to accept them in a serious development. ;-) I say that every certified function should have a single proof script associated with it, and that proof script should be a single tactic, with no intermediate periods. That style (which I used in my implementation posted earlier) is easy to use when you commit to following it, and it has many advantages in brevity of code and resilience to changes in specs and implementations.
That's a very interesting point. I certainly agree that proof scripts can extremely brittle (especially if their poorly engineered) - but aren't you just moving the problem somewhere else? You have a lot more experience with this than I do, but why are Ltacs any easier to maintain than proof scripts?
Wouter
- [Coq-Club] Re: Simple example., Adam Koprowski
- Re: [Coq-Club] Re: Simple example.,
Adam Chlipala
- Re: [Coq-Club] Re: Simple example.,
Robin Green
- Re: [Coq-Club] Re: Simple example., Adam Chlipala
- Re: [Coq-Club] Re: Simple example., Wouter Swierstra
- Re: [Coq-Club] Re: Simple example., Nadeem Abdul Hamid
- Re: [Coq-Club] Simple example., Adam Chlipala
- Re: Re: [Coq-Club] Simple example.,
muad
- Re: [Coq-Club] Simple example., Adam Chlipala
- Re: [Coq-Club] Re: Simple example.,
Robin Green
- Re: [Coq-Club] Re: Simple example.,
Adam Chlipala
Archive powered by MhonArc 2.6.16.