Skip to Content.
Sympa Menu

coq-club - Re: [Coq-Club] Safe to download and compile .v from evil source ?

coq-club AT inria.fr

Subject: The Coq mailing list

List archive

Re: [Coq-Club] Safe to download and compile .v from evil source ?


Chronological Thread 
  • From: "jonikelee AT gmail.com" <jonikelee AT gmail.com>
  • To: Marco Servetto <marco.servetto AT gmail.com>
  • Cc: coq-club AT inria.fr
  • Subject: Re: [Coq-Club] Safe to download and compile .v from evil source ?
  • Date: Sat, 1 Feb 2020 22:48:20 -0500
  • Authentication-results: mail3-smtp-sop.national.inria.fr; spf=None smtp.pra=jonikelee AT gmail.com; spf=Pass smtp.mailfrom=jonikelee AT gmail.com; spf=None smtp.helo=postmaster AT mail-qk1-f194.google.com
  • Ironport-phdr: 9a23:FrLlFR8/4X/jc/9uRHKM819IXTAuvvDOBiVQ1KB20uscTK2v8tzYMVDF4r011RmVBNmdt6kP1bOe8/i5HzBZutDZ6DFKWacPfidNsd8RkQ0kDZzNImzAB9muURYHGt9fXkRu5XCxPBsdMs//Y1rPvi/6tmZKSV3wOgVvO+v6BJPZgdip2OCu4Z3TZBhDiCagbb9oIxi6sArcutMZjIZsJao8ywbFqWZMd+hK2G9kP12ekwvy68uq4JJv7yFcsO89+sBdVqn3Y742RqFCAjQ8NGA16szrtR3dQgaK+3ARTGYYnAdWDgbc9B31UYv/vSX8tupmxSmVJtb2QqwuWTSj9KhkVhnlgzoaOjEj8WHXjstwjL9HoB+kuhdyzZLYbJ2TOfFjZa7WY88USnRdUcZQTyxBA52zb40TD+oaIO1Uq5Dxq0YSoReiAAWhAv7kxD1ViX/sxaA03eQvHx/b0gIjHd0OvnPao9rpO6kdSu210KvFwC/fY/5MxTvx9o7FeQ0hr/GWWrJwdNLcxUctFwPCiFWQqI/lMC2R1usTrWeW9OVgVee1hG4mrwF9uCSgxsApioXHm4kYzVLE9SJ/wIY0Jt23Vkp7bsC6H5ZLuCGaMpF5QsImQ21ypCk6zbgGtIe9cSMXy5on3wbSZ+Kbf4WM+B7uV+acLS1miH57Zr6znQu+/Eyvx+HkSMW50UpGojdAn9XRsn0Cyxne58eGR/dh4kus3CuD2gPR5+xBPE87iKjWJpAkz7Myl5ccq0bOEyrsl0j2jqKbdkAp9+u15+v9YLjroIKXOZVuhQHkKKsun9SyAeQmPQgKWGiW4eG826fi/U39WblKl/42nrTAvJDUOMgWoqG0DxVa0oYk7Ba/ADOm38oCkXYbK1JFfQqLj4nvO17QPPD1Femzj0ionTtxxP3LPqftDovTInTdirvtYLJw5kFExAo2199f5pZUCr8bIPL0X0/8rN7YDhg/Mwy1wOboFtF92Z0AVm+UDa+ZNbndsV6M5u41P+aMY4oVtC7nK/c5//7ukWM5mVgFcKa12psXcWm0EehiI0WEenXhmcwBEGcPvgomVuPmklyCUThJZ3azRa0w/D87CJj1RbvEE6WkmreGlBy2BINbenxBQgSJGG3jcMOfVu0SZT6OJedulzUFUf6qTIp3hj+0swqvgbhgKOvX9ykVuLrs0dF046vYkhR4vWh2CMKc0GyJQmxckWYBRjtw16d69x8ugmyf2LR11qQLXedY4OlEB0JjbcaFnr5KTuvqUweERe+nDVOvQ9GoGzY0F4tjzNoHYkI7ENKn3EmagniaRoQNnrnOP6Qat6LR23+reZR4wnfCkbAi1hwoG5oTc2KhgaF7+k7YAIubyxzFxZbvTrwV2Wv2zEnG1XCH5RgKXwt5UKGDVncaNBPb

There's some confusion here, perhaps all mine, about the distinction
between Coq as a system for verifying code (which it can do) vs. Coq
and the environment it runs in as a verified system (which it isn't).
It seems to me that these questions have been mixing those two very
different concepts.

Coq, merely by virtue of it being a system for verifying code, does not
enhance trust of itself and the environment it is run in being safe
to use to check that some other code can be verified. One level of
trust does not eliminate the need for trusting the other level.

If you run Coq in a way such that something malicious can substitute
'echo "Qed!"' for your Coq prover without you knowing it is
doing so, then there is nothing Coq nor its developers can do to save
you. Yet I am sure this must be obvious to all, so it must be me that
is still confused about your questions.



On Sun, 2 Feb 2020 15:50:27 +1300
Marco Servetto
<marco.servetto AT gmail.com>
wrote:

> > Also: "put it in a container" doesn't address the other use case I
> > mentioned above: namely, telling people that they can use Coq to
> > certify the safety/correctness of untrusted code.
>
> To make this more explicit:
> if there was an online service that gives you "proven correct and
> safe code1" and the corresponding coq proof code2; would running such
> proof be a valid certification that such code1 is
> correct and safe? or, is it possible that during the execution of
> code2 arbitrary behavior makes a "yes" result even if the proof in
> itself if bogus?
> Note how running coq in a container or not does not really change the
> issue here.




Archive powered by MHonArc 2.6.18.

Top of Page