proofs
dafny
proofs  dafny  

5  32  
286  2,795  
  5.5%  
8.8  9.7  
7 days ago  6 days ago  
Coq  C#  
GNU General Public License v3.0 or later  GNU General Public License v3.0 or later 
Stars  the number of stars that a project has on GitHub. Growth  month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
proofs

A Taste of Coq and Correct Code by Construction
If you're already familiar with a functional programming language like Haskell or OCaml, you have the prerequisite knowledge to work through my Coq tutorial here: https://github.com/stepchowfun/proofs/tree/main/proofs/Tutor...
My goal with this tutorial was to introduce the core aspects of the language (dependent types, tactics, etc.) in a "straight to the point" kind of way for readers who are already motivated to learn it. If you've heard about proof assistants like Coq or Lean and you're fascinated by what they can do, and you just want the TL;DR of how they work, then this tutorial is written for you.
Any feedback is appreciated!

Thoughts on proof assistants?
Personally I treat Coq like an extension of my brain. Whenever I'm uncertain about something, I formalize it in Coq. I have a repository of proofs with GitHub Actions set up in such a way forbids me from pushing commits containing mathematical mistakes. I've formalized various aspects of category theory, type theory, domain theory, etc., and I've also verified a few programs, such as this sorting algorithm. Lately I've been experimenting with a few novel types of graphs, proving various properties about them with the aim of eventually developing a way to organize all of my data (files, notes, photos, passwords, etc.) in some kind of graph structure like that.

Formally Verifying Rust's Opaque Types
It's always a pleasant surprise to see people using Coq and other formal verification technology. We need more rigor in programming! If this article gave you a thirst for interactive theorem proving and you want to learn it from the ground up, I've recently written a Coq tutorial [1] which covers topics like programming with dependent types, writing proofs as data, and extracting verified code. That repository also contains a handy tactic called `eMagic` [1] (a variant of another useful tactic called `magic` which solve goals with existentials) which can automatically prove the theorem from the article.
[1] https://github.com/stepchowfun/proofs/tree/main/proofs/Tutor...
[2] https://github.com/stepchowfun/proofs/blob/56438c9752c414560...

A complete compiler and VM in 150 lines of code
For anyone who wants to learn Coq, I've just finished writing a tutorial [1] that is aimed at programmers (rather than, say, computer scientists). It covers topics like programming with dependent types, writing proofs as data, universes & other type theory stuff, and extracting verified code—with exercises. I hope people find it useful, and any feedback would be appreciated!
[1] https://github.com/stepchowfun/proofs/tree/main/proofs/Tutor...

New Coq tutorial
Hi all, Coq is a "proof assistant" that allows you to write both code and proofs in the same language (thanks to the Curry–Howard correspondence). Its uses range from pure math (e.g., the Feit–Thompson theorem was proven in Coq!) to reasoning about programming languages (e.g., proving the soundness of a type system) to writing verified code (e.g., this verified C compiler!). You can "extract" your code (without the proofs) to OCaml/Haskell/Scheme for running it in production. Coq is awesome, but it's known for having a steep learning curve (it's based on type theory, which is a foundational system of mathematics). It took me several years to become proficient in it. I wanted to help people pick it up faster than I did, so I wrote this introductory tutorial. Hope you find it useful!
dafny

Verified Rust for lowlevel systems code
For those that are interested but perhaps not aware in this similar project, Dafny is a "verificationaware programming language" that can compile to rust: https://github.com/dafnylang/dafny
 Dafny is a verificationaware programming language
 Candy – a minimalistic functional programming language
 Dafny – a verificationaware programming language

Lean4 helped Terence Tao discover a small bug in his recent paper
Code correctness is a lost art. I requirement to think in abstractions is what scares a lot of devs to avoid it. The higher abstraction language (formal specs) focus on a dedicated language to describe code, whereas lower abstractions (code contracts) basically replace validation logic with a better model.
C# once had Code Contracts[1]; a simple yet powerful way to make formal specifications. The contracts was checked at compile time using the Z3 SMT solver[2]. It was unfortunately deprecated after a few years[3] and once removed from the .NET Runtime it was declared dead.
The closest thing C# now have is probably Dafny[4] while the C# dev guys still try to figure out how to implement it directly in the language[5].
[1] https://www.microsoft.com/enus/research/project/codecontra...
[2] https://github.com/Z3Prover/z3
[3] https://github.com/microsoft/CodeContracts
[4] https://github.com/dafnylang/dafny
[5] https://github.com/dotnet/csharplang/issues/105

The Deep Link Equating Math Proofs and Computer Programs
I don't think something that specific exists. There are a very large number of formal methods tools, each with different specialties / domains.
For verification with proof assistants, [Software Foundations](https://softwarefoundations.cis.upenn.edu/) and [Concrete Semantics](http://concretesemantics.org/) are both solid.
For verification via model checking, you can check out [Learn TLA+](https://learntla.com/), and the more theoretical [Specifying Systems](https://lamport.azurewebsites.net/tla/book020808.pdf).
For more theory, check out [Formal Reasoning About Programs](http://adam.chlipala.net/frap/).
And for general projects look at [F*](https://www.fstarlang.org/) and [Dafny](https://dafny.org/).
 Dafny
 The Dafny Programming and Verification Language

In Which I Claim Rich Hickey Is Wrong
Dafny and Whiley are two examples with explicit verification support. Idris and other dependently typed languages should all be rich enough to express the required predicate but might not necessarily be able to accept a reasonable implementation as proof. Isabelle, Lean, Coq, and other theorem provers definitely can express the capability but aren't going to churn out much in the way of executable programs; they're more useful to guide an implementation in a more practical functional language but then the proof is separated from the implementation, and you could also use tools like TLA+.
https://dafny.org/
https://whiley.org/
https://www.idrislang.org/
https://isabelle.in.tum.de/
https://leanprover.github.io/
https://coq.inria.fr/
http://lamport.azurewebsites.net/tla/tla.html

Programming Languages Going Above and Beyond
> I think we can assume it won't be as efficient has hand written code
Actually, surprisingly, not necessarily the case!
If you'll refer to the discussion in https://github.com/dafnylang/dafny/issues/601 and in https://github.com/dafnylang/dafny/issues/547, Dafny can statically prove that certain compiler branches are not possible and will never be taken (such as outofbounds on index access, logical assumptions about whether a value is greater than or less than some other value, etc). This lets you code in the assumptions (__assume in C++ or unreachable_unchecked() under rust) that will allow the compiler to optimize the codegen using this information.
What are some alternatives?
CompCert  The CompCert formallyverified C compiler
tlaplus  TLC is a model checker for specifications written in TLA+. The TLA+Toolbox is an IDE for TLA+.
masterthesis
FStar  A Prooforiented Programming Language
hacspec  Please see https://github.com/hacspec/hax
rust  Rust for the xtensa architecture. Built in targets for the ESP32 and ESP8266
aneris  Program logic for developing and verifying distributed systems
koka  Koka language compiler and interpreter
ccctalk  Correct Code by Construction talk's code
RustforLinux  Adding support for the Rust language to the Linux kernel.
coqsimpleio  IO for Gallina
interactive  .NET Interactive combines the power of .NET with many other languages to create notebooks, REPLs, and embedded coding experiences. Share code, explore data, write, and learn across your apps in ways you couldn't before.