## A Comparative Study of Coq and HOL (1997)

Venue: | In Gunter and Felty [GF97 |

Citations: | 4 - 0 self |

### BibTeX

@INPROCEEDINGS{Zammit97acomparative,

author = {Vincent Zammit},

title = {A Comparative Study of Coq and HOL},

booktitle = {In Gunter and Felty [GF97},

year = {1997},

pages = {323--337},

publisher = {Springer}

}

### OpenURL

### Abstract

. This paper illustrates the differences between the style of theory mechanisation of Coq and of HOL. This comparative study is based on the mechanisation of fragments of the theory of computation in these systems. Examples from these implementations are given to support some of the arguments discussed in this paper. The mechanisms for specifying definitions and for theorem proving are discussed separately, building in parallel two pictures of the different approaches of mechanisation given by these systems. 1 Introduction This paper compares the different theorem proving approaches of the HOL [10] and Coq [5] proof assistants. This comparison is based on a case study involving the mechanisation of parts of the theory of computation in the two systems. This paper does not illustrate these mechanisations but rather discusses the differences between the two systems and backs up certain points by examples taken from the case studies. One motivation of this work is that many users of theo...

### Citations

847 |
A formulation of the simple theory of types
- Church
- 1940
(Show Context)
Citation Context ...ually called scripts (or proof scripts). 2.2 HOL The HOL system implements (in Standard ML of New Jersey for the case of HOL90) a classical higher order logic based on Church's simple theory of types =-=[3]-=- extended with polymorphic types and inference rules for definitions. Thus, HOL terms are typed, where types represent nonempty sets and can be either type constants, type variables (which make the ty... |

500 |
T.: Introduction to HOL: A Theorem Proving Environment for Higher Order Logic: Cambridge
- Melham
- 1993
(Show Context)
Citation Context ...parately, building in parallel two pictures of the different approaches of mechanisation given by these systems. 1 Introduction This paper compares the different theorem proving approaches of the HOL =-=[10]-=- and Coq [5] proof assistants. This comparison is based on a case study involving the mechanisation of parts of the theory of computation in the two systems. This paper does not illustrate these mecha... |

285 |
Interpre'tation fonctionelle et e'limination des coupures duns l'arithme'tique d'ordre supe'rieure
- Girard
- 1972
(Show Context)
Citation Context ...implementation in CAML of the Calculus of Inductive Constructions (CIC) [4], a variant of type theory related to Martin-Lof's Intuitionistic Type Theory [14, 18] and Girard's polymorphic -calculus F! =-=[8]-=-. Terms in CIC are typed and types are also terms. Such a type theory can be treated as a logic through the Curry-Howard isomorphism (see [25, 18] for introductions of the Curry-Howard isomorphism) wh... |

261 |
Programming in Martin-Löf’s Type Theory: An Introduction
- Nordstrom, Petersson, et al.
- 1990
(Show Context)
Citation Context ...xtend the system. 2.1 Coq The Coq system is an implementation in CAML of the Calculus of Inductive Constructions (CIC) [4], a variant of type theory related to Martin-Lof's Intuitionistic Type Theory =-=[14, 18]-=- and Girard's polymorphic -calculus F! [8]. Terms in CIC are typed and types are also terms. Such a type theory can be treated as a logic through the Curry-Howard isomorphism (see [25, 18] for introdu... |

119 |
Computability: An Introduction to Recursive Function Theory
- Cutland
- 1986
(Show Context)
Citation Context ...f the system the user is familiar with. The case studies are illustrated separately in [26] and in [27]. The mechanisation in HOL is based on the Unlimited Register Machine (URM) model of computation =-=[7]-=-, and the main result of the formalisation is a proof that partial recursive functions are URM computable. The mechanisation in Coq is based on a model of computation similar to the partial recursive ... |

97 | Type Theory and Functional Programming
- Thompson
- 1991
(Show Context)
Citation Context ...Type Theory [14, 18] and Girard's polymorphic -calculus F! [8]. Terms in CIC are typed and types are also terms. Such a type theory can be treated as a logic through the Curry-Howard isomorphism (see =-=[25, 18]-=- for introductions of the Curry-Howard isomorphism) where propositions are expressed as types. For instance, a conjunction AsB is represented by a product type A \Theta B, and an implication A ) B is ... |

87 |
Edinburgh LCF: A Mechanised Logic
- Gordon, Milner, et al.
- 1979
(Show Context)
Citation Context ... bridges the user from the metalanguage. These points are built gradually in the following sections and are discussed in the conclusion. 2 An Overview of Coq and HOL Both systems are based on the LCF =-=[9]-=- style of theorem proving, where all logical inferences are performed by a simple core engine. A metalanguage is provided so that users can extend the system by implementing program modules applying t... |

68 | The theory of LEGO: A proof checker for the extended calculus of constructions
- Pollack
- 1994
(Show Context)
Citation Context ...by the logic. ffi-conversion involves the substitution of a constant by its defining term and '-conversion is automation of inductive definitions. The CIC implemented in Coq differs from that of LEGO =-=[22]-=- by having two sorts of universes, an impredicative universe for sets in which functions are computable, and a predicative universe for types and propositions in which functions (predicates) need not ... |

53 |
Synthesis of ML programs in system Coq
- Paulin-Mohring, Werner
- 1993
(Show Context)
Citation Context ...is supported by the Coq system which provides a package which extracts an ML program from a proof term, as well as providing support for proving the specification of functions written in an ML syntax =-=[20, 19, 21]-=-. 2. Extracting proof texts written in a natural language: A proof term of typescan be seen as an account of the proof steps involved in deriving the theorems, and Coq provides tools for extracting a ... |

43 |
Extracting F# 's programs from proofs in the Calculus of Constructions
- Paulin-Mohring
- 1989
(Show Context)
Citation Context ...is supported by the Coq system which provides a package which extracts an ML program from a proof term, as well as providing support for proving the specification of functions written in an ML syntax =-=[20, 19, 21]-=-. 2. Extracting proof texts written in a natural language: A proof term of typescan be seen as an account of the proof steps involved in deriving the theorems, and Coq provides tools for extracting a ... |

42 | Reasoning with inductively defined relations in the HOL theorem prover
- Camilleri, Melham
- 1992
(Show Context)
Citation Context ...ctive and corecursive definitions and reasoning by coinduction is also provided. The HOL system provides a number of packages for defining inductive relations, which include Melham's original package =-=[16, 2]-=-, support for mutually inductive definitions [23] and the more recent implementation due to Harrison [12]. Besides providing a mechanism for specifying definitions these packages include ML functions ... |

28 | A Package for Inductive Relation Definitions in HOL
- Melham
- 1991
(Show Context)
Citation Context ...ctive and corecursive definitions and reasoning by coinduction is also provided. The HOL system provides a number of packages for defining inductive relations, which include Melham's original package =-=[16, 2]-=-, support for mutually inductive definitions [23] and the more recent implementation due to Harrison [12]. Besides providing a mechanism for specifying definitions these packages include ML functions ... |

22 |
Inductive definitions: automation and application
- Harrison
- 1995
(Show Context)
Citation Context ...umber of packages for defining inductive relations, which include Melham's original package [16, 2], support for mutually inductive definitions [23] and the more recent implementation due to Harrison =-=[12]-=-. Besides providing a mechanism for specifying definitions these packages include ML functions for reasoning about them and for automating them. It is argued (for instance in [11]) that inductive defi... |

19 | Using recursive types to reason about hardware in higher order logic
- Melham
- 1988
(Show Context)
Citation Context ... nonempty subset of an existing type oe, given a term P : oe ! bool which denotes its characteristic predicate. However, in practice, the user introduces new types through the type definition package =-=[15]-=- which specifies ML style polymorphic recursive types as well as automatically deriving a number of theorems specifying certain properties about the type (such as the fact that the type constructors a... |

19 | The HOL logic extended with quantification over type variables
- Melham
- 1993
(Show Context)
Citation Context ...apply f v x A mechanism which translates objects in a dependent type theory into HOL objects is illustrated in [13] and an extension of the HOL logic to cover quantification over types is proposed in =-=[17]-=-. 3.2 Constant Definitions Here we list the different mechanism by which constant definitions can be specified in Coq and in HOL. Simple Definitions In HOL given a closed term x :s, a new constant c :... |

18 | Function definition in Higher-Order Logic
- Slind
- 1996
(Show Context)
Citation Context ...definition package. A library for defining well-founded recursive functions, which in general requires user intervention for proving that a relation is well-formed, is also included in the HOL system =-=[24]-=-. In Coq, primitive recursive functions are defined by a fixpoint operator. The syntax of actually defining such functions implicitly in the Coq is very crude. However, a mechanism which allows functi... |

12 | Developping certified programs in the system Coq : the Program tactic
- Parent
- 1993
(Show Context)
Citation Context ...is supported by the Coq system which provides a package which extracts an ML program from a proof term, as well as providing support for proving the specification of functions written in an ML syntax =-=[20, 19, 21]-=-. 2. Extracting proof texts written in a natural language: A proof term of typescan be seen as an account of the proof steps involved in deriving the theorems, and Coq provides tools for extracting a ... |

11 | Translating dependent type theory into higher order logic
- Jacobs, Melham
(Show Context)
Citation Context ...unc. computes p n f = def onevalued n fs8v:num list. length v = n ) 8x:num. exec p v x , apply f v x A mechanism which translates objects in a dependent type theory into HOL objects is illustrated in =-=[13]-=- and an extension of the HOL logic to cover quantification over types is proposed in [17]. 3.2 Constant Definitions Here we list the different mechanism by which constant definitions can be specified ... |

8 |
et al. The Coq proof assistant reference manual, version 5.10. Rapport technique RT-0177
- Cornes
- 1995
(Show Context)
Citation Context ...lding in parallel two pictures of the different approaches of mechanisation given by these systems. 1 Introduction This paper compares the different theorem proving approaches of the HOL [10] and Coq =-=[5]-=- proof assistants. This comparison is based on a case study involving the mechanisation of parts of the theory of computation in the two systems. This paper does not illustrate these mechanisations bu... |

7 | Automatically synthesized term denotation predicates: A proof aid
- Black, Windley
- 1995
(Show Context)
Citation Context ...ssumptions. Nevertheless, HOL users can implement tactics which select a subset of, or a particular element from, the list of assumptions through filtering functions and other techniques discussed in =-=[1]-=-. However we stress that selecting an assumption simply by its name is definitely more straightforward than any such techniques. During the implementation of [26] the need of writing several filtering... |

3 |
The calculus of constructions. Rapport de Recherche 530
- Coquand, Huet
- 1986
(Show Context)
Citation Context ...uite different logics and through the flexibility by which users are allowed to extend the system. 2.1 Coq The Coq system is an implementation in CAML of the Calculus of Inductive Constructions (CIC) =-=[4]-=-, a variant of type theory related to Martin-Lof's Intuitionistic Type Theory [14, 18] and Girard's polymorphic -calculus F! [8]. Terms in CIC are typed and types are also terms. Such a type theory ca... |

2 |
Extracting text from proofs. Rapport de recherche n.2459
- Coscoy, Kahn, et al.
- 1995
(Show Context)
Citation Context ...ge: A proof term of typescan be seen as an account of the proof steps involved in deriving the theorems, and Coq provides tools for extracting a proof written in a natural language from proof objects =-=[6]-=-. 3. Independent proof checking: Proof terms can be checked by an independent proof checker to gain more confidence in their correctness. Moreover, such proof terms can be easier to translate into pro... |

2 |
Intuitionistic Type Theory. Bibioplois
- Martin-Lof
- 1984
(Show Context)
Citation Context ...xtend the system. 2.1 Coq The Coq system is an implementation in CAML of the Calculus of Inductive Constructions (CIC) [4], a variant of type theory related to Martin-Lof's Intuitionistic Type Theory =-=[14, 18]-=- and Girard's polymorphic -calculus F! [8]. Terms in CIC are typed and types are also terms. Such a type theory can be treated as a logic through the Curry-Howard isomorphism (see [25, 18] for introdu... |

1 |
A HOL package for reasoning about relations defined by mutual induction
- Roxas
- 1993
(Show Context)
Citation Context ...oinduction is also provided. The HOL system provides a number of packages for defining inductive relations, which include Melham's original package [16, 2], support for mutually inductive definitions =-=[23]-=- and the more recent implementation due to Harrison [12]. Besides providing a mechanism for specifying definitions these packages include ML functions for reasoning about them and for automating them.... |

1 | A mechanisation of computability theory in HOL
- Zammit
- 1996
(Show Context)
Citation Context ...ain differences beforehand facilitates the process of learning the other system, and gives a better perspective of the system the user is familiar with. The case studies are illustrated separately in =-=[26]-=- and in [27]. The mechanisation in HOL is based on the Unlimited Register Machine (URM) model of computation [7], and the main result of the formalisation is a proof that partial recursive functions a... |

1 |
A proof of the S m n theorem in Coq
- Zammit
- 1997
(Show Context)
Citation Context ...ned. Proof terms may become very large, and fi ffi'-convertibility may become infeasible for large objects. These factors do not yield any significant problems for the mechanisation of the results in =-=[27]-=- but may make Coq unsuitable for large scale `real-world' theorem proving required by the industry. 7 Acknowledgements I would like to thank my supervisor, Simon Thompson, for his support and encourag... |