Re: Why not Coq2Ada program extraction?

[Paul Rubin <no.email@nospam.invalid>]

"Dan'l Miller" <optikos@verizon.net> writes:
> Why hasn't anyone ever developed Ada extraction from Coq proofs?

That's interesting to hear about Rust.  Coq (like Ocaml, Scheme, and
Haskell) is lambda calculus once you look past the types, so extracting
to those languages is natural.  This gets back to our earlier
discussion: lambda calculus is a computational model equivalent to a
Turing machine, with unlimited memory.  You can translate the lambda
calculus computational part to actual machine code, but you end up
simulating the unlimited memory using garbage collection.  There's a
book about it here:

https://www.microsoft.com/en-us/research/publication/the-implementation-of-functional-programming-languages/

I wouldn't have thought it possible to extract to Coq a non-GC'd
language like Rust in a reasonable way.  Plus also you get a lot of
proof obligations about integer overflow, unless you use bignums.  On
the other hand, there's a C++11 back end for Purescript (purescript.org)
that uses std::shared_ptr as a poor person's GC, so maybe Rust has
something like that too.

Regarding verifying compilers, have you looked at the CompCert papers?
http://compcert.inria.fr

> What if the entire English-prose ARM were re-written as Coq proofs?

How about writing an Ada front end for CompCert?  I don't have any idea
about the commercial licensing terms though.  There's a company that
handles it but I've never looked into it.