Re: Why not Coq2Ada program extraction?

[Paul Rubin <no.email@nospam.invalid>]

"G.B." <bauhaus@notmyhomepage.invalid> writes:
> I imagine that proofs of algorithms involving arbitrarily large
> integers might be more tricky than expected as their representations
> incur complexity WRT execution time and memory requirements. Unless,
> of course, one is free to ignore space and time, which, AIUI is
> not typical of (idealized) Ada programs.

Right, this is why I'm taken slightly aback by the concept of extracting
Ada or Rust from Coq.  I wonder how stylized the Coq proofs have to be
for the extraction to work usefully.  Usually in extracted Coq proofs,
space and time are indeed ignored: the proof is only that the right
answer is eventually reached, space permitting.

Fwiw, Coq proofs extracted to (say) Haskell is crazy ugly, with unsafe
casts all over the place.  Coq can prove that the casts are safe, but
Haskell's type system isn't precise enough to understand the proofs, so
Coq has to tell it "trust me".  Extracted code in Rust or Ada might have
similar issues.

> One of the things that this dilettante likes about Haskell is
> that it doen't ignore distinct types of number as essential.

I'm not sure what you mean, but Haskell has separate Int (machine sized)
and Integer (arbitrary size) integers.  That they are separate types is
annoying and I think Haskell might have been better off handling the
issue some different way.