Question 1

How do I set up coq-of-ocaml with a dune project?

Accepted Answer

coq-of-ocaml works automatically with dune if your project is compiled, as dune provides Merlin configuration. Simply run 'coq-of-ocaml' on your .ml files after building the project, and it will handle dependencies via Merlin.

Question 2

coq-of-ocaml vs. Why3 for OCaml verification?

Accepted Answer

coq-of-ocaml translates OCaml to Coq for interactive, complex proofs in a full theorem prover, while Why3 focuses on automated verification with various backends. Choose coq-of-ocaml for deep, customizable proofs; Why3 for faster, automated property checking.

Question 3

What kind of properties can I verify with coq-of-ocaml?

Accepted Answer

You can prove any Coq-expressible property, such as invariant preservation, absence of assert failures, or backward compatibility, as demonstrated in the Tezos protocol verification where it handles large-scale, critical code.

Question 4

Does coq-of-ocaml support GADTs in OCaml?

Accepted Answer

It offers partial support for GADTs, but there are open problems like axiom-free compilation. For projects relying heavily on GADTs, you may need to work around limitations or wait for future updates.

Question 5

How to fix errors in the generated Coq code?

Accepted Answer

The README recommends updating the OCaml source to resolve issues like name collisions. If errors persist, contact the maintainers via GitHub issues or email for assistance, as they provide support services.

Question 6

Is coq-of-ocaml suitable for beginners in formal verification?

Accepted Answer

While it simplifies translation by generating similar Coq code, learning to write Coq proofs has a steep curve. It's best for OCaml developers already committed to formal methods, not as an entry point for novices.

CoqOfOCaml

What is CoqOfOCaml?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions