The Coq Proof Assistant

Coq is a formal proof management system. It provides a formal language to write mathematical definitions, executable algorithms and theorems together with an environment for semi-interactive development of machine-checked proofs. Typical applications include the certification of properties of programming languages (e.g. the CompCert compiler certification project, or the Bedrock verified low-level programming library), the formalization of mathematics (e.g. the full formalization of the Feit-Thompson theorem or homotopy type theory) and teaching.

Coq version 8.10 contains two major new features: support for a native fixed-precision integer type and a new sort SProp

of strict propositions. It is also the result of refinements and stabilization of previous features, deprecations or removals of deprecated features, cleanups of the internals of the system and API, and many documentation improvements. This release includes many user-visible changes, including deprecations that are documented in the next subsection, and new features that are documented in the reference manual. Here are the most important user-visible changes:

• Kernel:

  • A notion of primitive object was added to the calculus. Its first instance is primitive cyclic unsigned integers, axiomatized in module UInt63. See Section Primitive Integers. The Coq.Numbers.Cyclic.Int31 library is deprecated (#6914, by Maxime Dénès, Benjamin Grégoire and Vincent Laporte, with help and reviews from many others).
  • The SProp sort of definitionally proof-irrelevant propositions was introduced. SProp allows to mark proof terms as irrelevant for conversion, and is treated like Prop during extraction. It is enabled using the -allow-sprop command-line flag or the Allow StrictProp flag. See Chapter SProp (proof irrelevant propositions) (#8817, by Gaëtan Gilbert).
• • The unfolding heuristic in termination checking was made more complete, allowing more constants to be unfolded to discover valid recursive calls. Performance regression may occur in Fixpoint declarations without an explicit {struct} annotation, since guessing the decreasing argument can now be more expensive (#9602, by Enrico Tassi).

• Universes:

  • Added Print Universes Subgraph variant of Print Universes. Try for instance Print Universes Subgraph(sigT2.u1 sigT_of_sigT2.u1 projT3_eq.u1). (#8451, by Gaëtan Gilbert).
  • Added private universes for opaque polymorphic constants, see the documentation for the Private Polymorphic Universes flag, and unset it to get the previous behaviour (#8850, by Gaëtan Gilbert).

• Notations:

  • New command String Notation to register string syntax for custom inductive types (#8965, by Jason Gross).
  • Experimental: Numeral Notations now parse decimal constants such as 1.02e+01 or 10.2. Parsers added for Q and R. In the rare case when such numeral notations were used in a development along with Q or R, they may have to be removed or disambiguated through explicit scope annotations (#8764, by Pierre Roux).

• Ltac backtraces can be turned on using the Ltac Backtrace flag, which is off by default (#9142, fixes #7769 and #7385, by Pierre-Marie Pédrot).

• The tactics lia, nia, lra, nra are now using a novel Simplex-based proof engine. In case of regression, unset Simplex to get the venerable Fourier-based engine (#8457, by Fréderic Besson).

• SSReflect:

  • New intro patterns:

    • temporary introduction: => +

    • block introduction: => [^ prefix ] [^~ suffix ]

    • fast introduction: => >

    • tactics as views: => /ltac:mytac

    • replace hypothesis: => {}H

      See Section Introduction in the context (#6705, by Enrico Tassi, with help from Maxime Dénès, ideas coming from various users).

  • New tactic under to rewrite under binders, given an extensionality lemma:

    • interactive mode: under term, associated terminator: over
    • one-liner mode: under term do [tactic | ...]

    It can take occurrence switches, contextual patterns, and intro patterns: under {2}[in RHS]eq_big => [i|i ?] (#9651, by Erik Martin-Dorel and Enrico Tassi).

• Combined Scheme now works when inductive schemes are generated in sort Type. It used to be limited to sort Prop (#7634, by Théo Winterhalter).

• A new registration mechanism for reference from ML code to Coq constructs has been added (#186, by Emilio Jesús Gallego Arias, Maxime Dénès and Vincent Laporte).

• CoqIDE:

  • CoqIDE now depends on gtk+3 and lablgtk3 instead of gtk+2 and lablgtk2. The INSTALL file available in the Coq sources has been updated to list the new dependencies (#9279, by Hugo Herbelin, with help from Jacques Garrigue, Emilio Jesús Gallego Arias, Michael Sogetrop and Vincent Laporte).
  • Smart input for Unicode characters. For example, typing \alpha then Shift+Space will insert the greek letter alpha. A larger number of default bindings are provided, following the latex naming convention. Bindings can be customized, either globally, or on a per-project basis. See Section Bindings for input of Unicode symbols for details (#8560, by Arthur Charguéraud).

• Infrastructure and dependencies:

  • Coq 8.10 requires OCaml >= 4.05.0, bumped from 4.02.3 See the INSTALL file for more information on dependencies (#7522, by Emilio Jesús Gallego Arías).

  • Coq 8.10 doesn't need Camlp5 to build anymore. It now includes a fork of the core parsing library that Coq uses, which is a small subset of the whole Camlp5 distribution. In particular, this subset doesn't depend on the OCaml AST, allowing easier compilation and testing on experimental OCaml versions. Coq also ships a new parser coqpp that plugin authors must switch to (#7902, #7979, #8161, #8667, and #8945, by Pierre-Marie Pédrot and Emilio Jesús Gallego Arias).

    The Coq developers would like to thank Daniel de Rauglaudre for many years of continued support.

  • Coq now supports building with Dune, in addition to the traditional Makefile which is scheduled for deprecation (#6857, by Emilio Jesús Gallego Arias, with help from Rudi Grinberg).

    Experimental support for building Coq projects has been integrated in Dune at the same time, providing an improved experience for plugin developers. We thank the Dune team for their work supporting Coq.

Version 8.10 also comes with a bunch of smaller-scale changes and improvements regarding the different components of the system, including many additions to the standard library (see the next subsection for details).

On the implementation side, the dev/doc/changes.md file documents the numerous changes to the implementation and improvements of interfaces. The file provides guidelines on porting a plugin to the new version and a plugin development tutorial originally made by Yves Bertot is now in doc/plugin_tutorial. The dev/doc/critical-bugs file documents the known critical bugs of Coq and affected releases.

The efficiency of the whole system has seen improvements thanks to contributions from Gaëtan Gilbert, Pierre-Marie Pédrot, and Maxime Dénès.

Maxime Dénès, Emilio Jesús Gallego Arias, Gaëtan Gilbert, Michael Soegtrop, Théo Zimmermann worked on maintaining and improving the continuous integration system and package building infrastructure. Coq is now continuously tested against OCaml trunk, in addition to the oldest supported and latest OCaml releases.

Coq's documentation for the development branch is now deployed continuously at https://coq.github.io/doc/master/api (documentation of the ML API), https://coq.github.io/doc/master/refman (reference manual), and https://coq.github.io/doc/master/stdlib (documentation of the standard library). Similar links exist for the v8.10 branch.

The OPAM repository for Coq packages has been maintained by Guillaume Melquiond, Matthieu Sozeau, Enrico Tassi (who migrated it to opam 2) with contributions from many users. A list of packages is available at https://coq.inria.fr/opam/www/.

The 61 contributors to this version are David A. Dalrymple, Tanaka Akira, Benjamin Barenblat, Yves Bertot, Frédéric Besson, Lasse Blaauwbroek, Martin Bodin, Joachim Breitner, Tej Chajed, Frédéric Chapoton, Arthur Charguéraud, Cyril Cohen, Lukasz Czajka, Christian Doczkal, Maxime Dénès, Andres Erbsen, Jim Fehrle, Gaëtan Gilbert, Matěj Grabovský, Simon Gregersen, Jason Gross, Samuel Gruetter, Hugo Herbelin, Jasper Hugunin, Mirai Ikebuchi, Emilio Jesus Gallego Arias, Chantal Keller, Matej Košík, Vincent Laporte, Olivier Laurent, Larry Darryl Lee Jr, Pierre Letouzey, Nick Lewycky, Yao Li, Yishuai Li, Xia Li-yao, Assia Mahboubi, Simon Marechal, Erik Martin-Dorel, Thierry Martinez, Guillaume Melquiond, Kayla Ngan, Sam Pablo Kuper, Karl Palmskog, Clément Pit-Claudel, Pierre-Marie Pédrot, Pierre Roux, Kazuhiko Sakaguchi, Ryan Scott, Vincent Semeria, Gan Shen, Michael Soegtrop, Matthieu Sozeau, Enrico Tassi, Laurent Théry, Kamil Trzciński, whitequark, Théo Winterhalter, Beta Ziliani and Théo Zimmermann.

Many power users helped to improve the design of the new features via the issue and pull request system, the Coq development mailing list, the coq-club@inria.fr mailing list or the new Discourse forum. It would be impossible to mention exhaustively the names of everybody who to some extent influenced the development.

Version 8.10 is the fifth release of Coq developed on a time-based development cycle. Its development spanned 6 months from the release of Coq 8.9. Vincent Laporte is the release manager and maintainer of this release. This release is the result of ~2500 commits and ~650 PRs merged, closing 150+ issues.