Closed quinn-dougherty closed 2 years ago
Thanks for the questions and links!
Unfortunately there is no any major hyperlink that may help at this point. I want to recommend to post this to https://cardano.stackexchange.com/ or somewhere else to get more attention and discussion, so it won't get lost here among other issues. And because it's more about the community and collaboration of users rather than the developers yet.
I'm closing this as there is no technical issue on plutus side to resolve.
I think this question provided the conversation starter I'd be looking for, but it's been largely ignored. I'll try /r/CardanoDevelopers
. Thanks!
Describe the feature you'd like
A unified workflow for proving properties about contracts and dapps.
Suppose I'm a proof engineer tasked with formally verifying dozens of formulae about a cardano dapp and it's underlying contract. How do I reason about:
plutus
andhaskell
code that my team has written as terms in that proof assistantIs there some major hyperlink I haven't found that explains this?
Describe alternatives you've considered
Here are some options.
Proof assistants
Agda 2
to leverage theplutus-metatheory
labor? What are the gains here? here is a 2005 citation on translatinghaskell
expressions intoagda 2
.hs-to-coq
offers anaxiomatize
feature, which might make it possible to work with a critical subset ofplutus
in the event thatcoq
ization of all ofplutus
is intractable, which it should be becauseplutus
is turing complete andhs-to-coq
is restricted to totalhaskell
.K
'splutus
core semantics, which is currently listed as "archived"nomos
being useful validating specs, I don't yet see how we would use it to validate running code. Here's a good citation regarding the overall session types / plutus interactionisabelle
, so I briefly duckduckwent to a paper calledTranslating haskell to isabelle
Did I miss any candidates?
pipelines/workflows
Something inspired by the
hs-to-coq
tutorial would look likegit-submodules
, place dapp and contract code insrc-haskell/
src-myproofassistant/
theories/
subdirnix
code ought to be leveraged to make this look likesrc-haskell
is input to the.nix
file, perhaps read directly from a github commit.src-myproofassistant
perhaps read-only to the user, write access is restricted only to the codegen tooltheories/
subdir should benix-build
with some arguments, modulo the near certainty of the codegen tool not working on the whole codebase on the first try.What sort of pipeline or workflow would other proof engineers like to have?