43
votes

I am wondering if someone can tell me the difference between Z3 and coq? Seems to me that coq is a proof assistant in that it requires the user to fill in the proof steps, whereas Z3 does not have that requirement. But seems like coq also has auto tactic that is similar to what Z3 does? Or maybe the proof search ability in coq is not as powerful as Z3?

1
cross posted: qr.ae/TUrnvYCharlie Parker

1 Answers

77
votes

Coq is an interactive theorem prover (aka proof assistant). It provides a language to write mathematical definitions, algorithms and theorems. It also provides an environment for producing machine checked proofs. Coq has been used to formalize mathematical theorems, and provide the semantics of programming languages. Today, we can find many papers at POPL that used Coq. Some claim that in the future, systems such as Coq will be widely used by Mathematicians. The article has a compelling argument for formal proofs in mathematics. Recently, Georges Gonthier used Coq to create a surveyable proof of the four color theorem. Coq has a small trusted core, and provides high assurance.

Z3 is a SMT (satisfiability modulo theories) solver. Its language is many sorted first-order logic + theories such as arithmetic, bit-vectors, data-types, arrays, etc. This language is not as expressive as the one used in Coq. Z3 also does not have support for proof management like Coq. Z3 is mainly used in software testing and verification. It can also be used to solve constraints, planning problems, puzzles, etc. There is a huge emphasis in finding models (i.e., solutions) for satisfiable formulas. The article describes many Z3 applications within Microsoft and elsewhere. Z3 is essentially an automatic theorem prover. In Z3, tactics are used to specify domain specific strategies. That is, customized solvers for problems in a particular application domain. Z3 can produce proofs/certificates that can be independently checked. However, proof generation is not the main focus of the Z3 project. Moreover, many modules do not support proof production and must be disabled when proof generation is requested by the user. Z3 has also been integrated in proof assistants such as Isabelle, and some are working on integrating Z3 into Coq. The idea is to have the best of both worlds: very expressive language and very good automation. Z3 can also be viewed as a logic reasoning engine that can be embedded in larger applications. Actually, that is the case for every Z3 application so far. End users do not use Z3 directly. It is hidden inside tools such as Isabelle, Pex, VCC, etc. The new Python front-end for Z3 tries to change that.