The Rocq Prover (previously known as Coq) is an interactive theorem prover first released in 1989. It allows the expression of mathematical assertions, mechanical checking of proofs of these assertions, assists in finding

formal proof In logic and mathematics, a formal proof or derivation is a finite sequence of sentences (known as well-formed formulas when relating to formal language), each of which is an axiom, an assumption, or follows from the preceding sentences in the s ...

s using proof automation routines and extraction of a certified program from the

constructive proof In mathematics, a constructive proof is a method of mathematical proof, proof that demonstrates the existence of a mathematical object by creating or providing a method for creating the object. This is in contrast to a non-constructive proof (also ...

of its

formal specification In computer science, formal specifications are mathematically based techniques whose purpose is to help with the implementation of systems and software. They are used to describe a system, to analyze its behavior, and to aid in its design by verify ...

. Rocq works within the theory of the ''calculus of inductive constructions'', a derivative of the ''

calculus of constructions In mathematical logic and computer science, the calculus of constructions (CoC) is a type theory created by Thierry Coquand. It can serve as both a typed programming language and as constructive foundation for mathematics. For this second reaso ...

''. Rocq is not an

automated theorem prover Automated theorem proving (also known as ATP or automated deduction) is a subfield of automated reasoning and mathematical logic dealing with proving mathematical theorems by computer programs. Automated reasoning over mathematical proof was a ma ...

but includes automatic theorem proving tactics ( procedures) and various decision procedures. The

Association for Computing Machinery The Association for Computing Machinery (ACM) is a US-based international learned society for computing. It was founded in 1947 and is the world's largest scientific and educational computing society. The ACM is a non-profit professional membe ...

awarded

Thierry Coquand Thierry Coquand (; born 18 April 1961) is a French computer scientist and mathematician who is currently a professor of computer science at the University of Gothenburg, having previously worked at INRIA. He is known for his work in constructive ...

Gérard Huet Gérard Pierre Huet (; born 7 July 1947) is a French computer scientist, linguist and mathematician. He is senior research director at INRIA and mostly known for his major and seminal contributions to type theory, programming language theory and ...

, Christine Paulin-Mohring, Bruno Barras, Jean-Christophe Filliâtre, Hugo Herbelin, Chetan Murthy, Yves Bertot, and Pierre Castéran with the 2013

ACM Software System Award The ACM Software System Award is an annual award that honors people or an organization "for developing a software system that has had a lasting influence, reflected in contributions to concepts, in commercial acceptance, or both". It is awarded b ...

for Rocq (when it was still named Coq).

Overview

When viewed as a

programming language A programming language is a system of notation for writing computer programs. Programming languages are described in terms of their Syntax (programming languages), syntax (form) and semantics (computer science), semantics (meaning), usually def ...

, Rocq implements a dependently typed

functional programming In computer science, functional programming is a programming paradigm where programs are constructed by Function application, applying and Function composition (computer science), composing Function (computer science), functions. It is a declarat ...

model; when viewed as a logical system, it implements a higher-order

type theory In mathematics and theoretical computer science, a type theory is the formal presentation of a specific type system. Type theory is the academic study of type systems. Some type theories serve as alternatives to set theory as a foundation of ...

. The development of Rocq has been supported since 1984 by

French Institute for Research in Computer Science and Automation The National Institute for Research in Digital Science and Technology (Inria) () is a French national research institution focusing on computer science and applied mathematics. It was created under the name French Institute for Research in Comp ...

(INRIA), in collaboration with many other French and international research institutions. The development of Rocq was initiated by Gérard Huet and Thierry Coquand, and more than 200 people, mainly researchers, have contributed features to the core system since its inception. The implementation team has successively been coordinated by Gérard Huet, Christine Paulin-Mohring, Hugo Herbelin, and Matthieu Sozeau. Rocq is mainly implemented in

OCaml OCaml ( , formerly Objective Caml) is a General-purpose programming language, general-purpose, High-level programming language, high-level, Comparison of multi-paradigm programming languages, multi-paradigm programming language which extends the ...

with a bit of C. The core system can be extended by way of a plug-in mechanism. Rocq provides a specification language called Gallina. Programs written in Gallina have the weak normalization property, implying that they always terminate. This is a distinctive property of the language, since infinite loops (non-terminating programs) are common in other programming languages, and is one way to avoid the halting problem. Along the lines of the Curry-Howard isomorphism, this corresponds to the proofs being constructive, since a non-terminating program corresponds to a proof by contradiction, which is not allowed. As an example of a proof written in Rocq, consider a proof of a lemma which states that taking the successor of a natural number flips its parity. The fold-unfold tactic introduced by Danvy is used to help keep the proof simple. Ltac fold_unfold_tactic name := intros; unfold name; fold name; reflexivity. Require Import Arith Nat Bool. Fixpoint is_even (n : nat) : bool := match n with , 0 => true , S n' => eqb (is_even n') false end. Lemma fold_unfold_is_even_0: is_even 0 = true. Proof. fold_unfold_tactic is_even. Qed. Lemma fold_unfold_is_even_S: forall n' : nat, is_even (S n') = eqb (is_even n') false. Proof. fold_unfold_tactic is_even. Qed. Lemma successor_flips_evenness: forall n : nat, is_even n = negb (is_even (S n)). Proof. intro n. rewrite -> (fold_unfold_is_even_S n). destruct (is_even n). * simpl. reflexivity. * simpl. reflexivity. Qed.

Notable uses

Four color theorem and SSReflect extension

Georges Gonthier of

Microsoft Research Microsoft Research (MSR) is the research subsidiary of Microsoft. It was created in 1991 by Richard Rashid, Bill Gates and Nathan Myhrvold with the intent to advance state-of-the-art computing and solve difficult world problems through technologi ...

Cambridge Cambridge ( ) is a List of cities in the United Kingdom, city and non-metropolitan district in the county of Cambridgeshire, England. It is the county town of Cambridgeshire and is located on the River Cam, north of London. As of the 2021 Unit ...

England England is a Countries of the United Kingdom, country that is part of the United Kingdom. It is located on the island of Great Britain, of which it covers about 62%, and List of islands of England, more than 100 smaller adjacent islands. It ...

and Benjamin Werner of

INRIA The National Institute for Research in Digital Science and Technology (Inria) () is a French national research institution focusing on computer science and applied mathematics. It was created under the name French Institute for Research in Comp ...

used Rocq to create a surveyable proof of the

four color theorem In mathematics, the four color theorem, or the four color map theorem, states that no more than four colors are required to color the regions of any map so that no two adjacent regions have the same color. ''Adjacent'' means that two regions shar ...

, which was completed in 2002. Their work led to the development of the SSReflect ("Small Scale Reflection") package, which was a significant extension to Rocq. Despite its name, most of the features added to Rocq by SSReflect are general-purpose features and are not limited to the computational

reflective programming In computer science, reflective programming or reflection is the ability of a process to examine, introspect, and modify its own structure and behavior. Historical background The earliest computers were programmed in their native assembly lang ...

style of proof. These features include: * Added convenient notations for irrefutable and refutable

pattern matching In computer science, pattern matching is the act of checking a given sequence of tokens for the presence of the constituents of some pattern. In contrast to pattern recognition, the match usually must be exact: "either it will or will not be a ...

, on

inductive type In type theory, a system has inductive types if it has facilities for creating a new type from constants and functions that create terms of that type. The feature serves a role similar to data structures in a programming language and allows a ty ...

s with one or two constructors * Implicit arguments for functions applied to zero arguments, which is useful when programming with

higher-order function In mathematics and computer science, a higher-order function (HOF) is a function that does at least one of the following: * takes one or more functions as arguments (i.e. a procedural parameter, which is a parameter of a procedure that is itself ...

s * Concise anonymous arguments * An improved set tactic with more powerful matching * Support for reflection SSReflect is distributed as part of the main Rocq distribution since Coq 8.7.

Other applications

* CompCert: an optimizing compiler for almost all of the

C programming language C (''pronounced'' '' – like the letter c'') is a general-purpose programming language. It was created in the 1970s by Dennis Ritchie and remains very widely used and influential. By design, C's features cleanly reflect the capabilities of ...

which is largely programmed and proven correct in Rocq. *

Disjoint-set data structure In computer science, a disjoint-set data structure, also called a union–find data structure or merge–find set, is a data structure that stores a collection of Disjoint sets, disjoint (non-overlapping) Set (mathematics), sets. Equivalently, it ...

: correctness proof in Rocq was published in 2007. * Feit–Thompson theorem: formal proof using Rocq was completed in September 2012. *

Busy beaver In theoretical computer science, the busy beaver game aims to find a terminating Computer program, program of a given size that (depending on definition) either produces the most output possible, or runs for the longest number of steps. Since an ...

: The value of the 5-state winning busy beaver was discovered by Heiner Marxen and Jürgen Buntrock in 1989, but only proved to be the winning fifth busy beaver — stylized as BB(5) — in 2024 using a proof in Rocq.

Tactic language

In addition to constructing Gallina terms explicitly, Rocq supports the use of ''tactics'' written in the built-in language Ltac or in OCaml. These tactics automate the construction of proofs, carrying out trivial or obvious steps in proofs. Several tactics implement decision procedures for various theories. For example, the "ring" tactic decides the theory of equality modulo

ring (The) Ring(s) may refer to: * Ring (jewellery), a round band, usually made of metal, worn as ornamental jewelry * To make a sound with a bell, and the sound made by a bell Arts, entertainment, and media Film and TV * ''The Ring'' (franchise), a ...

semiring In abstract algebra, a semiring is an algebraic structure. Semirings are a generalization of rings, dropping the requirement that each element must have an additive inverse. At the same time, semirings are a generalization of bounded distribu ...

axioms via

associative In mathematics, the associative property is a property of some binary operations that rearranging the parentheses in an expression will not change the result. In propositional logic, associativity is a valid rule of replacement for express ...

commutative In mathematics, a binary operation is commutative if changing the order of the operands does not change the result. It is a fundamental property of many binary operations, and many mathematical proofs depend on it. Perhaps most familiar as a pr ...

rewriting. For example, the following proof establishes a complex equality in the ring of

integer An integer is the number zero (0), a positive natural number (1, 2, 3, ...), or the negation of a positive natural number (−1, −2, −3, ...). The negations or additive inverses of the positive natural numbers are referred to as negative in ...

s in just one line of proof: Require Import ZArith. Open Scope Z_scope. Goal forall a b c:Z, (a + b + c) ^ 2 = a * a + b ^ 2 + c * c + 2 * a * b + 2 * a * c + 2 * b * c. intros; ring. Qed. Built-in decision procedures are also available for the

empty theory In mathematical logic, an uninterpreted function or function symbol is one that has no other property than its name and '' n-ary'' form. Function symbols are used, together with constants and variables, to form terms. The theory of uninterpreted ...

("congruence"), propositional logic ("tauto"), quantifier-free linear integer arithmetic ("lia"), and linear rational/real arithmetic ("lra"). Further decision procedures have been developed as libraries, including one for Kleene algebras and another for certain

geometric Geometry (; ) is a branch of mathematics concerned with properties of space such as the distance, shape, size, and relative position of figures. Geometry is, along with arithmetic, one of the oldest branches of mathematics. A mathematician w ...

goals.

Name

The old name ' means '

rooster The chicken (''Gallus gallus domesticus'') is a domesticated subspecies of the red junglefowl (''Gallus gallus''), originally native to Southeast Asia. It was first domesticated around 8,000 years ago and is now one of the most common and w ...

' in French and is a wordplay on the name of Thierry Coquand, ''calculus of constructions'' or ''CoC'', and stems from a French tradition of naming research development tools after animals. Up until 1991, Coquand was implementing a language called the ''

'' and it was simply called ''CoC'' then. In 1991, a new implementation based on the extended ''calculus of inductive constructions'' was begun and the name changed from ''CoC'' to ''Coq'' in an indirect reference to Coquand, who developed the ''calculus of constructions'' along with Gérard Huet and contributed to the ''calculus of inductive constructions'' with Christine Paulin-Mohring. On October 11, 2023, the development team announced that ''Coq'' will be renamed ''The Rocq Prover'' in coming months, and began updating the code base, website, and associated tools. The official renaming happened with the release of Rocq 9.0 in March 2025. The new name refers to Inria Rocquencourt, where the system was initially developed, and is related to the mythical bird Roc, which allows keeping the bird references from the previous name.

References

External links

*, in English *, source code repository
JsCoq Interactive Online System
– allows Rocq to run in a web browser, with no need to install extra software

– a library to process Rocq snippets embedded in documents, showing goals and messages for each Rocq sentence
Rocq WikiMathematical Components library
– widely used library of mathematical structures, part of which is the SSReflect proof language
Constructive Coq Repository at NijmegenMath Classes
* ; Textbooks

– a book on Rocq by Yves Bertot and Pierre Castéran
Certified Programming with Dependent Types
– online and printed textbook by Adam Chlipala
Software Foundations
– online textbook by Benjamin C. Pierce et al.
An introduction to small scale reflection in Coq
– a tutorial on SSReflect by Georges Gonthier and Assia Mahboubi
Modeling and Proving in Computational Type Theory Using the Coq Proof Assistant
– a textbook by Gert Smolka used for a course in computational logic – see als
course resources at Saarland University
; Tutorials
Introduction to the Coq Proof Assistant
– video lecture by Andrew Appel at

Institute for Advanced Study The Institute for Advanced Study (IAS) is an independent center for theoretical research and intellectual inquiry located in Princeton, New Jersey. It has served as the academic home of internationally preeminent scholars, including Albert Ein ...

Rocq Video tutorials
by Andrej Bauer {{ML programming Proof assistants Free theorem provers Dependently typed languages Educational math software OCaml software Free software programmed in OCaml Functional languages Programming languages created in 1984 1989 software Extensible syntax programming languages Articles with example OCaml code