Use when implementing any software with logic — proves correctness in Lean 4 first, then translates to the target language with differential testing. Skip only for pure configuration or glue code with no logic.
Prove correctness in Lean 4 before implementing in the target language. Keep proofs alongside production code.
lake build to verify. Iterate with Lean's error messages until all proofs pass.proofs/ directory. Update proofs when the algorithm changes.project/
├── proofs/ # Lean 4 project
│ ├── lakefile.lean
│ ├── lean-toolchain
│ ├── Spec/ # Formal specifications (types, signatures)
│ ├── Proofs/ # Correctness proofs
│ └── DiffTest/ # Executable spec for differential testing
├── src/ # Production code (any language)
└── tests/
└── differential/ # Tests comparing Lean output vs production output
Toolchain: elan + lake. Verify: source ~/.elan/env && lean --version.
Initialize a new proofs directory:
cd project && lake init proofs && mv proofs/ proofs-tmp/ && mkdir proofs && mv proofs-tmp/* proofs/ && rm -rf proofs-tmp/
Focus proofs on properties that matter, not on trivial implementations:
When translating Lean → target language:
The Lean implementation is executable. Use it as an oracle:
lake env lean --run).Any implementation with logic. This includes: algorithms, data structures, protocol implementations, state machines, parsers, serializers, business rules, validation logic, transformations, refactoring (prove equivalence).