cakeml
Checker Framework
Our great sponsors
cakeml | Checker Framework | |
---|---|---|
14 | 10 | |
904 | 976 | |
2.8% | 1.2% | |
9.8 | 9.8 | |
5 days ago | 5 days ago | |
Standard ML | Java | |
GNU General Public License v3.0 or later | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
cakeml
-
The Deep Link Equating Math Proofs and Computer Programs
If I understand what you are asking about correctly, then I do think you are mistaken.
As a sibling comment observed, you would be proving something about a program, but proving things about programs is both possible and done.
This ranges from things like CakeML (https://cakeml.org/) and CompCert (compilers with verified correctness proofs of their optimizations) to something simple like absence of runtime type errors in statically strongly soundly-typed languages.
Of note is that you are proving properties of your program, not proving them perfect in every way. The properties of your program that you prove can vary wildly in both difficulty and usefulness. A sufficiently advanced formally verified compiler like CakeML can transfer a high-level proof about your source code to a corresponding proof about the behavior of the generated machine-executable code.
-
The future of Clang-based tooling
> A single IR with multiple passes is a good way to build a compiler
https://mlir.llvm.org/, which is using, is largely claiming the opposite. Most passes more naturally are not "a -> a", but "a -> b". data structures and data structures work hand in hand, it is very nice to produce "evidence" for what is done in the output data structure.
This is why https://cakeml.org/, which "can't cheat" with partial functions, has so many IRs!
Using just a single IR was historically done for cost-control, the idea being that having many IRs was a disaster in repetitive boilerplate. MLIR seeks to solve that exact problem!
-
old languages compilers
CakeML
-
Is there a formally-proven real-time language/computing env. or operating system?
There is also Cake ML which is a formally verified functional programming language compiler and runtime.
-
CakeML: A Verified Implementation of ML
There is also a CakeML -> Standard ML compiler though it seems to have been built to translate benchmarks and sort of old so I'm not sure how comprehensive it is: https://github.com/CakeML/cakeml/tree/master/unverified/front-end
-
The λ-Cube
> One guess is that lisps cope with being minimal through use of macros and metaprogramming, it's difficult for a typed language to support that level of metaprogramming while maintaining the various guarantees that one wants from such a system.
Difficult, but certainly not impossible [0].
-
Two Mechanisations of WebAssembly 1.0
If this interests you, I'd highly recommend checking out CompCert (docs here) and CakeML.
- Please critique Pancake, my first ever langdev project!
-
A Proven Correct C Compiler (Used by Airbus)
CakeML[0] is another formally verified compiler. Notably, unlike compcert, it is open source.
The language it implements (an sml dialect) is high-level and garbage collected, meaning that it is not usable in all of the same domains, but work is ongoing to reuse much of the compiler infrastructure for 'pancake', a low-level language.
Checker Framework
-
Too Dangerous for C++
It is interesting! I experimented with creating a bad borrow checker for Java using annotations from
It supports some level of substructural types using must-call annotations,
-
JEP 457: Class-File API for Parsing, generating, transforming
Lombok is not a compiler extension. Compiler extensions, aka annotation processors, are offered only specific capabilities that ensure that they preserve the Java language specification. Particularly, code that compiles successfully with an extension also compiles without it (perhaps requiring other classes to be available) and it compiles down to the same bytecode. Annotation processors are used to implement pluggable type systems (e.g. https://checkerframework.org) or to generate other classes (e.g. https://immutables.github.io/).
Unlike compiler extensions, Lombok compiles source files that do not conform to the Java language specification. Lombok is an alternative Java Platform language, like Clojure or Kotlin or Scala, except that it's a superset of the Java language. However, rather than forking `javac` source code and modifying it to compile Lombok source files, the Lombok compiler modifies `javac`'s operation by hacking into its internals and modifying them as it runs to compile Lombok sources rather than Java sources.
Having alternative Java Platform languages is perfectly fine. The problem with Lombok is that it doesn't present itself as such but as a library or a compiler extension even though it violates the Java language specification in ways that compiler extensions are forbidden from doing.
-
I introduced Rust at work
And then I found (thanks Oracle), https://checkerframework.org/ zomg, this thing is awesome. Pluggable Type Systems!
-
Don’t call it a comeback: Why Java is still champ
Java should adopt something like the Checker Framework Nullness Checker in its first-party tooling.
-
JSpecify: Express specifications (initially, just nullness properties) in a machine-readable way
Checkerframework - a really academic take, and as one might expect from such a thing, backed by tons of papers and analysed to perfection. Specifically, this is the only framework I'm aware of that realizes nullity is a little more complicated than just a boolean yes-or-no; just like generics actually have 4 flavours for any given type: List, List, List, and List are all 4 important and unique, and nullity is no different. Specifically, it can occur that you want to write a method that ought to accept both lists of nullable strings as well as list of nonnull strings, and needs to 'convey' this nullity again on its output. You can either attempt to lift along the existing generics system in java which I think is your intent, but it's not actually all that easy to do this. After all, T extends @Nullable Number super @NonNull Number, or whatnot, isn't legal java. So you.. really just can't do that. Checker Framework solves this problem by introducing the @PolyNull annotation, which still isn't perfect but covers almost all real world use cases you can think of. I'm missing any acknowledgement in your documentation. An oversight, or, something you hadn't thought of yet? You're in good company: Both eclipse and intellij's engineers, when I asked them about it, just hadn't realized it was a thing. Point is: If you think the primary problem with e.g. eclipse's and intellij's take is that they lack academic rigour - checkerframework has you beat.
-
calling Format() on a time struct in a golang program changes the default Location's timezone information in the rest of the program
NullAway or the Checker Framework should greatly help eliminate the issue. Also, when Java gets value types you should be able to define your own non nullable value types and use them safely.
-
Handling null and upgrading past Java 8 - Inside Java Newscast #7
There is a pull request that makes the Checker Framework work with JDK 16. (Propss to Neil Brown for the heavy lifting.) So, you should soon be able to use the Checker Framework with your codebase.
What are some alternatives?
Daikon - Dynamic detection of likely invariants
OpenJML - This is the primary repository for the source code of the OpenJML project. The source code is licensed under GPLv2 because it derives from OpenJDK which is so licensed. The active issues list for OpenJML development is here and the wiki contains information relevant to development. Public documentation for users is at the project website:
CATG - a concolic testing engine for Java
JMLOK 2.0 - Tool for detecting and classifying nonconformances in Java/JML projects.
jCUTE - Java Concolic Unit Testing Engine
jspecify - An artifact of fully-specified annotations to power static-analysis checks, beginning with nullness analysis.
hardware - Verilog development and verification project for HOL4
eclipse-null-eea-augments - Eclipse External null Annotations (EEA) repository
noms - The versioned, forkable, syncable database
CompCert - The CompCert formally-verified C compiler
mpl - The MaPLe compiler for Parallel ML