|12 days ago||6 days ago|
|GNU General Public License v3.0 only||GNU General Public License v3.0 or later|
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
There's an ongoing effort to rewrite Principia Mathematica using Coq
5 projects | reddit.com/r/math | 3 Dec 2021
There are ongoing research projects about that, you may want to have a look at Kôika (https://github.com/mit-plv/koika), Kami (https://github.com/mit-plv/kami), Lutsig (https://github.com/CakeML/hardware) and silveroak (https://github.com/project-oak/silveroak). Closer to HLS there is also Vericert (https://github.com/ymherklotz/vericert). There may be other research project I am unaware of, feel free to add them in a reply, I am interested in it.
Is it possible to make C as safe as Rust?
3 projects | reddit.com/r/C_Programming | 29 Sep 2022
There is. They're called formally verified compilers, and are used for safety critical applications: https://compcert.org/ https://github.com/AbsInt/CompCert
New Coq tutorial
3 projects | reddit.com/r/ProgrammingLanguages | 5 Jul 2022
Hi all, Coq is a "proof assistant" that allows you to write both code and proofs in the same language (thanks to the Curry–Howard correspondence). Its uses range from pure math (e.g., the Feit–Thompson theorem was proven in Coq!) to reasoning about programming languages (e.g., proving the soundness of a type system) to writing verified code (e.g., this verified C compiler!). You can "extract" your code (without the proofs) to OCaml/Haskell/Scheme for running it in production. Coq is awesome, but it's known for having a steep learning curve (it's based on type theory, which is a foundational system of mathematics). It took me several years to become proficient in it. I wanted to help people pick it up faster than I did, so I wrote this introductory tutorial. Hope you find it useful!
The Software Foundations: mathematical underpinnings of reliable software
4 projects | news.ycombinator.com | 5 Mar 2022
Not an expert but I've heard formal methods are used in Chip Design. Also https://compcert.org/ a c compiler which uses formal verifcation. I tiored some exercises in the series. Its pretty interesting thing to do, but yes I don't think its great for rapid software development.4 projects | news.ycombinator.com | 5 Mar 2022
The seL4 microkernel: https://sel4.systems/
The CompCert C compiler: https://compcert.org/
TLS implementation in Firefox: https://blog.mozilla.org/security/2020/07/06/performance-imp...
Elasticsearch model checks some of their core algorithms with TLA+: https://youtu.be/qYDcbcOVurc.
Amazon is known to apply formal methods in varying forms to services like S3: https://www.amazon.science/publications/using-lightweight-fo...
Many components in airplane software is formally verified in some aspect.
Two Mechanisations of WebAssembly 1.0
2 projects | reddit.com/r/ProgrammingLanguages | 3 Jan 2022
If this interests you, I'd highly recommend checking out CompCert (docs here) and CakeML.
Why the C Language Will Never Stop You from Making Mistakes
5 projects | news.ycombinator.com | 30 Dec 2021
With Frama-C you can prove doubly linked lists and all manner of complicated pointer manipulating graph algorithms. It does not impose a Rust-like pointer ownership policy as does SPARK.
However, for embedded development, SPARK's restrictions are a good trade-off, as the more restrictive rules allow more proofs to be fully automated than with Frama-C and simplify diagnostic messages. A fly-by-wire avionics computer doesn't need to dynamically allocate a billion graph nodes. But SPARK is not "general purpose" like C with Frama-C is.
AdaCore's SPARK tool stack is not actually written in SPARK as far as I can see, much of it is actually OCaml and Coq/Gallina for the Why3 component also used by Frama-C. See all the .ml OCaml and .v Gallina source code for yourself:
And of course the compiler backend for Ada/SPARK is GNU GCC, written in unverified C:
Compare with CompCert, the formally verified C compiler:
Frama-C unfortunately requires a user to be mathematician-logician logic programming expert to fully utilize. One can begin training in Coq/Gallina with the large free online Software Foundations course:
Hacker News top posts: Jun 27, 2021
3 projects | reddit.com/r/hackerdigest | 27 Jun 2021
A Proven Correct C Compiler\ (76 comments)
A Proven Correct C Compiler (Used by Airbus)
As noted in the License section of the readme,
> CompCert is not free software. This non-commercial release can only be used for evaluation, research, educational and personal purposes. A commercial version of CompCert, without this restriction and with professional support and extra features, can be purchased from AbsInt. See the file LICENSE for more information.
However, https://github.com/AbsInt/CompCert/blob/master/LICENSE goes onto say that
> The following files in this distribution are dual-licensed both under
On their website, the claim is more ambitious: "The main result of the project is the CompCert C verified compiler, a high-assurance compiler for _almost all_ of the C language (ISO C99), generating efficient code for the PowerPC, ARM, RISC-V and x86 processors." (https://compcert.org/)
>The files in question are, from a formal verification standpoint, the interface to CompCert. They are licensed under the non-commercial license (NCL) so that they can be used together with the rest of CompCert (the implementation of the compiler, so to speak), which is NCL-only.
>Additionally, the interface files in question are also licensed under the GPL so that they can be used in other, open-source projects such as VST (http://vst.cs.princeton.edu/) that connect with CompCert.
What are some alternatives?
coq - Coq is a formal proof management system. It provides a formal language to write mathematical definitions, executable algorithms and theorems together with an environment for semi-interactive development of machine-checked proofs.
unbound - Replib: generic programming & Unbound: generic treatment of binders
seL4 - The seL4 microkernel
corn - Coq Repository at Nijmegen [[email protected],@VincentSe]
koika - A core language for rule-based hardware design 🦑
silt - An in-progress fast, dependently typed, functional programming language implemented in Swift.
sol2 - Sol3 (sol2 v3.0) - a C++ <-> Lua API wrapper with advanced features and top notch performance - is here, and it's great! Documentation:
checkedc - Checked C is an extension to C that lets programmers write C code that is guaranteed by the compiler to be type-safe. The goal is to let people easily make their existing C code type-safe and eliminate entire classes of errors. Checked C does not address use-after-free errors. This repo has a wiki for Checked C, sample code, the specification, and test code.
wuffs - Wrangling Untrusted File Formats Safely
cakeml - CakeML: A Verified Implementation of ML