Programming Languages Going Above and Beyond
source link: https://whileydave.com/2023/06/27/programming-languages-going-above-and-beyond/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Programming Languages Going Above and Beyond
Having been a programmer for a long time now, I have experienced my fair share of programming languages. What strikes me the most is that programming languages have not improved much over the years. Java, for example, has certainly improved from when I started using it in the mid-nineties — but only in pretty minor ways. We still get buffer overflows and integer overflows. The compiler still cannot tell when our loops will terminate (yes, this is possible). Aliasing is still a complete unbridled mess. Even Rust, my favourite language du jour, only offers a minor improvement on the status quo. These are not stop-the-world everything has changed kinds of improvements.
Still, big improvements are possible. I now use, on a daily basis, a language (Dafny) which often genuinely amazes me. I’ll admit, its not super easy to use and perhaps not ready yet for mainstream — but, it gives a glimpse of what is possible. Dafny’s ability to statically check critical properties of your program goes well beyond what mainstream languages can do (that includes you, Rust). Here’s a simple example:
function Gcd(a:nat, b:nat) : (g:nat,x:int,y:int))
// Bezout's identity
ensures (a*x)+(b*y) == g
{
if a == 0 then (b,0,1)
else
var (g,x,y) := Gcd(b%a,a);
(g,y-((b/a)*x),x)
}
This is a recursive implementation of Euclid’s extended GCD
algorithm
(i.e. an integral part of modern cryptography, including
RSA and
ECC).
Using the ensures clause I’ve specified a
postcondition — that
is, a property that should always hold of the return value. This
particular postcondition corresponds to Bézout’s
identity.
That is, a theorem about numbers proved by Étienne Bézout in the 18th
century. The amazing thing is that, in order to check my program is
correct, Dafny has reproved this theorem for me.
Bits and Bytes
The above example was taken from our DafnyEVM codebase. Here’s another example which is, perhaps, more concrete:
function ToBytes(v:nat) : (r:seq<u8>)
ensures |r| > 0 {
// Extract the byte
var byte : u8 := (v % 256) as u8;
// Determine what's left
var w : nat := v/256;
if w == 0 then [byte]
else
ToBytes(w) + [byte]
}
The above is a straightforward (recursive) function for converting an
arbitrary-sized unsigned integer (nat) into a sequence of one or
more bytes (following a big endian representation). Here, ToBytes()
has an ensures clause clarifying it always returns a non-empty
sequence. Dafny checks at compile time that this is always true.
Now, here is a function taking us in the opposite direction:
function FromBytes(bytes:seq<u8>) : (r:nat) {
if |bytes| == 0 then 0
else
var last := |bytes| - 1;
var byte := bytes[last] as nat;
var msw := FromBytes(bytes[..last]);
(msw * 256) + byte
}
There isn’t anything too special going on here (yet). But, now the magic begins! What we want to know is that these two functions are “opposites” of each other. We can do this like so:
lemma LemmaFromToBytes(v: nat)
ensures FromBytes(ToBytes(v)) == v {
// Dafny does all the work!
}
This might not seem like much, but it represents something you cannot
easily do in other languages. This lemma asks Dafny to check that,
for any possible nat value v, it always holds that
FromBytes(ToBytes(v)) == v. Again, Dafny checks this at compile
time — no testing required!
Finally, an interesting puzzle remains. For an arbitrary sequence
bs of bytes, does ToBytes(FromBytes(bs)) == bs always hold?
Again, Dafny can answer this for us almost immediately. If
you’re interested to know the answer, take a look at the lemma we
came up
with.
Recommend
-
12
My first term here at UC Santa Cruz has wrapped up, and with it, my graduate seminar course, Languages and Abstractions for Distributed Programming....
-
5
Course announcement: Languages and Abstractions for Distributed Programming Sep 18th, 2018 Hi, friends! This fall will be my first quarter teaching at UC Santa Cruz...
-
14
On Machine Learning and Programming Languages December 2017 Originally posted on the Julia website. Any sufficiently complic...
-
9
Dynamic and Static Programming Languages and Teaching Wed, Sep 29, 2010Lately I’ve seen the sentiment, “Why do all teachers need to prepare their own lesson plans” in a few different places, and it strikes me as representative...
-
9
Typeless programming languages (BCPL, B), C evolution and decompilationTypeless programming languages (BCPL, B), C evolution and decompilation
-
16
Programming Languages and Frameworks to Learn in 2021Nick Scialli • December 26, 2020 • 🚀🚀 7 minute readI’m generally not one for lists like these, but I think a lot about where...
-
12
How Respawn took VR Above and Beyond the status quo Sean Andrews, January 29, 2021
-
9
Micro content on programming languages and concepts Jun 23 ・1 min read ...
-
6
Going Above & Beyond with Personalized Visuals in Power BI!Have you ever wanted to enable report consumers to choose how they wish to have the data displayed? Personalize visuals feature lets you achie...
-
6
Above And Beyond Ending Multiplayer Support Skip to content...
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK