Continued from
/psst/ - Programming Safe Systems Thread
Parker Jones
Other urls found in this thread:
eiffel.org
eiffel.org
touch.ethz.ch
bitbucket.org
youtube.com
youtube.com
dev.eiffel.com
eiffel.org
blog.adacore.com
alt-ergo.ocamlpro.com
cvc4.cs.stanford.edu
github.com
docs.adacore.com
youtube.com
softwarefoundations.cis.upenn.edu
vst.cs.princeton.edu
youtube.com
youtube.com
twitter.com
Andrew Smith
Are you aware of Eiffel's void-safety?
Ayden King
Absolutely! Void-safety, like static typing, is another facility for improving software quality. Void-safe software is protected from run time errors caused by calls to void references, and therefore will be more reliable than software in which calls to void targets can occur. The analogy to static typing is a useful one. In fact, void-safe capability could be seen as an extension to the type system, or a step beyond static typing, because the mechanism for ensuring void-safety is integrated into the type system.
Logan Johnson
New to Eiffel programming? Start here:
eiffel.org
touch.ethz.ch
git clone bitbucket.org
Eiffel is a small language with a coherent, well-developed philosophy and methodology. Unlike many other software development systems, the entire Eiffel system can be completely understood and mastered.
Nathan Wood
>the entire Eiffel system can be completely understood and mastered
So even the MBTI 'ST' types could become very competent software implementers?
Ryan Turner
We have not even to risk the adventure alone, for the heroes of all time have gone before us. The labyrinth is thoroughly known; we have only to follow the thread of the hero path. And where we had thought to find an abomination, we shall find a god. And where we had thought to slay another, we shall slay ourselves. And where we had thought to travel outward, we shall come to the center of our own existence. And where we had thought to be alone, we shall be with all the world.
Logan Morgan
Everyone says how unsafe C is. Is that because it gives the programmer too much freedom and most programmers are shit? Or is it because there is something fundamentally unsafe with the language which no c/c++ expert could ever fix.
Carson Hernandez
It lacks a lot of facilities to assist in good behavior.
It's hopeless at defending against people aiming to do the wrong thing.
Ryan Robinson
>too much freedom
If the grill is removed from a fan, exposing the blades, is it best to describe that situation as the access or use of the fan is "more free"? Additionally, what if that fan is in a dark room with low visibility? "Freedom" isn't the prominent issue.
Justin Gutierrez
But you get better airflow without the grill so it's a more efficient system and maintenance, like cleaning the blades, is easier without the grill so it's a better maintained system. Only a brainlet would walk into the spinning blades.
Aaron King
If there were more spinning blades in the world maybe there would be fewer brainlets.
Elijah Lopez
If Eiffel compiles to C and C is inherently unsafe, how can Eiffel be safe? Can anyone answer that?
dev.eiffel.com
eiffel.org
Jacob Reed
C is not inherently unsafe but people programming in C often design unsafe software. This is typically because they do not understand the issues and the risks. Even for very well informed, it is often too difficult and complicated to design large systems without tools, methodology, support and safe guards.
Ryder Baker
That's basically what he said.
Gabriel Ward
Noob
Lincoln Watson
Ok that is weird. I posted that exact message a week or so ago but this is not showing as my post and I did NOT post an image.
Xavier Rogers
>C is not inherently unsafe
it is
Kevin Brooks
This is an excellent post.
Concise, well thought, correct.
Hunter Powell
If you are aware of a discrepancy or ambiguity in the semantics of the C standard, ISO/IEC 9899:2011, or of any C compiler that does not produce machine code that logically represents those semantics, then that would be a big deal and you should come forward with your findings so the problems can be corrected.
Tyler Walker
Boob
Noah Wilson
are you a Eiffel shill or something?
jesus...
Thomas Johnson
I () disagree that that's what I said.
And I believe the argument falls apart when you talk about the large scale. C has problems that are at the small scale. There's nothing that makes architecture harder in C. What is harder is having people adhere to the established interfaces.
I find that a double indirection example is. Imagine you have a pointer to a pointer that could be null. It's very easy to write the code that just dereferences the pointer twice. Assuming it not to be null. Could you protect that through interface in C? Not really, the potential for an immediate dereference is still just as prevalent whatever interface you produce. Because you have the pointer and it's operational.
If you instead stored an index you're gonna have to index an array to get to a pointer. There's other benefits to this in certain systems but ignoring those and just looking at the interface what we've got is an additional step that reminds the programmer of the state of their pointer hopefully. You could also have a function that does the indexing and checking if it's valid. It can return a null pointer if it isn't which would give you a crash instead of memory corruption. That's huge. And ideally the function would have exclusive access to the array aswell. We can't really guarantee that but because we've now got another symbol involved we've got an easier time guarding against it by checking how many times the symbol is referenced.
What C lacks is a third process of improvement here. Say we wanted this underlying access pattern. How do you wrap it? You could wrap the index in a type and only expose valid operations. There's countless ways depending on paradigm.
Dominic Mitchell
This is kind of a dumb question however, I really want to become a good programmer because I'm really am passionate on it. I already know some C/C++ and I'm currently studying oop on my own. What things you think should I learn more to become better?
Brody Butler
Are you new to Jow Forums?
Lucas Allen
Andrew Hughes
Your post suggests your thinking might be a bit cluttered and out of focus. You may also have a context/relevancy problem. Are you on the autistic spectrum?
Ryan Howard
I've been trying to learn isabelle with the intention of modelling C++ and verifying my shit with it.
It's pretty hard, though. Figuring out why the automated proof methods didn't work and structuring the proofs to get around that is a pretty unfamiliar intellectual challenge to someone used to conventional debugging.
Christian Edwards
Its just late and I'm typing on a phone. Did some odd edits.
Parker Morris
And what I was explaining changed while I typed it really. I had set out thinking I was gonna explain a model where you tombstone the target of the indirection. Not just where you null. Ended up doing some dumb mix because phone typing is slow.
That case where you just null is to harmless if you've got sufficient code coverage.
Leo Young
You want to use an automated proof to verify that your code is shit and you are having trouble configuring it all? Hmm, what could be the problem...
Henry Martin
>what I was explaining changed while I typed it
Sheesh, dude. Do you operate like that while writing software?
Jeremiah Morgan
Well, fully automated theorem proving suffers from a combinatorial explosion of complexity. You can do some stuff, like an automatic simplifier but there's limits to what that can do.
So then you must define a series of lemmas to build up the logic of the proof, but knowing what to put in the lemmas so that the simplifier can then solve it is causing my brain to be full of fuck.
Alexander Green
Is this some kind of exercise for a class?
Anthony Evans
No, but the idea of being able to prove my code has none of various common classes of bug gives me a nerdboner.
Josiah Rodriguez
>do you hold the same standards for your late night kazakhstanian roofing enthusiasts forum posting as you do for your code base?
Of course.
user you just seem stupid when you assume things about people without any regard for circumstances.
Do you do that in real life as well?
Christopher Evans
Rather than assembling and configuring a hodgepodge of tools and technologies that might have significant incongruities and fundamental limitations, have you looked into any of the complete, coherent systems that were designed for formal verification?
blog.adacore.com
"Building High Integrity Applications with SPARK"
Colton Richardson
ADA/spark is of interest, and I do intend on checking into it. Ultimately, I suspect I'll still have to learn a theorem proving environment, though - Language features like type checking and contracts are typically limited by what kinds of proof the compiler can automatically do without any user assistance. I think you need to go interactive to get the full range of possible proofs.
Jaxson Young
It's late here, too.
Justin Torres
all safety measures are memes. why hang yourself by your own tether? a true samurai is not afraid of death, and neither should his code be. never check or sanitize anything, always assume correctness. the freest and most flexible language (ANSI C) is therefore the ideal.
in his mind, the stack has already overflown, the program has already crashed, and the code is already deleted without a backup. he only awaits the inevitable.
Cameron Garcia
The Alt-Ergo, CVC4 and Z3 provers are all installed with SPARK.
Alt-Ergo: alt-ergo.ocamlpro.com
CVC4: cvc4.cs.stanford.edu
Z3: github.com
docs.adacore.com
Brody Lewis
Carter Turner
Cool. Will definitely look into that.
Eli Perez
The productive work is going on in Coq. Checkout these books:
softwarefoundations.cis.upenn.edu
and this crazy project: vst.cs.princeton.edu
Luis Garcia
There is a long, hard road between an academic project and an engineering tool.
Blake Diaz
SeL4 wasn't productive?
One of the problems I'm having getting into this stuff is there doesn't seem to be a clear consensus about what system is better for what.
I mean, for programming you'd probably use python for new learners or quick and dirty stuff, then migrate to something like C++ once the system gets large enough. Can't really find any such consensus for formal verification..
Ryder Foster
Yeah, sadly yeah. But it does things no engineering tool does, like allowing recursive predicates, and it does it with actual C and with an actual compiler, so it's not a typical academic project, either. But yeah, not an engineering tool... yet
SeL4 was super productive, but it's from a prior generation. Their methodology hasn't extended to other problems; it was bespoke by design.
Aaron Sullivan
Might also checkout
youtube.com
Dude does a pretty good walk through of the stuff they've been doing in Coq. What's blowing my mind is that they're actually doing real systems.
My whole career, formal verification == toys or super special cases. The last 8 years have really turned that around, though.
The tools are still shit and still take years to master, though. That hasn't changed.
William Davis
Awesome. watching that now.
Xavier Moore
how 2 write safe javascript?
Samuel Wood
Software Synthesis? youtube.com