Re: Adacore joins with Ferrous Systems to support Rust

comp.lang.ada
 help / color / mirror / Atom feed

From: Paul Rubin <no.email@nospam.invalid>
Subject: Re: Adacore joins with Ferrous Systems to support Rust
Date: Thu, 03 Feb 2022 21:19:14 -0800	[thread overview]
Message-ID: <87ee4jxl7x.fsf@nightsong.com> (raw)
In-Reply-To: sti739$pe4$1@franka.jacob-sparre.dk

"Randy Brukardt" <randy@rrsoftware.com> writes:
> In any language with dynamic checks, one can easily reduce the problem
> of correctness down to simply proving that no check fails.

Well sure, but I'd take issue with the word "easily" there.  The
invariants for the red-black tree are fairly complicated.  Enforcing
them could be done with what I think SPARK calls a "ghost function" or
something like that: a piece of code that is not actually executed, but
is used only by the prover.  But, what would the proof look like?  I
think it would likely involve some manual work with an external proof
assistant like ISABELLE.  That takes quite a bit of effort and knowledge
on the programmer's part.

On the other hand, the RB tree type declaration in that Haskell example
is very natural and appealing even in that old implementation, and using
newer GHC features that have appeared since then, it becomes even nicer.

> So the question is how one can accomplish that with the least
> complication for the actual programmer.

Indeed.

next prev parent reply	other threads:[~2022-02-04  5:19 UTC|newest]

Thread overview: 38+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-02-02  8:57 Adacore joins with Ferrous Systems to support Rust Paul Rubin
2022-02-02 13:04 ` Luke A. Guest
2022-02-02 15:29   ` Marius Amado-Alves
2022-02-02 16:36     ` Luke A. Guest
2022-02-04 17:51       ` Stephen Leake
2022-04-18 16:01       ` Rene
2022-02-02 20:07     ` G.B.
2022-02-03 23:29     ` John McCabe
2022-02-11 17:40     ` amo...@unizar.es
2022-02-11 19:24       ` Luke A. Guest
2022-02-12 17:34         ` Alejandro R. Mosteo
2022-02-12  5:22       ` John Perry
2022-02-12 10:08         ` Marius Amado-Alves
2022-02-12 18:24         ` Alejandro R. Mosteo
2022-02-13  8:10           ` J-P. Rosen
2022-02-14 23:25           ` Randy Brukardt
2022-02-15  4:29             ` Paul Rubin
2022-02-12 23:59         ` John Perry
2022-02-18 13:24     ` Kevin Chadwick
2022-02-02 20:06   ` Paul Rubin
2022-02-03  1:34     ` Luke A. Guest
2022-02-03  2:20       ` Paul Rubin
2022-02-03  2:52         ` Luke A. Guest
2022-02-03  4:22           ` Paul Rubin
2022-02-03  9:54             ` Björn Lundin
2022-02-04  3:38             ` Randy Brukardt
2022-02-04  5:19               ` Paul Rubin [this message]
2022-02-03 11:30           ` Simon Wright
2022-02-03 12:51             ` Luke A. Guest
2022-02-04  3:20               ` Randy Brukardt
2022-02-04 10:28                 ` Luke A. Guest
2022-02-04 17:51                   ` Andreas ZEURCHER
2022-02-05  4:31                   ` Randy Brukardt
2022-02-02 16:19 ` Stephen Leake
2022-02-02 18:48 ` Gautier write-only address
2022-02-02 20:03   ` Paul Rubin
2022-02-02 20:45     ` Dennis Lee Bieber
2022-02-12  4:42 ` 25.BZ943

replies disabled

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox