https://dafny.org/ also allows proof checking and allows do write real programs with it. It has a java like syntax and is also from MS I believe

I’ll add that SPARK Ada allows this now, has commercial tooling from Adacore, and was field-prove in years of commercial deployments.

https://en.m.wikipedia.org/wiki/SPARK_(programming_language)

It builds on the Why3 platform which also supports Frama-C for the C language. IIRC, SPARK can be compiled to C for C-only, runtime targets as well.

Do you think you might be able to elaborate a little bit more about this?

I was skimming the "Proof-Oriented Programming" book, and it seems that the primary way to execute F* programs is by extraction or trusted compilation (same as Rocq and Lean, for example). Does F* have some special way to work directly with realistic source code that these other systems don't?

> I studied formal languages for ~2 years and have professional experience programming coq. The real benefit of this language, over other formal languages is the focus on being able to write real programs in it.

How does Idris compare these days?

Where would a smooth brained CRUD app web developer who failed high school maths perhaps learn more about the point of this?

>memory safe (without a borrow checker)

This sounds like a very weird statement.

In my opinion, a proper proof-oriented language would inevitably contain a borrow checker variant as a subset of its functionality (assuming the language has notion of pointers/references and focuses on achieving "zero cost abstractions"). Lifetime annotations and shared/exclusive references provide essential information and code use restrictions which enable automatic proof generation.

After all, type and borrow checkers are nothing more than limited forms of automatic proof generation which are practical enough for wide use.

Lean has very little support for proving things about software. Right now, the community is mainly geared towards mathematics. This could change. Concrete Semantics was rewritten in Lean [1], but I haven't seen more efforts geared towards software in the Lean community.

Dafny, Isabelle, Why3, Coq and F* have been used to verify non-trivial software artifacts. Liquid Haskell, Agda and others are also interesting, but less mature.

[1] https://browncs1951x.github.io/static/files/hitchhikersguide...

One technical difference is that F* heavily uses SMT automation, which is less emphasized in Lean (their book even says that F* typechecking is undecidable). F* programmers frequently talk about the language's emphasis on monadic programming, which I'll admit that I don't understand (but would like to!)

Looking at publications on the home pages for both projects it seems F* results in more practical stuff like hardened cryptography and memory allocation libraries, while Lean presents itself as more of an experiment in developing proof assistants.

> F* is oriented toward verified, effectful functional programming for real-world software, while Lean is geared toward interactive theorem proving and formalizing mathematical theories, though both support dependent types and can serve as general-purpose functional languages in principle.

Lean also started at MSR, and nowadays is bootstraped, they use different approaches.

Looks like it's a predecessor https://www.microsoft.com/en-us/research/project/f7-refineme...

Is Project Everest still going? The GitHub link says that the repo has been archived...

Is it really that much harder to search for than "C", "C++", "C#", "F#", "Go", "Rust", "D"...?

Googling "Fstar programming language" works fine for me.

For a language that touts its practicalities, the name isn't a great start. Although F*lang or F***lang (maybe Foq?) seem like reasonable search proxies.

Just like with "golang", "FStar" is the query if choice. But don't think you'll find much, if the documentation is in the same state as it was two years ago.

...and that looks like someone is swearing.

LLMs are fundamentally probabilistic in nature; I think you could prove things about distributions of outputs but nothing like the kind of formal verification you can create with Lean or Rust.

There’s a few papers in this space but it’s still early days, both using Formal Verification to test outputs of LLMs and using LLMs in formal verification itself

Examples of both:

https://sumitkumarjha.com/papers/2023_ICAA_LLM_Dehallucinati...

https://mathai2023.github.io/papers/28.pdf

An LLM is pretty much a black box. You can’t prove anything meaningful about its output.

You are really comparing apples to oranges here, and to say that trying to apply formal verification to a probabilistic lying machine is silly would be a colossal understatement.

Isn't it a fundamental limitation of LLMs that we can't?

I think it's because (a) it's become a lot easier to create languages and (b) we're stuck.

I am hoping (a) is straightforward. For (b), I think most of us sense at least intuitively, with different strengths, that our current crop of programming languages are not really good enough. Too low-level, too difficult to get to a more compact and meaningful representation.

LLMs have kinda demonstrated the source for this feeling of unease, by generating quite a bit of code from fairly short natural language instructions. The information density of that generated code can't really be all that high, can it now?

So we have this issue with expressiveness, but we lack the insight required to make substantial progress. So we bounce around along the well-trodden paths of language design, hoping for progress that refuses to materialize.

F* is older than a decade. Also it's a research project, so quite different than the random "memory safe" language iteration of the day.

I think it's closer to an availability thing. A lot of businesses used to run on privately built programming languages. And everyone had their own BASIC implementation that wasn't quite compatible with everyone else. But transferring the private language across to someone on the other side of the world was difficult.

It did happen over early things like IRC and the like, but the audience was limited, and the data was ephemeral.

For example, Byte Magazine has an article on writing your own assembler in 1977 [0]: "By doing it yourself you can learn a lot about programming and software design as well as the specs of your own microcomputer, save yourself the cost of program development, and produce a customized language suited to your own needs or fancies."

Programmers have been creating their own languages since the beginning. It's part of why we lean so heavily towards standards - so other people don't break the things we've already built.

[0] https://archive.org/details/best_of_byte_volume_1_1977_06

Neither. It’s always been easy to create a language. What’s been hard is promoting that language.

The things that’s changed is that these days you have a combination of more people using computers plus more convenient forums (like this) for people to promote their new language.

Is there really a proliferation of PLs that hasn't been the case before? I recall many new languages back in 00s as well, it's just that most of them didn't live long enough for people to remember them now.

For that, we'd have to have deterministic outputs from the code generator. Which is exactly what the current prospective AI fields don't do. And what the current LLMs cannot.

I wonder why AI doesn't do this verification already. It's a sufficiently simple routine task that doesn't require great precision.