undefined | Better HN

0 pointsnv-vn9y ago0 comments

How do these proofs work if code has IO? For example, if I read a number from the command line, how can I know that it's within a certain range? I'm only very familiar with this type of thing through languages with explicit IO (Idris, F* to an extent), so I'm interested in seeing how it works in languages with implicit side effects.

0 comments

abecedarius9y ago

For telling if a number's in a range, it has contracts (called guards).

Effects like I/O have to be explicit: code that wants to do I/O has to be passed an object that can do I/O, it doesn't get any such objects by default at the time it's loaded. Besides this means of control ('capability security') there's also an 'auditors' mechanism for static analysis, e.g. to require some code to have no side effects.

(I'm not endorsing the GP comment; it's not how I would've phrased things. The auditing mechanism does enable proofs, but it was relatively new and experimental, compared to the core capability-security ideas.)

Added: http://erights.org/talks/auditors/index.html

j / k navigate · click thread line to collapse

0 pointsnv-vn9y ago0 comments

0 comments

abecedarius9y ago

For telling if a number's in a range, it has contracts (called guards).

Added: http://erights.org/talks/auditors/index.html

j / k navigate · click thread line to collapse