{"id":13610748,"url":"https://github.com/magmide/magmide","last_synced_at":"2025-10-08T15:43:05.473Z","repository":{"id":38219079,"uuid":"289386044","full_name":"magmide/magmide","owner":"magmide","description":"A dependently-typed proof language intended to make provably correct bare metal code possible for working software engineers.","archived":false,"fork":false,"pushed_at":"2024-04-01T17:04:19.000Z","size":40422,"stargazers_count":822,"open_issues_count":0,"forks_count":13,"subscribers_count":52,"default_branch":"main","last_synced_at":"2025-04-04T05:08:44.451Z","etag":null,"topics":["coq","dependent-types","formal-methods","formal-verification","logic","systems-programming","type-safety","verification"],"latest_commit_sha":null,"homepage":"","language":"Coq","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/magmide.png","metadata":{"files":{"readme":"README.future.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":null,"code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null},"funding":{"github":["blainehansen"]}},"created_at":"2020-08-21T23:47:21.000Z","updated_at":"2025-04-04T03:34:09.000Z","dependencies_parsed_at":"2024-04-16T08:43:24.557Z","dependency_job_id":null,"html_url":"https://github.com/magmide/magmide","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/magmide%2Fmagmide","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/magmide%2Fmagmide/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/magmide%2Fmagmide/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/magmide%2Fmagmide/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/magmide","download_url":"https://codeload.github.com/magmide/magmide/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248681493,"owners_count":21144700,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["coq","dependent-types","formal-methods","formal-verification","logic","systems-programming","type-safety","verification"],"created_at":"2024-08-01T19:01:47.608Z","updated_at":"2025-10-08T15:43:05.412Z","avatar_url":"https://github.com/magmide.png","language":"Coq","funding_links":["https://github.com/sponsors/blainehansen"],"categories":["Uncategorized"],"sub_categories":["Uncategorized"],"readme":"# Magmide\n\n\u003e Correct, Fast, Productive: pick three.\n\nMagmide is the first language built from the ground up to allow software engineers to productively write extremely high performance software for any computational environment, logically prove the software correct, and run/compile that code all within the same tool.\n\nThe goal of the project is to spread the so-far purely academic knowledge of software verification and formal logic to a broad audience. It should be normal for engineers to create programs that are truly correct, safe, secure, robust, and performant.\n\nThis file is a \"by example\" style reference for the features and interface of Magmide. It doesn't try to explain any of the underlying concepts, just document decisions, so you might want to read one of these other resources:\n\n- If you want to be convinced the goal of this project is both possible and necessary, please read [What is Magmide and Why is it Important?]()\n- If you want to learn about software verification and formal logic using Magmide, please read [Intro to Verification and Logic with Magmide]().\n- If you want to contribute and need the nitty-gritty technical details and current roadmap, please read [The Technical Design of Magmide]().\n\n## Install and Use\n\nMagmide is heavily inspired by Rust and its commitment to ergonomic tooling and straightforward documentation.\n\n```bash\n# install magmide and its tools\ncurl --proto '=https' --tlsv1.2 -sSf https://sh.magmide.dev | sh\n\n# create a new project\nmagmide new hello-world\ncd hello-world\n\nmagmide check \u003centry\u003e\nmagmide run\nmagmide build\n```\n\n## Syntax\n\nHere's what we can do\n\ncalling is just placing things next to each other with no commas. an *explicit* comma-separated list is always a tuple, which is why function arguments are always specified that way\npiping style calling uses `\u003efunctionname`. it seems that because of precedence and indentation rules which expressions are function names is always inferable?\nthis works inline too, so `data\u003efunctionname` or `data \u003einfix something`\n`\u003e\u003e arg arg2; expr` defines an anonymous function and immediately calls it in piping style. `\u003e\u003e;` is then the equivalent of your old `do` idea\n`--` is the \"bumper\" for an indented expression\nthe sections of keywords are delimited by semicolons\nnested function calls are just indented since function calling is\n`/` is the *keyword continuation operator*, so all keywords, even possibly multi-line ones, can be defined metaprogramatically within the language\n\n```\nif yo; --\n  function_name arg arg\n  \u003ewhatevs\n  \u003eanother thing\n  \u003e\u003e something; yo different something\n  \u003e\u003e hm; abb \u003ehm diff\n/elif yoyo; whatevs\n/else; dude\n\nif yo; yoyo /else; dude\n\nlet thingy = if some \u003ewhatevs hmm; dude /else; yo\n```\n\npiping custom keywords can be done with a leading `;`? and standalone statement style ones are something else like `$`?\ncustom keywords are called with a leading `;`? so something like `;route_get yoyo something; whatevs /err; dude`\n\ncalling macros/known functions is indicated with something like a `~` or just the backtick thing? which means it can be done\n\ninclude the \"backpassing\" idea? or simplify it by somehow creating an \"implicit callback defining pipe operator?\" such as `\u003e\u003e\u003e`?\n\n\n\n\n\n\nMagmide is whitespace/indentation sensitive.\nAnywhere a `;` can be used an opening indent can be used *additionally*.\nAnywhere a `,` can be used a newline can be used *instead*.\nThe `:` operator is always used in some way to indicate type-like assertions.\nPrecedence is decided using nesting with parentheses or indentation and never operator power.\n\"Wrapping\" delimiters are avoided.\n\"Pipeability\" is strongly valued.\nOperators are rarely used to represent actions that could be defined within the language, and instead prioritize adding new capabilities.\n\n```\n// defining computational types\ndata Unit\ndata Tuple;\n\n\ndata Macro (S=undefined);\n  | Block; BlockMacroFn\n  | Function; FunctionMacroFn\n  | Decorator; DecoratorMacroFn\n  | Import; ImportMacroFn(S)\n\n\nalias SourceChannel S; Dict\u003cS\u003e -\u003e void\n\nfn non_existent_err macroName: str; str, str;\n  return \"Macro non-existent\", \"The macro \"${macroName}\" doesn't exist.\n\nfn incorrect_type_err\n  macroName: str\n  macroType: str\n  expectedType: str\n;\n  str\n  str\n;\n  return \"Macro type mismatch\", \"The macro \"${macroName}\" is a ${macroType} type, but here it's being used as a ${expectedType} type.\"\n\ndata CompileContext S;\n  macros: Dict(Macro(S))\n  fileContext: FileContext\n  sourceChannel: SourceChannel(S)\n  handleScript: { path: str source: str } -\u003e void\n  readFile: str -\u003e str | undefined\n  joinPath: ..str -\u003e str\n  subsume: @T -\u003e SpanResult\u003cT\u003e -\u003e Result\u003cT, void\u003e\n  Err: (ts.TextRange, str, str) -\u003e Result\u003cany, void\u003e\n  macroCtx: MacroContext\n\ndata MacroContext;\n  Ok: @T, (T, SpanWarning[]?) -\u003e SpanResult\u003cT\u003e\n  TsNodeErr: (ts.TextRange, str, ..str) -\u003e SpanResult\u003cany\u003e\n  Err: (fileName: str, title: str, ..str) -\u003e SpanResult\u003cany\u003e\n  tsNodeWarn: (node: ts.TextRange, str, ..str[]) -\u003e void\n  warn: (str, str, ..str[]) -\u003e void\n  subsume: @T, SpanResult T -\u003e Result T, void\n\n\ndata u8; bitarray(8)\n\nideal Day;\n  | monday | tuesday | wednesday | thursday\n  | friday | saturday | sunday\n\n  use Day.*\n\n  rec next_weekday day: Day; match day;\n    monday; tuesday, tuesday; wednesday, wednesday; thursday, thursday; friday\n    friday; monday, saturday; monday, sunday; monday\n\nideal Bool;\n  | true\n  | false\n\n  use Bool.*\n\n  rec negate b: Bool :: bool;\n    match b;\n      true; false\n      false; true\n\n  rec and b1: bool, b2: bool :: bool;\n    match b1;\n      true; b2\n      false; false\n\n  rec or b1: bool, b2: bool :: bool;\n    match b1;\n      true; true\n      false; b2\n\n  impl core.testable;\n    rec test b: Bool :: bool;\n      match b; true; testable.true, false; testable.false\n\n  rec negate_using_test b: Bool :: bool;\n    test b;\n      false\n      true\n\n\nideal IndexList\u003cA: ideal\u003e :: nat;\n  | Nil :: IndexList(0)\n  | Cons :: @n A IndexList(n) -\u003e IndexList(n;next)\n\n  rec append n1, ls1: IndexList(n1), n2, ls2: IndexList(n2) :: IndexList(n1 ;add n2);\n    match ls1;\n      Nil; ls2\n      Cons(_, x, ls1'); Cons(x, append(ls1', ls2))\n\nprop even :: nat;\n  | zero: even(0)\n  | add_two: @n, even(n) -\u003e even(n;next;next)\n\n  use even.*\n  thm four_is: even(4); prf;\n    + add_two; + add_two; + zero\n\n  thm four_is__next: even(4); prf;\n    + (add_two 2 (add_two 0 zero))\n\n  thm plus_four: @n, even n -\u003e even (4 ;add n); prf;\n    =\u003e n; \u003e\u003e; =\u003e Hn;\n    + add_two; + add_two; + Hn\n\n  thm inversion:\n    @n: nat, even n -\u003e (n = 0) ;or (exists m; n = m;next;next ;and even m)\n  ; prf;\n    =\u003e n [| n' E']\n      left; _\n      --\n        right; exists n'; split\n        _; + E'\n\n```\n\n\n\n## Metaprogramming\n\n## Interactive Tactic Mode\n\n\n\n## Module system\n\n```\n// use a module whose location has been specified in the manifest\n// the manifest is essentially sugar for a handful of macros\nuse lang{logic, compute}\n\n// the libraries 'lang', 'core', and 'std' are spoken for. perhaps though we can allow people to specify external packages with these names, we'll just give a warning that they're shadowing builtin modules\n\n// use a local module\n// files/directories/internal modules are all accessed with .\n// `__mod.mg` can act as an \"module entry\" for a directory, you can't shadow child files or directories\n// the `mod` keyword can create modules inside a file, you can't shadow sibling files or directories\n// `_file.mg` means that module is private, but since this is a verified language this is just a hint to not show the module in tooling, any true invariants should be fully specified with `\u0026`\nuse .local.nested{thing, further{nested.more, stuff}}\n\n// can do indented instead\nuse .local.nested\n  thing\n  further{nested.more, stuff}\n  whatever\n    stuff.thingy\n\n// goes up to the project root\nuse ~local.whatever\n\n// the module system allows full qualification of libraries, even to git repositories\n// the format 'name/something' defaults to namespaced libraries on the main package manager\n// a full git url obviously refers to that repo\nuse person/lib.whatever\n\n// the above could be equivalent to:\nlet person_lib = lang.pull_lib$(git: \"https://github.com/person/lib\")\nuse person_lib.whatever\n```\n\n\n```\nuse lang.{ logic, compute }\n\n// all inductive definitions use the `ind` keyword\n// the different kinds of types are included by default and automatically desugared to be the more \"pure\" versions of themselves\n\n// a union-like inductive\nind Day\n  | monday | tuesday | wednesday | thursday\n  | friday | saturday | sunday\n\n// a record-like inductive\nind Date\n  year: logic.Nat\n  month: logic.Nat \u0026 between(1, 12)\n  day: logic.Nat\n\n// a tuple-like inductive\nind IpAddress; logic.Byte, logic.Byte, logic.Byte, logic.Byte\n\n// the same as above but with a helper macro\nind IpAddress; logic.tuple_repeat(logic.Byte, 4)\n\n// a unit-like inductive\nind Unit\n\nrec next_weekday day\n  // bring all the constructors of Day into scope\n  use Day.*\n  match day\n    monday; tuesday, tuesday; wednesday, wednesday; thursday, thursday; friday\n    friday; monday, saturday; monday, sunday; monday\n\n\nlet next_weekday_computable = compute.logic_computable(next_weekday)\nlet DayComputable = compute.type(next_weekday_computable).args[0].type\n\ndbg next_weekday_computable(DayComputable.monday)\n// outputs \"Day.tuesday\"\n\n\n// what if we were define the above types and function in the computable language?\n// it's as simple as changing \"ind\" to \"type\", \"rec\" to \"fn\", and ensuring all types are computable\n// all of these \"creation\" keywords are ultimately just some kind of sugar for a \"let\"\n\ntype Day\n  | monday | tuesday | wednesday | thursday\n  | friday | saturday | sunday\n\ntype Date\n  year: u16\n  month: u8 \u0026 between(1, 12)\n  day: u8\n\ntype Name; first: str, last: str\n\ntype Pair U, T; U, T\n\ntype IpAddress; u8, u8, u8, u8\n\ntype IpAddress; compute.tuple_repeat(u8, 4)\n\ntype Unit\n\nfn next_weekday day\n  use Day.*\n  // a match implicitly takes discriminee, arms, proof of completeness\n  match day\n    monday; tuesday, tuesday; wednesday, wednesday; thursday, thursday; friday\n    friday; monday, saturday; monday, sunday; monday\n\n// now no need to convert it first\ndbg next_weekday(Day.monday)\n// outputs \"Day.tuesday\"\n```\n\nIn general, `;` is an inline delimiter between tuples, and `,` is an inline delimiter between tuple elements. Since basically every positional item in a programming language is a tuple (or the tuple equivalent record), the alteration of these two can delimit everything. Note these are only *inline* delimiters, indents are the equivalent of `;` and newlines are the equivalent of `,`.\nWhy `;`? Because `:` is for type specification.\n\n`==` is for equality, and maps to the two different kinds of equality if it's used in a logical or computational context.\n\n\n### trait system in host magmide\ndon't need an orphan rule, just need explicit impl import and usage. the default impl is the bare one defined alongside the type, and either you always have to manually include/specify a different impl or its a semver violation to add a bare impl alongside a type that previously didn't have one\n\n\n\n### example: converting a \"logical\" inductive type into an actual computable type\n\n### example: adding an option to a computable discriminated union\n\n### example: proving termination of a\n\n## The embedded `core` language\n\n\n## Testing\n\ntalk about quickcheck and working up to a proof\n\n## Metaprogramming\n\nKnown strings given to a function\nKeyword macros\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmagmide%2Fmagmide","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmagmide%2Fmagmide","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmagmide%2Fmagmide/lists"}