Show HN: Xr0 – Vanilla C Made Safe with Annotations (xr0.dev)
Xr0 is a new static analyser that aims to make it possible to write vanilla C and get the same safety guarantees that are available other higher-level languages.
We've been working on Xr0 for the past couple of months and are excited to share an early prototype.
@betz47 and I are here to answer any questions.
14 comments
[ 3.9 ms ] story [ 142 ms ] threadI can make even languages such as Java leak memory even though it shouldn't be possible, nominally, so just knowing that something is returning heap-allocated memory somehow doesn't seem to help much.
But I have only skimmed the page, so hopefully I am wrong!
Does code using the annotations compile as is?
What's most distinctive about Xr0 is it's built to be reliant on the programmer to structure the code in a way that is amenable to verification of safety. Another unique thing is that the annotation language is C-like and should be easy to pick up for programmers.
The code will compile if the annotations are stripped, and we'll have a command to do this soon.
void alloc1() //[ .alloc result; ]
{
}Then it will be unnecessary to strip annotations.
The advantage of putting the annotations in comments is C compilers can compile the code right away, which may make it easier for existing projects to adopt it.
The disadvantage is that the annotations become second-class citizens, and will never feel native. Placing them in comments also means that they cannot have their own comments unless we introduce another comment sequence for the annotation environment. Again, it means that we can't use the preprocessor, so conditional compilation is impossible.
So basically, we're trading some compatibility for nicer, native-like source. For us, "beauty is the first test", and we believe that there's no way for the source to be beautiful if we put the annotations in comments.
That said, I do agree with your concerns around first-class-ness of syntax annexes for language extensions.
The main advantage of using some form of hack exploiting comments is that the existing ecosystem (syntax-highligters, code formatters, auto completion, ...) would keep working. But how code auto formatters would work depend on the details. E.g. I didn't try how would popular auto formatters handle the example above.