← Back to context

Comment by hgoel

15 hours ago

Presumably an analyzer that makes it an error to not have an immediately traceable zero check.

C# can do something similar with null references. It can require you to indicate which arguments and variables are capable of being null, and then compiler error/warning if you pass it to something that expects a non-null reference without a null check.

14 comments

hgoel

Reply
hyperhello  14 hours ago

But that’s because null is a static type. Zero isn’t a static type. How can I know if a calculation produces zero if I can’t predict the result of it at compile time?

  • cjbgkagh  13 hours ago

    Post type check analyzers can work with more than just the type information, you can really do whatever you want at this stage. The normal highly optimized type checker handles the bulk of the checking and the post type check analyzers can work on the residual. You wouldn’t type check a file that doesn’t parse, and you wouldn’t run the analyzers on code that doesn’t type check.

    The problem is these checks can be rather slow and people don’t want to wait a long time for their type checking and analyzers to finish. But LLMs can both wait longer and by internalizing the logic can reduce the number of times it will need to trigger them.

    Edit: I’ll need to examine this project to know where (or if) they draw the distinction between normal type checking and a post type check analyzer. If they blend the two and throw the whole thing into Z3 it’ll work but it’ll be needlessly slow.

    Edit: What I’m calling a post type check anyalizer they’re calling a contract verifier and it’s a distinct stage with ‘check’ (type check) then ‘verify’ (Z3).

  • hgoel  14 hours ago

    I think it's about if there's a possibility of it being zero. Of course there's no way to tell at compile time that a value will definitely be zero.

    So, in pseudocode

    int div(int a, int b): return a / b;

    Would probably be a compile time error, but

    int div(int a, int b): return b == 0 ? ERR : (a /b);

    Would not, or at least that's what I'd expect.

    • rdevilla  13 hours ago

      > Of course there's no way to tell at compile time that a value will definitely be zero.

      Yes there is. Dependently typed languages like Idris can inspect terms at the value-level during compile time. Rather, instead of proving that the divisor will be zero, you must instead statically prove that the divisor cannot be zero; otherwise the code will not typecheck.

      9 replies →