dc iv.

Formality

Victor Maia
Leonardo Souza

!1 devcon iv
 Thesis: crypto browsers will rise soon

Computers Windows, OSX, Linux ...

The Internet Chrome, Safari, Firefox, Edge …

Smartphones Android, iOS, Windows …

Ethereum Mist ...

!2 devcon iv
 Moon Project
Finding the best UX for Ethereum

!3 devcon iv
!4 devcon iv
!5 devcon iv
!6 devcon iv
 A small problem...

!7 devcon iv
 Idris Agda Coq Isabelle

Consistent? No (bug) No (bug) Probably Probably

Small spec? Maybe? No Maybe? Maybe?

Fast (no GC)? Not yet? No No No

Integration Complex Complex Complex Complex

!8 devcon iv
 High Level Fast
Formal Proofs No GC

Idris Solidity?

Agda Coq ? Rust C++

Haskell? C Vyper?

Isabelle Fortran
!9 devcon iv
 Formality
High-level functional language

Featuring formal proofs

Non-garbage collected

EVM and GPU targeting

Simplicity (2k-LOC; implement it!)

Potential to be very fast!

!10 devcon iv
 -- Natural number

data Nat : Type

| succ : (n : Nat) -> Nat

| zero : Nat

-- Vector with known length


data Vect : (A : Type, n : Nat) -> Type

| cons : (A : Type, n : Nat, x : A, xs : Vect(A, n)) -> Vect(A, Nat.succ(n))

| nil : (A : Type) -> Vect(A, Nat.zero)

-- Equality

data Eq : (A : Type, x : A, y : A) -> Type

| refl : (A : Type, x : A) -> Eq(A, x, x)

!11 devcon iv
-- Doubles a number

let double(a : Nat) =>

case a

| succ(pred) => Nat.succ(Nat.succ(fold(pred)))

| zero => Nat.zero

: Nat

-- Type-safe head

let head(A : Type, n : Nat, vect : Vect(A, Nat.succ(n))) =>

case vect

| cons(A, n, x, xs) => x

| nil(A) => Unit.void

: (A, n) => HeadOf(A, n) 



-- Proof that 'a == b' implies 'b == a'

let sym(A : Type, a : A, b : A, e : Eq(A, a, b)) =>

case e

| refl(A, x) => Eq.refl(A, x)

: (A, a, b) => Eq(A, b, a)
devcon iv
 How fast?

!13 devcon iv
// Array with 100 zeros
var nums = Array(100).fill(0);

// Increments all numbers 2^20 times

for (var i = 0; i < Math.pow(2, 20); ++i) {
nums = nums(x => x + 1);
}

// Outputs result
console.log(JSON.stringify(nums));

devcon iv
 List.map (high-level code)

9.09s 23.4s 0.29s

JavaScript (V8) Haskell (GHC) Formality

It already beats every mainstream languages on very high-level code!

http://bit.do/formality-benchmarks
!15 devcon iv
// Immutable list of 32 bits (zeros)
var bits = [0,[0,[0,[0...,[0,[0,[]]]]]]];

// Flips all bits

function flip(bits) {
switch (bits[0]) {
case 0 : return [1, flip(bits[1])];
case 1 : return [0, flip(bits[1])];
default : return [];
}
}

// Flips all bits 2^20 times

for (var i = 0; i < Math.pow(2, 20); ++i) {
bits = flip(bits);
}

// Prints result
console.log(JSON.stringify(bits));

devcon iv
 Bits.flip (low-level code)

0.84s 2.87s 66.4s

JavaScript (V8) Haskell (GHC) Formality

In low-level code, though, it lags behind, as it is still interpreted!

http://bit.do/formality-benchmarks
!17 devcon iv
 Bits.flip (low-level code)

0.84s 2.87s 13.2s

JavaScript (V8) Haskell (GHC) Formality (GPU)

But there is a lot of potential!

http://bit.do/formality-benchmarks
!18 devcon iv
 Faster than Haskell?

Functional with no GC?

How?

GPU runtime?

EVM compilation?

!19 devcon iv
 Mathematics

!20 devcon iv
 The four axis of Formality

Lazy Clones
Linear Types
Unlike Rust, values can be cloned with no
Like Rust, values can only exist in one place at the
costs, making linearity much less painful, as we
same time, making garbage collection
don't need borrows. That is possible because
unnecessary: memory is freed when values go out
copies are made lazily.
of scope!

Beta Optimality Strong Confluency

Functions are reduced optimally. This allows an Evaluation is strongly confluent: the order of
insane amount of runtime fusion to happen, execution doesn't change the required work to
breaking down, bloated, high-level code into small, complete the computation. This allows reductions
lightweight computations. to take place in any order, even in parallel!

!21 devcon iv
 A new model of computation Lambda
Calculus
Turing
Machine
Interaction
Combinators

Simple? Yes Yes Yes

Complete? Yes Yes Yes

Fast? No Yes Yes

High-Level? Yes No Yes

Parallel? Somewhat No Yes

http://bit.do/icomb
!22 devcon iv
 High Level Fast
Formal Proofs No GC

Idris Solidity?

Agda Coq Formality Rust C++

Haskell? C Vyper?

Isabelle Fortran
!23 devcon iv
 20xx?

FVM (Formality blockchain?)

FPU (Formality ASICs?)
F3D (Formality game engine?)
Tactics / Proof Search
Real users
!24 devcon iv
 What about Cedilleum...?

github.com/astump/cedilleum-spec

!25 devcon iv
 Contact us!

Victor Maia Leonardo Souza Aaron Stump

victor.maia@ethereum.org leonardo@ethereum.org aaron-stump@uiowa.edu

/MaiaVictor /LeonardoSTSouza /AStump

/MaiaVictor /LSTSouza homepage.divms.uiowa.edu/

~astump/

github.com/MaiaVictor/Formality

!26 devcon iv
 Contact us!

Victor Maia Leonardo Souza

victor.maia@ethereum.org leonardo@ethereum.org

/MaiaVictor /LeonardoSTSouza

/MaiaVictor /LSTSouza

github.com/MaiaVictor/Formality

!27 devcon iv