What was the Lean language used for and why did they replace it?

Question

Answer

Dafny was used to prove the correctness of the Lean implementation which was used to show the correctness of the Rust implementation.

Answer

The Dafny implementation served as an executable specification and could be used as a test oracle for coverage-guided testing of the Rust implementation.

Answer

The problem with heavily automated tools, like Dafny, is "proof brittleness": small changes in the code or theorem prover changes which proofs are accepted.

Answer

With Dafny, they could fairly easily prove the simple properties about the evaluator, such as "deny overrides allow".

Answer

They switched to Lean because it has greater levels of automated theorem proving capabilities powered by large language models.

Crowdly

What was the Lean language used for and why did they replace it?

Want instant access to all verified answers on moodle.ut.ee?