|
|
|
|
|
|
by 4ad
377 days ago
|
|
|
Dafny is great, and has some advantages compared to its competitors, but unequivocally calling it "the best" is quite bullish. For example, languages using dependent types (F*, ATS, Coq/Adga/Lean) are more expressive. And there are very mature systems using HOL. Truth is that everything involves a tradeoff, and some systems are better than others at different things. Dafny explores a particular design space. Hoare-style invariants are easier to use than dependent types (as long as your SMT solver is happy, anyway) but F* also has that, except that in F* you can also use dependent types when automatic refinement proofs become inadequate. And F* and ATS can target low-level, more so than Dafny. Probably I would not use ATS for anything, but between F* and Dafny, there isn't such a clear cut (I'd most likely use F*). And if I don't need (relatively) low-level, I wouldn't use either. |
|
|
I'm currently using Lean myself, but Agda's probably going to win out longer term for me simply because it compiles to GHC Haskell.