｢‍｣ Lingenic

Space

formally verifiablecompiles to bare metalwrite in space, deploy on earththere is not one universecompile in space, deploy in spacemany universes, in present timewrite in space, deploy in spaceproven safe at compile timecompile in space, deploy on earthmemory safety without overheadcertification readymachine code, any platform

Space is a formally verifiable programming language. Proven safe at compile time. Compiles to machine code.

Toolchain

Space code compiles to SPARK, a safety-critical language used in aerospace and mission-critical industries. GNATprove proves your program is free of entire classes of bugs. Then GNAT, a production compiler with 30 years of optimization, outputs machine code for Linux, macOS, Windows, or bare metal.

Future: On-Target Compilation

Some spacecraft run Forth — processors like the RTX2010 execute it directly. Space is designed for similar capability: a verified compiler small enough for embedded hardware. Write in Space, compile in space.

1. Universes as Semantic Constructs

Other languages have memory pools, arenas, regions, actors. These are allocation strategies or isolation mechanisms.

Space has universes: isolated memory regions with their own stack, their own discipline, and their own lifetime semantics.

1024 linear create-universe as scratch
    \ This is a self-contained world
    \ Nothing escapes. Nothing leaks in.
end-universe scratch

A universe isn't a memory pool. It's a bounded context of meaning. Pointers inside have significance. Outside, those same bits are meaningless — addresses into void.

No other language treats isolation as a semantic primitive.

2. Self-Destructing Linear Universes

Linear types exist in Rust, Clean, Linear Haskell, ATS. But in all these systems, you track individual values.

Space tracks whole universes. A linear universe self-destructs when its obligations are fulfilled — when the stack empties.

1024 linear create-universe as temp
    42 push
    pop        \ obligation fulfilled
end-universe   \ universe already gone — this acknowledges it

No explicit free. No destructor call. No reference count hitting zero. Completion itself is the cleanup.

The end-universe doesn't destroy anything. It witnesses what has already happened.

No other language has self-destructing execution contexts.

3. Disciplines at the Container Level

Substructural type systems (linear, affine, relevant, ordered) are typically applied to individual values.

Space applies disciplines to universes:

This is coarser-grained but simpler to reason about. You don't track whether each variable is linear. You track whether the whole context is linear.

No other language applies substructural disciplines at the container level.

4. Warps: Navigation Without Addresses

Every language with pointers gives you addresses. When you traverse a data structure, you hold a pointer to your current position. That pointer can escape. It can be stored. It can outlive its validity.

Space has warps: you enter a data structure and navigate, but you never hold a pointer to where you are.

ptr warp-into as w
    w warp-fetch      \ read current position
    1 w warp-advance  \ move forward
    w warp-follow     \ follow a reference
end-warp w            \ must close — warp is linear

Inside a warp you can see the current value, move to adjacent positions, follow references. But you cannot extract your current address. The position exists only within the warp context.

This is traversal without mapping. You can explore a data structure without creating a map of where you've been.

No other language separates navigation from addressing.

5. O(1) Grapheme-Native Text

Text representations in existing languages:

Space stores grapheme clusters — what users perceive as characters — with O(1) random access.

A family emoji (👨‍👩‍👧‍👦) is 25 bytes in UTF-8, 11 UTF-16 code units, 7 code points — but 1 grapheme. Space indexes by graphemes. Position 0 is the whole family emoji.

No other systems language has O(1) grapheme-indexed text.

6. Verification by Design

Other verified languages (SPARK, Dafny, F*) are powerful languages with proofs bolted on.

Space inverts this: it's a simple language where verification falls out naturally.

The design question wasn't "how do we verify this feature?" It was "what features can we have while keeping verification tractable?"

• Universe isolation → data-flow analysis becomes local
• Linear disciplines → resource tracking is trivial
• No hidden control flow → call graph is static
• Stack-based execution → no aliasing through references

The constraints aren't limitations. They're the architecture.

The Combination

Individual features have partial analogues elsewhere:

The combination is new. Each piece reinforces the others:

• Stack execution makes linearity natural (values are consumed)
• Universe isolation makes parallelism safe (no shared mutable state)
• Disciplines make resource management automatic (no explicit free)
• Warps make traversal safe (no dangling internal pointers)
• Verification makes all of this trustworthy (proofs, not tests)

Why This Matters

Space demonstrates that:

• Verification doesn't require complexity. Simple languages can have strong guarantees.
• Memory safety doesn't require garbage collection. Linear universes are zero-overhead.
• Parallelism doesn't require locks. Isolation proofs enable lock-free concurrency.
• Text handling doesn't require O(n) scanning. Grapheme representation makes O(1) access possible.

The unique features aren't arbitrary. They're answers to the question: what's the simplest possible system that can be verified, parallel, Unicode-correct, and suitable for safety-critical use?