- Functional language
- Proven-correct compiler
- Able to bootstrap itself

```
fun yes = (print "yes"; yes)
```

### ðŸ’¥?

`evaluate (prog,s) = (res,s')`

```
state = <| locals : v num_map
; stack : stack list
; refs : v ref num_map
...
|>
```

`evaluate (prog,s) = (res,s')`

```
state = <| locals : v num_map
; stack : stack list
; refs : v ref num_map
; limits : limits
; safe_for_space : bool
...
|>
```

```
safe_for_space :=
s.safe_for_space
âˆ§ size_of_heap s <= s.limits.heap_limit
âˆ§ size_of_stack s <= s.limits.stack_limit
```

- At every allocation
- At every function call

```
is_safe s prog =
let (res,s') = evaluate (prog,s)
in s'.safe_for_space
```

`is_safe(prog)`

` ==> `

`sem(CakeML)`

`<->`

`sem(machine)`