Show HN: C From Scratch – Learn safety-critical C with prove-first methodology

Seven modules teaching C the way safety-critical systems are actually built: MATH → STRUCT → CODE → TEST.

Each module answers one question: Does it exist? (Pulse), Is it normal? (Baseline), Is it regular? (Timing), Is it trending? (Drift), Which sensor to trust? (Consensus), How to handle overflow? (Pressure), What do we do about it? (Mode).

Every module is closed (no dependencies), total (handles all inputs), deterministic, and O(1). 83 tests passing.

Built this after 30 years in UNIX systems. Wanted something that teaches the rigour behind certified systems without requiring a decade of on-the-job learning first.

MIT licensed. Feedback welcome.

I like the approach; it reminds me of Towards Zero Defect Programming by Allan Stavely and Dijkstra's idea of deriving programs mechanically from their specifications.

Were LLMs used to produce some of the writing? Not sure how to describe it, but it has a certain recognizable writing style (e.g. "The Problem"/"The Solution", lots of bulleted lists with bolded first words, etc.) Readers might appreciate if AI use is disclosed.

It’s definitely AI generated. I suspect much of their portfolio is. See spec.md. Also, the committer’s username is “williamofai”.

Given they have 30 years of what looks to be safety critical UNIX experience, it’s probably not AI. They might come from rigorous fields like medical device engineering where writing and design are continuously audited for spec and standard conformance

> Wanted something that teaches the rigour behind certified systems without requiring a decade of on-the-job learning first.

I've built certified systems (munitions), and the pain of certification is almost always in the process not the coding.

The process is expensive, rigorous and lengthy. It's the process that certifies something good enough to get the stamp for release, not the code design or architecture.

Great content and approach, thank you!

  int64_t age = now - then;  // UNDEFINED BEHAVIOUR if overflow!

  uint64_t age = now - then;  // DEFINED: wraps at 2⁶⁴

Seriously, fuck C. Since this book focuses on safe, reliable, bugfree programs, why not use Rust?

Ya gotta start somewhere, and just about every IC starts at some point with C.

I'm going to go out on a limb and say because rust didn't exist 30 years ago?

Anyhoo... seems interesting. I've been trying to convince Claude to produce a verified JavaCard VM implementation, just for the hell of it, and this probably has a bunch of information to help with that.

[deleted]