Harvard Architecture Language for Security-Critical Applications
"It’s basically the same thing as an adder" — Where a humble calculator becomes a quantum-ready security language
Julia the Viper is a Harvard Architecture programming language designed to make code injection grammatically impossible. Named after mathematician Julia Robinson (Hilbert’s 10th problem) with a playful nod to "adder" (snake + addition), JtV separates computation into two grammatically distinct channels:
-
Control Language: Turing-complete, imperative (loops, conditionals, I/O)
-
Data Language: Total/provably halting, addition-only expressions
This architectural separation ensures that user-supplied data can never contain control flow — not through runtime validation, but through fundamental grammar design.
Addition is the universal operation across all number systems. Combined with Control loops, it achieves Turing-completeness while maintaining a provable termination guarantee when loops are absent.
Version 2 extends this to reversible computing, enabling quantum algorithm simulation where addition inverts to subtraction in reverse blocks.
# Using Nix (recommended)
nix run github:Hyperpolymath/julia-the-viper
# Or build from source
git clone https://github.com/Hyperpolymath/julia-the-viper.git
cd julia-the-viper
just build
just installCreate hello.jtv:
# Control Language: Turing-complete
Control {
# Data Language: Total (guaranteed halting)
let x = Data { 2 + 3 };
print("Result: " + str(x));
# Loops are Control-only
for i in range(5) {
let doubled = Data { i + i };
print(doubled);
}
}Run it:
jtv run hello.jtvThe killer feature is what you cannot write:
# ❌ GRAMMATICALLY IMPOSSIBLE
Data {
if (user_input) { # ERROR: Control flow in Data context
malicious_code();
}
}Code injection isn’t prevented by careful programming — it’s prevented by making it grammatically impossible to express.
| Traditional Approach | Julia the Viper |
|---|---|
Runtime validation |
Compile-time grammar enforcement |
"Don’t put user input in eval()" |
"User input grammatically cannot contain control flow" |
Security through discipline |
Security through architecture |
Full support for diverse numeric types:
-
Int:42,-17 -
Float:3.14,2.718 -
Rational:1/3,22/7 -
Complex:3+4i,1.5-2.3i -
Hex:0xFF,0xDEADBEEF -
Binary:0b1010,0b11110000 -
Symbolic:pi,e,golden_ratio
All unified under addition operations with automatic type coercion.
# Only Pure Data Functions callable in Data context
pure fn square(x: Int) -> Int {
Data { x + x } # No loops/IO allowed
}
fn impure_calc(x: Int) -> Int {
Control {
print("Calculating..."); # Side effects
Data { x + x }
}
}
Control {
let a = Data { square(5) }; # ✅ OK: Pure function
let b = Data { impure_calc(5) }; # ❌ ERROR: Impure function
}Quantum algorithm simulation through operation inversion:
Control {
let x = Data { 5 + 3 }; # x = 8
reverse {
x = Data { 5 + 3 }; # Inverted: x = 8 - 3 - 5 = 0
}
# x is now back to 0 (identity transformation)
}Enables Bennett’s trick, Grover’s algorithm, and thermodynamically efficient computation per Landauer’s principle.
Example ERC-20 token with provable properties:
Control {
# Balance conservation: Total supply is constant
invariant total_supply == sum(all_balances);
# No reentrancy: Pure Data functions only
# No overflow: Checked arithmetic in Data context
# Guaranteed termination: Totality guarantee
fn transfer(to: Address, amount: Int) {
require(Data { balances[msg.sender] >= amount });
# Atomic state transition
balances[msg.sender] = Data {
balances[msg.sender] + negate(amount)
};
balances[to] = Data { balances[to] + amount };
emit Transfer(msg.sender, to, amount);
}
}| Smart Contracts |
Provable security properties (no reentrancy, overflow, or injection) |
| Legacy System Retrofitting |
Extract pure computation from Python/PHP/JS codebases |
| Quantum Algorithm Development |
Simulate reversible quantum operations |
| Educational Tool |
Teach Harvard Architecture and formal security models |
| Safety-Critical Systems |
Formal guarantees for aerospace, medical, financial systems |
| Component | Description |
|---|---|
Parser |
Pest combinator parser enforcing Harvard Architecture |
Interpreter |
7 number systems with MAX_ITERATIONS protection |
Standard Library |
105+ pure functions across 4 modules |
Examples |
17 programs (basic, advanced, smart contracts) |
Tooling |
CLI, VS Code extension, TypeScript analyzer |
Documentation |
20,000+ words (guides, specifications, vision docs) |
Status: 80% Complete ✅
| Feature | Description |
|---|---|
Reversible Computing |
|
Quantum Simulation |
Unitary transformations, superposition, entanglement |
Purity Enforcement |
Compiler rejects impure functions in Data context |
Advanced Types |
Type inference, generic functions, algebraic types |
Module System |
Import resolution, dependency management |
Status: Specification Complete, Implementation Pending
|
Important
|
Master v1 before approaching v2. See GRAMMAR_EVOLUTION.md for rationale. |
Julia the Viper offers tri-licensing to maximize freedom:
SPDX-License-Identifier: PMPL-1.0 OR GPL-3.0-or-later OR Palimpsest-0.8You may choose any of:
-
Palimpsest-MPL-1.0 License: Maximum permissiveness, simple attribution
-
GPL-3.0+: Copyleft, share-alike requirements
-
Palimpsest 0.8 (philosophically encouraged): Ethical, politically autonomous licensing
See LICENSING.md for guidance on choosing the right license for your use case.
Julia the Viper implements graduated trust perimeters:
-
Perimeter 1 (Core): Maintainer-only, highest security
-
Perimeter 2 (Trusted Contributors): Vetted contributors, moderate security
-
Perimeter 3 (Community Sandbox): Public, open contribution (current state)
We are actively seeking founding maintainers and trusted contributors. See TPCF.md for details.
We follow the Contributor Covenant 2.1 with emotional safety addendum. See CODE_OF_CONDUCT.adoc.
Found a vulnerability? See .well-known/security.txt and SECURITY.md for responsible disclosure.
| Quick Start Guide |
Installation, first programs, examples |
| Development Roadmap |
Phases, milestones, success metrics |
| Grammar Evolution |
v1 vs v2 architectural decisions |
| Quantum Vision |
Reversible computing and quantum algorithms |
| AI Assistant Handover |
Project context for Claude/GPT agents |
| Contributing Guide |
How to get involved |
| Security Policy |
Vulnerability reporting and guarantees |
| Changelog |
Version history and migration guides |
Julia the Viper uses Just (not Make):
just --list # Show all commands
just build # Build all packages
just test # Run tests
just build-wasm # Compile to WebAssembly
just validate # Check RSR compliance
just fmt # Format code
just lint # Run Clippy lintsFull Nix flake support:
nix develop # Enter development shell
nix build # Build packages
nix run .#jtv-cli # Run CLI directlyjulia-the-viper/
├── packages/
│ ├── jtv-lang/ # Core Rust implementation
│ │ ├── src/
│ │ │ ├── parser.rs # Pest grammar parser
│ │ │ ├── interpreter.rs # Execution engine
│ │ │ ├── number.rs # 7 number systems
│ │ │ └── ast.rs # Abstract syntax tree
│ │ ├── stdlib/ # 105+ pure functions
│ │ └── tests/ # 40+ test cases
│ └── jtv-analyzer/ # TypeScript/Deno code analyzer
├── tools/
│ ├── cli/ # Command-line interface
│ └── vscode-extension/ # VS Code support
├── examples/
│ ├── basic/ # Hello world, tutorials
│ ├── advanced/ # Fibonacci, matrix ops
│ └── contracts/ # Smart contracts (ERC-20, NFT, DAO)
├── docs/ # Comprehensive documentation
└── .well-known/ # RFC 9116 security.txt, etc.Julia the Viper achieves Gold level (93%) in the Rhodium Standard Repository framework:
jtv rsr-check
# Score: 42/45 (93%)
# Grade: 🥈 Gold✅ Complete documentation suite
✅ RFC 9116 compliant security.txt
✅ TPCF governance model
✅ Dual licensing (MIT + Palimpsest)
✅ Nix reproducible builds
✅ GitLab CI/CD pipeline (check, test, build, deploy)
✅ No unsafe Rust code in core
✅ Offline-first (no network dependencies)
| Q1 2025 |
v1.0 stable release, WASM playground, LSP server |
| Q2 2025 |
v2.0 beta (reversible computing), formal verification tooling |
| Q3 2025 |
Smart contract auditing framework, IDE plugins |
| Q4 2025 |
Quantum algorithm library, performance optimizations |
See ROADMAP.md for detailed milestones and success metrics.
The name honors Julia Robinson (1919-1985), mathematician who contributed to solving Hilbert’s tenth problem. "Viper" playfully references:
-
Adder: A snake, also a calculator
-
Addition-only: The core Data Language operation
-
Security: Venomous to code injection attacks
The tagline "It’s basically the same thing as an adder" embraces the humble pseudocode origins while acknowledging the sophisticated security model.
JtV embraces wordplay:
Q: Why addition-only?
A: It’s universal with Control loops, yet provably halts without them.Q: Isn’t that limiting?
A: You can implement multiplication, division, exponentiation… all through addition + loops.Q: Why not just use Rust/Haskell/Coq?
A: Legacy systems need retrofitting, not rewrites.
Maintain this lighthearted spirit while ensuring rigorous implementation.
| GitHub | |
| Documentation | |
| Security | |
| Governance |
Julia the Viper builds on decades of research:
-
Julia Robinson: Hilbert’s tenth problem (namesake)
-
Charles Bennett: Reversible computing, Bennett’s trick
-
Rolf Landauer: Landauer’s principle (thermodynamics of computation)
-
Harvard Mark I: Harvard Architecture (1944)
-
Lov Grover & Peter Shor: Quantum algorithms
See .well-known/humans.txt for complete credits.
Copyright (c) 2025 Julia the Viper Contributors
This project is tri-licensed. You may use it under the terms of any of the following licenses:
-
Palimpsest-MPL-1.0 License (LICENSE-MIT)
-
GNU General Public License v3.0 or later (LICENSE)
-
Palimpsest License v0.8 (LICENSE-PALIMPSEST)
The Palimpsest license is philosophically encouraged for its ethical and politically autonomous approach.
🐍 Remember: Code injection isn’t prevented by careful programming — it’s prevented by making it grammatically impossible to express. 🐍
Built with Harvard Architecture • Powered by Addition • Secured by Grammar
