A programming language that brings high-level code, secure boundaries, low-level control, and native execution into one model
Documentation + Installation + Quick Start + VS Code Extension + Benchmarks + Contributing
X is designed so code can be read directly from program intent while still reaching memory, syscalls, FFI, and native output when needed. The key point is allowing high-level and low-level code to live together without hiding ownership or safety boundaries behind the runtime.
Why X Is Different
- Memory modes:
@high,@secure, and@lowchange the rules for the source that follows them. They are not annotations that affect only one line. - Formula numeric spaces: low-level code can write numeric widths directly with
num[bits],numu[bits], andnumf[bits]instead of relying on a fixed list of type names. - Human-first syntax: Names like
say,listen,track,pulse, anddriftare quick to read from intent, without forcing beginners to learn technical terms first. - One source, two execution paths: The same source can run through XVM and can also be built into a native executable.
- Direct native emitter: The AOT path in X creates native output directly for supported targets. It does not start by translating through a C backend or LLVM.
- Native boundary, not platform-format-first design:
link nativedefines the library name and symbol to call without tying the language concept to any single file extension. - XEE runtime entropy: Random generation is handled by a layered entropy engine with timing-jitter collection, source health checks, conservative evidence gates, ARX output generation, and fast runtime access.
- Real system access:
fux!, syscalls, sized numbers, native linking, and shared-library export live on the same path as the main language.
One File Can Move Across Levels
X is designed so readable code and code that touches the real system can exist in the same language. fux! keeps low-level code scoped while normal code stays readable.
fux! main() {
say("X can stay readable")
syscall(7, "X can still touch the system")
}
Installation
Windows
Download a Windows release from GitHub Releases:
x<version>.windows-amd64.msiinstalls X for the current user and adds it toPATH.x<version>.windows-amd64.machine.msiinstalls X for all users and adds it to the systemPATH.x<version>.windows-amd64.zipis the portable archive. Extract it, then add itsbinfolder toPATH.
Linux
Download the Linux release from GitHub Releases:
x<version>.linux-amd64.tar.gzis the portable archive. Extract it, then add itsbinfolder toPATH.
After installation, open a new terminal and run:
x --version
x version list
x helpThe installed files form a local toolchain root:
bin/
x[.exe]
active
versions/
<version>/
bin/
x[.exe]
stdlib/
The launcher in bin/ stays in PATH. It selects a version from x.config first, then the local active file. Projects can lock the compiler with:
+ x
version: "0.1.0"
std: "stable"
Use x version use <version> to switch the active local version.
Editor Support
Install the X VS Code Extension for syntax highlighting, IntelliSense, diagnostics, and running .x files from Visual Studio Code.
Building from Source
Build the release binary:
Run the built binary directly:
target\release\x.exe hello.xAdd the release binary directory to PATH if you want to use x from any project folder.
Quick Start
Create hello.x
Create x.config
+ project
name: "myproject"
version: "0.1.0"
main: "hello.x"
Run a file:
Run the project entry from x.config:
Build a native executable:
Build a shared native library:
x build native_api.x --shared --output build/native_api.dll --header build/native_api.h --def build/native_api.def --abi build/native_api.xabi.json
Core Ideas
Memory Modes
X memory modes are applied in source order. The default mode is @high; after declaring @secure or @low, the code that follows is under that mode's rules until a new mode is declared.
@secure
shape Credential {
token: txt
fux check(candidate: txt): bit {
return match_secret(token, candidate)
}
}
@high
fux main() {
var credential = Credential("vault-token")
var sealed = to_secure(credential)
say(sealed.check("vault-token"))
}
fux! is used for low-level fuxions with a clear scope, without leaving @low open across the whole file.
Formula Numeric Spaces
X does not grow numeric type names one by one. Numeric width is written directly in the type.
| Type form | Meaning |
|---|---|
num[bits] |
Signed numeric space |
numu[bits] |
Unsigned numeric space |
numf[bits] |
Floating numeric space |
fux! main() {
var byte: numu[8] = 255
var color: numu[24] = 16777215
var exact: numu[64] = 9007199254740993
var signed: num[32] = -1
var real: numf[64] = 3.14
var exact_real: numf[128] = 0.1 + 0.2
say(exact)
say(exact_real)
}
This keeps low-level numeric layout explicit without expanding the language with a fixed list of aliases. Integer spaces use exact sized integer values. Non-native numf[bits] values use X's soft-float value engine: literals and arithmetic are stored as exact finite rational values, then rendered to decimal through the declared width instead of being reduced to host f64 first.
The numeric_formula benchmark runs numu[64] arithmetic above 2^53 with exact integer behavior: 1.14us median, 1.31us p95.
Control Syntax
track selects a path from a value, condition, or result. pulse is used for loops, and rush can mark that loop as a performance-sensitive path.
var names = ["first", "second", "third"]
track names[1] {
"first" : say("found")
drift : say("missing")
}
var i = 0
rush pulse(i < 1000) {
i = i + 1
}
X arrays start at index 1.
Native Pipeline
The X pipeline lowers source into AST, XLIR, and XVM bytecode before running through XVM or building native output.
.x source -> AST -> XLIR -> XVM bytecode -> optimizer -> XVM / AOT
Omnipath
Omnipath is the native execution path inside XVM for code that starts by running through the interpreter and is lifted when a loop becomes hot. XVM counts fuxion backedges, stores the native entry in a cache, and calls that entry directly on later iterations.
In the XVM path, this connects to the native emitter, native syscall dispatcher, interpreter thunk, and helpers for loop forms known by the optimizer, such as numeric loops, count loops, and XEE random calls.
FFI
X FFI is a native boundary: X code can call native libraries through link native, and X code can also be built as a shared native library for other systems to call.
The syntax is the same across native targets. The library name is the platform library file that the selected target can load.
link native "kernel32.dll" {
get_tick_count(): numu[32] = "GetTickCount"
}
fux! main() {
say(get_tick_count())
}
For Linux targets the same form can point to a shared object:
link native "libc.so.6" {
text_length(text: txt): numu[64] = "strlen"
}
Runtime Services
XVM has runtime services for IO, filesystem, process, network, memory, syscalls, and random generation through XEE.
Zero-Copy Source Path
The X lexer stores token lexemes with Cow<'source, str> and source spans so normal tokens can borrow slices directly from the original source. String escapes, interpolation, and numbers with suffixes allocate only when a new value must be created.
For memory modes, this means the front-end does not need to copy many identifiers, keywords, and literals before reaching the analyzer. The @high, @secure, and @low modes are checked from tokens and spans that point back to the original source, so mode rules, diagnostics, and semantic checks work on the same source-backed data from lexer to analyzer.
XEE: Runtime Entropy Engine
XEE is the entropy and random-generation subsystem inside XVM. It is built as a pipeline instead of a single random call: timing jitter is collected, conditioned, mixed through a chaos amplifier, absorbed into an entropy pool, used to rekey an ARX-based core, and served through a burst buffer for repeated reads.
timing jitter -> conditioned signal -> chaos amplifier -> entropy pool -> ARX core -> burst buffer
The harvester collects CPU timing jitter as XEE source material. Each 64-bit harvest word is built from multiple timing samples around a data-dependent work function, memory/cache timing probes, differential timing signals, and online source health checks.
XEE also includes an evidence layer. The proof gate does not grant entropy credit just because final bytes look uniform; it checks observed source behavior before and during conditioning, applies health gates, caps credit per sample, and reports explicit evidence levels such as rejected, statistical_only, physical_jitter_observed, and physical_jitter_conditioned.
What XEE exposes today:
std.randomfuxions:random,random_between,random_decimal, andrandom_bytes.- Runtime and native paths for 64-bit engine output, bounded ranges, decimal output, and bulk byte filling.
- Health counters for observed samples, repetition-count failures, adaptive-proportion failures, current repetition run, and the latest adaptive window.
- Validation helpers for byte distribution, bit balance, runs, duplicate pressure, lag-1 serial correlation, birthday spacings, and binary matrix rank.
- Official NIST SP 800-90B non-IID evidence through the
ea_non_iidtool.xee_benchwrites the byte sample file, runs the official tool, parses the reported min-entropy, and uses that result as an evidence gate.
These are implementation and measurement facts, not a certification claim. XEE includes tests, health snapshots, proof gates, and benchmark evidence for the source behavior and generated output.
Benchmarks
These numbers come from local Windows amd64 release runs. Tables report medians across repeated samples where available, so one slow or fast run does not decide the published number. They are benchmark evidence for this machine and this commit state, not a certification claim.
Benchmark Summary
| Area | Measurement | Notes |
|---|---|---|
| XVM fastest execute median | 203ns median, 228ns p95 | array_walk; median of five suite reports. |
| XVM execute median range | 203ns to 9.21ms | Rows listed below. |
| XVM syscall benchmark | 554ns median | low_syscall; runtime syscall path. |
| X stdlib output benchmark | 1.13us median | std_say; stdlib output path. |
| Formula numeric loop | 1.92ms median, 2.10ms p95 | numeric_formula; numu[64] arithmetic above 2^53. |
| Array primitive loops | add 63.82us, take 2.05ms, size 2.07ms |
add uses 200 appends; take and size use 5,000-step loops. |
| Table primitive loops | add 4.25ms, take 4.27ms, lookup 1.53us |
Keyed mutation and lookup paths over a small table. |
| Front-end pipeline median range | 2.11ms to 2.55ms | Includes lexing, parsing, linking, analysis, XLIR, lowering, and optimization. |
| XEE strict evidence result | 0 hard failures, 0 soft warnings | Official ea_non_iid run over 1,048,576 output bytes. |
| XEE official NIST min-entropy | 7.167875 bits/byte | NIST SP 800-90B ea_non_iid non-IID assessment. |
| XEE byte entropy | 7.999841 Shannon, 7.942685 min-entropy | 1,048,576 output bytes. |
| XEE raw 64-bit duplicates | 0 / 100,000 samples | Duplicate count from the configured raw 64-bit sample set. |
| XEE raw 64-bit output | 2.379ns p50, 2.379ns p95 | Single raw 64-bit output call after initialization. |
XEE fill_bytes(4096) |
7.499ns/byte p50, 7.499ns/byte p95 | Bulk byte fill benchmark. |
Commands used:
Windows
.\tools\run_benchmarks.ps1 -XeeTool "C:\path\to\ea_non_iid.exe"
Linux
chmod +x tools/run_benchmark.sh ./tools/run_benchmark.sh /path/to/ea_non_iid.exe
XVM Execution
Host stabilization was enabled with Windows high process priority and highest thread priority. Execute timing uses auto batching with a 2 ms target. Each row reports the median value across five reports.
| Benchmark | Pipeline Median | Execute Median | Execute P95 | Batch | Bytecode Instructions | Executed Instructions |
|---|---|---|---|---|---|---|
arithmetic_pulse |
2.12ms | 277ns | 288ns | 8192 | 4 | 4 |
array_add |
2.25ms | 63.82us | 66.17us | 32 | 21 | 2811 |
array_size |
2.23ms | 2.07ms | 2.16ms | 1 | 31 | 85018 |
array_take |
2.16ms | 2.05ms | 2.16ms | 1 | 31 | 85018 |
array_walk |
2.18ms | 203ns | 228ns | 12288 | 1 | 1 |
block_walk |
2.27ms | 16.70us | 17.21us | 128 | 8 | 8 |
function_call_loop |
2.27ms | 293ns | 306ns | 8192 | 4 | 4 |
generic_shape |
2.22ms | 398ns | 417ns | 8192 | 3 | 3 |
low_syscall |
2.11ms | 554ns | 598ns | 3584 | 4 | 4 |
memory_handover |
2.33ms | 763ns | 783ns | 2816 | 14 | 14 |
numeric_formula |
2.20ms | 1.92ms | 2.10ms | 1 | 15 | 70012 |
result_track |
2.26ms | 227ns | 232ns | 12288 | 2 | 2 |
shape_method |
2.37ms | 219ns | 230ns | 12288 | 1 | 1 |
shape_pair |
2.33ms | 224ns | 239ns | 12288 | 1 | 1 |
slice_array_view |
2.34ms | 850ns | 903ns | 2560 | 15 | 15 |
slice_block_view |
2.24ms | 680ns | 712ns | 3072 | 8 | 8 |
slice_text_view |
2.25ms | 514ns | 526ns | 4608 | 6 | 6 |
std_say |
2.55ms | 1.13us | 1.16us | 1792 | 10 | 10 |
table_add |
2.17ms | 4.25ms | 4.43ms | 1 | 24 | 80012 |
table_lookup |
2.24ms | 1.53us | 1.58us | 1536 | 15 | 15 |
table_take |
2.24ms | 4.27ms | 4.60ms | 1 | 26 | 90012 |
table_update |
2.19ms | 9.21ms | 9.37ms | 1 | 37 | 120017 |
track_branch |
2.17ms | 388ns | 397ns | 8192 | 5 | 5 |
XEE Evidence
This is the full xee_bench report data from the official NIST run saved at target/xee_bench/official_real/strict_report.json.
| Config | Value |
|---|---|
| Jitter samples | 20,000 |
| Raw 64-bit samples | 100,000 |
| Byte samples | 1,048,576 |
| Benchmark repeats | 1 |
| Engine calls | 1,000 |
| Layer calls | 1,000 |
| Word blocks | 1,000 |
| Evidence Gate | Severity | Status | Observed | Required |
|---|---|---|---|---|
| sample sizes | hard | pass | jitter=20000 u64=100000 bytes=1048576 | >= 20k jitter, >= 100k u64, >= 1MiB bytes |
| proof gate | hard | pass | physical_jitter_conditioned with 0 failure(s) | proof gate must pass |
| health tests | hard | pass | repetition=0 adaptive=0 | zero repetition and adaptive-proportion failures |
| startup seed credit | hard | pass | 1024.000 bits | >= 128 credited startup bits |
| byte shannon entropy | hard | pass | 7.999841 bits/byte | >= 7.99 bits/byte |
| byte min entropy | hard | pass | 7.942685 bits/byte | >= 7.50 bits/byte |
| official NIST SP 800-90B tool | hard | pass | passed | official ea_non_iid run with parsed min-entropy result |
| official NIST min entropy floor | hard | pass | 7.167875 bits/byte | >= 3.00 bits/byte official non-IID assessment |
| official NIST high bar | soft | pass | 7.167875 bits/byte | >= 6.50 bits/byte official non-IID assessment |
| largest byte bucket | hard | pass | 0.004065 | <= 0.006 |
| u64 duplicates | hard | pass | 0 duplicate(s) | 0 duplicates in the configured u64 sample |
| lag-1 serial correlation | hard | pass | -0.00098953 | absolute value <= 0.010 |
| runs deviation | hard | pass | 0.00007749 | <= 0.020 |
| birthday spacings | soft | pass | 0.77680506 | 0.001 <= p <= 0.999 |
| binary matrix rank | soft | pass | 0.53576597 | 0.001 <= p <= 0.999 |
| Verdict | Value |
|---|---|
| Evidence level | hard_gates_passed |
| Passed | true |
| Hard failures | 0 |
| Soft warnings | 0 |
| Summary | All hard gates and statistical warning gates passed for this local run. |
XEE Raw Jitter Audit
| Metric | Value |
|---|---|
| Samples | 20,000 |
| Unique raw deltas | 20,000 |
| Zero raw deltas | 0 |
| Conditioned LSB ones ratio | 0.50190000 |
| Conditioned LSB min-entropy | 0.99452815 bits |
| Conditioned low-byte Shannon entropy | 7.99127662 bits |
| Conditioned low-byte min-entropy | 7.50635267 bits |
| Conditioned low-byte chi-square | 243.99360000 |
| Health repetition failures | 0 |
| Health adaptive-proportion failures | 0 |
| Health last repetition run | 3 |
| Health last window ones | 30 |
XEE Output Audit
| Metric | Value |
|---|---|
| Byte sample count | 1,048,576 |
| Raw 64-bit sample count | 100,000 |
| Shannon entropy | 7.99984053 bits/byte |
| Min-entropy | 7.94268512 bits/byte |
| Byte chi-square | 231.74511719 |
| Largest byte bucket probability | 0.00406456 |
| Runs deviation ratio | 0.00007749 |
| Duplicate count | 0 |
| Lag-1 serial correlation | -0.00098953 |
| Birthday spacings p-value | 0.77680506 |
| Binary matrix rank p-value | 0.53576597 |
XEE Proof Gate
| Metric | Value |
|---|---|
| Evidence level | physical_jitter_conditioned |
| Passed | true |
| Raw primary unique ratio | 0.00310000 |
| Raw secondary unique ratio | 0.00090000 |
| Raw timing unique ratio | 0.17020000 |
| Raw mixed unique ratio | 1.00000000 |
| Raw mixed zero ratio | 0.00000000 |
| Raw timing low-byte min-entropy | 2.53115606 bits |
| Conditioned low-byte min-entropy | 7.58727266 bits |
| Markov LSB min-entropy | 0.98687467 bits |
| Credited bits per sample | 1.24896689 |
| Credited bits per harvest word | 64.00000000 |
| Startup seed bits | 1024.00000000 |
| Gate failure count | 0 |
| First gate failure | none |
Official NIST SP 800-90B
| Metric | Value |
|---|---|
| Status | passed |
| Sample count | 1,048,576 |
| Sample file | target/xee_bench/official_nist_samples.bin |
| Tool | ea_non_iid from usnistgov/SP800-90B_EntropyAssessment v1.1.8 |
| Exit code | 0 |
| H_original | 7.883983 |
| H_bitstring | 0.895984 |
| min(H_original, 8 x H_bitstring) | 7.167875 bits/byte |
XEE Throughput
| Benchmark | Min | P50 | P95 | P99 | Average | Max | Unit |
|---|---|---|---|---|---|---|---|
engine.new |
1,017,506.000 | 1,017,506.000 | 1,017,506.000 | 1,017,506.000 | 1,017,506.000 | 1,017,506.000 | ns/startup |
engine.next_u64 |
2.379 | 2.379 | 2.379 | 2.379 | 2.379 | 2.379 | ns/call |
engine.next_range |
10.598 | 10.598 | 10.598 | 10.598 | 10.598 | 10.598 | ns/call |
engine.next_f64 |
3.472 | 3.472 | 3.472 | 3.472 | 3.472 | 3.472 | ns/call |
engine.next_bytes(4096) |
4.038 | 4.038 | 4.038 | 4.038 | 4.038 | 4.038 | ns/byte |
engine.fill_bytes(4096) |
7.499 | 7.499 | 7.499 | 7.499 | 7.499 | 7.499 | ns/byte |
harvester.sample_delta |
1,083.003 | 1,083.003 | 1,083.003 | 1,083.003 | 1,083.003 | 1,083.003 | ns/call |
harvester.harvest_word |
46,485.750 | 46,485.750 | 46,485.750 | 46,485.750 | 46,485.750 | 46,485.750 | ns/call |
chaos.amplify |
41.329 | 41.329 | 41.329 | 41.329 | 41.329 | 41.329 | ns/call |
crypto.generate_block |
17.381 | 17.381 | 17.381 | 17.381 | 17.381 | 17.381 | ns/word |
License
X Programming Language is created and maintained by X XXX.
Released under the 0BSD license. You can use, copy, modify, distribute, and sell it without attribution requirements.
Documentation
Read more about syntax, memory modes, secure mode, the low-level API, stdlib, and AOT in the Documentation.