frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

Three ways formally verified code can go wrong in practice

https://buttondown.com/hillelwayne/archive/three-ways-formally-verified-code-can-go-wrong-in/
26•todsacerdoti•16h ago

Comments

jonathanstrange•1h ago
No hardware failure is considered? No cosmic rays flipping bits? No soft or hard real-time guarantees are discussed? What about indeterminate operations that can fail such as requesting memory from some operating system dynamically?

I'm asking because I thought high integrity systems are generally evaluated and certified as a combination of hardware and software. Considering software alone seems pretty useless.

codebje•50m ago
Specifications that are formally verified can definitely cover real-time guarantees, behaviour under error returns from operations like allocation, and similar things. Hardware failures can be accounted for in hardware verification, which is much like software verification: specification + hardware design = verified design; if the spec covers it, the verification guarantees it.

Considering software alone isn't pretty useless, nor is having the guarantee that "inc x = x - 1" will always go from an Int to an Int, even if it's not "fully right" at least trying to increment a string or a complex number will be rejected at compile time. Giving up on any improvements in the correctness of code because it doesn't get you all the way to 100% correct is, IMO, defeatist.

(Giving up on it because it has diminishing returns and isn't worth the effort is reasonable, of course!)

ip26•1h ago
Is asserting the assumptions during code execution not standard practice for formally verified code?
ngruhn•1h ago
How would that look like if you accidentally assumed you have arbitrary large integers but in practice you have 64 bits?
appellations•21m ago

    Add(x,y):
       Assert( x >= 0 && y>= 0 )
        z = x + y
        Assert( z >= x && z >= y )
        return z
There’s definitely smarter ways to do this, but in practice there is always some way to encode the properties you care about in ways that your assertions will be violated. If you can’t observe a violation, it’s not a violation https://en.wikipedia.org/wiki/Identity_of_indiscernibles
cowsandmilk•39m ago
That’s impractical. Take binary search and the assumption the list is sorted. Verifying the list is sorted would negate the point of binary search as you would be inspecting every item in the list.
AnimalMuppet•36m ago
Only if you verify it for every search. If you haven't touched the list since the last search, the verification is still good. For some (not all) situations, you can verify the list at the start of the program, and never have to verify it again.
voxl•23m ago
ASSERTING the list is sorted as an assumption is significantly different form VERIFYING that the list is sorted before executing the search. Moreover, type systems can track that a list was previously sorted and maintained it's sorted status making the assumption reasonable to state.
skybrian•1h ago
Many interesting statements aren't a property of the code alone. They're a property of the code when it's run in a particular environment. If you want the proof to be portable then it should only make assumptions that are true in any environment.
rook_line_sinkr•1h ago
I got told to use these words back in uni

verification - Are we building the software right?

validation - Are we building the right software?

makes many a thing easier to talk about at work

Free Software Hasn't Won

https://dorotac.eu/posts/fosswon/
31•LorenDB•54m ago•16 comments

Wireguard FPGA

https://github.com/chili-chips-ba/wireguard-fpga
271•hasheddan•5h ago•69 comments

Ask HN: What are you working on? (October 2025)

59•david927•2h ago•112 comments

Edge AI for Beginners

https://github.com/microsoft/edgeai-for-beginners
54•bakigul•2h ago•14 comments

Emacs agent-shell (powered by ACP)

https://xenodium.com/introducing-agent-shell
70•Karrot_Kream•2h ago•5 comments

MAML – a new configuration language (similar to JSON, YAML, and TOML)

https://maml.dev/
17•birdculture•1h ago•13 comments

Completing a BASIC language interpreter in 2025

https://nanochess.org/ecs_basic_2.html
44•nanochess•3h ago•1 comments

Three ways formally verified code can go wrong in practice

https://buttondown.com/hillelwayne/archive/three-ways-formally-verified-code-can-go-wrong-in/
26•todsacerdoti•16h ago•10 comments

Macro Splats 2025

https://danybittel.ch/macro.html
356•danybittel•12h ago•59 comments

Bird Photographer of the Year Gives a Lesson in Planning and Patience

https://www.thisiscolossal.com/2025/09/2025-bird-photographer-of-the-year-contest/
23•surprisetalk•6d ago•4 comments

Tiny Teams Playbook

https://www.latent.space/p/tiny
45•tilt•4d ago•14 comments

A whirlwind introduction to dataflow graphs (2018)

https://fgiesen.wordpress.com/2018/03/05/a-whirlwind-introduction-to-dataflow-graphs/
14•shoo•1d ago•0 comments

3D-Printed Automatic Weather Station

https://3dpaws.comet.ucar.edu
10•hyperbovine•3d ago•0 comments

Constraint satisfaction to optimize item selection for bundles in Minecraft

https://www.robw.fyi/2025/10/12/using-constraint-satisfaction-to-optimize-item-selection-for-bund...
11•someguy101010•4h ago•4 comments

A years-long Turkish alphabet bug in the Kotlin compiler

https://sam-cooper.medium.com/the-country-that-broke-kotlin-84bdd0afb237
43•Bogdanp•5h ago•44 comments

Rcyl – a recycled plastic urban bike

https://rcyl.bike/en/the-bike/
15•smartmic•3h ago•15 comments

oavif: Faster target quality image compression

https://giannirosato.com/blog/post/oavif/
13•computerbuster•6h ago•2 comments

Show HN: I built a simple ambient sound app with no ads or subscriptions

https://ambisounds.app/
66•alpaca121•7h ago•30 comments

AdapTive-LeArning Speculator System (ATLAS): Faster LLM inference

https://www.together.ai/blog/adaptive-learning-speculator-system-atlas
184•alecco•14h ago•43 comments

Addictive-like behavioural traits in pet dogs with extreme motivation for toys

https://www.nature.com/articles/s41598-025-18636-0
128•wallflower•6h ago•86 comments

Schleswig-Holstein completes migration to open source email

https://news.itsfoss.com/schleswig-holstein-email-system-migration/
293•sebastian_z•7h ago•93 comments

The neurons that let us see what isn't there

https://arstechnica.com/science/2025/10/the-neurons-that-let-us-see-what-isnt-there/
23•rbanffy•5d ago•1 comments

How I'm using Helix editor

https://rushter.com/blog/helix-editor/
168•f311a•6h ago•49 comments

HP1345A (and wargames) (2017)

https://phk.freebsd.dk/hacks/Wargames/
26•rbanffy•3h ago•0 comments

Loko Scheme: bare metal optimizing Scheme compiler

https://scheme.fail/
143•dTal•5d ago•14 comments

Nostr and ATProto (2024)

https://shreyanjain.net/2024/07/05/nostr-and-atproto.html
111•sph•13h ago•56 comments

Meta Superintelligence Labs' first paper is about RAG

https://paddedinputs.substack.com/p/meta-superintelligences-surprising
390•skadamat•23h ago•220 comments

After the AI boom: what might we be left with?

https://blog.robbowley.net/2025/10/12/after-the-ai-boom-what-might-we-be-left-with/
80•imasl42•3h ago•227 comments

Ridley Scott's Prometheus and Alien: Covenant – Contemporary Horror of AI (2020)

https://www.ejumpcut.org/archive/jc58.2018/AlpertAlienPrequels/index.html
49•measurablefunc•5h ago•34 comments

The Flummoxagon

https://n-e-r-v-o-u-s.com/blog/?p=9827
106•robinhouston•5d ago•24 comments