formal-methods

I’ve been telling people for the last 25 years that Jane Street as an organization was just not interested in formal methods. I’m not saying that anymore. It’s not exactly that I think we were wrong all those years. To be clear, we’re strong believers in the power of tools to help us write better and more reliable code. And type systems are a kind of lightweight formal method that we’ve gotten an…

Shortly after I joined MongoDB research, we ran a TLA+ workshop. It was a two-day ordeal. We had a 1.5 days of instruction on TLA+ and syntax, after which we tried to help people get started with modeling. People liked learning about TLA+ on the first day, but except for a person or two, we didn't get anyone onboarded with TLA+ modeling. It was too much to offload on people and ask them to level …

Exhaustive proofs are the only way to find deep corner-case bugs that can result in deadlocks and silent data corruption. The post Why Your NoC Verification Strategy Must Consider Using Formal appeared first on Semiconductor Engineering .

Published on May 25, 2026 10:01 AM GMT TL;DR: Applications are now open for the Secure Program Synthesis Fellowship , powered by Apart Research and Atlas computing . Apply by Sunday the 31st of May . This fellowship offers part-time research opportunities on mentor-led projects at the intersection of formal methods, AI systems, and security . Participants work in small teams to tackle challenging…

The introduction of quantum-secure cryptography in iMessage marked the start of a significant security transition to protect Apple users from threats posed by future quantum computers. Deploying this new generation of algorithms at scale across all Apple platforms requires high assurance, so we developed rigorous new formal verification methods to prove the mathematical correctness of our impleme…

Symbolic formal verification of cryptographic protocols based on the Dolev-Yao (DY) attacker model---an active attacker with full network control and perfect cryptography---is well-established for finding design-level logical flaws in cryptographic protocols. Building on this, DY fuzzing enriches fuzzing with this attacker model to uncover logical bugs at the implementation level. In contrast to …

For many programmers, precise mathematical logic and general programming feel like different worlds. Logic is about proving theorems. Programming is about making systems behave correctly. Proofs belong to mathematicians. Functions belong to engineers. But in systems like Lean, those boundaries start collapsing. One of the deepest ideas behind this is the Curry–Howard correspondence -- the observa…

This paper formalizes the cryptographic core of the FLEX protocol and its enhanced variation FLEX2 . The analysis formalizes a minimal ledger abstraction, capturing Taproot, CSV timelocks, and reorg bounds, and defines ideal functionalities implemented as transaction-DAG and state machines. Main contributions include proving on-chain enforceability, CDS secrecy, soundness, leakage-bounded privacy…

TLA$^+$ (Temporal Logic of Actions) is a formal specification language well-suited for distributed systems. However, writing proper TLA$^+$ scripts requires high domain expertise. When it comes to modeling Byzantine behaviors for Byzantine fault-tolerant consensus protocols, the simulation of malicious behavior is a fundamental challenge: overly simplified modeling misses critical vulnerabilities…

I am writing tabulated Hilbert-style derivations, using a proof checker which I wrote in Python. See also: https://math.stackexchange.com/a/5135207/1755256 The book I am studying is Introduction to ...

When talking about TLA+, I keep referring to "abstraction" as the most important thing to learn . And it is about the hardest to learn as well. But a contradiction has been bugging me. Aren't CS people already supposed to be good at abstraction? Isn't abstraction supposed to be at the root of OS, networking, software engineering? Abstract Data Types (ADTs) are a staple of every in CS curriculum. …

Editors’ note: AI has been actively pushing the frontier of applied formal methods for computing systems. In this article, the Specula team wrote about their experience of evaluating LLMs on modeling system code, the basic capability for agentic model checking, using TLA+, a specification language for concurrent and distributed systems. The article is the 7th blog in The Next Horizon of System In…

Computer Science > Formal Languages and Automata Theory Title:Transformers are Inherently Succinct View PDF HTML (experimental)Abstract:We propose succinctness as a measure of the expressive power of a transformer in describing a concept. To this end, we prove that transformers are highly expressive in that they can represent formal languages substantially more succinctly than standard representa…

This article is a re-publication of Rei-AIOS Paper 133 for the dev.to community. The canonical version with full reference list is in the permanent archives below: Zenodo (DOI, canonical) : https://doi.org/10.5281/zenodo.19713219 Internet Archive : https://archive.org/details/rei-aios-paper-133-1776974645040 Harvard Dataverse : https://doi.org/10.7910/DVN/KC56RY GitHub source (private): https://g…

Verus is a tool for verifying the correctness of code written in Rust. The main goal is to verify full functional correctness of low-level systems code, building on ideas from existing verification frameworks like Dafny, Boogie, F*, VCC, Prusti, Creusot, Aeneas, Cogent, Rocq, and Isabelle/HOL. Verification is static: Verus adds no run-time checks, but instead uses computer-aided theorem proving t…

About ten years ago, I started thinking in earnest about how we could make it easier to write correct programs. Researching this question led me to topics like formal methods and type systems, techniques to help establish that a given program adheres to some rules. However, I was still unsure of how to prove that software was actually correct. Not in the sense that the executed instructions produ…

Got a "Verified" result from my formal verification engine. Problem was, it was completely wrong. Looking at a simple function: checkType from Bitcoin Core. The engine generated this SMT query: (assert (= throwsRuntimeError (not (= typ expected)))) (assert (= typ expected)) (assert throwsRuntimeError) At first glance? Looks fine. But there's a fatal flaw in there. Unpack it and here's what you ge…

Post-Symbolic Programming (PSP) is a formal specification of a deterministic, state-first programming discipline in which computation is defined as typed operator composition over a structured state space rather than as the interpretation of symbolic surface syntax. The manuscript presents PSP as a universal state-operator calculus with explicit conformance invariants, typed multigraph semantics,…

Here is the Zenodo description, ready to paste: Beyond Scale: Toward Verifiable Autonomous Intelligence A Cognitive Modular Intelligence Architecture for Reasoning, Simulation, and Formal Verification Dr. Hussain Wasly — Independent Researcher, Artificial Intelligence Systems This preprint introduces Cognitive Modular Intelligence (CMI), a modular architecture for safe autonomous agents that unif…

We introduce the Substrate-Invariant Safety Functor, a category-theoretic formalism defining the necessary and sufficient properties a physical enforcement layer must satisfy to guarantee deterministic safety constraints independent of the computational substrate. We instantiate this functor across electronic FPGA, photonic integrated circuits, and quantum-classical hybrid architectures, deriving…