Hacker News: hwayne

New comment by hwayne in "When AI writes the software, who verifies it?"

hwayne — Wed, 04 Mar 2026 03:17:05 +0000

The key bit is that specifications don't need to be "obviously computable", so they can be a lot simpler than the code that implements them. Consider the property "if some function has a reference to a value, that value will not change unless that function explicitly changes it". It's simple enough to express, but to implement it Rust needs the borrow checker, which is a pretty heavy piece of engineering. And proving the implementation actually guarantees that property isn't easy, either!

New comment by hwayne in "Some silly Z3 scripts I wrote"

hwayne — Thu, 26 Feb 2026 18:31:16 +0000

...Whoops. Yup, SMT solvers can famously return `unknown` on top of `sat` and `unsat`. Just added a post addendum about the mistake.

New comment by hwayne in "My Gripes with Prolog"

hwayne — Fri, 16 Jan 2026 01:40:01 +0000

I'll warn you that Picat is very much a "research language" and a lot of the affordances you'd expect with a polished PL just aren't there yet. There's also this really great "field notes" repo from another person who learned it: https://github.com/dsagman/picat

New comment by hwayne in "My Gripes with Prolog"

hwayne — Fri, 16 Jan 2026 00:43:10 +0000

Check out datalog! https://learn-some.com/ The tutorial there uses Clojure syntax but Datalog normally uses a Prolog syntax.

New comment by hwayne in "TLA+ Modeling Tips"

hwayne — Wed, 17 Dec 2025 21:37:48 +0000

Also:

- Have a clear notion of what part of the specs represents the system under your control (the "machine"), and what part represents the broader world it interacts with. The world can do more than the machine, and the properties on the world are much more serious.

- Make lots of helpers. You need them more than you think.

- Add way more comments than you normally would. Specs are for analyzing very high-level ideas, and you should be explaining your high-level ideas.

- Make the spec assumptions clear. What has to be true about the operating environment for the spec to be sensible in the first place?

- Use lots of model values, use lots of constants, use lots of ASSUME statements. Constrain your fairness clauses as narrowly as possible.

- Understand the difference between the semantics of TLA+ as an abstract notation and the semantics of TLA+ as something concretely model-checked. For example, TLA+ is untyped, but the model checker is typed. Also, a lot of TLA+ features are not available in different model checkers. OTOH, you can break TLA+ semantics with use of TLCSet and TLCGet.

The last tip applies to whatever modeling language you use: most have the same distinction.

New comment by hwayne in "TLA+ Modeling Tips"

hwayne — Wed, 17 Dec 2025 21:35:58 +0000

I've had to help a client with something not exactly like, but with similar properties as, Google Docs. One of the big properties they had to engineer in was "the doc should eventually look the same for all open browser tabs on the same computer".

The other big question: what happens if user A makes change X and user B makes change Y? There's a lot of outcomes the product can pick between, but whatever they pick it should be consistent. That consistency in conflict resolution is a good property to model.

New comment by hwayne in "TLA+ Modeling Tips"

hwayne — Wed, 17 Dec 2025 21:27:43 +0000

I think the "high school math" slogan is untrue and ultimately scares people away from TLA+, by making it sound like it's their fault for not understanding a tough tool. I don't think you could show an AP calculus student the equation `<>[](ENABLED <>_v) => []<><>_v` and have them immediately go "ah yes, I understand how that's only weak fairness"

New comment by hwayne in "AI will make formal verification go mainstream"

hwayne — Wed, 17 Dec 2025 21:22:52 +0000

Those things, unlike floats, have approximable-enough facsimiles that you can verify instead. No tools support even fixed point decimals.

This has burned me before when I e.g needed to take the mean of a sequence.

New comment by hwayne in "AI will make formal verification go mainstream"

hwayne — Wed, 17 Dec 2025 02:07:34 +0000

I really do wish that PRISM can one day add some quality of life features like "strings" and "functions"

(Then again, AIUI it's basically a thin wrapper over stochastic matrices, so maybe that's asking too much...)

New comment by hwayne in "AI will make formal verification go mainstream"

hwayne — Wed, 17 Dec 2025 02:06:08 +0000

> No problem with floats or strings as far as specification goes. The particular verification tools you choose to run on your TLA+ spec may or may not have limitations in these areas, though.

I think it's disingenuous to say that TLA+ verifiers "may or may not have limitations" wrt floats when none of the available tools support floats. People should know going in that they won't be able to verify specs with floats!

New comment by hwayne in "When would you ever want bubblesort? (2023)"

hwayne — Thu, 11 Dec 2025 04:09:26 +0000

Thanks for sharing the general term! I didn't know about it.

New comment by hwayne in "A Early History of Algebraic Data Types"

hwayne — Thu, 16 Oct 2025 14:32:46 +0000

Now you just gotta go to the first submission and post a link here. Complete the circle!

New comment by hwayne in "A Early History of Algebraic Data Types"

hwayne — Wed, 15 Oct 2025 15:19:24 +0000

Since writing this I've been informed of some gaps (mostly through email and a lobsters [1] thread). Some of the main ones:

- McCarthy's "Direct Union" is probably conflating "disjoint union" and "direct sum".

- ML probably got the sum/product names from Dana Scott's work. It's unclear if Scott knew of McCarthy's paper or was inspired by it.

- I called ALGOL-68 a "curious dead end" but that's not true: Dennis Ritchie said that he was inspired by 68 when developing C. Also, 68 had exhaustive pattern matching earlier than ML.

- Hoare cites McCarthy in an earlier version of his record paper [2].

Also I kinda mixed up the words for "tagged unions" and "labeled unions". Hope that didn't confuse anybody!

[1] https://lobste.rs/s/ppm44i/very_early_history_algebraic_data...

[2] https://dl.acm.org/doi/10.5555/1061032.1061041

New comment by hwayne in "A dumb introduction to z3"

hwayne — Wed, 17 Sep 2025 15:11:39 +0000

I love how you create dataclasses to abstract over constraints!

New comment by hwayne in "A dumb introduction to z3"

hwayne — Wed, 17 Sep 2025 14:48:17 +0000

Even worse than that, SMT can encode things like Goldbach's conjecture:

    from z3 import \*

    a, b, c = Ints('a b c')
    x, y = Ints('x y')
    s = Solver()

    s.add(a > 5)
    s.add(a % 2 == 0)
    theorem = Exists([b, c],
                     And(
                         a == b + c,
                         And(
                             Not(Exists([x, y], And(x > 1, y > 1, x \* y == b))),
                             Not(Exists([x, y], And(x > 1, y > 1, x \* y == c))),
                             )
                         )
                     )

    if s.check(Not(theorem)) == sat:
        print(f"Counterexample: {s.model()}")
    else:
        print("Theorem true")

New comment by hwayne in "A dumb introduction to z3"

hwayne — Wed, 17 Sep 2025 14:45:27 +0000

It really depends on the kind of solving you want to do. Mathematical optimization, as in finding the cheapest/smallest/whatever solution that fits a problem? OR-Tools. Satisfaction problems, like finding counterexamples in rulesets or reverse engineering code? Z3.

New comment by hwayne in "Crimes with Python's Pattern Matching (2022)"

hwayne — Fri, 22 Aug 2025 04:13:25 +0000

Now I'm mad I didn't remember the word "antics". It's so much more evocative than "crimes"!

New comment by hwayne in "Stith Thompson's Motif-Index of Folk-Literature [pdf]"

hwayne — Tue, 05 Aug 2025 14:54:33 +0000

Entertaining collection of Folklore classifications. Some examples:

- T550.6. T550.6. Only half a son is born by queen who ate merely half of mango.

- A1066. A1066. Sun will lock moon in deep ditch in earth's bottom and will eat up stars at end of world.

- K87.1. K87.1. Laughing contest: dead horse winner.

Motif-Index of Folk-Literature (1958) [pdf]

hwayne — Tue, 05 Aug 2025 14:51:30 +0000

Article URL: https://ia600301.us.archive.org/18/items/Thompson2016MotifIndex/Thompson_2016_Motif-Index.pdf

Comments URL: https://news.ycombinator.com/item?id=44798766

Points: 6

# Comments: 1

New comment by hwayne in "Fast"

hwayne — Thu, 31 Jul 2025 13:43:49 +0000

Main way we're validating that now is by using TLA+ models to generate test suites. Mongo came out with a new paper on this recently: https://will62794.github.io/assets/papers/mdb-txns-modular-v...