1. amw-zero 3 days ago parent

   Super interesting, but I think this will be very difficult in practice due to the gigantic effect of nondeterminism at the hardware level (caches, branch prediction, out of order execution, etc.)
2. amw-zero 3 days ago parent

   Who brought up static analysis?

   I think simulation is definitely a promising direction.

3. amw-zero 3 days ago parent

   I think this is less about guarantees and more about understanding behavioral characteristics in response to different loads.

   I personally could care less about proving that an endpoint always responds in less than 100ms say, but I care very much about understanding where various saturation points are in my systems, or what values I should set for limits like database connections, or how what the effect of sporadic timeouts are, etc. I think that's more the point of this post (which you see him talk about in other posts on his blog).

4. amw-zero 3 days ago parent

   This is the single most impactful blog post I've read in the last 2-3 years. It's so obvious in retrospect, but it really drove the point home for me that functional correctness is only the beginning. I personally had been over-indexing on functional correctness, which is understandable since a reliable but incorrect system isn't valuable.

   But, in practice, I've spent just as much time on issues introduced by perf / scalability limitations. And the post thesis is correct: we don't have great tools for reasoning about this. This has been pretty much all I've been thinking about recently.

5. amw-zero Dec 18, 2025 parent

   So... a specification.
6. amw-zero Dec 18, 2025 parent

   So... a specification.
7. amw-zero Dec 17, 2025 parent

   Let's say a new feature. Do you just type random letters, or do you have some kind of plan ahead of time?
8. amw-zero Dec 17, 2025 parent

   When you go to write a line of code, how do you decide what to write?
9. amw-zero Dec 17, 2025 parent

   How do you or the client know that the software is doing what they want?
10. amw-zero Dec 17, 2025 parent

    Compare the spec with the application here: https://concerningquality.com/model-based-testing/

    I think we've become used to the complexity in typical web applications, but there's a difference between familiar and simple (simple vs. easy, as it were). The behavior of most business software can be very simply expressed using simple data structures (sets, lists, maps) and simple logic.

    No matter how much we simply it, via frameworks and libraries or whatever have you, things like serialization, persistence, asynchrony, concurrency, and performance end up complicating the implementation. Comparing this against a simpler spec is quite nice in practice - and a huge benefit is now you can consult a simple in-memory spec vs. worrying about distributed system deployments.

11. amw-zero Dec 10, 2025 parent

    Half of the world uses Apple products, how is that not the maximum possible impact?
12. amw-zero Dec 10, 2025 parent

    that's a fantastic point.
13. amw-zero Nov 20, 2025 parent

    And to clarify - only writes on the _branch_ lead to a copy being created right? Writes on the original don’t get propagated to the branch?
14. amw-zero Nov 18, 2025 parent

    What does this even mean? Because people have locked in their data, they’re ok with downtime? I can’t imagine a world where this is true.
15. amw-zero Oct 22, 2025 parent

    The “simplicity” of Go is just virtue signaling. It has gotchas like that all over the language, because it’s not actually simple.
16. amw-zero Sep 23, 2025 parent

    How often are you writing non-trivial data structures?
17. amw-zero Sep 6, 2025 parent

    I love the euphemistic thinking. “We built something that legitimately doesn’t do the thing that we advertise, but when it doesn’t do it we shall deem that hallucination.”
18. amw-zero Jul 25, 2025 parent

    Hard disagree.

    Errors are found in human proofs all the time. And like everything else, going through the process of formalizing to a machine only increases the clarity and accuracy of what you’re doing.

19. amw-zero Jul 23, 2025 parent

    The first topic is "Predicates, Sets, and Proofs."

    I use predicates and sets quite often in daily programming.

20. amw-zero Jul 23, 2025 parent

    You can write proofs along with the course, and since they are machine checked you can have confidence that they are correct.

    If you don't know, writing a proof in isolation can be difficult, since you may be writing on that isn't actually sound.

21. amw-zero Jul 7, 2025 parent

    Research points to there being a quadratic relationship between automated proof and code size: https://trustworthy.systems/publications/nictaabstracts/Mati....

    Specifically, the relationship is between the _specification_ and the proof, and it was done for proofs written in Isabelle and not Lean.

    The good news is that more and more automation is possible for proofs, so the effort to produce each proof line will likely go down over time. Still, the largest full program we've fully verified is much less than 100,000 LOC. seL4 (verified operating system) is around 10,000 lines IIRC.

22. 2 points Jun 20, 2025

    Let's All Write Good Software

    0 comments amw-zero youtube.com
23. amw-zero Jun 18, 2025 parent

    There are 2 main problems in generative testing:

    - Input data generation (how do you explore enough of the program's behavior to have confidence that you're test is a good proxy for total correctness)

    - Correctness statements (how do you express whether or not the program is correct for an arbitrary input)

    When you are porting a program, you have a built in correctness statement: The port should behave exactly as the source program does. This greatly simplifies the testing process.

24. amw-zero Jun 14, 2025 parent

    Are you aware of how many allocations the average program executes in the span of a couple of minutes? Where do you propose all of that memory lives in a way that doesn’t prevent the application from running?
25. amw-zero May 31, 2025 parent

    You can write proofs in TLA+ and many other formalisms. You don’t need to ever use a model checker. The proofs hold for an infinite number of infinite-length executions. We are definitely not limited to finite behaviors.
26. amw-zero May 27, 2025 parent

    > this doesn't replace the lower level page heap storage

    So this is wrong. The heap storage is replaced.

27. amw-zero May 24, 2025 parent

    How do table access methods work with standard PG concepts such as the shared_buffers cache? Is that irrelevant since data is stored in FDB? Also, how do the deployment semantics of FDB affect this. If I remember correctly, you typically run one FDB process per CPU on a machine. How do PG processes map to those?
28. amw-zero May 24, 2025 parent

    > From what I can tell, this doesn't replace the lower level page heap storage, but instead actually provides new implementation of table and indexes

    These seem contradictory. If the data is stored in FoundationDB, then it won't be stored in the filesystem as blocks, right?

29. amw-zero May 12, 2025 parent

    Eh. I like to wing it and call it whatever I like. If the content is good, people will find it.
30. amw-zero May 9, 2025 parent

    You’re confusing statistics with forecasting. We can and should trust statistics. We should just never trust their relation to future behavior.

This user hasn’t submitted anything.