There is another way formal methods parallel documentation: both are futile unle... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		rixed on April 2, 2025 \| parent \| context \| favorite \| on: Systems Correctness Practices at AWS: Leveraging F... There is another way formal methods parallel documentation: both are futile unless you can prove that the modelized/documented system matches the actual, live one. "This is just a matter of discipline" is not very convincing, especially when the discipline involves long unpaid afterhours. The examples I've seen in this report from AWS are mostly about one-shot events (helping going through important changes). It's good to see formal methods used in these cases of course, but I'd really like to read stories about how sustained use of formal methods helps reclaiming the high costs of the initial investment as the actual system evolves alongside the modelization.

hwayne on April 2, 2025 | [–]

At least in the TLA+ community, the new state-of-art approach is to use the formal model to generate a test suite.

goostavos on April 2, 2025 | | [–]

That is interesting. Link?

gamegoblin on April 2, 2025 | [–]

The part about S3 using lightweight formal methods in their ShardStore rust codebase is ongoing and operates on the system itself, not a model

Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact