Blog

Here I write about formal methods, low-level and concurrent systems, and anything else I might find interesting.

Series

• Reactive Programming in Lean
  • Intro - transition systems
  • Intro - execution traces
  • Linear Temporal Logic
  • Intro to FRP: Signals
  • Intro to FRP: Events
  • FRP: non-pointwise combinators
• Proving the Coding Interview (Lean 4)
  • Part one - theorem-proving basics
  • Part two - static bounds checks and dependent types
  • Part three - completing the spec with tactic combinators
  • Intermezzo - equality proofs between different Fizzbuzzes
  • Part four - proof-carrying code
• Let's Build a Theorem Prover
  • Part one - decision procedures lifestyle trends
  • Part two - DPLL to CDCL
  • Part three - satisfiability modulo theories
  • Part four - SMT with equality
  • Part five - lazy CDCL(T)
• Proving the Coding Interview (Dafny)
  • Part 1
  • Part 2
  • Part 3

All posts

• FRP in Lean: Stateful combinators, safety, and liveness (May 3, 2026)
• FRP in Lean: Events and LTL.eventually (April 24, 2026) If Signals type to LTL.always, what could type to LTL.eventually?
• FRP in Lean: Reactive Signals and LTL.always (April 17, 2026) So if propositions are types, and LTL are propositions, what programs are well-typed by LTL?
• Reactive Programming in Lean Part 3: Linear Temporal Logic (April 2, 2026) Specifications that move through time
• Reactive Programming in Lean Part 2: Execution traces (March 15, 2026) Recording and reasoning about the states our programs pass through
• Reactive Programming in Lean 4 (February 23, 2026) Extending Lean's dependent type system to reason about reactive programs
• Leaning into the Coding Interview 4: Certified Programming with Proof-Carrying Code (February 9, 2026) Migrating from `List` to `Vector` paid dividends for us being convinced that our Fizzbuzz implementation was correct. Does making our `FB` value type dependent also increase our confidence of correctness?
• Leaning into the Coding Interview: proving equality of different Fuzzbuzzes (January 30, 2026) There are lots of different ways to implement Fizzbuzz but this one is mine - how can we prove different implementations are actually the same, and what does it look like when they're actually not?
• Leaning into the Coding Interview 3: completing our spec with tacticals and metaprogramming (January 19, 2026) Time to actually write our end-to-end specification!
• Leaning Into the Coding Interview 2: static bounds checks and dependent types (January 11, 2026) Pls types? No terms! Only (indexed, dependent) types!
• Leaning Into the Coding Interview: Lean 4 vs Dafny cage-match (January 2, 2026) Is Fizzbuzz easier to write in Lean, or just differently hard?
• An Invitation to Liquid Types: Unifying Type Theory and Model Checking (January 15, 2024)
• Let's Build a Theorem Prover: Lazy and Basic? SAME (January 17, 2023) Implementing the lazy CDCL(T) algorithm with Union-Find for equality reasoning
• Let's Build a Theorem Prover: SMT 2: Not(Eq(urne)) (January 5, 2023) Lazy SMT solving: building an SMT solver with iterative refinement and blocking lemmas
• Let's Build A Theorem Prover: Satisfiability Modulo Theory: Digital Deduction Saga (December 19, 2022) From propositional logic to first-order logic: introducing theories and equality reasoning into SAT solvers
• Let's Build a Theorem Prover: SATvatar 2: the way of solver (December 16, 2022) From Davis-Putnam to DPLL to CDCL: improving SAT solvers with backtracking and conflict-driven clause learning
• Let's Build a Theorem Prover: Decision procedure lifestyle trends (December 7, 2022) The president has ordered all programmers to maximise their automated reasoning with these weird tricks! Logical agents hate this!
• Proving the Coding Interview: verifying the JDK's `Integer.toString()` (May 1, 2022) A faster, but just as correct, nat -> string converter
• Proving the Coding Interview II (April 28, 2022) Integer.toString() 2 furious
• Notes on setting up Ivy in Python 3 (April 17, 2022)
• Proving the Coding Interview (April 17, 2022) Applying interesting research to uninteresting interview problems