Hashing It Out
Hashing It Out

Episode 44 · 2 years ago

Hashing It Out #44 - Blockstream - Russell O'Connor

ABOUT THIS EPISODE

We bring you another brilliant mind on the show for this episode! Russell O'Connor, developer of Blockstream's Simplicity programming language for Bitcoin, dives deep into formal verification topics. We learn about the language design principles driving Simplicity, how formal verification plays an integral role in making the language suitable for securely automating Bitcoin transactions, and the challenges in creating a smart contract script for Bitcoin. We get a glimpse into the future of blockchain automation, and he elucidates what is being done right and what could be done better in blockchain platforms to place security first in smart contract design.

Links

Now, injury, gnd alkiwor welcome to hashing it out pacast forretalk to the ATTECH intevetors, behind blocked in intrastructure anddecentralized networds. We dive into the weeds to get at Wy and how peoplebuild this technology, the problems they face along the way I'm listeningand learn from the best in the business you can join heir renks woken back. Everybody ashing an out episode of forty four, asalways on your hose stupequire, petty and as always my cohost is her with mecalling cuchet, say: WHATV everybody gone what up everybody calling today'sepisode we're going to get deep, um we're probably going to geek out it'sgoing to be great. Our guess today is Dr Russell Corner, a software develoverat box streen, so Um bit this the just dive into. I I'm excited to see wherethis, where this goes, I don't know exactly what we'll talk about or where.Well what road will take to end up at the end of this pokcast, but I darantiyou're going to have a good time so uh Russell. You want to give us Aquitic,quick introduction as to how you got introducer in the space um where youcame from and what you work on now: H, yeah, so Um eveverybody. Thanks for having me on onyour show here, I I did A. I did some Ghd work and Hpostoc work in formalized, mathematics, that's sort of my academic backgroundand I soi of God interested in Bitcoin and about twenty twelve. I would say I' sort ofalways been vaguely interested, intit money, and so I was excited by thisproject over here and I had this liwl learning experience where I sait ofreimplemented sort of the COR bicing protocol in in higcoll found someissues and stuff like that, and it was a huge learning experience to do thatand then you know after a while, fast forward to about twenty sixteen, Igot tired H by Bockstream and ABLOCKTN mine, working on new new L, newlanguage for block chains, which I call simplicity and e. We have big plans for a formalverification of symphisty and and software withpeltin simpast. That's a great stuct 'cause Um. Lastepisode. We talked with a few people from Cadena who actually referred- you,which is why we ripe reached out to in the first place, and a lot of it wasabout ore, touched on some form of arification and Wywy pact or how packuses it and how it's built. intothe dentist system Um, but I think wewanted to go a little bit further or maybe get a crash course in the conceptof form of Arfication, and you were the guy they immediately ran to. So how do you feel about that? How do I feel about Formoen ECTAPLA sure? How do you feel about themimmediately? Run ING to you, man like talked with emily from Cadina at theStanford blocching conference earleer this year, and- and we had some nicechats about about formal, far odacation. So I've been thinking about this sortof stuff for for a little while, while now so what kind of stuff are you thinkingabout? What's going on with SIPLICITY UM? Is there a formable fication builtinto that? What's the design approach- and I guess we'll start from thatperspective and the work our way back to the kind of detail of like we really want to understand,formaperification a lot deeper, what its limitations are and just basically get like kind of anunderstanding of Um? How does this work like w? What can wedo with it? What are reasonable expectations on this yeah? So we should. We should maybestart with what formal verification it is right and Um. So I was thinking I would define formalvacation is basically using software to verify. Basically, a mathematical,Terem or more generally verify some sort of deduction, whether it's amathematical deduction or a logical directuction or some other dededuction,like a type theory deduction right. So it's really really using the softwareto do uh to basically for development and,more importantly, checking of proofs. So in order to do form formal verification,you really need you can really only verify mathematical, theorems right,and so the first thing you have to do istranslate whatever question you have into an actual mathematical statement...

...and fortaking simplicity as an example.The way we do this is that we give formal sematics to our programminglanguage H in the proof of system that I use Um and and then from there with the formalsematics. You can translate questions about Your Software Anto actualmathematical questions, which you can reason about. Does that make sense yeah it does m. But to to me it seemslike H, that's kind of difficult for me like I, so I m I'm not I'm not amathematician. Okay, I'm a computer scientist at Bachelor's level. Okay,but you know they're programming for almost two decades now Um. But for me it's like h. How do I dothat and how do I know what's right and wrong and like what? What kind ofthings can I do with formal, harification and M in like what are mylimits in whether good use cases? For that? I guess these are all like reallyproad questions, but I don't know how to answer them right now and I was kindof hoping Moyie youcould help well Um. So when you have a piece of software youcan, you generally have invariance, which can be stated as mathematical,theorems right or you have some sort of other mathematical definition of yourobject right. So taking one of the examples that I havein simplicity as one of ours, sort of research, H, aspects of o of developingsimplicity, we have an implementation of of Sha two, fifty six, essentiallythe Shatwothrte six compression function, written in simplicity, nowyou're right, the code for that an SE's, a very low level language- and we cantalk about that more. But it's think of it is kind of like an assembly level,language right. so you write this. You know something that's similar to anassembly program in simplicity and is supposed to be the shatue for the sixcompression function. But you know how do you know that it's actuallycomputing the shatoity six compression function now? The usual answer is toyou run some test cases and that's useful for for getting rid of buds, butyou can't be absolutely certain that you've actually eliminated all the bugsover here and with lock chains. You know ilumn bugs is is is is a veryimportant problem, specifically right, because when you post your your you'R,commit to your program on the block chain, there's really no going back atthat point in time right, so you have to h. You really have to be able to toreason out every possible situation that your program will be in before you, you sort of commit to it on on theblock chain and so Um. So, in order to check thissimplicity program, what we do is we take the specification that was done bythe by some folks at Princeton H, who have a formal verification of the SHAPtwoity six compression function in C, and we take their same specificationthat they used for their C program when they were verifying open, SSL's versionof SHAF two. Fifty six and by using the same specification, we can prove thatour simplicity program, using its formal synatics, has x ts exactly thesame pessification as that their proof for the open, SSL a program does rightso like what open what Chato fifty six is is not exactly a mathematicalstatement, but we do have a mathematical statement written down bythese folks at Princeton, and now we know by combining their proof withtheir work, with open s sl and our work, with with simplicity that whateverfunction, simplicty computes, it's exactly the same function that open SR,lvs, sell computes for its chapter, th six function, Ri ht, and so in this waywe gatting some some a lot of of. We gain a lot of H, belief in the correctness of our our shshafto fifty six program in somplicity. So if I could prabby restate some ofthat backwards in a different, different way, um on a formal verify, something formerlyverified, something or the reason for doing it. So you build a language thatone can can be formerly verified when you make something in it and then youmake something at it in your cace, you made the Shof Atsha Tote, siximpression function. You say well den. I do this right and you said previouslywhat people h t most people do or what the standard is for trying to makesecure things and programming. As you run a suite of tests, that' say: If itdoes this, then it should get this. If it does this, it should get this andthe more you do that the more code coverage you have or test cases you putin the more confidente you have th. The thing that you built does what it'sopposed to do: Um Form of arification. Does that, but does it really make youm run that many tests, you don't you're,not forced to get all allall of the code coverage whut you do typicallyfrom what I understand is you miss ta bunch of invariance like this thingwill always be true, or this thing will always not be true and the form ofvarifire runs through all possibilities M and if it checks out it says yeah itdoes. What it's supposed to do, based...

...on the Abarrance you've given me is.That is that you set way to like a restate. You just told me, yeah, absolutely right so um so testcoverage. You know, let's you excute a few inputs right, so the way form ofarrification works. It doesn't ne, doesn't necessarily test all cases. Itdoesn't need tos, test, all cases we analyze the source code itself to insomething Ge, something that's equivlent to complete code coverageight. You know we do reasoning to cover all cases to show that, on all cases,this function produces some expected behavior, which in this case isproducing the same behavior as open S. S, l does oky awesome for one, that's justawesome the FACTTIV. We can do this Um and I'd imag. My my immediate Um thought process of the implications ofthis. For these E in a blockching space is like you said when you submitsomething to a block chain, and then people interact with it or depend on it,then you need to be pretty damn sure it works the way you think it works, aswe've seen in the terop space and the INTR vesunnilties of notknowing people can take money where they weren't supposed to based on m people, thinking that things workedwhere they should have and they didn't. I think this is just the case acrossall block chains, the more you know and the more confidence you have about whatyou're submitting until latcane the better, because you want the thing towork. The way it's supposed to work, because it's really really hard tochange elsewhere. Is that the main motivation for doing form, AF vocation,at least in the bloc chain, space yeah. I believe that's the case. Ithink this is h. This is one of those cases where, where I think formalvacation garifications really shines Um, it's sort of very expensive to do likethe processes. W is, is really time consuming right. But here we reallyhave the payoffs right, because you cannot, you know you cannot go back andcorrect errors right, there's, no, there's! No good security, upgrademechanism when you have when, when mistakes have been made in software onthe block chain, whereas you know in a lot of other cases, even like, even ifyou're a NASA right, you can still upload patches to your your Mars Roversand stuff like that, and so in some ways this goes beyond. You know the type of situation that evenarrowspaces in in some cases- and I think it's also inportane- to tounderstand that formal vacation doesn't have to be an all or nothingproposition right. So the example I gave here we've had sort of complete umcode coverage for FROR. He Sho twoth six implementation, but there are othersituations where you can sort of get this partial correctness. Ritet youprove some of the invariants, maybe not everything right! Well, you might beable to prove that you know if you're doing some sort of fancy smart contractthat no finds move under, except under some small list of conditions right andthat might not enumerate the entire behavior or right, but can reallyconstrain h and limit the the scope of bugs see. That's that's that's where I thinkit really shines Um. So to me, like you know, when you're developing a largesoftware application, it seems m. It seems anting to want to do that forliterally every everything Um you know, but but to verify the the transactions,for instance, that you're getting out you're putting in kind of match whatyou're getting out. Those are. Those are important Um. Those are importantthings because consistency is just key to a lot of what we're doing so, I'myou know, I'm glad you C do parcels, I'm Kindo surprised, and I brought thisup on the last episode. A CADINA is hat. I haven't seen a lot of thisimplemented injust standard languages, Um, meaning that I could totally seethe situation where a python decorator can force a fora. Harification ofwhatever function is decorating M, and yet I don't see those kind of thingsout there. Maybe they do, but I haven't seen them what has been the barrier to entry forpeople trying to implement this kind of stuff? And whereis this h? Doutus Oll? The research at the moment? Yeah, IT'S A it's! It's a bit of a like. From my point of view. It's it'skind of a mysterious right, but the popular language is a programminglanguagees. We see out there like c python, even rust and stuff like thatUm they don't have formal sonatics right. So without formal sematics, wecan't translate what a program is into a mathemathical statement, Um and and even in those cases where we sortof have partial synantics or something like that right. The semantics forthese languages are incredibly complicated. Right H, I've been looking a little bitinformalizing the C programming language for some other work, relatedto simplicity, that we can talk about and and like there's like giant debates, sort of in the sea community about theprovidence of memory allocations and when you're allowed to dereferencesomething to get a value and when, when...

...it's undefined behavior right, I somesort. Some very fundamentto questions about how he operates is actually notreally well defined by the the sort of informal English specification, andthat makes it really hard to to to move forward on Formo airfetation of ofthese common software programming languages, you say that's a good reasoning, for Iwould almost call the rise of functional programming languages overthe past. A five years is the fact that, because they have, they seem to beeasier to build semantics around, so you could build for ocasion around themas well. Well, I I would like to think that, butI'm not too sure it's actually tro right, even like I'm a big hoscolprogrammer and I have been for a long time right, but high schol doesn't haveformal sematics, even though back in nineteen. Ninety two when itwas being developed, that was one of the goals of the language deelment O,was to have formal senatics Um. But that said, like ML, has sort of sort of informal, formal, synatics sortof a very really detailed sort of mathematical in the sense of writtendown, mathematics, specification of of of standard and l right, and that's oneof the few few programming languages that youmight encounter that actually has formal symmatics. So it's a little bitcloser Um. But I do agree that functional languages are easier toreason about, and that's sort of why simplicity has a sort of functionalsynatics associate with it Um, because when you have a procedural languagelike C or something like that, the state of the art there is is h orcore triples, which is sort of preconditions and post conditions andwith the Lup anvariance Um, and then then reasoning about thesehortripuses a little bit awkward and we co talk about the frame rule and whatmakes it awkward about that where I haven't heard that term sinceformal methods of models in college, like Ting, you just don't think aboutalide of thewr outside of that academic space. These hortrip ve, like I've,done some some some work on it Wen reasonthing, about C programs. Hes Hortriples are very tricky to to reason about 'cause. You have to sort of linethings up properly. The nice thing about functional programming is that ithas sore of these alaws. You do equational reasoningwhere you can just simply take you know your your expression as a functionright find some sort of bit in the Middle Right and you can substituteequals for equals right. So you sort of just massage things like you're doingAlgebra in high school itws a little bit more complicated, but but the butthe the type of o of work is is very similar. There are massage things toget in then right form, and then you do a substitution of something equal tosomething else, and you keep on going back and forth. I massaging like this,and this is this ability to do substitution, foryour reasoning makes a formalvformal reasong about H, functional programming,a lot easier than than procedural programming. In my opinion, forwe before we dive into too manytangents Um tit's going to be very easy to do so. Iwant to try and bring it back to the idea of what does it mean to haveformal vocation on on ikpoint right caus? I think when most people thinkabout this, they think about it in the context of maybe a Theriu, because theyhave the evm. Medium has bi code in which you can then you know reasonabout what it's supposed to do and how it works a so on and so forth. It's Ithink, it's easier to make the analogy of the Computer Um and a machine thatstes asteps. You know stepwisin time, whereas beckone is not so easy to thinkabout that, or that's not the the general idea that I think that themajority ofpeople think about what is form Al Arrification Du Force, for anetwork like bickone and and what could you then Um an is it? Is it different?Does it just make this system that exists now more secure, or does itexpand its possibilities and what it's capable of doing? Well, I mean the question is whetheryou want to talk about big coin as it is today, or maybe some hypotheticalBitcoin, where we can integrate this simplicity, work that I've been doingon or a bicin like side chain Um like a theory of e Bicoin, have sort of madedifferent decisions about global state, ND and transactions andhow they interact with each other right. Basically, Te coin has a global stateright Um, but you can, if we had a more sovisted CATIC mort contract languagethan than what decoin currently offer is right. You can do some veryinteresting things with Ome more contracts through this mechanism calledcovenancs, where you sort of get this where the transactions can propagatelocal state information about what's going on in its corner of the world and that Um an and that's stuff, youcould reason about right. You could formally specify h the big coin scriptlanguage and give it somantics and if it had covedance, we can startreasoning about transactions with Covenante. That H, allow you to propagate state from fromfrom input to outputs Um, and there there's lots lots of things. We coulddo in that space there. Does that...

...answer your question. Yes, I would line it to be moreaeligable to the general audience. Well, actually I I got questions aboutthat, so l, so you're building a language, smart, contracta languagethat H Wul NY. Well, I don't know, is it smart contract? Even a fairstatement here is at a full, fully qualified ors, a just a simple scriptlanguage which allows for automated transactions. The reason I ask t make adifference. Differentiation between that. As that to me, it seems like aGlibal state would actually be a a prerequisite for something to be asmart contract, Um and H. I I don't know enough about how I mean. I knowhow bicoin handles you know, Um, you know utxo and stuff, and you knowreally donome y there's, no there's no little state there, because I'm notreally heavy in the bic coins pace if that make ense, I kind of joined withthetherium Um in two thousand fifteen. Just when I got interested in crypticcurrencies 'cause, I read the White Paper M, the DOICS wike overm, but h.You know if there's no global state like how do you manage just simplecontractuoal, you know asset transfer or something like that.I is this just like an automated transactional language, or is itactually a fully qualified script? Um Sorry Mart contact language, yeah, soUm so somplisity that I'm designing right, Tso, something that could be putinto bicoin or or beqween side chain right, um it it operates on on thi or T F,transactul level over here right. So I sort of think of of of the simplicity, language sort of forms,the atoms of what would great you would create a smart contract language out ofright and then because a smart contract is more than just a single something, asingle script in transaction. It's usually H it. It usually involves amultiple of these. These little SC programs, interacting with each otherthrough a series of transactions right. So I like to think of smart contracts,is a little bit broader, more companyes CCOMPLASSING. Probablyseveral transactions, like you, can think about the lightning network on onVicoin as a smart contract very like fairly Liketi r contract right, but itinvolves you know you have these breach contracts and H, bre n reach conditions-and you have these channel updates and stuff like that, and that some of thetransactions are offchain and some of them are onchane right, but that wholemechanism together encompasses whats what we would call th sort of the smartcontract for for the lightning of protocol. So so bit coin script and Somepistethey sort of operate on on the transaction level. It's sort of like anatom of a of a mare, contract um, but the but someplisty and then maybe somesort of hypothetical extension to to big coin script right what you can dousing this mechanism of covenance? If, if, if we had that to Bi coin, is thatyou can constrain the output to be based to have you can constrain theoutpit script to be something that can be computed from the input script,Datei rite? And so, if you have some propagation, you can propagateinformation like Um. There's a very simple vault covenant that says that H, igives you, the sort of two transactionphase to to release, finds where you first after broadcast something ontothe block chain, where you sort of start the clock on Thi on the vault andthen after say twenty four hours, O haerever you want, then they're allowedto move it on to you know whoever wants to receive those funds and basicallyNus Gro yeahwell. No, it's it's! It's sort of my timelock. I S, sort of likea time. Locked, Vault Right, go! Yo, okay, right y yeah, right, 'cause, H, Ri, it's just right, but it is littlebit ECA right. So you have this one condition where it pays out to theDestination Fund after twenty four hours, and then you have this recoverycondition where you have a recoveryin case. A malicious person is trying tomove your funds. At least you can be notified on the block chain and havetwenty four hours to respond to Ti to recover your funds from unauthorizedaccess. So that's the idea of the vault over there uh, but to implement thevalts right. You need to have this second transaction force, theoutput to only go to the intended recipeent after the twentyfour hour period right and that commitment has to be done in the firstphase right, and so we propagate this state information using a reconismcalled covenants where we forced that the output script of the second one sort of the intermediate transaction isdefined, such that it forces the output script to be some particular value. Iso biuinscip today can't force anything about the outputs right, so it doesn'thave covenance right, but the simplicity language is designed to tosort of give you this covenant feature where you can ask you can actuallyprogram what the outputs of a transaction are allowed to be so, but then that that so like you, Ijust want to kind of boil that down. So what I said was actually accurate. It'snot a fully qualified smart contract...

...language, but it contains a SUBSC, asubset of siegures, which C can enable morecomplex types of transactions from currency to currency. But it can't dothings like organized value, assets or store things like nonfungible tokens.Is that correct? Well I mean you: could you can store this information, I inthe outputs in some sort of pop. You know some sort of format, O data write and it's up to everyone,and you can enforce things like you know this this this Um, this output,this this extra data represents a token and it cannot can or cannot besubdivided and stuff like that. So you could in principle, do the sort of thsort of token programming stuff on top of of the the tendns of transactionmechanis'm, not too sure it would be a good idea right, but it's totallyplausible yeah 'cause, it doesn't sound like availability would be there. Itwould probably B offchange a misunderstanding. What you just said orall thes data would be would be on Chan rat, and you would h just have thisprogram a I iks the output and then y. u you basically restrict the the nextoutputs program to have a coffee of your program right, so this programself prergretuates forever and forcing this covenant that this this particularbit of token, cannot be divided or or or has follow some particular rulesabout where the outputs are allowed to go or or can be destroyed under certainconditions, or something like that. I see what it is. So it's Kindo likechanging the scripting language, Abit Ju, to to be able to handle the logic of validating what aVala transaction is based on these rules and then for allims actions,you're encoding, the inputs and upputs in such a way to store information syea, that's absolutely right! And this and you can do this wiwithout theglobal state. Right. Basically, all t all the information that you need tokeep that that's relevavant for you. You have to keep a copy of it in yourutxo right on then popligate, ed, forad and stuff, like that, and the Nicething about that. I like about the bit coin mechanism, is that it's very reorgsafe right. You know because, because it's only the transactions that arelinked together, it doesn't actually look at the the headers of the blockchain at doesn't have access to that data right. So during a Reorg, it justmeans that you'r the pieces of the puzzle. You know, which are thesetransactions that have to slaught together appropriately still sloughttogether appropriately and what you're doing with your transactions isindependent of. What's going on with other people's transaction, so it makesreasoning a lot simpler. They just follow the chain of ttexsos supposed tothe entire Paren ploctern. Yes, exactly, okay, hy t, the next question about that islike what's th the like. Is it efficient enough? Like you saidlike I, you know you wouldn't do some of these things Iwakin! So like whatwhat's the scope of things, you would like to do with simplicity like say,for instance, these things get passed. We get the UPCERACE, we need so Simye.That's a very interesting question right, it's a little bit unanswered,but if we want to be optimistic, Um have you heard of of of tap root andand mast in the context of of dicoyn mast is fascinating yeah. So, let's,let's talk about that a little bit so mask. Is this mercalized affect Syntextree term that I I I coined a while back and H, and the idea is that when you're, whenyou commit to a block chain program you have to like you have all theseconditions that you're considering and stuff like that. But when it comes to actually executingthe program right, only some of these conditions are going to wind up beingexecuted in whatever particular circumstances. You're in right and theobservation is, is all that code that doesn't get executed can be prumed awayright because it's not excuted, it doesn't have to be revealed, and youcan just sort of reveal the commitment to the branch of that execution, butbecause it's not actually executed, you can sort of just omit that data andthat vastly improves the efficiency right, because not all of the programhas to go on chain. But we can go a little bit further fromthat by realizing that in many smart contracts you have abunch of parties interacting with each other right and you could it's fairlyreasonable to add. You know, as one of your conditions be that if everyone agrees to the state update,you know the next transaction, then we can all just digitally sign the updateand and post it to the block chain and and reveal basically none of theprogram. If there's no dispute and using snor signatures a those thosemultiple signatures can be combined into a single signature on put on chainand using taproot, you can do it in such a way that actually just becomes anormal single signature transaction on on dikcoin RSO. As long as everyoneagrees to what the next update is going to be, then we can just put this:everyone can come together and save some money by signing everything getssmerged together using snor signatures into single single signature and thatone signature goes on chain Um and...

...because we have like you know a youknow: deterministic programming, language right. Everyone knows what theoutcut put outcome of that smart contractids going to be right. Sothere's almost no point in disputing what the outcome is. You just run it oncomputer and you know what it's going to be thre, there's little point indisputing it. So there's a lot of incentive for people to come togetherand save money and sign what the output you know what the next transaction isgoing to be, and then, under this situation, everything isreally efficient right, because everything becomes on change. Just asingle signature. It definitely turns te the idea of theBlachen in Tomoroa. This is a ledsure of truth, where the majority ofthe actual computation is done outside of it. So like right now we're storing a lot in the block, taino what we're doing with the Bacha. This is offloading a lot of that computationinto interesting and efficient Cotography,so that wound actually get stored, is realasiaely small to what you'reactually doing like, for instance, like mercalize abstects in sextries canencode an entire program, but when o gets stored is only the execution path,th t that happens right and then usually that excusing path can beothing right. So we think of this is sort of we treat the the smart contractingsystem or the scripting system as a sort of a jujicuary system, a judgethat will like determine the outcome of your h of your. If you have a dispute,what the outcome will be right, but it's a fully determininistic judgeright, so, even before entering the courtroom of the block chain, everyoneknows what the outcome of the judge is going to be right. 'cause, you can justlook at look ut, the inputs run the judge yourself and look at the outputsright. So everyone has this option to settle out of court where they allmutually sign thin and save a lot of money right and there's no point ingoing through the court, because everyone knows what the outcome isgoing to be. So nobody actually goes through the the judging system right,but it's still as far as e game theories for it'simportant to have that that threat of judgment in place so that Ru, you knowincentivizes everyone to go, settle out of Cork right and you know if things gowell, we'll find out that basically, everyone settles out of court, alwaysright trying to think it feels as though umthe burden of minors gets its trastically increased base on their H, they're going to have to do a lot morevalidating. Is that no the case or this the CELbiger transactions? They could submit it that that work? They don't have todo on and all the come together right and they're like they come together,can make us schnor signature rigtright, the the minors don't even know likewhat's interesting about this. Is that not not even the minorits like nobodyelse knows what the contract was right, because you basically commit amercal route of the program which is hashed up. You don't know what everyoneelse doesn't know what the pre image is other than the participants in in thesmart contract. Right, so you get privacy right, you get H, you get smalldata on the Wak Cain, basically, no data in in the commoncase other than asingle Singature, and- and you get you know the fullability of whatever smart contracting programming lingwuage you have haveunderneath you also have Rodee Billo states, it's fair to say that forninety five percent of what we're doing in a theoryem we're doing it wrong'cause base Oll what you said that e sound sounds sounds like the case thatthat I would agree with that statement. All right, I see I'v, never even doneon me t that that approach and I'm still going to probably have to spendsome time relistning this very episode and doing some personal resec. She kindof Grop my head around Ho an ax e Calin, like what did he just say. I think Icame from this. I came from this discussion with a little bit morebackground information on what these things are. What IV we just say thatmay be a little more context for the technical, but like we're not youeaudience. For. For this conversation, I'm still trying to Grok how the wholesystems put together. So I ge I get the off chain. You know what I don'tunderstand is quite where the judicicery system is, if you alreadysaid something like the there's judiciary system, but it's done M, it'sdone through the court rule, but that court rule is like on chain. I assume Imean there's hot a lot of I. So if that's on chain en there would bepotentially a griefing scenario there, and also there ould be potentially aminor cost. There e Tian issue with this right, right, Nand so like one of the participants could be like. Well, I'm going to loseOl my you know. I've seen the outcome of the judge right, I'm going to loseeverything right, so I'm not going to sign this. I might as well make you payall my fees right, and that is an issue h that that makes this system a littlebit. Imperfect, SOA, big fish, little fish scenario, where a big fish couldjust grief little fish because they can...

...and becauseit's like fuck youasthere,might be ways around it. Right we can post bonds rite and so that, if yousettle out of court, you get your bond back H, and so now the person has some.The griefer has some incentive to to to participate in the in the multisage inorder to get their bond back and whether that is practical or notidepend, on specific applications right. So this isn't necessarily a perfectsituation. Maybe not everyone will always go go off chain right, butthere's there's probably a lot of motivation to Goutgo Offchang and Iwould say that ninety five percent of the Caseis disibee in okay scenario,especially for small transactiont's, like you know it's just not as crucialyou know, don't think. I would like to depend on something like thisnecessarily for larger stuff. More because I'd like to go to the cornerrule every time where the value being exchange is so significant that youknow just let it let it always go through that that quarter rule. Well, Imean there's this. I gait no point I going to the courtorule even for largelarge things. You all know what the eltcome is going to be ecause. You canrun run the the program yourself beforehand right either. This is notbecause we don't have this global state. Dependente like a theorium, has right.Everything depends on localy the information in the transaction right.You know, you know what the outcome is beforehand right. So Ri t you know: Ifyou put up a bond, then you might as well just sign it and get your bondback because y you're. If it goes on chain, it's just going to cost youmoney and everyone else, money too truth, truth yeah, that's a good yeah aand the bondes sufficiently waited. I mean Dosn't even have to be waited that much,but outd always be worth it, especially N.If you're trying to do a lot of transactions very frequently, I meanthis is just something you just want t operate as a given, because you knowthe cost of not ping a good actors so high and and Hen again. That kind oflike brings me into the point of like yeah there's, there's the opsible happypath, but I still see a potential for unhappy paths. Yore and so- and youknow honestly, you mention that you heard our episota Dan Robinson Amy. Hehe kindof saw th a similar thing with a Hash timelock contracts. Just there's alot of potential for m things. We miss things that that could socially makesense and mathematically not make sense. If that makes sense like there's anemocial asbetter, it's osite opposite like we don't have covedante in Bi intoday. Right and everything I'm talking about is a little bit of o speculationand we'll have to see it works out right. But I think there's there's alot of potential here absoltl. I want to Gev back into forl varification ofit, because that's that's also extremely interesting part of this andpart of what makes it kind of work in that. If somebody hands you a contractUm, you would like some guarantee that the contract isn't frickand buggy in one way that assists in that now itwouldn't be a plosist, but only the assist in the auditing process and theability that could confirm that the contract does what it's supposed to domind you. I think there are ways that I could actually kind of ob to scape. Youknow yes, its probably verified, but I didn't- I didn't put this one check inthere, so you didn't know that the D does this one thing, but at at leastatleast says that the stuff that's formarly verified is correct, which is n. What we currently have is,you know, look at the pardihax Um, but Um. You know to get back on the formverrifification side. I think that's really what makes what you're doing atwork go ahead with what you're going to say, yeah like so so we have thesesoftware systems, T do formal verification, right and, and you canwrite a proof and present it to all your your counterpartities. To showthat you know this is the details of what we checked about this contractright, but I must admit that the tools that we have today are maybe notnecessarily adversarily robust against an advirsary right. So the tools thatwe have today are really good for your own information like if you're nottrying to exploit the system right. It's very good for, like H, verifyingthat you have checked all the conditions that you need to check for,for whatever, whatever contract that you're trying to implement right, butas far as convincing everyone, otherwise we're not quite there. Yetthere's a lot of like tricks. You can play with these systems to give anillusion of proving one thing: Well, actually proving another thing Buer,but unfortunately you know formal ifacation, as what wehave today is is is what we have today right and obviously there's going to bemore room for improvement. I oonderstand it's better than what wecurrently have, meaning that Um, for instance. I think you could very easilyformally verify reentrancy right. Yes, lithat's a been a problem like over andover again huge problem. REENTERERTE attacks, okay! Well, you designed itstupid, handedly, put in reincious sea like full abarification preventionthing and whether or not they do in Te farious contract, which has a littlebackdoor built in Um. That's up to an auditor to kind o look at still, butthat's the case we're in now only when...

...you're removing things for the auditorto check we're at least narrowing down the stuff aethink o have em tot arifythat the theorem being proved in your formover nvocation is in fact theoremthat that you think is being proved, and they haven't used like no, thenotation mechanism in in your system to confuse you and make you think you'reproving something else Um yeah so, but I mean so. I said this in one of mypresentations right. You know. Forma overification is the best we can dotoday, and even that might not be not enough right, but it is literally thebest we can do stay. I kindof find like an interesting aspect of this Um is that these systems, these networksthat are trying to implement form of efications the blocking space, arealmost insentavizing the research to be done to improve them right, like what other contexts that are so eAr are as dire as a tremendous amount of money on the line, the blockchannetworks, to the improve the way we use these things, so we can, we can usethem in an adversarial Senex. I feel like that's in a similar way that Ifeel Z. Cash is only created to push the idea of Zeronollege snarks likethis. Is Li e. These networks give you a reason to push the research and opena way. That's never been done before. Is that would you agree with that? I Iagree with that. Like Lok, if you're going to put you know hundred milliondollars into your you'R, no paroty wallet or a Billion Dollars or whateverit is right, you know, maybe you should spend ten thousand dollars to o theeffort of formal verification. I'm not actually convinced that has beennecessarily happening right, but I feel like the motivation should be there you,I would agree the there are ID say over the past year and a half year a year and a halfthe security industry, associall with Lachan, has grown substantially, maybe because it reached a threshold oflegitimacy where real security experts try to saying okay, it's not worth thetime for me to look at these things, so I'll bring my xerts and tooling on thespace and try and make it better, or I mean I supply and demand Yo on. We gott also a certain point where we realize that these things are incredibly buggyand they need a security eye, and so people started you going out for them,because a lot of money was growing. So it's it's a number of factors, but thenationcy of the entire technology means that, like, of course, I's not going tobe ultrosecure because that's not who the people are whose who started it yeah and- and Ifear that some of these languages have been designed in such a way to makethis sort of security analysis an and and formal vegiification, notnecessarily easy, yeah th T. that's definitely true, like Soliity as alanguage is not is not a good language for formal varification. That's whymost of the tools that do it translatit to some etermediate representation. Sothey can then run somantics on it d and Try and prove things right, Isatelingthat I've seen in the ethereum man can handle programs that have no loops inthem right so, which is a fairly big cawviet, and maybe things have gottenbetter over I've gotten better. Okay, it'sits come a long way over just thepast year. Alo I guarantee it, but still it's not it's not where it needsto be and and there's a lot of work trying to move it towards somethingelse. That's easier to do these types of things on, but I'd say a lot of thespace is learning a lot of lessons. Yeah, that's why I think sort of afunctional orranted language like like Simplicityis, is going to be a betterfoundation for moving this forward, but it 'll be a lot cheaper H to do averification, ofasimply siplicity programs and than these other systemsth th, the other side of that coin or th. I guess the counterargument thatsomeone would have for for for the bickquin space is that there's anability to move, and I don't I don't- I'm not trying to makea load of question here, but it's been shown in the past that CCHANGING biconprotocol is very, very difficult precisely because they'll lacke aleadership. I don'tstay it that way. That's that'sa poor way of saying it. Th T desentralized nature of how governanceis done or, however, you want to call it right. Changing the protocol is verydifficult. So how do you see like the movement of these things, in theadoption of what is l e, in my opinion, unarguably if, if efficiencies like, Iadded efficiencies into the protocol, when it's very difficult to change thePoticoso like like, if we were to try to add someplite to to Bicoin, it wouldbe a massive change right, requiring a massive amount of vetting right, and Idon't think it'll happen anytime soon, and this is where the sort of elementside chains h like being developed at UPLOXSTR or Uiht t allows us toexperimentally, run things that are pigs to becoin, whether it's elementsor a liquid network right, and if we we can put some plity in there we're notrisking the whole network, we can vet it. We can find out. You know, problemswith it. We can take our time to release it early and maybe back fillsome of these. This formal verification as we go and we learn right, but I'mI'm actually optimistic that if that all works out well right, we will havea proposal for biccoin that is even...

...more vetted than any of the previouschanges that we've had in the past. It'll take a long time to get thereright, a d to to put in that formal verification, because there's moretoformal verification than justverifying simflisty programs right.We have to verify the implementation of the simplicity interpreter. On theother hand, right 'cause, it's no good to have formal senantics that youverify your programs with to if your interpreter is incorrectly implementedright, because when it comes to the Consensus Code Right, what you havewritten down in your in Your C program for you insure is the real synatics ofyour language, not what you've written down in yourrighter some of thosethings o Natch, then I'm afraid that it's, the C program that is is is theby definition, te correct one rather than maybe what you intended. Iintervered Jj from pers and becoin a long time ago when he first introducedthe idea of big point, and you had quite a few like funny stories about lKe going through Biin core and trying to figure out howthe consente this Engen work and just had. You know like based on h with theimplementation, which was basically the speck. Regardless of what tabl wrotedown, he had to do a lot of funny things just to get it to to be andconsensus with, but the rest of the network. Oh yeah, there there's. There are manyfunny things in Dicoyn and- and it makes me sad- and I guess another point- that Iwanted to ask that as so n, we interviewed Gadina and they talkedabout formof aification like where does the proof live? How does that getpassed around? And how do you know it's it? It's it's! The right thing is it?Is it Tatcan pove outside the Blachen? Do you plan on putting the proof insideof of the Blactin on someway ship perform? Is it passed around in awaythat's trustless and permissionless a oesn't wor it? It would be entirelyooutside of the lochain right so before it comes to verifying your yoursimplicity, programs. That would you pass around between the participantswhich would have to sort of verfaverify that those th those specifications,those formal seciications, are what what they should be and and cover allthe cases that they're supposed to cover and they're not trying to dosomething, or maybe the different participants will independently provethe correctness of the same uh symplisti program. So those those are OMon itselv and nobody else needs to know whether it's the minors or anyoneelse in the system. Nobody needs to know about the details of of the Crticrretits of the program when it comes to the correctness of the simplictyinterpreter right that would be sort of going to get hub pository, alongsidethe living with the code right and part of the build process for building a bigcoine. You would probably optionally but generally want to run the thecrectest Checker to prove that that the the impluntation of your simple seinterpreter or whatever in fact, is inenting the formal synatics. Well, Imean technically if the same code is implemented, mean the hash of thatcoade would say that hey the'se in the same code. Oh then, you need to run yourfuralarification on it. Just like you normally would, and if that passes,then your interpreter at least, is working, the same way that they say that theirsis working. What kind of other flaws we'LD be looking at outside of that Um I mean other than specificationerrors right, Um and what's the fun thing? Is that so the formalspecification of like simplicity, actes, an interface right? We have on one side,we have simplicity, programs that make reference to it when we prove thecorrectness of those simply se programs and the other side of the interface. Wehave this impisti interpreter, which is showing that the C implementationinflumence those formal usnatics of symplisty, but what's interesting aboutInterfaceis that when you merge those things together, the interfacedisappear s right and you get a proof that the C program will execute andprudue. When you pass your simplisting program to this sea interpreter, itwill get the results that you proved about your um of your your results that you provedabout your your program, independent of whether the formal semantics ofSimplicti are are like correct or not right, because it' sort of whatever theformal symnatics of simplicity, are. You know the C program implements itand you've proved your program is crrecteer to respect to it. So, even ifthose that interve had an error in it or sosthing like that, you still getthis guarantee that your program will exeute correctly when interpreted bythe interpreter. So I want to try and rephrase a lot of the conversation wepreveuhy just had M in terms of, I think, H, language that a lot of people mightunderstand based on the current merative going on, and that is Laor twosolutions: Right, Um, the layer, two solution, yo basically have the block chain and then something thatlives on top of it and the ABAPI between them, how they communicate like with the lightning network. The Ais you make a Co. You you make a transaction.It starts off a channel and then you do with the two other people and you do abunch of transactions off chain between the parties involvedin that thing, until they're happy with...

...it with for the state of things youmake another transaction to say this is how we've settled. Seve turned a bunchof transactions with Y, U N W various parties depending on what you're talking about and Anto,basically, two transactions. Now that's called scaling and the way you interact with that isjust standard bick oin transactions. Basically, so you don't need to addanything to pickcoin to make this make this system work. What all of this iswhat we just recently talked about is basically the same thing. You just needa few modifications to the BASLAOR blockchain for that API to workcorrectly, but in the end you have a tremendous amount, more confidence andflexibility on what you do in that layer in the meantime of starting it andending it is that, is that all correct, yeah yeah pretty much? I just would addthat you don't necessarily have to aggregate a series of transactions,hear right. We're we're talking about so any smart contract you could sort ofthink of as as something that connects a second later to to the dicint baselayer, a and by extending the symmatics of the scripting language to supportthings like covenante right. You increase the ability, you increase,what sort of smart contracts you can express, right and and typically you'llsort of be doing some sort of aggregation on the second later right,but it could be even something simpler that just a single transaction thatyou're negotiating Um, but you still sort of you still getback so sort of compression. If you something like mast where you just H,agree on the outcome- and you make you know a single signature- that's that'sadded together with SAR singitures right, so you sort of get thatcompression. Even though you're just talking about a single transaction bythr, you know doing the execution of the smart contracted off chain anddeciding that you're not going to t t that it's just in your your interest todo a single signature rather than enforcing the contract Onchan, which isalways the threat. That's Tair. Does that make sense Oso little little more down in the weeds iskind of where my question is right now m, and this is kind of like tangentialM. it's still informof farification. I we had a conversation wit Cadena, asyou know, which fons this conversation and I'm still have some kind offundamental questions about how formal verification works. Two terms theybrought up. One was the prologue like bullion Um, saddes satisfiability. So s theories. So there's I no PROLUK. Thatwas just something you know you weretnwnolege. You K O t his was athing. I never used it again, but hey you know at least I played with it Um.So I understand that building up AF facts and using that to say whether ornot Um, this statement is ture false right. Iget that they dropped a new term on me and I washoping. Maybe you could get a little deeper into that term for me, and that is a satisfiability Modulotheories, MHM Um. What are this and how do they make this possible that that is really deep in the Look Um?So there's there's a lot of questions about bout sort of. So what what? Whatdoes this? We say that iformal verification is, is a verification ofproof rignt. So these sort of questions get into the heart of you know. What isthat proof? What what type of data makes up of that proof right M andthere are two two sort of opposing, but maybe or two sides of the same coin,possibly of these automated deduction systems versus interactive proof,Assistance Right and in the automated deduction system. What you do is youwrite a theorem and you say to the machine: Try to find a proof for it andyou walk away and you come back, and maybe it says yes, I found a proof oror nor no, I wasn't able to find a proof, or maybe a third case. Yourproof, your therom is wrong. Here is a counter example right right I, but thepoint is that it's once you have wright down the Thero M M, it's entirelyononated right on the other side of the coin. We havethese interactive H, proof assistance where Youe Wright downthe Phero man you're staring at the screen, and it says gold, your therumand you just type in a bunch of Camrans which basically create a logicaldeduction to reduce that goal to another program with you know anothersimpler goal, or maybe it's splitting the goals up an and having severalgoals to solve simultaneously, and you go through this long arjuiush processof of interacting with the the software to dwelf, wor proof and eventuallyelimenate your goal and all your intermediate goals and then you'veproven your your theoram right and you can sort of see how these are are verydifferent. Um Interactions with with formalverification right. So I've done a lot of work with the interactive they're.Improving, not a lot of work with the automated ther, improving and- and it'ssort of true that in principle, these...

...two systems can be h used togetherright. So when you're doing your interactive theor improver, you mightget down to a statement that you know that your automated theory improveransolve right. So you just handed off on aminated their improver to figureout the proof for you, and it comes back and inserts all that data n inyour nyour proof for you and you go on and sort of on the flipside when you'reKryind of use an automated thor improver from what I understand is thatyou get to these points where it says I couldn't figure out how to prove this,and then you sort of have to nannally break up it into sort of little subtheoums that it c can prove and then giving the knowledge of thesesubtherums that it can prove. Maybe it can figure out that main term thatyou're trying to prove right, so there there's so two approaches from thesetwo sides to solving the same problem and and the truth is somewhere in themiddle in in practice. I guess Oh right, so you were talking aboutsatisfiability right, so satifi ability is just one of these powerful automated. If they're,improving, h things right. So the automated thereimproving people are always trying to like increase the scope of what theycan automatically prove in a reasonable. Not of time H and H, and and and if we're lucky th the interacetther onprover people are going to pick up those tools. Hat The automated theirpeople, h figure out for us and use them in applications of interactive ter,improving Soi mean Michael of so. How is it I'msorry? Could you say that again habits it differentiat between the bulliand?I'm not sure if I quite fully got that yet. So what can one do with the othercannot Um. So my vague understanding and I'm far from an expert here- isthat that it allows you to reason to to automatically do deductions undersome sort of equational hypotheses and it's very technical and I'm not anexpert, an Inpollision, Oh o. no PR, that's actually a fair statementlike I mean like I'm, not either I'm trying to explore this stuff andunderstand it Um. Just on I surface level, because I you know, that's notmy field, but I like to know things and Um. You know that was one thing thatstruck me is that they were using a different model and when they describedhow they were proving stuff to me, it was like. Oh, this is very similar too,like you know, you know he sat like it was. It was very much like you know.That is true, but actually then, when I thought about more, it's like it'sactually finding the specific case where it fants an instead of goingthrough all possible branches of of of things in like like fuzzing. Would youknow wouldn't do but, like you know, you know basically exploring allpossible areas and doing a brute force on it. It's actually able to deduceexactly where it fails and t at to me. It's just like yeah, so fascinating andI wantto understand it, but I don't know if it's in my grasp yet- and I washoping that maybe that that would leave me in that direction. I was, I was at aa a very nice talk year or two ago at H, uh, I I forget the names of aconference, some sort of formal verication programing. I es conferenceand they had this uh presentation of a nice system that could actually always it always wouldproduce either a counter example or a proof right and it wway it works isthat it restricted the language, H, sort of the logical language, so itstrips out, you know you're right logic, withuniversal for all quantifiers or Exci for all quantifiers, and they had abunch of restrictions on the language so that you could only kise togethercertain phrases that would be allowed N in this thing right, so the cost was,if be came, very awkward to state your, your, your your theros right B'cause.You had to phrase it in terms of this, this weird language, this restrictedlogical language right, but it had this benefit that it would always succeed,or it would always come up with their counter example, which was very usefulY. They had some applications to consenseus systems and andverifyingraft, and these other consensus systems. Wait. You brought a raft, wait a minute,so I I don't know that to me is like one ofthose things that just is kind of also fastenating to me. Do you have a lot of background, INGconsensus, ecanisms, no and and so o of the simplicity work that I'm doing ison nonsot its mart contracting right, but theof course the same formalverification applies to more than just ha smart contract, the entire saydecoin consensus mechanism can and should be formally defined, and so andand ideally we could reason about the implementation of of the the entire setof consensus fovules for Veron and Cliniin, and so that's something thatkind of like triggers me in another. The direction is that there are broaderimplications to writing. Languages like this Um in the database transactionsthemselves have the same similar seproblems when done that scale, Um and-and I'm not just talking about sequel,...

I'm also talking about just like yourcassandre clusters and stuff like yeah. They can do some consistency, but youknow, and they do checking, but there's this whole vlerification process of howthe code is actually operating. All in those systems can this language applyto other systems than just a blocching. There's some potential here right Imean, but it's definitely the case that simplicity. I is designed with this particularapplication in mind right, so it's not necessarily the most efficient languageright, because we're expecting very small programs tobe executed on on on the watching, because it's such a expensive resourceand the design of simplicity is is, is such that you know it. Doesn't it doesn't know it's sortof cofletely architecture, independent right, it doesn't know anything aboutstandard machine, ingagers or anything like that. So it's a little bit it's alittle bit away from the hardware right, so it's not designd for efficiency, butit's it's a nice language, any anywhere where you sort of want to transportsmall programs across the network Um and be able to uh be able to to be executing thesesmall programs that you come from: untrusted sources right and so t'ssimpes designed for that those situations there. So simplicity hasthis. This very simple static analysis thatyou can do as part of the consensus mechanism. It'll tell you you know onupperbound on how many steps of execution is going to take anduperbound on how much memorit's going to need- and you can do all this aalsis.Even before executing rrightso, that's that's what part of the design ofsimplicity so yeah cover quite a bit sepisode. Is there any there any questions theyve turned to rap up? Are there any questions that you would have liked usto ask you um or something you'd like to to kind of get ofyour chest orsomething to think is important that we didn't get around the sang or do youwant to talk about blockstream and what you guys are up to these days? That'd be great too well yeah, I! So, let's talk about a little bit about howhow symphlusteis coming along right. So we have gethav repository. We have theimplementation, Wes v, implementation of simplicity, an in high school, whichis sort of like language, where you can develop h,symcesy programs and try it out. We have an influencation in the cockproofassistant, which is the interactive proof assistant that I use it has theformal synatics of the IMPLICITI language. We have the proof ofcorrectness of the SHO twoffty six compression function, um in in the high school version. We havean implementation of nor signature, O Verification Right and one of theupcoming steps will be to do a proof of correctness of the snow implementationin t in the cock, their improver. And if currently, we have a a branchwhere we're doing a development of a interpreter. WITTEN NC and the reason why we're implementingget in se is because ACIS very compatible with H With C plus Plaso.It's something that you can fork into bicoin or our liquid or elementsprojects very easily Um and the verifiable c project at Princeton is something that we want to leverageto actually prove that our c interpreter of the simplisty languageis correct right. So we have big plans there of connecting the formal definition of the simplicity,language and cock with the interpreter wreckon and se. Using this verifiable Cproject h from Princeton part of their Verifi verified software, Tel chain, vst, Um and H. Hopefully, we'll get that t seainflarmation tation done soon, we'll first implement it in the elements SAchain, so people can sort of run their own experimental development sit chainand develop and learn about simplicity there. And if we're successful there,hopefully we'll be able to put it into our liquid side chain, which is whichis a real existing bioinside chain, where you can actually transact, Bicoynand other assets, and then we'll have the power ofsimplicity for making these these more contracts on liquid and then further inthe future. Hopefully we can prove that the we prove the simplictyinterpreter is in fact correct and meets. The specification h will be in aposition to take all this H, this use and liquid and formal Verif videsoftware and bring it to the Bicuin people and say how boat we consider anintervation in in in Biccoin, and we have. We have a few tricks of oursleeves that that might bring simplicity to Um to Bak coin a littlebit sooner so, but I'm going to have to leave that as a surprise. For he forlater come on, do do ani. A on e show...

...then come on, give us a little tasteyeah. Well, I'm just saying that you know you might you might see simplicityoperating on Becoyn without having to implement it.Inbicoyn H, sometime in the future, and it's very, very, very early stage, veryterar ans right, very neretical right, but yeah horks out everyhe, saying thatthat that that we could see simplisity oferatingwith with tecin h sooner than than you would youo'ld expect aliat decided tohear that new, slash evaluate how that operates outside of like doing it. Theway you just said you were going to do it. How can people like outside of the theplaces you just messioned to breach out and learn more Um right? So if you we have, we haveour simplicities under the elements RIPO in Getab, SOTSGITHUB, dotcom, lashelements, project, slash simplicity and you can find carcode there. You can reach out to me my email address ourcouner, a blockstreen dot com, if you'remore, if Yo want, have some questions about that and yeah. Actually what I'm reallyinterested? I is that because Simlece to I such a low level language, I wouldlove to get sort of a front end for simplocity that compiles down tosimplicity and the Nice thing about this is that it's not consenseuscritical right. So we could have a multiple different, competing frontansor asimplisity sort of analogous to solidity and t e EBM right. We needsome sort of front end language that compiles down to symplisty. Ideally, wegive it formal semantics and improve that the translation, from whateverhire level language down to Simplesteis, correct, and I would love to get somesort of h. Some people interested in working on that sort of project canjust out F curiosity before we wrap up on. Can you leverage other languagesthat exist like Lll? I said: Is it three? U Rl! I never heard in Eycistit's Jus, okay, yeah three lll is somemediate language like yeah orsomething yeah like. Do you think, that's even possible to just Lebsomething is already out there and have that just compi break down tos. Itmight not be impossible, but simpisty has a lot of restrictions that enablethis ot of static analysis. I, as talking about it, it has nounboundedloops right right. All loops are bounded in somflicity right, which also means that spposed to allthese terminates, which is very sort of Nice fuature to have over here Rigt,but I think supposed to is- is sort of different enough that H, it's useful toto come up with a a brand new intermediate language. So I'd like tosee see what people can come up with Osstani, let's go o and rap it up.Callde. Do you have something you really want to say yeah. I want to givea shot out to uh, so we just e. We just opened a donations section for you know houshing it out. We run thisshow pretty much M. mostly. You know we have some donations and somesponsorships and they pay for they keep the lights on, but we'd like to growthe network obviously Um. This is this is a passion project for pretty mucheverybody involved Um. This is not our full time job, so O Kno. We have A, wehave a donations page set up Hoon. What is that called? It is donate dot, hashing it out dotstream, and we actually got our first donationtoday, while we were on the air, no ls, so Yagunima, who also has his Otas at Ma say, but heactually has his name on on m on our slack and and told us to do this, thathe was going to do this. His name's Michael Newman. He just gave our firstdonation to our donation page and I just want to give a big shatow to himand thank him very much for his patronage M and yeah. I appreciate ifanybody else who who likes what we do, let's put a dollar in a tip jar that'd,be great, that is, donate dot, hashing it out dot stream and it's aleaderboard. So if you donate more than everyone else, Yo'll be at the top ofthe lederboard and you can say you're better than everyone. So that's alwaysgood food H, don't like tshow with the liht buttonshared on Titer, find me at Corpetti, ontiter Callin at TAT, cone Foche ontiter wrestle or ynteter. I am not unal right. Idetity of the email singenearlier and shored us to Friendsshouldhavso, be reallyappreciated and see next time. Thanksforsev thnks.

In-Stream Audio Search

NEW

Search across all episodes within this podcast

Episodes (108)