Designing Predictable LLM-Verifier Systems for Formal Method Guarantee

Posted5d agoActive4d ago

PaulHoule

54 points

11 comments

arxiv.orgResearchstory

informativeneutral

Debate

20/100

Large Language ModelsFormal VerificationAI

Key topics

Large Language Models

Formal Verification

As researchers explore the uncharted territory where large language models (LLMs) meet formal verification, a lively debate unfolds around the potential of combining these two seemingly disparate approaches. Some commenters, like edwardtay, are thrilled by the prospect of harnessing formal verification to tackle LLMs' notorious unreliability, while others, such as XzAeRosho, probe the tricky question of bridging the semantic gap between LLMs' fuzzy logic and formal methods' precise specifications. A deeper dive into the paper reveals that the authors didn't actually use LLMs to write or verify code, prompting brantmv to wonder if the experiments were more simulated than real. The discussion takes a fascinating turn when jaggederest clarifies the meaning of "almost surely" in the context of probability, helping mapontosevenths appreciate the significance of being able to deterministically identify a halting state in code.

Snapshot generated from the HN discussion

Discussion Activity

Light discussion

First comment

Peak period

2-4h

Avg / period

2.8

Comment distribution14 data points

Loading chart...

Based on 14 loaded comments

Key moments

01Story posted
Dec 28, 2025 at 10:02 AM EST
5d ago
Step 01
02First comment
Dec 28, 2025 at 12:16 PM EST
2h after posting
Step 02
03Peak activity
4 comments in 2-4h
Hottest window of the conversation
Step 03
04Latest activity
Dec 29, 2025 at 4:36 PM EST
4d ago
Step 04

Generating AI Summary...

Analyzing up to 500 comments to identify key contributors and discussion patterns

Discussion (11 comments)

Showing 14 comments

edwardtay

5d ago

2 replies

The intersection of LLMs and formal verification is fascinating - it's addressing one of the biggest weaknesses of LLMs (hallucination/unreliability) with one of the most rigorous tools we have.

A few thoughts:

1. What's the performance overhead? Formal verification is computationally expensive. How does this impact the practical usability, especially for real-time or interactive systems?

2. How do you handle the semantic gap? LLMs operate in natural language/fuzzy logic space, while formal methods require precise specifications. What's the translation layer like?

3. Are there domains where this works particularly well vs. poorly? I'm guessing mathematical proofs, code verification, and logic puzzles are good candidates. What about more subjective/creative tasks?

4. How does this compare to other approaches like constrained decoding, chain-of-thought with verification, or tool-augmented LLMs?

5. What's the failure mode? When the verifier rejects LLM output, how do you handle it? Regenerate? Provide feedback to the LLM?

This feels like it could be huge for safety-critical LLM applications. Would love to see this combined with techniques like Constitutional AI or RLHF with formal guarantees.

XzAeRosho

5d ago

1 reply

>2. How do you handle the semantic gap? LLMs operate in natural language/fuzzy logic space, while formal methods require precise specifications. What's the translation layer like?

From what I understood, this validates the output correctness, not that the output aligns with the user goals, so there's still room for the LLM to get the user goals wrong, and this is only to validate the mathematical consistency between the output code and the formal specification (in this paper, within the ESBMC framework for C++ code).

So it's kind of tight scoped, in this case, but I think it points in the right direction for coding assistants, which usually get some language primitives wrong.

homebrewer

5d ago

You're talking to an LLM spambot. Look at his history. Probably best to flag and move on.

westurner

5d ago

> intersection of LLMs and formal verification

/? TLA LLM https://hn.algolia.com/?dateRange=all&page=0&prefix=false&qu... : 1 submission, ~20 comments

"AI will make formal verification go mainstream" (2025-12) https://news.ycombinator.com/item?id=46294574

brantmv

5d ago

1 reply

Maybe I'm wrong, but it looks like the authors did not actually have any LLMs write or verify any code for their experiments. Instead, their experiments consist of simulating the simplified Markov chain model itself. They simulated their simple Markov chain and checked if the theorem's predictions matched empirical statistics. This amounts to a test not of their model, but of basic Markov chain theory.

Did I misread or miss something?

brantmv

5d ago

Also, the mathematical content here is pretty thin. Their main theorem has nothing to do with LLMs directly. It's a theorem about a five-state Markov chain, and the proof follows from standard Markov chain theory.

For those reasons, the grandiose name "LLM-Verifier Convergence Theorem" does not sit well with me.

mapontosevenths

5d ago

2 replies

This line made me pause:

"We prove that for any non-zero stage success probability, the system reaches the verified state almost surely"

What's the point if its still stochastic?

jaggederest

5d ago

1 reply

"almost surely" means "happens with a probability 1", which in infinite set contexts doesn't mean that there aren't other outcomes, but that they have probability 0.

So like, imagine that you had some finite list of integers, and you were picking a random number from 0 to infinity - because the domain is infinite, any finite set has 0 probability, but that doesn't mean it doesn't exist.

https://en.wikipedia.org/wiki/Almost_surely

mapontosevenths

5d ago

1 reply

Thank you. That makes this a pretty big deal doesn't it?

The ability to deterministcly identify that code eventually reaches a halting state, implies that we can use these stochastic tools to generate deterministic outcomes reliably in the future doesn't it?

jaggederest

5d ago

1 reply

Well, reliably but still with a chance of failure - in the same way that you can have a program which is provably correct but can still run into real world issues like being killed, but yes I would say that "almost surely" is a pretty large jump from "more than likely" (50%+1) where I'd say LLM output generally lives these days.

MiniMax42

5d ago

1 reply

> a chance of failure

Well, technically, no chance of failure. The chance of failure is absolute zero. Not close to zero, absolute zero. There will be no failure if the assumptions of the model are correct.

The real catch here is in the assumptions.

How long do you have before you need to have a solution? An hour, a year, a century? Too bad, almost sure convergence only provides a guarantee if you wait an infinite amount of time.

And then there's the question of the probability space you assume. (The sigma algebra.) Which things do you assume to have probability zero from the start and is that realistic?

mapontosevenths

5d ago

> How long do you have before you need to have a solution? An hour, a year, a century? Too bad, almost sure convergence only provides a guarantee if you wait an infinite amount of time.

Thanks for this. I was actually just thinking "this can't actually work, it would mean P vs NP is solved." Of course, this explains why it doesn't mean that.

IanCal

5d ago

Hash collisions are possible but can be provably so rare that they’re not a relevant concern.

werf456

4d ago

Can check out this recent paper doing scalable formal verification of LLMs "BEAVER: An Efficient Deterministic LLM Verifier": https://arxiv.org/abs/2512.05439

View full discussion on Hacker News

ID: 46411539Type: storyLast synced: 12/29/2025, 12:35:26 AM

Want the full context?

Jump to the original sources

Read the primary article or dive into the live Hacker News thread when you're ready.

Open link View on HN