Lean-zip bug exposes formal verification gaps

// 46d agoSECURITY INCIDENT

Lean-zip bug exposes formal verification gaps

Lean-zip, a formally verified zlib implementation in Lean 4, was found to have a heap buffer overflow and DoS vulnerability. The failures stem from unverified components and a critical integer overflow bug in the Lean 4 runtime's memory allocation.

// ANALYSIS

The discovery of vulnerabilities in a "proven correct" program is a sobering reminder that formal verification is only as strong as its specification and the underlying runtime.

–A heap buffer overflow was found in the Lean 4 runtime (TCB), an area typically assumed to be correct by formal proofs
–An archive parser bug caused a DoS due to a specification gap where the parser logic wasn't covered by any theorems
–Fuzzing tools like AFL++ and AddressSanitizer remain essential, even for code with mathematical proofs of correctness
–The incident underscores that "correctness" in formal methods is relative to the model, not the absolute reality of execution

// TAGS

lean-zipleanformal-verificationtestingsafetyreasoningopen-source

DISCOVERED

46d ago

2026-04-14

PUBLISHED

46d ago

2026-04-14

RELEVANCE

8/ 10

AUTHOR

bumbledraven

// KEEP READING

More AI developer news from the feed

EXPLORE FULL FEED

TUTORIAL1m ago

Unstract tutorial covers local setup

This YouTube walkthrough shows how to self-host Unstract, the open-source document extraction platform, with Docker and local model support. It positions the tool as a practical fit for offline and private RAG-style workflows that turn PDFs and other files into structured outputs.

NEWS5m ago

Uber's Claude Code bill tests AI ROI

The video uses Uber’s reported Claude Code spend as a concrete example of the rising tension around agentic coding tools: usage can scale quickly inside engineering teams, but leadership is still struggling to connect that spend to shipped consumer features. It frames Claude Code as genuinely useful, but also as the kind of token-heavy workflow that is easy to adopt and hard to justify when budgets tighten.

RESEARCH8m ago

UserHarness reframes Theory of Mind as user-mind reconstruction

UserHarness is an inference-time framework for Theory-of-Mind tasks that models a user’s partial observations, evolving beliefs, intentions, and actions instead of inferring mental state indirectly. In the paper, the approach is evaluated across five benchmarks and reaches up to 95.94% macro accuracy, with reported gains of more than 15% relative over existing inference methods and about 20% relative over the strongest prompt-only harness.