Local Reasoning for Global Properties
The article discusses how local reasoning—focusing on individual components or small parts of a system—can be used to verify or ensure global properties like correctness, security, or consistency. It explores techniques and formal methods that allow developers to deduce system-wide guarantees from localized checks, aiming to make complex systems more tractable to reason about.
Background
- The article explores a central challenge in software: code is written line-by-line ("local reasoning"), but correctness often depends on system-wide properties like security or concurrency safety ("global properties").
- "Local reasoning" lets you understand a function in isolation. "Global properties" only emerge from how many parts interact — e.g., "no two users see inconsistent data."
- If a system isn't "compositional," fixing a bug in one place can silently break something far away, making large systems fragile.
- Most mainstream languages (C, Java, Python) are weak at local reasoning for global properties because they allow arbitrary side effects and shared mutable state. Rust and Haskell are discussed as counterexamples — Rust via its ownership system, Haskell via purity and monads.
- For developers, this means language choice directly determines how much system correctness you can verify by reading one file versus needing the whole system in your head.