Methodologies
Introduction
These methodologies exist to shape how to interrogate design assumptions, not to teach how to exploit or fix them. The methodologies are based on my confrontational thinking and the perspective thru which I evaluate and reject design assumptions. And anyone who has any objections to the methodologies, please present a counter-methodology and I will change it.
Maximal Obligation Method (MOM)
Principle
A design is obligated to remain correct under maximal legal conditions. Correctness is binary.
Assumption
Invariant Admissibility
Only invariants that satisfy all of the following conditions are admissible:
Any invariant violating one or more of these conditions is not recognized as an invariant and is treated as non-existent.
Invariant escape to external layers, subsystems, or implicit discipline is prohibited.
Maximal Conditions
The design is evaluated under all of the following simultaneously:
No reduction, staging, or isolation of conditions is permitted.
Evaluation Rule
1. All admissible invariants must hold under maximal conditions.
2. No invariant may rely on:
Partial correctness is not recognized.
Implicit Assumption Prohibition
The following are forbidden as evaluative foundations:
ABSENCE OF INVARIANT = FAILURE
Failure Rule
1. Any admissible invariant violation results in DESIGN FALSE.
2. Failure is absolute and non-recoverable.
3. No degradation, fallback, or mitigation-dependent correctness is recognized.
Rejection Criteria
A design is rejected if it requires:
Outcome
1. Preserves all admissible invariants under maximal conditions, or
2. Is structurally invalid
3. No intermediate classification exists.
Statement
Correct designs do not rely on conditions. They survive them.
Invariant-First Hypothesis Method (IFHM)
Principle
No hypothesis is formulated prior to declaring the invariants it claims to preserve.
A hypothesis is not an explanation of design — it is a compulsory commitment imposed on it.
Terminology Binding
1. All technical terms used by the hypothesis must be explicitly defined.
2. Each definition must be:
3. Any definition that cannot be directly converted into an invariant is rejected.
Problem Delimitation
1. The hypothesis must explicitly define:
2. A problem is defined only as:
3. Behavioral descriptions without invariants are not recognized.
Invariant Declaration
1. All invariants must be declared before hypothesis formulation.
2. Each invariant must satisfy all of the following:
3. Any invariant that depends on:
Any invalid invariant is treated as non-existent.
Hypothesis Commitment
1. A hypothesis is defined solely as: A set of commitments to preserve the declared invariants.
2. The hypothesis may not introduce implicit or deferred invariants.
3. Any invariant not explicitly declared is considered absent.
Logical Construction
1. Every logical transition within the hypothesis must be: An explicit implication, carry at least one invariant.
2. Any transition that does not propagate an invariant is rejected.
3. Probabilistic or heuristic reasoning is forbidden.
Ownership and Lifetime Modeling
For every object referenced by the hypothesis, the following must be explicitly defined:
Any ownership or lifetime claim not protected by an invariant is considered fictitious.
Failure Boundary Definition
1. The hypothesis must be defined to operate under:
2. Any failure under these conditions results in DESIGN FALSE.
3. Anticipated, justified, or accepted failure is not permitted.
Refutability Commitment
1. The hypothesis must be refutable by a single invariant violation.
2. Any hypothesis that cannot be conclusively falsified is non-scientific.
3. Conditional or partial correctness is not recognized.
Implicit Discipline Prohibition

The hypothesis may not assume:

ABSENCE OF INVARIANT = FAILURE
Statement
A hypothesis that survives this method is either structurally sound or formally eligible for refutation. No third outcome exists.
Post-Validation Refutation Method (PVRM)
Position
This method is applied only after a hypothesis has:
The hypothesis is assumed:
Despite this, it is treated as hostile and disposable.
The objective is not evaluation. The objective is termination.
Core Principle
A hypothesis that cannot be killed after validation is the only hypothesis allowed to exist. Survival under correctness criteria does not imply survivability under adversarial pressure.
Rule 0 — No Correctness Credit
No prior success grants immunity.
No correctness proof is reusable.
No invariant is trusted by default.
All guarantees are considered targets.
Refutation Axes
Definition Erosion Attack
Expose any definition that:
Is technically defined yet non-fatal
Cannot independently enforce an invariant
Collapses under adversarial reinterpretation
A definition that cannot kill a scenario is decorative.
Problem Irrelevance Proof
Demonstrate that the hypothesis: Does not actually resolve the declared problem
Solves a narrower or different problem
Preserves invariants while the real failure persists
Correctness without relevance is structural fraud.
Outcome Instability Attack
Prove that the hypothesis' result: Changes across legal scenarios
Diverges under alternative yet valid executions
Produces incompatible conclusions without invariant violation
A result that is not stable is not real.
Inferential Gap Execution
Identify any transition that: Is not a strict logical implication
2. Transfers no invariant
Relies on intuition, symmetry, or "obviousness"
Any non-invariant-carrying step is an execution gap. Execution gaps are fatal.
External Assumption Injection
Force the hypothesis to operate under: Adversarial schedulers
Hostile memory models
Uncooperative subsystems
If survival requires environmental goodwill, the hypothesis is invalid.
Legal Violation Reframing
1. Transform a previously illegal or "attack" path into a: Fully legal execution
2. Specification-compliant behavior
3. Valid system state
If violation becomes legal, protection never existed.
Ownership & Lifetime Conflict Exposure
1. Demonstrate contradictions in: Ownership claims
2. Lifetime responsibility
3. Transfer, revocation, or reuse semantics
4. Refcount mutation or reclaim authority
Any ownership not enforced by invariant is imaginary.
Over-Specification Collapse
1. Show that correctness holds only because: The world is constrained beyond necessity
2. Legitimate behaviors are excluded
3. The design survives by shrinking reality
Over-constraint is not safety. It is avoidance.
Invariant Non-Interaction Attack
1. Prove that invariants: Do not compose
2. Overlap without covering new surface
3. Leave gaps between protections
Isolated invariants do not form a system.
Adversarial Composition Attack
1. Compose the hypothesis with: Another valid hypothesis
2. A correct subsystem
3. A higher-level abstraction
If correctness collapses under composition, it was local fiction.
Termination Rule
1. Any single successful refutation axis results in: HYPOTHESIS TERMINATED
2. No degradation.
3. No partial failure.
4. No mitigation credit.
Prohibited Defenses
Out-of-scope is not a defense. It is an admission.
Outcome
1. Structurally unkillable under adversarial execution, or
2. Conclusively dead
There is no survival by explanation.
Final Statement
Validation proves correctness. Refutation proves reality. A hypothesis that survives correctness but dies here was never safe — only polite.
Existential Design Review Method (EDRM)
Position
1. This method is invoked only after a hypothesis has:
2. EDRM is not a refutation method.
3. It does not challenge correctness.
4. It challenges design legitimacy.
Core Principle
Correctness does not justify existence. A design may be: correct, invariant‑preserving, refutation‑resistant, and still be unacceptable under an adversarial model.
Scope
1. The unit of evaluation is the design itself.
2. Not bugs.
3. Not hypotheses.
4. Not exploits.
5. The question is existential, not technical.
Evaluation Rules
Necessity Rule
1. A design must be strictly necessary to solve the stated problem.
2. If the problem can be solved by: a simpler model, reduced authority, eliminated shared ownership, weaker abstractions, then the design is existentially unjustified.
Structural Cost Rule
1. The following are treated as existential cost: number of critical invariants, ownership boundaries, lifetime transitions, cross‑context dependencies.
2. Unnecessary structural cost is treated as future failure debt.
3. Complexity without necessity is grounds for rejection.
Defense Dependency Rule
1. A design is illegitimate if its correctness depends on: mitigations, hardening, operational discipline, continuous defensive enforcement.
2. Security that must be maintained is not security.
Adversarial Amplification Rule
1. A design is rejected if it: increases attacker payoff, amplifies interleaving value, raises the strategic return of exploitation, creates incentives for adversarial behavior.
2. Designs must reduce, not enrich, adversarial opportunity.
Historical Convergence Rule
1. A design is illegitimate if it: reproduces known historical failure patterns, converges with past architectural catastrophes, reintroduces previously invalidated design classes.
2. Correct repetition of failure is still failure.
Cognitive Load Rule
1. A design is rejected if safe operation requires: sustained human vigilance, non‑local reasoning, undocumented constraints, perfect adherence by developers or operators.
2. Humans are not invariants.
Replaceability Rule
1. If a design can be: removed, replaced by a simpler construct, or reduced in power without losing essential functionality, then its existence is not justified.
Outcome
1. EDRM produces no: CVE, exploit, mitigation, patch recommendation.
2. It produces a single judgment: DESIGN LEGITIMACY REVOKED or DESIGN LEGITIMACY TOLERATED.
Final Statement
Refutation proves incorrectness.
EDRM addresses accountability.
A design that survives refutation but fails legitimacy
should not exist.