From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-0.3 required=5.0 tests=BAYES_00,
	REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4
X-Google-Thread: a07f3367d7,23c0de5a42cf667e
X-Google-Attributes: gida07f3367d7,public,usenet
X-Google-NewGroupId: yes
X-Google-Language: ENGLISH,ASCII
Path: 
 g2news2.google.com!news4.google.com!feeder.news-service.com!feeder.erje.net!news2.arglkargh.de!noris.net!newsfeed.arcor.de!newsspool1.arcor-online.net!news.arcor.de.POSTED!not-for-mail
From: "Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de>
Subject: Re: GNAT packages in Linux distributions
Newsgroups: comp.lang.ada
User-Agent: 40tude_Dialog/2.0.15.1
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
Reply-To: mailbox@dmitry-kazakov.de
Organization: cbb software GmbH
References: <j5e1x31qvn1b$.11ywrjmshtauz$.dlg@40tude.net>
 <87mxw9x7no.fsf@ludovic-brenta.org>
 <t8liq7w6ffnm$.19yq5hkq6tdto$.dlg@40tude.net> <op.vcgi9oqzule2fv@garhos>
 <w1q9e75h9kzi.4p81vh3kannn$.dlg@40tude.net> <op.vch6dsqmxmjfy8@garhos>
 <16bz9kvbqa8y9$.155ntpwpwl29d.dlg@40tude.net>
 <4be97bea$0$2966$ba4acef3@reader.news.orange.fr> <op.vcjtnsp5xmjfy8@garhos>
 <quqkqeas8pu2$.1w5pelct29juv.dlg@40tude.net>
 <Pine.LNX.4.64.1005121017020.21749@medsec1.medien.uni-weimar.de>
Date: Wed, 12 May 2010 17:37:44 +0200
Message-ID: <1p87qdlnjbufg.127laayhrw9x3$.dlg@40tude.net>
NNTP-Posting-Date: 12 May 2010 17:37:40 CEST
NNTP-Posting-Host: dc4bb90c.newsspool1.arcor-online.net
X-Trace: 
 DXC=[?O`gDP0j58lIh70@<QIE7ic==]BZ:af>4Fo<]lROoR1<`=YMgDjhg2fcXS1NNXb[:[6LHn;2LCV>[<mhadbfdU;?7_1kYR6bb=jWVI634:Bj8
X-Complaints-To: usenet-abuse@arcor.de
Xref: g2news2.google.com comp.lang.ada:11555
Date: 2010-05-12T17:37:40+02:00
List-Id: <comp.lang.ada>

On Wed, 12 May 2010 10:41:03 +0200, stefan-lucks@see-the.signature wrote:

> On Tue, 11 May 2010, Dmitry A. Kazakov wrote:
> 
>> On Tue, 11 May 2010 18:05:42 +0200, Yannick Duch�ne (Hibou57) wrote:
>> 
>>> While they can be compared in some way, there is indeed a big difference :  
>>> Eiffel is runtime oriented, SPARK is static analysis oriented.
>> 
>> A proof of correctness cannot be run-time. Incorrectness need no proof.
> 
> Actually, there is a difference between partial and total correctness. A 
> program is partially correct, if it produces the correct result in the 
> case it produces any result. A partially correct program may run 
> infinitely or abort with an  exception, but when it does 
> neither, you get the specified result. A totally correct program is 
> partially correct *and* terminates in finite time *and* doesn't abort with 
> an unhandled exception. So Eiffel programs seen to be partially correct, 
> but lack any proof of total correctness. Which is OK for some 
> applications. I would expect the autopilot of an airplane to be totally 
> correct -- partial correctness wouldn't be too helpful. But there are 
> plenty of applications, where a partially correct program would be a huge 
> improvement over all the software we are currently using ... 

Any program is partially correct, if otherwise has not been observed. I
fail to see how Eiffel is different from C or Assembler in that respect.

The point is that run-time checks contribute nothing to correctness either
partial or not. Because a partially incorrect program remains partially
incorrect independently on whether you check that or not: SPARK makes
*some* incorrect programs invalid. Eiffel does not. That is the difference.

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de