From: ncohen@watson.ibm.com (Norman H. Cohen)
Subject: Re: Software Safety (was: Need help with PowerPC/Ada and realtime tasking)
Date: 1996/06/05
Date: 1996-06-05T00:00:00+00:00 [thread overview]
Message-ID: <4p4trk$tc5@watnews1.watson.ibm.com> (raw)
In-Reply-To: DsFM3B.CqB@world.std.com
In article <DsFM3B.CqB@world.std.com>, bobduff@world.std.com (Robert A
Duff) writes:
|> The reason I object to "correct" is that I've seen many cases where
|> people misunderstand the term. Even people who ought to know better.
I agree. About a decade ago, at workshop on formal verification of Ada
programs, I got into a heated argument with David Gries about a useful
definition of correctness. I argued that it was useless to prove a
program conformant to formal specifications unless one had a high degree
of confidence that the specifications expressed the customer's intent.
Gries seemed to have in mind a model whereby the customer presents the
software developer with a contract expressed in the form of formal
specifications; if the software developer conforms to the specifications,
he has fulfilled the contract, even if the customer doesn't get what he
really wanted.
|> I've seen arguments along these lines: "I proved so-and-so program
|> correct. Therefore, it obviously can't have any bugs, or do anything
|> wrong. Therefore, there's no need to test it." A bogus argument, but
|> it's easy to fool people with that sort of argument, because "correct"
|> really does mean "good" or "perfect" in plain English.
And yet there have been studies analyzing the causes of software "errors"
and attributing roughly half of them to mistakes in the specifications!
--
Norman H. Cohen ncohen@watson.ibm.com
next prev parent reply other threads:[~1996-06-05 0:00 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
1996-05-17 0:00 Need help with PowerPC/Ada and realtime tasking Dave Struble
1996-05-18 0:00 ` JP Thornley
1996-05-20 0:00 ` Robert I. Eachus
1996-05-21 0:00 ` Michael Levasseur
1996-05-21 0:00 ` Richard Riehle
1996-05-25 0:00 ` JP Thornley
1996-05-27 0:00 ` Robert Dewar
1996-05-28 0:00 ` JP Thornley
1996-05-29 0:00 ` Ken Garlington
1996-05-29 0:00 ` Robert A Duff
1996-05-30 0:00 ` JP Thornley
1996-05-31 0:00 ` Ken Garlington
1996-06-02 0:00 ` JP Thornley
1996-06-03 0:00 ` Ken Garlington
1996-05-30 0:00 ` Software Safety (was: Need help with PowerPC/Ada and realtime tasking) Ken Garlington
1996-05-30 0:00 ` Robert Dewar
1996-06-02 0:00 ` JP Thornley
1996-06-03 0:00 ` Robert A Duff
1996-06-05 0:00 ` Norman H. Cohen [this message]
1996-06-07 0:00 ` Ken Garlington
1996-06-12 0:00 ` Norman H. Cohen
1996-06-12 0:00 ` Ken Garlington
1996-06-08 0:00 ` Robert Dewar
1996-06-08 0:00 ` Robert A Duff
1996-05-31 0:00 ` Robert A Duff
1996-06-03 0:00 ` Ken Garlington
1996-05-25 0:00 ` Need help with PowerPC/Ada and realtime tasking JP Thornley
1996-05-27 0:00 ` Darren C Davenport
1996-05-30 0:00 ` Ralph E. Crafts
1996-05-31 0:00 ` JP Thornley
1996-06-03 0:00 ` Ken Garlington
1996-05-28 0:00 ` Tasking in safety-critical software (!) (was Re: Need help with PowerPC/Ada and realtime tasking) Kevin F. Quinn
1996-05-28 0:00 ` Need help with PowerPC/Ada and realtime tasking Robert I. Eachus
1996-05-30 0:00 ` JP Thornley
1996-06-03 0:00 ` Ken Garlington
1996-05-28 0:00 ` Robert I. Eachus
1996-05-30 0:00 ` JP Thornley
1996-05-31 0:00 ` Robert I. Eachus
1996-06-03 0:00 ` Ralph Paul
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox