From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=0.2 required=5.0 tests=BAYES_00,INVALID_MSGID,
	REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 103376,14f7200925acb579
X-Google-Attributes: gid103376,public
From: Florian Weimer <fw@deneb.cygnus.argh.org>
Subject: Re: No Go To's Forever!
Date: 2000/04/21
Message-ID: <87wvlshudn.fsf@deneb.cygnus.argh.org>#1/1
X-Deja-AN: 613852760
References: <8bbsc6$aes$1@nnrp1.deja.com>
 <HRkC4.1999$U95.38761@news.pacbell.net> <8bdbof$t19$1@nnrp1.deja.com>
 <38E1F6D5.8303903C@dowie-cs.demon.co.uk>
 <874s9p7jwi.fsf@deneb.cygnus.argh.org> <8bu48a$3tt$1@nnrp1.deja.com>
Mail-Copies-To: never
Content-Type: text/plain; charset=us-ascii
X-Complaints-To: abuse@cygnus.argh.org
X-Trace: deneb.cygnus.argh.org 956296436 3835 192.168.1.2 (21 Apr 2000
 05:53:56 GMT)
Organization: Penguin on board
User-Agent: Gnus/5.0805 (Gnus v5.8.5) Emacs/20.6
Mime-Version: 1.0
Reply-To: Florian Weimer <fw-usenet@deneb.cygnus.argh.org>
NNTP-Posting-Date: 21 Apr 2000 05:53:56 GMT
Newsgroups: comp.lang.ada
Date: 2000-04-21T05:53:56+00:00
List-Id: <comp.lang.ada>

Robert Dewar <robert_dewar@my-deja.com> writes:

> >Why should it have changed, BTW?
> 
> Becauswe proof of correctness techniques have improved!

Well, I thought that "unprovable" and "difficult to prove" mean
different things.  But you are the native speaker, and I won't argue
with you. ;)

> > and neither is the algorithm description, they are more
> > substantial than the "formal" proofs which I've seen at the
> > local CS department.
> 
> I have no idea what substantial means in this respect, 

The "formal" proofs I was shown had severe gaps, which could have been
filled, but doing so would have made them incomprehensible (at least
for me, the only thing which I could do with such proofs is checking
step by step whether they are valid, but I'm sure I couldn't learn
anything about proof techniques or the structure of the underlying
problem from them).

> > (i.e. proofs whose formalization is easy, but tedious work,
> > and which would result in proofs nobody could understand).
> 
> It is not really important if a human can understand a proof,
> if all proof obligations have been satisfied algorithmicly
> using a verifier.

That's the point.  I didn't know that such tools are available.  If
you use them, formal proofs suddenly make much more sense.