From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM
	autolearn=ham autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: f849b,b8d52151b7b306d2
X-Google-Attributes: gidf849b,public
X-Google-Thread: 103376,a00006d3c4735d70
X-Google-Attributes: gid103376,public
X-Google-ArrivalTime: 2004-01-10 18:43:04 PST
Path: 
 archiver1.google.com!news2.google.com!news.maxwell.syr.edu!newsfeed.mathworks.com!wn11feed!worldnet.att.net!199.45.49.37!cyclone1.gnilink.net!spamkiller2.gnilink.net!nwrdny01.gnilink.net.POSTED!0e8a908a!not-for-mail
From: Hyman Rosen <hyrosen@mail.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
 rv:1.6b) Gecko/20031205 Thunderbird/0.4
X-Accept-Language: en-us, en
MIME-Version: 1.0
Newsgroups: comp.arch.embedded,comp.lang.ada
Subject: Re: Certified C compilers for safety-critical embedded systems
References: <3fe00b82.90228601@News.CIS.DFN.DE>
   <5802069.JsgInS3tXa@linux1.krischik.com>
 <1072464162.325936@master.nyc.kbcfp.com>
 <1563361.SfB03k3vvC@linux1.krischik.com>
 <11LvOkBBXw7$EAJw@phaedsys.demon.co.uk> <3ff0687f.528387944@News.CIS.DFN.DE>
 <1086072.fFeiH4ICbz@linux1.krischik.com> <3ff18d4d.603356952@News.CIS.DFN.DE>
 <1731094.1f7Irsyk1h@linux1.krischik.com> <3ff1b8ef.614528516@News.CIS.DFN.DE>
 <3FF1E06D.A351CCB4@yahoo.com> <3ff20cc8.635997032@News.CIS.DFN.DE>
 <bsumbs$k9e$2@a1-hrz.uni-duisburg.de> Organization: LJK Software
 <AttdI2KzFEC2@eisner.encompasserve.org> <K5ydnZZB5rs1BWKi4p2dnA@comcast.com>
In-Reply-To: <K5ydnZZB5rs1BWKi4p2dnA@comcast.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Message-ID: <VK2Mb.2414$Qq.1124@nwrdny01.gnilink.net>
Date: Sun, 11 Jan 2004 02:43:01 GMT
NNTP-Posting-Host: 162.84.196.162
X-Complaints-To: abuse@verizon.net
X-Trace: nwrdny01.gnilink.net 1073788981 162.84.196.162 (Sat,
 10 Jan 2004 21:43:01 EST)
NNTP-Posting-Date: Sat, 10 Jan 2004 21:43:01 EST
Xref: archiver1.google.com comp.arch.embedded:7245 comp.lang.ada:4320
Date: 2004-01-11T02:43:01+00:00
List-Id: <comp.lang.ada>

Robert I. Eachus wrote:
> The Airbus 320 should bury the idea that theorem provers can result in 
> safe software.

It's always been my contention that writing the specifications which you
will then prove that a program obeys is exactly as hard as writing the
program itself.