From: Optikos <optikos@verizon.net>
Subject: Re: Intervention needed?
Date: Mon, 1 Apr 2019 08:13:57 -0700 (PDT)
Date: 2019-04-01T08:13:57-07:00 [thread overview]
Message-ID: <a29feba5-ea18-4661-82fc-a88b99dbd5ab@googlegroups.com> (raw)
In-Reply-To: <q7kljf$1t2m$1@gioia.aioe.org>
On Friday, March 29, 2019 at 4:39:13 AM UTC-4, Dmitry A. Kazakov wrote:
> On 2019-03-29 07:57, Maciej Sobczak wrote:
>
> > But I have read about ideas that even formal reasoning could exist in forms that trade efficiency against correctness. Think of it as an analog of, say, image processing algorithms, which also can trade speed against resolution.
>
> Each such reasoning, e.g. fuzzy or probabilistic inference can be
> reduced to a crisp reasoning about imprecise statements. E.g. a proof
> that the probability of E is greater than X.
>
> > So you could have your program and various (continuous?) ways of choosing between fast and exact and maybe your particular program is so complex that exact reasoning would take more than a lifetime, whereas a reasonably high level of confidence (but <100%) could be achieved in a timeframe that is acceptable for you and your customer.
>
> No, you cannot. You can prove weaker propositions but that is not same.
> There is no continuum of proofs. There might be some of propositions
> depending on the nature of things they state, in some few cases...
>
> > What would you do?
> >
> > Today you just ditch formal methods whatsoever and go on with laborious testing. As if that was any wiser.
>
> Right, but it is not a question of half-proofs about the same thing.
> IMO, the solution is proofs about things that can be proved leaving
> intractable issues aside.
>
> I always wished SPARK integrated into Ada allowing the programmer to
> choose what to prove at the programming unit level without limiting the
> language.
>
> This especially applies to pointers. Leave them alone! There is no need
> in accessibility checks or any limitations and ownership schemes. Just
> give exception contracts and let me prove no Constraint_Error
> propagating. Job done.
Dmitry, I agree with nearly everything in reply to Maciej Sobczak on this thread—perhaps everything, depending on your answer to the following. One clarifying question that I have is: how would you “prove no Constraint_Error propagating”? At run-time or at compile-time or at engineering-time using tools other than the compiler?
If at compile-time or at engineering-time using tools other than the compiler, then that is the solution that ATS2 and ATS3 are pursuing, where ATS's type views are rough analogues of what you are calling exception contracts here.
Paul Rubin, again thank you for the ATS tip. It is almost precisely what I have been looking for. I've been having a blast learning ATS2 (and trying to discern what is emerging in the ATS3 under development). SML meh. Haskell: meh. OCaml: better but still meh. MetaCaml: fascinating but still meh. Coq not tightly integrated into OCaml: meh. ATS2+ATS/LF now that is more like what I had in mind: rather smooth integration of multi-paradigm dynamic programming language with VDM-esque/Z-esque (zed) stepwise refinement with theorem prover with pointer correctness via type views.
> >> But human reasoning is nowhere stochastic.
> >
> > Paul asked for machine verification, so the limitations of human reasoning need not bother us.
> >
> >> BTW, a digital system has an advantage that you can (theoretically)
> >> ensure some states never entered.
> >
> > But I'm not talking about system states, but about our confidence that a given state will be achieved or not. States can be discrete, but confidence (and therefore so called "certification credit") might have a continuous measure.
>
> That measure is useless as it does not apply to the system in question.
> This by the way is the MAJOR flaw of certification procedures. The
> measure (confidence factor) applies to the *certifier*. It tells how
> much you managed to hide system faults from him.
Amen. Certification of the people obfuscating software flaws, not certification of the software, is what most certifications arrive at in the end. Bless their heart, their goals were almost correct, but without the (semi-automated!) formal mathematical proofs at the foundation of the process, quality certification is a fool's errand of people looking good, instead of making the software actually defect free.
> > Of course, we don't yet have the formal methods with such capability, but maybe the methods we have now are not fit for what we are trying to do with them anyway.
>
> There is a mountain of papers regarding confidence factors and their
> application. The only problem in connection to software design is that
> they are a measure of confidence in what you think rather than in what
> actually is.
>
> --
> Regards,
> Dmitry A. Kazakov
> http://www.dmitry-kazakov.de
next prev parent reply other threads:[~2019-04-01 15:13 UTC|newest]
Thread overview: 146+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-08 16:43 Intervention needed? Olivier Henley
2019-03-08 16:58 ` Dmitry A. Kazakov
2019-03-08 17:31 ` gautier_niouzes
2019-03-11 14:31 ` antispam
2019-03-11 15:07 ` gautier_niouzes
2019-03-11 17:19 ` Dmitry A. Kazakov
2019-03-11 15:34 ` Lucretia
2019-03-11 17:30 ` Simon Wright
2019-03-11 17:42 ` Dmitry A. Kazakov
2019-03-11 18:14 ` AdaMagica
2019-03-11 19:52 ` Olivier Henley
2019-03-11 20:04 ` Lucretia
2019-03-11 22:08 ` Jeffrey R. Carter
2019-03-12 2:04 ` Lucretia
2019-03-12 13:17 ` Olivier Henley
2019-03-12 16:32 ` Jeffrey R. Carter
2019-03-12 16:56 ` Lucretia
2019-03-12 17:20 ` Lucretia
2019-03-12 18:14 ` Olivier Henley
2019-03-12 19:21 ` Lucretia
2019-03-12 21:53 ` Randy Brukardt
2019-03-13 10:50 ` Jere
2019-03-17 12:52 ` Optikos
2019-03-17 16:37 ` Luke A. Guest
2019-03-17 16:48 ` Paul Rubin
2019-03-20 0:49 ` Optikos
2019-03-20 1:04 ` Paul Rubin
2019-03-20 1:19 ` Optikos
2019-03-18 23:36 ` Randy Brukardt
2019-03-19 2:18 ` Optikos
2019-03-19 8:44 ` Dmitry A. Kazakov
2019-03-19 9:53 ` Optikos
2019-03-19 22:13 ` Randy Brukardt
2019-03-19 22:26 ` Paul Rubin
2019-03-20 1:08 ` Jere
2019-03-22 2:26 ` Randy Brukardt
2019-03-23 15:56 ` Jeffrey R. Carter
2019-03-23 21:38 ` Paul Rubin
2019-03-19 22:36 ` Optikos
2019-03-19 23:13 ` Randy Brukardt
2019-03-20 1:28 ` Jere
2019-03-20 8:42 ` Dmitry A. Kazakov
2019-03-22 2:00 ` Randy Brukardt
2019-03-22 11:10 ` Jere
2019-03-23 8:03 ` Randy Brukardt
2019-03-23 21:32 ` Jere
2019-03-20 7:59 ` Optikos
2019-03-22 2:16 ` Randy Brukardt
2019-03-22 8:38 ` Optikos
2019-03-22 10:54 ` Jere
2019-03-23 7:53 ` Randy Brukardt
2019-03-23 13:59 ` Jere
2019-03-23 21:19 ` Jere
2019-03-23 21:29 ` Paul Rubin
2019-03-26 8:09 ` Optikos
2019-03-20 1:20 ` Jere
2019-03-22 2:30 ` Randy Brukardt
2019-03-22 9:08 ` Dmitry A. Kazakov
2019-03-22 22:23 ` Optikos
2019-03-27 19:20 ` G. B.
2019-03-27 21:02 ` Paul Rubin
2019-03-28 7:01 ` Maciej Sobczak
2019-03-28 7:17 ` Paul Rubin
2019-03-28 8:39 ` Simon Wright
2019-03-30 4:31 ` Paul Rubin
2019-03-30 22:14 ` Robert A Duff
2019-03-30 22:55 ` Paul Rubin
2019-03-28 9:06 ` Dmitry A. Kazakov
2019-03-28 20:48 ` G. B.
2019-03-29 5:13 ` Bojan Bozovic
2019-03-29 8:13 ` Dmitry A. Kazakov
2019-03-29 6:57 ` Maciej Sobczak
2019-03-29 7:13 ` Paul Rubin
2019-03-29 8:39 ` Dmitry A. Kazakov
2019-04-01 15:13 ` Optikos [this message]
2019-04-01 16:51 ` Dmitry A. Kazakov
2019-04-01 21:42 ` Randy Brukardt
2019-04-02 8:30 ` Dmitry A. Kazakov
2019-04-02 15:53 ` Anh Vo
2019-03-19 22:04 ` Randy Brukardt
2019-03-19 22:22 ` Paul Rubin
2019-03-19 23:01 ` Randy Brukardt
2019-03-19 9:37 ` Optikos
2019-03-19 22:21 ` Randy Brukardt
2019-03-29 17:56 ` Florian Weimer
2019-03-29 22:17 ` Randy Brukardt
2019-03-29 22:35 ` Florian Weimer
2019-04-01 21:17 ` Randy Brukardt
2019-03-29 17:41 ` Florian Weimer
2019-03-29 22:16 ` Randy Brukardt
2019-03-29 22:43 ` Florian Weimer
2019-04-01 21:29 ` Randy Brukardt
2019-04-01 22:14 ` Simon Wright
2019-04-02 21:55 ` Randy Brukardt
2019-04-04 15:07 ` Simon Wright
2019-03-12 21:41 ` Randy Brukardt
2019-03-13 9:10 ` Maciej Sobczak
2019-03-13 11:08 ` Jere
2019-03-13 11:11 ` Jere
2019-03-13 11:59 ` Jere
2019-03-13 13:44 ` Olivier Henley
2019-03-13 15:56 ` Simon Wright
2019-03-13 16:25 ` Olivier Henley
2019-03-14 0:40 ` Simon Wright
2019-03-13 16:27 ` Olivier Henley
2019-03-14 22:41 ` Randy Brukardt
2019-03-16 21:30 ` Olivier Henley
2019-03-29 17:38 ` Florian Weimer
2019-03-13 13:23 ` Olivier Henley
2019-03-22 11:10 ` Lucretia
2019-03-22 14:09 ` J-P. Rosen
2019-03-22 16:41 ` Jeffrey R. Carter
2019-03-22 17:29 ` Paul Rubin
2019-03-22 22:36 ` Optikos
2019-04-01 7:28 ` gautier_niouzes
-- strict thread matches above, loose matches on Subject: below --
2019-03-25 19:14 Randy Brukardt
2019-03-25 20:44 ` Dmitry A. Kazakov
2019-03-28 0:48 ` Jere
2019-04-02 22:07 Randy Brukardt
2019-04-03 7:29 ` Dmitry A. Kazakov
2019-04-03 14:31 ` Optikos
2019-04-03 14:54 ` Dmitry A. Kazakov
2019-04-03 15:29 ` Optikos
2019-04-03 16:16 ` Simon Wright
2019-04-03 17:15 ` Dmitry A. Kazakov
2019-04-03 21:12 ` Simon Wright
2019-04-04 7:09 ` Dmitry A. Kazakov
2019-04-04 5:44 ` Maciej Sobczak
2019-04-04 7:17 ` Dmitry A. Kazakov
2019-04-04 7:22 ` Paul Rubin
2019-04-04 8:37 ` Niklas Holsti
2019-04-05 0:13 ` Randy Brukardt
2019-04-05 5:45 ` Maciej Sobczak
2019-04-05 15:17 ` Optikos
2019-04-06 1:38 ` Jere
2019-04-06 4:25 ` alby.gamper
2019-04-06 6:49 ` Jere
2019-04-06 8:24 ` alby.gamper
2019-04-04 12:28 ` Simon Wright
2019-04-04 16:17 ` Optikos
2019-04-03 15:07 ` Lucretia
2019-04-03 16:15 ` Simon Wright
2019-04-03 17:23 ` Niklas Holsti
2019-04-03 17:48 ` Bill Findlay
2019-04-03 21:01 ` Simon Wright
2019-04-03 18:58 ` Dennis Lee Bieber
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox