From: cpp@netcom.com (Robin Rowe)
Subject: Re: Problems with proofs
Date: 1995/04/20
Date: 1995-04-20T00:00:00+00:00 [thread overview]
Message-ID: <cppD7BMEw.2ts@netcom.com> (raw)
In-Reply-To: dewar.798240702@gnat
To: srt@zaphod.csci.unt.edu (Steve Tate)
Sb: Re: What good is halting prob?
Steve,
<< I would guess Robin has not actually had experience in proving
correctness of programs from his comments, since they seem more like
guesses as to what might be involved in the process (if I am wrong
Robin, correct me!) >>
Geez, Steve, I thought you liked me. Time for a refresher on that
Dale Carnegie course?
<< Nope [to that proofs are based on what appears relevant to a
human being to prove], proofs are based on formal specifications of
the task at hand. >>
So, it's not human beings who decide what belongs in the formal
specifications?
By the way, please define the term "formal" as you are using it
here with regard to specifications.
<< This [that there is no proof that the proof is equivalent to the
code] is based on a misconception, a proof of correctness, if is is
any use at all, must have a formal relationship to the code. >>
Please define the term "formal" as you are using it here.
<< Typically assertions in the code are used to guide an actual
proof of the correctness of the actual code. Nothing else is useful.
>>
I'm not clear what you are trying to say here. Are you actually
saying that the only really useful proofs are those expressed in
code? (I think so, too, but this is a radical viewpoint!)
<< Proofs of correctness must be machine verified to be accepted.
>>
Please define the term "verified" as you are using it here.
<< Interfaces to components are part of the axiomatic structure of
proven components, and on one side you prove that a component
properly handles uses that conform to its interface, and on the
other, you prove that the use by a client conforms to this
interface. >>
This sounds reasonable, and what I expected, too. However, I'm told that
valid input parameter ranges are often specified arbitrarily. Invalid
input is the user's (engineer's) lookout. Have I been misinformed? Is it
generally more comprehensive?
<< I have no idea what you mean by random error. >>
Cosmic rays, accidents, etc.
<< [Proofs take into account hardware failure] if the spec includes
this, and they don't if the spec does not. >>
Isn't this a pretty loose way to look at proof? Proving that you
conformed to a (possibly erroneous) specification sounds a lot less
impressive than saying you have a "proof of correctness."
<< I think you have an idea that a program that is proved correct
is guaranteed to work. >>
A mind reader you're not.
<< If you have a 100% track record in implementing code that
exactly conforms to its specifications, wonderful! I think proof of
correctness won't help, but if, like most people, you find that one
of the many weak links on the chain is in incorrect implementation
of specifications, then proof of correctness....>>
Hmmm, I may have to change my mind about the utility of the halting
problem. Implementing code that exactly conforms to its
specifications sounds like the halting problem to me.
Thanks for the feedback. Good points.
Robin
--
-----
Robin Rowe cpp@netcom.com 408-626-6646 Carmel, CA
Rowe Technology C++ Design/Training Email for sample C++ Newsletter!
next prev parent reply other threads:[~1995-04-20 0:00 UTC|newest]
Thread overview: 75+ messages / expand[flat|nested] mbox.gz Atom feed top
1995-03-17 0:24 Should internet support software be written in Ada? Bill Brooks
1995-03-17 8:47 ` Anthony Shipman
1995-03-19 22:06 ` David Weller
1995-03-23 15:05 ` Theodore Dennison
1995-03-24 10:26 ` Fred J. McCall
1995-03-27 9:50 ` Robb Nebbe
1995-03-27 19:43 ` State machines and Goto's (was Re: Should internet support software be written in Ada?) Robert I. Eachus
1995-03-27 23:14 ` Arthur Evans Jr
1995-03-29 0:00 ` Dan
1995-04-01 0:00 ` Mike White
1995-04-04 0:00 ` Robert Dewar
1995-04-06 0:00 ` Theodore Dennison
1995-04-06 0:00 ` Norman H. Cohen
1995-04-07 0:00 ` Tucker Taft
1995-04-07 0:00 ` Robert Dewar
1995-04-07 0:00 ` Mike White
[not found] ` <3ma7rt$smt@kaiwan009.kaiwan.com>
[not found] ` <dewar.797514490@gnat>
[not found] ` <3meunj$66u@felix.seas.gwu.edu>
1995-04-20 0:00 ` CS teachers who can't code their way outta a paper bag Richard A. O'Keefe
1995-03-27 14:24 ` Should internet support software be written in Ada? Theodore Dennison
1995-03-28 0:00 ` Robert Dewar
1995-03-28 9:32 ` Fred J. McCall
1995-03-29 0:00 ` Theodore Dennison
1995-03-29 0:00 ` Robert I. Eachus
1995-03-31 0:00 ` Theodore Dennison
1995-04-05 0:00 ` Wes Groleau
1995-04-07 0:00 ` State machines and Goto's (was Re: Should internet support software be written in Ada?) Wes Groleau
1995-04-07 0:00 ` Robert Firth
[not found] ` <D6qyv0.6Jv@nntpa.cb.att.com>
1995-04-19 0:00 ` Fergus Henderson
1995-04-19 0:00 ` Fred J. McCall
1995-04-19 0:00 ` George Haddad
1995-04-20 0:00 ` State machines and Goto's (was Re: Sho Brian Hanson
1995-04-20 0:00 ` State machines and Goto's (was Re: Should internet support software be written in Ada?) Bill Winn
1995-04-20 0:00 ` Robert Dewar
1995-04-20 0:00 ` Mark A Biggar
1995-03-22 23:08 ` Should internet support software be written in Ada? Keith Thompson
[not found] ` <dewar.798207931@gnat>
[not found] ` <cppD78ywq.B31@netcom.com>
[not found] ` <dewar.798240702@gnat>
1995-04-19 0:00 ` Problems with proofs Brian Harvey
1995-04-19 0:00 ` Robert Dewar
1995-04-20 0:00 ` Robin Rowe [this message]
1995-04-20 0:00 ` Steve Tate
1995-04-20 0:00 ` Apology to Steve Robin Rowe
1995-04-20 0:00 ` Problems with proofs Robert Dewar
1995-04-21 0:00 ` Robin Rowe
1995-04-21 0:00 ` Robert Dewar
1995-04-20 0:00 ` Robert Dewar
1995-04-21 0:00 ` Larry Kahn
1995-04-20 0:00 ` Robin Rowe
[not found] ` <3n1fsv$lgd@butch.lmsc.lockheed.com>
1995-04-20 0:00 ` Robin Rowe
1995-04-20 0:00 ` Garlington KE
[not found] ` <3mrv7h$3mq@larry.rice.edu>
[not found] ` <3msnu4$6am@kaiwan009.kaiwan.com>
[not found] ` <KUBEK.95Apr18213646@insage.gerii.insa-tlse.fr>
[not found] ` <cppD792GC.1uI@netcom.com>
1995-04-20 0:00 ` Teaching OO/C++ Philip Machanick
[not found] ` <dewar.798093453@gnat>
1995-04-20 0:00 ` What good is halting prob? Max Hailperin
[not found] ` <3me1qs$n4a@theopolis.orl.mmc.com>
[not found] ` <3mevmu$8an@felix.seas.gwu.edu>
[not found] ` <3mh75i$8eu@rational.rational.com>
[not found] ` <3mjihr$iqq@felix.seas.gwu.edu>
[not found] ` <3mp20f$80t@kaiwan009.kaiwan.com>
1995-04-20 0:00 ` Academic CS Losers? Phillip Fanous
1995-04-21 0:00 ` Bill Winn
[not found] ` <cppD75t6F.47M@netcom.com>
[not found] ` <EACHUS.95Apr17172831@spectre.mitre.org>
[not found] ` <cppD77Ex6.E77@netcom.com>
[not found] ` <3mve9b$gaj@news.cais.com>
1995-04-18 0:00 ` What good is halting prob? Jay M Martin
1995-04-19 0:00 ` Steve Tate
1995-04-20 0:00 ` Jay M Martin
1995-04-21 0:00 ` Steve Tate
1995-04-21 0:00 ` Ray Toal
[not found] ` <cppD7880n.32B@netcom.com>
1995-04-19 0:00 ` Randolph Crawford
1995-04-19 0:00 ` Robert Dewar
1995-04-20 0:00 ` Robin Rowe
1995-04-20 0:00 ` Robert Dewar
1995-04-20 0:00 ` Robin Rowe
1995-04-21 0:00 ` Brian Hanson
1995-04-21 0:00 ` sxc
[not found] ` <dewar.798172270@gnat>
[not found] ` <cppD786FM.1u9@netcom.com>
1995-04-19 0:00 ` Mark A Biggar
1995-04-19 0:00 ` Richard Ladd Kirkham
1995-04-19 0:00 ` Robert Dewar
1995-04-20 0:00 ` Richard Ladd Kirkham
1995-04-20 0:00 ` Robert Dewar
1995-04-21 0:00 ` Mark A Biggar
[not found] ` <dewar.798207364@gnat>
[not found] ` <cppD78xMv.49w@netcom.com>
1995-04-19 0:00 ` Robb Nebbe
[not found] ` <3n0ka7$b57@hermes.unt.edu>
[not found] ` <dewar.798232482@gnat>
1995-04-19 0:00 ` Mark A Biggar
1995-04-19 0:00 ` Robert Dewar
1995-04-19 0:00 ` Steve Tate
1995-04-21 0:00 ` Robert I. Eachus
1995-04-21 0:00 ` Robert Dewar
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox