From: Phil Clayton <phil.clayton@lineone.net>
Subject: Re: Float conversion
Date: Thu, 5 Aug 2010 03:20:40 -0700 (PDT)
Date: 2010-08-05T03:20:40-07:00 [thread overview]
Message-ID: <fddce0c9-cc33-41e7-a289-c9729b124328@t2g2000yqe.googlegroups.com> (raw)
In-Reply-To: 82pqxyu9bw.fsf@stephe-leake.org
On Aug 4, 8:26 am, Stephen Leake <stephen_le...@stephe-leake.org>
wrote:
> >> > Where does the original justification go wrong? Well, when talking
> >> > about 'the smallest' there is an implicit assumption being made that
> >> > it is unique. The justification never considers the case when A or B
> >> > is the non-unique smallest.
>
> >> And the same error could be made in a formal specification. "formal"
> >> does _not_ mean "complete"!
>
> > Although I said "formal methods", I use this example to motivate
> > formal verification, not formal specification. Any specification,
> > formal or not, can be a load of rubbish!
>
> What are you verifying, if not a specification?
>
> If the specification is rubbish, what is the point of verifying it?
Well, in practice, you would hope that if someone knew a specification
was wrong/incomplete that they wouldn't go ahead and implement it!
What if a specification is clear but - not obviously - contains
undesired features? It can be argued that a convincing verification
is valuable regardless of the specification quality because, when
something goes wrong, you know that it is less likely to be an
implementation issue and more likely to be a specification issue. So
it helps isolate issues. In practice, any sane person would review
the specification first to reduce the likelihood of change and
subsequent process iteration.
So there are two separate issue here:
1. Is the specification capturing what is wanted (`validation')
2. Does the program implement the specification (`verification')
I was only considering 2 in this thread and trying to avoid the other
minefield that is 1!
Phil
next prev parent reply other threads:[~2010-08-05 10:20 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-07-29 12:23 Float conversion Henrique
2010-07-29 12:44 ` Jacob Sparre Andersen
2010-07-29 12:46 ` Dmitry A. Kazakov
2010-07-29 15:08 ` Georg Bauhaus
2010-07-29 15:10 ` Georg Bauhaus
2010-07-29 15:35 ` Dmitry A. Kazakov
2010-07-29 18:21 ` Henrique
2010-07-29 19:08 ` Jeffrey R. Carter
2010-07-29 19:15 ` Dmitry A. Kazakov
2010-07-30 1:30 ` Phil Clayton
2010-07-30 8:43 ` Dmitry A. Kazakov
2010-07-30 13:14 ` Phil Clayton
2010-07-30 14:34 ` Dmitry A. Kazakov
2010-07-31 15:12 ` Stephen Leake
2010-08-03 1:07 ` Phil Clayton
2010-08-03 3:31 ` Shark8
2010-08-03 10:38 ` Georg Bauhaus
2010-08-04 7:27 ` Stephen Leake
2010-08-04 16:15 ` Georg Bauhaus
2010-08-04 16:32 ` Phil Clayton
2010-08-04 7:26 ` Stephen Leake
2010-08-04 12:52 ` Robert A Duff
2010-08-04 14:32 ` Dmitry A. Kazakov
2010-08-04 19:36 ` Simon Wright
2010-08-04 19:46 ` Dmitry A. Kazakov
2010-08-04 20:29 ` Georg Bauhaus
2010-08-05 12:05 ` Stephen Leake
2010-08-07 5:54 ` Shark8
2010-08-07 8:56 ` Georg Bauhaus
2010-08-07 13:49 ` Shark8
2010-08-05 10:20 ` Phil Clayton [this message]
2010-07-30 13:16 ` Henrique
2010-07-29 15:37 ` Warren
2010-07-29 14:56 ` Georg Bauhaus
2010-07-29 17:56 ` Jeffrey R. Carter
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox