On Wed, Jun 3, 2015 at 8:11 PM, Matt Oliveri <[email protected]> wrote:
> On Wed, Jun 3, 2015 at 10:17 AM, Jonathan S. Shapiro <[email protected]> > wrote: > > > I think there is a human factors tradeoff. "Weak" type systems are weak > in > > the sense that they say much less about guarantees, but "strong" in the > > sense that the humans actually understand what the stated guarantees > *are*. > > Guarantees that I can't understand don't provide me with a lot of value. > > That's true, I guess. But _someone_ understands them, right? Or else > how did they get there? > Sadly, there is a lot of reason to think that specification errors are extremely common. Largely because the people writing the specifications often *don't* understand them. Peter Gutmann has written a lot about this. shap
_______________________________________________ bitc-dev mailing list [email protected] http://www.coyotos.org/mailman/listinfo/bitc-dev
