J. M. Berger: > Plus, how do you prove the proof? I know of at least two examples > of software that were proven formally and that AFAIK worked > perfectly to spec and yet failed spectacularly.
You have to think about proofs as another (costly) tool to avoid bugs/bangs, but not as the ultimate and only tool you have to use (I think dsimcha was trying to say that there are more costly-effective tools. This can be true, but you can't be sure that is right in general). Bye, bearophile
