"Walter Bright" <newshou...@digitalmars.com> wrote in message
news:i2nkto$8u...@digitalmars.com...
bearophile wrote:
You have to think about proofs as another (costly) tool to avoid
bugs/bangs,
but not as the ultimate and only tool you have to use (I think dsimcha
was
trying to say that there are more costly-effective tools. This can be
true,
but you can't be sure that is right in general).
I want to re-emphasize the point that keeps getting missed.
Building reliable systems is not about trying to make components that
cannot fail. It is about building a system that can TOLERATE failure of
any of its components.
It's how you build safe systems from UNRELIABLE parts. And all parts are
unreliable. All of them. Really. All of them.
You're being religious about this and arguing against a strawman. While all
parts are unreliable, they aren't *equally* unreliable. Unit tests, contract
programming, memory safe access, and other reliability techniques,
*including correctness proofs*, all increase reliability.
On the flip side, you can't guarantee reliability with simplistic rules like
"no continuing after an exception". Numerous (relatively) reliable systems
have demonstrated that religion to be a myth as well.
