[erlang-questions] Question about Erlang and Ada
Richard A. O'Keefe
ok@REDACTED
Thu Dec 17 04:01:09 CET 2015
On 15/12/2015, at 10:49 pm, Richard Carlsson <carlsson.richard@REDACTED> wrote:
> So yes, both are good to have, but don't trust "correct by construction" too much, and don't underestimate how many situations a clean quick restart can fix.
Just yesterday I went to use a certain function that some idiot[%]
had written, and found that it was a completely correct
implementation of the wrong specification.
[%] Me, of course.
This is the fundamental limitation of "correct by construction",
and the reason why formally verified programs still have to be
tested.
More information about the erlang-questions
mailing list