From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <carette@mcmaster.ca>
X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on yquem.inria.fr
X-Spam-Level: 
X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=disabled 
	version=3.1.3
X-Original-To: caml-list@yquem.inria.fr
Delivered-To: caml-list@yquem.inria.fr
Received: from discorde.inria.fr (discorde.inria.fr [192.93.2.38])
	by yquem.inria.fr (Postfix) with ESMTP id D823ABC0B
	for <caml-list@yquem.inria.fr>; Thu,  1 Feb 2007 21:44:38 +0100 (CET)
Received: from coriana6.cis.mcmaster.ca (coriana6.CIS.McMaster.CA [130.113.128.17])
	by discorde.inria.fr (8.13.6/8.13.6) with ESMTP id l11Kibk0029358
	for <caml-list@inria.fr>; Thu, 1 Feb 2007 21:44:38 +0100
Received: from Gorash7.UTS.McMaster.CA (Gorash7.UTS.mcmaster.ca [130.113.196.61])
	by coriana6.cis.mcmaster.ca (8.13.7/8.13.7) with ESMTP id l11KhijJ011782;
	Thu, 1 Feb 2007 15:44:32 -0500 (EST)
Received: from cgpsrv2.cis.mcmaster.ca (univmail.CIS.McMaster.CA [130.113.64.46])
	by Gorash7.UTS.McMaster.CA (8.13.7/8.13.7) with ESMTP id l11KhQrT014435;
	Thu, 1 Feb 2007 15:43:26 -0500
Received: from [74.109.166.109] (account carette@univmail.cis.mcmaster.ca HELO [192.168.1.101])
  by cgpsrv2.cis.mcmaster.ca (CommuniGate Pro SMTP 4.1.8)
  with ESMTP-TLS id 160356810; Thu, 01 Feb 2007 15:42:58 -0500
Message-ID: <45C250D8.7010700@mcmaster.ca>
Date: Thu, 01 Feb 2007 15:43:04 -0500
From: Jacques Carette <carette@mcmaster.ca>
Organization: McMaster University
User-Agent: Thunderbird 1.5.0.9 (Windows/20061207)
MIME-Version: 1.0
To: Jean-Christophe Filliatre <filliatr@lri.fr>
Cc: caml-list@inria.fr
Subject: Re: [Caml-list] Programming with correctness guarantees
References: <20070201050431.E278AAB40@Adric.metnet.fnmoc.navy.mil>	<nha8xfini06.fsf@oolong.mitre.org> <17858.18833.95585.840472@serveur9-10.lri.fr>
In-Reply-To: <17858.18833.95585.840472@serveur9-10.lri.fr>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-PMX-Version-Mac: 4.7.1.128075, Antispam-Engine: 2.4.0.264935, Antispam-Data: 2007.2.1.120433
X-PerlMx-Spam: Gauge=IIIIIII, Probability=7%, Report='__CT 0, __CTE 0, __CT_TEXT_PLAIN 0, __HAS_MSGID 0, __MIME_TEXT_ONLY 0, __MIME_VERSION 0, __SANE_MSGID 0, __USER_AGENT 0'
X-Miltered: at discorde with ID 45C25135.003 by Joe's j-chkmail (http://j-chkmail . ensmp . fr)!
X-Spam: no; 0.00; filliatre:01 wrote:01 caml-list:01 mcmaster:02 programming:03 jacques:03 jacques:03 formal:07 correctness:08 correct:08 methods:12 methods:12 such:14 run:16 prefer:16 

Jean-Christophe Filliatre wrote:
> There's a joke around in the formal methods community: ``would you
> prefer to get on a plane whose software has been proved correct or
> has been tested?''
>   
I heard, from someone working on an automated train system, that 
everyone working on the system was required to be on the inaugural run 
of said train.

I would trust such "people methods" even more than proof and testing!

Jacques