From: Christophe Raffalli <Christophe.Raffalli@univ-savoie.fr>
To: skaller <skaller@users.sourceforge.net>
Cc: Andrej.Bauer@andrej.com, caml-list@inria.fr
Subject: Re: [Caml-list] Unsoundness is essential
Date: Thu, 04 Oct 2007 20:59:48 +0200 [thread overview]
Message-ID: <47053824.9020701@univ-savoie.fr> (raw)
In-Reply-To: <1191515841.6518.185.camel@rosella.wigram>
[-- Attachment #1.1: Type: text/plain, Size: 1641 bytes --]
> On Thu, 2007-10-04 at 17:29 +0200, Andrej Bauer wrote:
>
>
>> It is very easy to come up with preconditions that are computationally
>> unverifiable.
>>
> []
>
>> Or to give you a much more simplistic example:
>>
>> fun find_zero (f: int -> int where not (forall n:int, f(n) != 0)) {
>> int i = 0;
>> while (f(i) != 0) { i++; }
>> return i;
>> }
>>
>> How will you verify the precondition on f at runtime? In this case I
>> would expect the compiler to list all uses of find_zero applied to
>> functions which are not known not have a zero. Let the human worry.
>>
>
>
What's the problem ? If you program with the above function and apply it
to a function f,
this means you know f will reach zero (otherwise your program will
loop). But if you know it,
this should mean that you can prove it from the definition of f ?
So the only reason to have today programming language that gives not
enough safety is because the cost
of the formal proof is still to big (by cost, I mean cost to write
proof, but also the cost of learning how
to write proof ...)
--
Christophe Raffalli
Universite de Savoie
Batiment Le Chablais, bureau 21
73376 Le Bourget-du-Lac Cedex
tel: (33) 4 79 75 81 03
fax: (33) 4 79 75 87 42
mail: Christophe.Raffalli@univ-savoie.fr
www: http://www.lama.univ-savoie.fr/~RAFFALLI
---------------------------------------------
IMPORTANT: this mail is signed using PGP/MIME
At least Enigmail/Mozilla, mutt or evolution
can check this signature. The public key is
stored on www.keyserver.net
---------------------------------------------
[-- Attachment #1.2: Christophe.Raffalli.vcf --]
[-- Type: text/x-vcard, Size: 310 bytes --]
begin:vcard
fn:Christophe Raffalli
n:Raffalli;Christophe
org:LAMA (UMR 5127)
email;internet:christophe.raffalli@univ-savoie.fr
title;quoted-printable:Ma=C3=AEtre de conf=C3=A9rences
tel;work:+33 4 79 75 81 03
note:http://www.lama.univ-savoie.fr/~raffalli
x-mozilla-html:TRUE
version:2.1
end:vcard
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 249 bytes --]
next prev parent reply other threads:[~2007-10-04 18:59 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-10-03 8:35 Locally-polymorphic exceptions [was: folding over a file] oleg
2007-10-03 11:27 ` kirillkh
2007-10-03 11:48 ` [Caml-list] " Daniel de Rauglaudre
2007-10-03 12:19 ` kirillkh
2007-10-03 12:32 ` Daniel de Rauglaudre
2007-10-03 14:34 ` kirillkh
2007-10-03 20:39 ` Christophe Raffalli
2007-10-03 22:50 ` Unsoundness is essential skaller
2007-10-03 23:13 ` [Caml-list] " Jacques Carette
2007-10-04 1:24 ` skaller
2007-10-04 11:26 ` David Allsopp
2007-10-04 12:45 ` Vincent Hanquez
2007-10-04 15:07 ` skaller
2007-10-03 23:13 ` Vincent Aravantinos
2007-10-04 1:49 ` skaller
2007-10-03 23:28 ` Joshua D. Guttman
2007-10-04 1:52 ` skaller
2007-10-04 2:35 ` Brian Hurt
2007-10-04 7:46 ` Christophe Raffalli
2007-10-04 8:56 ` Arnaud Spiwack
2007-10-04 14:49 ` skaller
2007-10-04 15:00 ` Harrison, John R
2007-10-04 15:29 ` Andrej Bauer
2007-10-04 16:25 ` skaller
2007-10-04 18:17 ` Arnaud Spiwack
2007-10-04 20:54 ` skaller
2007-10-04 22:24 ` Arnaud Spiwack
2007-10-04 16:37 ` skaller
2007-10-04 18:59 ` Christophe Raffalli [this message]
2007-10-04 15:04 ` Andrej Bauer
2007-10-04 15:57 ` Christophe Raffalli
2007-10-04 16:03 ` skaller
2007-10-04 20:02 ` Ken Rose
2007-10-04 21:00 ` skaller
2007-10-04 15:31 ` Lukasz Stafiniak
2007-10-04 17:56 ` rossberg
2007-10-04 19:56 ` skaller
2007-10-04 21:07 ` rossberg
2007-10-04 22:23 ` skaller
2007-10-05 2:48 ` Bárður Árantsson
2007-10-04 2:16 ` Locally-polymorphic exceptions [was: folding over a file] oleg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=47053824.9020701@univ-savoie.fr \
--to=christophe.raffalli@univ-savoie.fr \
--cc=Andrej.Bauer@andrej.com \
--cc=caml-list@inria.fr \
--cc=skaller@users.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).