Brendan Zabarauskas on Twitter: "@pressron @kamatsu8 The proof framework could have bugs in it too!" / Twitter

This is one of my main criticisms of many FM projects, including ones I've worked on. To be fair, our papers usually are very clear about what assumptions are being made and what specifications are being used, but the marketing and informal discussion usually overstates the case.

Quote Tweet

Patrick Walton

@pcwalton

· Apr 22, 2021

I'm resolving to stop using the phrase "prove code correct". You prove specific theorems about codebases relative to some domain model. "X is proven correct because it was formalized in Coq" is as inaccurate as saying "X is proven secure because it was written in Rust".

Ron Pressler

@pressron

Apr 23, 2021

Plus, while you can prove properties of *algorithms*, you can't prove properties of software systems, except with probability (b/c hardware). This means that all software assurance tenchniques are on a probability continuum, with none at 100%.

Replying to

and

The proof framework could have bugs in it too!

12:29 PM · Apr 23, 2021Twitter Web App

Conversation