how do i prove programs correct

does it really help to make bug-free programs? or was dijkstra full of crap?

Write it in simple languages like Scheme or FIOC if you want it to be bug-free.

Try Haskell, it's 100% bug^free!

>>1
invariants, preconditions, and postconditions.

Coq - http://coq.inria.fr/

>>5
suck it

the true path to less bugs is TDD
</thread>

>>7
less bugs are not sufficient.

>>8
0 bugs is an ideal, except for small programs. But you can work for approaching the minimum ammount of bugs. For that, TDD is the true path.

TDD is retarded. Prove or die.

>>9
I can see TEST DRIVE DEVELOPMENT increasing productivity of the developers, since it provides documentation for the expected behavior and an alert system for bugs that happen to become evident in one of the tests. But passing a series of test alone is not proof for correctness of the program. It helps if it can be verified that the tests exhaust every single logical path in the program.

If properties of the program can be proved with formal verification, those properties will hold as long as the assumptions made in the proofs hold. The issue then is describing every characteristic of the correct behavior. A theorem prover might be able to prove that a program will never index outside of an array, or access an invalid memory address, but it wont be able to tell you that it wont charge someone for a transaction twice unless you specifically as it to prove that for you. So it is possible for a verified program to have bugs if the bugs were not anticipated, and never proven impossible.

However, bugs like crashes from invalid memory access, running out of memory, or timing out, are absolutely unacceptable. These are bugs that can always be anticipated, thus they should always be proven to never occur.

if it can be turned into a test, it can and must be turned into a proof. documentation must be provided as postconditions and general idea, not as unit tests. software is buggy because of incompetent programmers doing TDD and similar crap, instead of proving.

So what does this mean? Littering your code with ``assert''?

>>14
fuck off back to the rest of the software industry, please.

>>14
I hate to contaminate my code with tests. I usually put tests on separate files and have them running at night everyday, and read the results first time in the morning.

This means that you write your tests first, create simple test-data at first and later populate this test-data with problematic cases, and run your full test suite everyday if possible. It makes programming complex system less annoying.

>>16
Think of the assertions as comments written in first order logic.

here is your proof of the linear search.
http://www.cs.utexas.edu/~EWD/transcriptions/EWD09xx/EWD930.html

Coq is a sexist name. I propose we rename it `vajin'.

WYPMP

>>19
WYPMP
ioueo
pusnr
erssk
  yte
   rr
   u
   a
   t
   i
   n
   g

>>20
what does that mean, you nigger?

Dijkstra only wrote garbage. Why is he worshipped?

Aside From reviews of my books I have learned that many reviewers are annoyed by my closing brackets such as the above "(End of Legenda)", but they never give a convincing reason why I should depart from this convention, which, I think, is not without merit. So I shall stick to it. (End of Aside.)

What a bad ass.

both Church and Turing proved you cant prove programs to be correct due to the halting problem

>>24
The problem of constructing a proof that an arbitrary algorithm exhibits some property is undecidable. But the verification of an existing proof is decidable and can be done efficiently. If the proof of correctness is embedded into the language itself, then the program is its own definition and proof of correctness, which the compiler then verifies.

I should have said the problem of determining if an arbitrary algorithm exhibits some property is undecidable. It's simpler that way.

>>24
Turing was a fucking faggot. His opinions are invalid. Do not mention him.

Church was a genius and deserves the credit.

>>27
faggot

>>28
Back to 9gag.

The problem is that whenever "proof" is mentioned it tends to immediately conjure up formal proofs like >>18, and that puts off a lot of programmers who wanted to prove their code was correct. Informal, but still methodical and logical proofs are much more valuable than tests. For example, in

p = malloc(...)
if(p) {
 /* body */
}

it doesn't take much to prove that immediately upon entering the body, p is nonzero. And if you have a set of input values assumed to range [5..15], then adding 10 to the input value will let you know that the new range is [15..25].

Since Anders Hjellsberg created Typescript which gives Javascript static typing, I wonder if Typescript will be ported to other dynamically typed languages like Python and Ruby. That should eliminate a lot of testing that has to be done in dynamic languages

>>31
If you think TDD is used mainly as a safe against dynamic typing, you got the wrong idea.

>>32
nowhere did he specifically say TDD, faggot.

>>30
This. The little inferences can stack up. And they become more high level when you add preconditions and post conditions to your subroutines.

The only way I can think of is to avoid the use of state whenever possible and verify the correctness of the purely functional functions.

purely functional functions

I'm going to use this for my next HACKERNEWS headline

can't you just avoid making mistakes?

>>37
Not always.

Use D

D supports native design-by-contract, allowing you to ensure preconditions, postconditions, and class invariants are all met.