Our OWN 'Deep C Secrets'

[August Derleth]

proofs can deal with infinite things

x^2 + y^2 = z^2

is saying something about *all* right angled triangles. To test it
would
involve an infinite set of cases. (Ignoring for the moment that
numbers
are normally finite on computers).

Well, in algebra class you can assume that x, y, and z will always be
reals (or complexes). In the real world, what if some moron stuffs "foo"
into x? Or, more plausibly, a pointer value?

As I said: Input is where proofs fall down, because idiot-proofing isn't
an exact science.

software is discrete rather than continuous. If your bridge works at
20
tons and 30 tons its likely ok at 25. Software isn't like this. What
is
odd is that those people with the wind tunnel don't despise
mathematics,
whilst much of the software world does.

I'm not anti-math, I'm just pro-testing. Proofs can only go so far, so
when given a choice between a proof and a test, the test wins.

(Of course, an algorithm can be proven if you abstract away a lot of
reality. But algorithms don't need to worry about idiots with keyboards
trying to crack security, for example, or your RAM deciding life is shit
and so is it.)

there have been attempts at formal descriptions of hardware. There was
even
an attempt to prove a CPU formally correct (or construct one that was
formally correct). Viper I believe. I think the Transputer was
partially
proven correct (being partially non-formal is a like being a little
bit pregnant). I understand modern hardware is "compiled" from formal
descriptions that look a bit like programming langages.

I'm aware of VHDL and other hardware-description languages. They aren't my
field, but I know how they work: They describe the behavior of the
hardware given the set of possible inputs (using syntax reminiscent of C,
no less) and they leave it up to the computer to design the circuitry to
accomplish that behavior.

The problem with virtual descriptions of hardware is that a static-fried
chip isn't going to conform to your proven models. Nor will a chip made
from a faulty die, or plugged into a decaying motherboard, or fed power
from a dirty supply. In the physical world, components have tolerances,
margins of error, and occasional bad days. Proofs can be thrown out of
whack by some moron with a backhoe, and then where are you?

 

[goose]

You know, all this furor over this book caused me to go look it up on
Amazon. I've never read this book... but from what I can see from the
legally available table of contents, excerpt, and index at Amazon, it
looks more like a "Teach me newbie C" book than a "UNCOVER DEEP
MYSTERIES OF C!!" sort of affair.

I've got a better idea! Let's discuss some 'Deep C Secrets' of our
own! I'll start.

Testing - If you haven't tested to prove it right, it can almost
certainly be proven to be WRONG.

Huh?

"Testing" to see if it runs correctly is for the feeble-minded. Your
UB can run "correctly" on your "test" you know!

<snipped>

goose,
I still test anyway, btw ...