What if the spec doesn't match the code?

from blog Computer Things, | ↗ original
Whenever I talk about formal methods, I get the same question: Can I use the spec to generate my code? People are worried about two things. One, that they'll make a mistake implementing the specification and have bugs. Two, that over time the implementation will "drift" and people won't update the spec, leading to unexpected design issues. These...
This is a short summary. ↗ Open original to view full content

Related

Specification Refinement
Blog on Hillel Wayne | original ↗
Why Specifications Don't Compose
Blog on Hillel Wayne | original ↗
Finding Goroutine Bugs with TLA+
Blog on Hillel Wayne | original ↗
Using Formal Methods at Work
Blog on Hillel Wayne | original ↗
Why Don't People Use Formal Methods?
Blog on Hillel Wayne | original ↗
Augmenting Agile with Formal Methods
Blog on Hillel Wayne | original ↗
How to build a program that cannot do the wrong thing (illustrated with Typescript)
GEEK.SG | original ↗
Formal Methods Only Solve Half My Problems
Marc Brooker's Blog | original ↗
How to convince engineers that formal methods is cool
Computer Things | original ↗
Refactoring Invariants
Computer Things | original ↗

More from Computer Things

Five Unusual Raku Features
12 Nov 2024 | original ↗

Logic for Programmers is now in Beta! v0.5 marks the official end of alpha! With the new version, all of the content I wanted to put in the book is now present, and all that's left is copyediting, proofreading, and formatting. Which will probably take as long as it took to actually write the book. You can see the release notes on the leanpub...

A list of ternary operators
5 Nov 2024 | original ↗

Sup nerds, I'm back from SREcon! I had a blast, despite knowing nothing about site reliability engineering and being way over my head in half the talks. I'm trying to catch up on The Book and contract work now so I'll do something silly here: ternary operators. Almost all operations on values in programming languages fall into one of three...

TLA from first principles
22 Oct 2024 | original ↗

No Newsletter next week I'll be speaking at USENIX SRECon! TLA from first principles I'm working on v0.5 of Logic for Programmers. In the process of revising the "System Modeling" chapter, I stumbled on a great way to explain the temporal logic of actions that TLA+ is based on. I'm reproducing that bit here with some changes to fit the newsletter...

Be Suspicious of Success
16 Oct 2024 | original ↗

From Leslie Lamport's Specifying Systems: You should be suspicious if [the model checker] does not find a violation of a liveness property... you should also be suspicious if [it] finds no errors when checking safety properties. This is specifically in the context of model-checking a formal specification, but it's a widely applicable software...

How to convince engineers that formal methods is cool
8 Oct 2024 | original ↗

Sorry there was no newsletter last week! I got COVID. Still got it, which is why this one's also short. Logic for Programmers v0.4 Now available! This version adds a chapter on TLA+, significantly expands the constraint solver chapter, and adds a "planner programming" section to the Logic Programming chapter. You can see the full release notes on...