[Haskell-cafe] Re: Haskell Weekly News: Issue 85 - September
13, 2008
Robin Green
greenrd at greenrd.org
Mon Sep 15 12:08:59 EDT 2008
On Mon, 15 Sep 2008 10:32:44 -0400
Stefan Monnier <monnier at iro.umontreal.ca> wrote:
> > A more difficult question is: how do I know that the formal
> > specification I've written for my program is the right one? Tools
> > can fairly easily check that your programs conform to a given
> > specification, but they cannot (to my knowledge) check that your
> > specification says exactly what you want it to say.
>
> The key is *redundancy*: as long as your property is sufficiently
> different (in structure, in authorship, etc...) you can hope that if
> the spec has a bug, the code will not have a corresponding bug and
> vice versa. It's only a hope, tho.
There are other meta-level properties one might desire in a
specification, too, such as:
* Simplicity - if a specification is too long-winded, you might not
spot a bug in it because it's too hard to read.
* Definite description - if a specification is a definite description,
it is satisfied by one and only one value (up to functional
equivalence). For example, if I say that a list sorting function must
preserve the length of its input, that's not a definite description,
because it is satisfied by the identity function, as well as a correct
sorting function. However, if I say (in a suitably formal way) that a
sorting function must output a list where every element in the input
occurs the same number of times in the output as it occurs in the
input, and vice-versa, and the output is ordered according to the
specified order - then that *is* a definite description, because any
two functions that follow that specification must be equivalent.
* Reusable (and perhaps reused!) - As in ordinary programming, reuse of
specifications can help avoid errors.
--
Robin
More information about the Haskell-Cafe
mailing list