
Practical Proofs: Proof Approximations for Practical Code - kiyanwang
http://www.zerobugsandprogramfaster.net/essays/6.html
======
adrianratnapala
Bravo to Ms Thomson for championing this kind of thinking. I also like her
choice of languages -- m4!

Still I wish the write-up spelled out her thinking more. I _think_ her two
examples are supposed to be positive here-is-how-you do it cases. But then she
immeditaely says they could be better, and even points out a serious problem
with the second example.

The biggest thing though is culture and process: it's great to have style for
leaving comments to your co-workers about restrictions and guarantees. But in
the wrong work environment, those comments will be ignored. What I want to
know is how to build the right environment.

~~~
ktRolster
We are all born not knowing how to program.

We were all lousy programmers at one time.

We can all learn to do better. Teach your coworkers.

~~~
adrianratnapala
All of my co-workers are good programmers. But some are good programmers who
care about invariants and others are good programmers who will trample
invariants to get this week's feature done.

I think it is really a matter of process. E.g. code reviews. But I don't yet
know how to strike the balance between rigour and efficiency.

~~~
ktRolster
_others are good programmers who will trample invariants to get this week 's
feature done._

That doesn't sound like good programmers tbh

------
Animats
This is what objects were supposed to be for. When you have some consistency
requirement between some variables, you make them private to an object and
only export methods which maintain that consistency requirement.

Somehow this seems to have been lost.

~~~
dmytrish
Objects coupled with formal proofs, maybe.

Otherwise, nothing has been lost: naïve approach to objects seems to work well
for managing memory and garbage collection, otherwise it's just a bothering
implementation detail of a language runtime, that does not help a programmer
much and is itself a liability.

Objects do dynamic checks at runtime, whereas types are known (and verified)
before a program is executed.

------
Pamar
Has anyone read the actual book mentioned in the blog? Opinions?

------
ones_and_zeros
So... what would an example informal proof look like?

------
akerro
[https://i.imgur.com/NKtEfpY.png](https://i.imgur.com/NKtEfpY.png)

~~~
ktRolster
Which browser?

~~~
akerro
Latest firefox, ubuntu

~~~
ktRolster
Thanks, really.

~~~
akerro
Fix confirmed :)

