RE: running code vs. formal testing methods
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: running code vs. formal testing methods
> -----Original Message-----
> From: vinton g. cerf [mailto:vcerf at mci.net]
> Sent: samedi 31 juillet 1999 07:57
> To: Reinhard Scholl; 'ietf at ietf.org'
> Subject: Re: running code vs. formal testing methods
>
>
> SDL's and other formal methods have not yielded results
> commensurate with the effort to use them. They are
> overblown, verbose, hard to use, hard to understand.
> What they might gain in precision they lose in
> comprehensibility.
I am not sure at which point precision can be sacrificed.
The reason why ITU made SDLs normative for INAP CS-3/CS-4
is because several serious errors were detected in CS-2
that would have gone unnoticed if SDLs had not been used.
Or, to change the arena slightly: how could the Pentium bug
have been prevented? Or the Ariane rocket blow-up?
It would be nice if s.o. could give numbers on the cost /
benefit of formal methods.
>
> Plain English specs and multiple implementations
> in <your language of choice> followed by interoperability
> bakeoffs continue to be a powerful means of achieving
> interworking implementations and confidence in the
> specifications.
>
> Vint Cerf
>
>
> >
> =================================================================
> "INTERNET IS FOR EVERYONE!"
> Join the Internet Society and help to make it so.
> See you at INET2000, Yokohama, Japan July 18-21, 2000
> http://www.isoc.org/inet2000
>
>
Note Well: Messages sent to this mailing list are the opinions
of the senders and do not imply endorsement by the IETF.
Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.
