On Fri, 17 May 1996, terogers wrote:

> With proper structured design and testing it is possible to arrive at a
> probably reliable system design, but not a provably reliable design. The

With respect to testing, Dijkstra said it long ago: testing is adequate to
show the presence of faults, but never their absence [fairly close
paraphrase here].  The only way in principle to prove a system reliable
would be to construct a formal proof in parallel with the design - that's
more or less the motivation behind the entire range of "structured"
techniques.  Of course they're imperfect - they overprescribe in many
ways, the dogmatic form of "thou shalt use no gotos" being an obvious
example, and can't guarantee correct results - but that's the inevitable
result of attempting to make what is bascially a style guide (structured
programming) stand in for a far more rigorous method (formal correctness)
that you can't afford to use.

Sorry, your comment, in combination with the coffee just kicking in, set
me off on a hot button topic there.  :-)