Re: "Perfect" or "Provable" security both crypto and non-crypto?
From: David Wagner (daw_at_taverner.cs.berkeley.edu)
Date: 09/15/04
- Next message: David Wagner: "Re: "Perfect" or "Provable" security both crypto and non-crypto?"
- Previous message: Douglas A. Gwyn: "Re: "Perfect" or "Provable" security both crypto and non-crypto?"
- In reply to: Douglas A. Gwyn: "Re: "Perfect" or "Provable" security both crypto and non-crypto?"
- Next in thread: Paul Rubin: "Re: "Perfect" or "Provable" security both crypto and non-crypto?"
- Reply: Paul Rubin: "Re: "Perfect" or "Provable" security both crypto and non-crypto?"
- Reply: Andrew Swallow: "Re: "Perfect" or "Provable" security both crypto and non-crypto?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 14 Sep 2004 22:13:17 +0000 (UTC)
Douglas A. Gwyn wrote:
>It is not a problem with the techniques I was talking about,
>which can and should be taught throughout the education of
>programmers.
Do you have any evidence that one can successfully teach Hoare logic,
weakest preconditions, and the like in entry-level programming classes?
I'll believe it when I see it, but in the meantime, I'll be skeptical --
that claim doesn't mesh with my experience. At that level, many people
are still struggling with concepts like big-Oh notation, and formal
logic requires quite a bit more mathematical sophistication than that.
I'm afraid many of our programmers are never going to be math experts,
and may never understand the intricacies of first-order logic.
As for cost, it seems to me that in principle the question to ask is
pretty natural: Do the benefits of formal verification (e.g., fewer bugs)
exceed the costs? Right now, for most software the answer is a clear and
resounding "No". For most widely used commercial off-the-shelf software,
the costs (to developers) greatly exceed the benefits (to developers).
Now if you want to talk about specialized arenas, like control systems
for aircraft or nuclear power plants, the answer may well be different.
I don't know. But when it comes to commercial software, the answer is
all too clear: formal verification is too expensive. I wish it weren't
so, but I don't know how to get around it.
As I said before, if you have a counterexample, feel free to produce it.
I'd be totally overjoyed to be proven wrong -- it'd be great if there
were some nice solution here. However, it seems to me you're making an
extraordinary claim, and I haven't seen any evidence for it. (It's often
said that extraordinary claims require extraordinary evidence, but I'd
settle for even mediocre evidence.)
- Next message: David Wagner: "Re: "Perfect" or "Provable" security both crypto and non-crypto?"
- Previous message: Douglas A. Gwyn: "Re: "Perfect" or "Provable" security both crypto and non-crypto?"
- In reply to: Douglas A. Gwyn: "Re: "Perfect" or "Provable" security both crypto and non-crypto?"
- Next in thread: Paul Rubin: "Re: "Perfect" or "Provable" security both crypto and non-crypto?"
- Reply: Paul Rubin: "Re: "Perfect" or "Provable" security both crypto and non-crypto?"
- Reply: Andrew Swallow: "Re: "Perfect" or "Provable" security both crypto and non-crypto?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
