Formal Proof

D aily, we confront the errors of computers. They crash, hang, succumb to viruses, run buggy software, and harbor spyware. Our tabloids report bizarre computer glitches: the library patron who is fined US$40 trillion for an overdue book, because a barcode is scanned as the size of the fine; or the dentist in San Diego who was delivered over 16,000 tax forms to his doorstep when he abbreviated “suite” in his address as “su”. On average, a programmer introduces 1.5 bugs per line while typing. Most are typing errors that are spotted at once. About one bug per hundred lines of computer code ships to market without detection. Bugs are an accepted part of programming culture. The book that describes itself as the “bestselling software testing book of all time” states that “testers shouldn’t want to verify that a program runs correctly” [17]. Another book on software testing states “Don’t insist that every bug be fixed . . . When the programmer fixes a minor bug, he might create a more serious one.” Corporations may keep critical bugs off the books to limit legal liability. Only those bugs should be corrected that affect profit. The tools designed to