Formal Correctness FAQ


 * What's the point of proving termination when the halting problem is undecidable?


 * How can you trust the proofs you write? Wouldn't it have bug in it and let you prove false things?


 * Isn't writing a program specification just like writing the program twice? Won't the bugs just move into the specification?