We only need to perform proof search when we’re given some unknown blob of code. There’s no need to do a search when we’re the ones writing the code; we know it’s correct, otherwise we wouldn’t have written it that way.
Admittedly many languages allow us to be very sloppy; we may not have to justify our code to the compiler and the language may not be powerful enough to express the properties we want. However there are some languages which allow this (Idris, Agda, Epigram, ATS, etc.). In such languages we don’t actually write a program at all; we write down a constructive proof that our properties are satisfied by some program, then the compiler derives that program from the proof. Such programs are known as “correct by construction”.
We only need to perform proof search when we’re given some unknown blob of code. There’s no need to do a search when we’re the ones writing the code; we know it’s correct, otherwise we wouldn’t have written it that way.
Admittedly many languages allow us to be very sloppy; we may not have to justify our code to the compiler and the language may not be powerful enough to express the properties we want. However there are some languages which allow this (Idris, Agda, Epigram, ATS, etc.). In such languages we don’t actually write a program at all; we write down a constructive proof that our properties are satisfied by some program, then the compiler derives that program from the proof. Such programs are known as “correct by construction”.
http://en.wikipedia.org/wiki/Program_derivation http://en.wikipedia.org/wiki/Proof-carrying_code