Comment by nazka
4 years ago
I’m not even sure insane match what you just described at that point.
Now I know someone that do that for the software for subparts of nuclear reactors and it’s exactly all the same. The specs, the time to review, the politics of hierarchy, the time to fix a simple bug (can take 2 weeks for a simple if)… But at least the specs are in a software.
If you were building a nuclear reactor, would you err on the side of too much documentation, oversight, and code review, or too little?
I was just sharing the story.
Now 2 weeks for a simple change in a if. Some changes can take months and the software is not just a few line of code so if you do the math you may start to have rust on your hardware even before the v1.0 is out. Also nobody is going to read this type of “doc” but another schema spec coder if that’s the name.
That makes me think that formally proving the code correct using a proof assistant would actually be faster than the process you describe.