Uberto is right that not even manual testing can assure you that you are connected to the right database. I guess that all these reasonings lead to the same conclusion, that is, that absence of bugs is a matter of probabilities, and never a boolean property that can be proved mathematically.

Regarding your point 2: manual testing can check things that automated tests cannot check: a human testers can look for different things every time. A mechanical test does the opposite: it’s always checking for the same things. Both styles are useful.

1. a program without bugs is a program that works as expected, not a program which is always correct; therefore I much prefer to see TDD as a mean to express requirements, not a testing framework.

2. if we could, testing manually, assure that a sw is always correct, we could then do it with a program too (and with math eventually). as said, this is impossible. therefore manual testing does not add anything in terms of correctness.

please read my blog post in perspective. I wrote a whole Ph.D. thesis about how to write software that’s mathematically proved correct! And yet maths is not all.

Your objection about “static analysis”, “load testing” etc is good except that nobody in those fields claims that their field is the answer to all problems in software… as good old Dijkstra seems to have implied about maths. The irony of it all is that correctness is not the most important, and surprisingly, not the most difficult, part of writing software! Fitness for purpose, cost of maintainance over the years, speeding up delivery time, are all problems that are FAR more difficult to solve than correctness, and vastly less popular in academia as subjects of study.

Returning to the mathematics issue, it seems you can substitute anything into the post and still get the same conclusion: it seems to me that “load testing” or “static analysis” or “code reviews of pull requests on GitHub” cannot prove the absence of bugs either, because I can still put a wrong configuration file into the production environment. Like J.B. said, each one of these techniques covers just a sample of what we need.

That said, there are contexts where mathematics, in the sense of formal verification, can prevent bugs that example-based testing can’t. Whenever there are concurrency or distributed systems involved, you should definitely not try to solve consensus by inventing your own algorithm: just use Paxos. Do not try to invent your own replication mechanism, use something from the literature or Aphyr and Jepsen will haunt you and demonstrate you lose data, like it happened for Redis.

So mathematics is one of the tools; TDD is another; configuration testing before deployment is yet another. What matters is we respond to the risks we encounter and start to introduce in our projects the best risk mitigation strategy considering cost and value. To introduce a practice you must know it; yet everyone is preaching TDD but I don’t see anyone saying reading papers is important…

We can’t even run the program to prove that it is correct, because for any useful program, we’d have to run it longer than the projected age of the solar system to have a *proof*. :)