Re: Operation can be dispatching in only one type
- From: Georg Bauhaus <rm.dash-bauhaus@xxxxxxxxxxxxx>
- Date: Tue, 08 Dec 2009 11:33:25 +0100
Dmitry A. Kazakov schrieb:
On Tue, 08 Dec 2009 11:06:54 +0100, Georg Bauhaus wrote:
Dmitry A. Kazakov schrieb:
In my view pre-/postconditions andHm. What would be your subtype based expression for
invariants should be static, used strictly for program correctness proofs.
Subtypes should complement them for dynamic run-time checks (recoverable
faults).
generic
type E is private;
package Stacks is
type Stack is private;
procedure push (Modified_Stack : in out Stack;
Another : Element)
with pre => not Full (Modified_Stack),
post => Size (Modified_Stack'Exit) = Size (Modified_Stack);
procedure pop (Modified_Stack : in out Stack)
with pre => not Empty (Modified_Stack),
post => Empty (Modified_Stack);
None. The above is wrong. You cannot implement this contract (if we deduced
one from the given pre- and postconditions). Proof:
loop
Push (Stack, X);
end loop;
q.e.d.
Therefore the contract of a stack must always contain ideals, e.g.
1. exceptions, like Full_Error, Empty_Error;
I understand that exceptions are implied by Eiffel style
conditions.
The Eiffel camp might answer, for example,
Lock (Stack);
while not Full (Stack) loop
Push (Stack, X);
end loop;
Unlock (Stack);
q.e.d.
2. blocked states, like holding the caller until the stack state is changed
from another task.
Would you want this to be possible with Ada, or with SPARK? ;-)
Pre- and psotconditions are to be used to prove a contract to hold. They
themselves are no contract.
In Eiffel, pre post and inv are used to write a contract.
The proof obligation rests on the programmer.
.
- Follow-Ups:
- Re: Operation can be dispatching in only one type
- From: Dmitry A. Kazakov
- Re: Operation can be dispatching in only one type
- References:
- Re: Operation can be dispatching in only one type
- From: Georg Bauhaus
- Re: Operation can be dispatching in only one type
- From: Dmitry A. Kazakov
- Re: Operation can be dispatching in only one type
- From: Georg Bauhaus
- Re: Operation can be dispatching in only one type
- From: Dmitry A. Kazakov
- Re: Operation can be dispatching in only one type
- From: Georg Bauhaus
- Re: Operation can be dispatching in only one type
- From: Dmitry A. Kazakov
- Re: Operation can be dispatching in only one type
- From: Georg Bauhaus
- Re: Operation can be dispatching in only one type
- From: Dmitry A. Kazakov
- Re: Operation can be dispatching in only one type
- From: Randy Brukardt
- Re: Operation can be dispatching in only one type
- From: Georg Bauhaus
- Re: Operation can be dispatching in only one type
- From: Randy Brukardt
- Re: Operation can be dispatching in only one type
- From: Dmitry A. Kazakov
- Re: Operation can be dispatching in only one type
- From: Randy Brukardt
- Re: Operation can be dispatching in only one type
- From: Dmitry A. Kazakov
- Re: Operation can be dispatching in only one type
- From: Randy Brukardt
- Re: Operation can be dispatching in only one type
- From: Dmitry A. Kazakov
- Re: Operation can be dispatching in only one type
- From: Georg Bauhaus
- Re: Operation can be dispatching in only one type
- From: Dmitry A. Kazakov
- Re: Operation can be dispatching in only one type
- Prev by Date: Re: Operation can be dispatching in only one type
- Next by Date: Re: Operation can be dispatching in only one type
- Previous by thread: Re: Operation can be dispatching in only one type
- Next by thread: Re: Operation can be dispatching in only one type
- Index(es):
Relevant Pages
|
