Re: Liskov Substitution Principle and Abstract Factories

adaworks_at_sbcglobal.net
Date: 03/01/05 

Date: Tue, 01 Mar 2005 03:06:39 GMT

"Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de>
wrote in message
news:1iiufmf9n38d3$.1cczoudtj7ec5$.dlg@40tude.net...
> On Tue, 8 Feb 2005 10:23:30 -0000, Mark Nicholls
wrote:
> >
> > a definition of correctness is hard.
>
> No, it is easy, because it need not to be
constructive. For any program x
> there is Is_Valid (x) defined. End of story.
>
Dmitry, I understand what you intend with this
example. However, it does not
fully answer the concern to which it is a reply.
The Is_Valid attribute (I assume
you are using Ada) expressed as,

                if X'Valid then ...

applies only to scalars. If you intend to
construct a separate function,

                function Is_Valid(parameter-list)
return Boolean;

so be it. However, even here one must entertain
the possibility that the
function itself is flawed. For example, some
implementations of this
function might require iterating over a large
structure. When that structure
is built over access types (~ pointers), there is
potential for errors within
the Is_Valid function.

I know you are an experienced and conscientious
programmer, and I realize you
don't want to leave the impression that creating
serious, large-scale software
systems is as easy as simply saying, Is_Valid(x).

That being said, you are on track with most of the
rest of your contribution.

Richard Riehle