Re: A Design Problem

S Perryman <q@xxxxx> wrote:

Daniel T. wrote:

DT>With a synchronous message the postcondition is *at most*
DT>"delivered", "understood", or "processed"

Wrong. The post-condition is *at the very least* ... (which is what
Dmitry stated when he wrote "the postcondition also includes" ) .

I miss-spoke. I am advocating that the most flexible systems have methods with such postconditions. Yes, a client can require much more from a server (the client can make the specification so stringent that it can only be satisfied by a single algorithm,) but that limits what the server is allowed to do in response.

Wrong.
Such limitations are not on *what* the server does, but *how* it does it.


To borrow from Meyer, "The postcondition True is the weakest possible assertion, satisfied by all states." With such a postcondition, the message receiver will do the right thing regardless of what it does (as long as the receiver passes control back to the sender in a finite amount of time.)

1. With a post-condition of true, there is no notion of "right thing"
(especially when correctness is concerned) .

2. Any notion of "in a finite amount of time" contradicts 1.


That gives the receiver maximum flexibility in implementation

And the least likelihood of having a correct system.


Regards,
Steven Perryman
.