Re: Code safety and information hiding

comp.lang.ada
 help / color / mirror / Atom feed

From: roderick.chapman@googlemail.com
Subject: Re: Code safety and information hiding
Date: 16 Aug 2006 01:53:12 -0700
Date: 2006-08-16T01:53:12-07:00	[thread overview]
Message-ID: <1155718392.684202.17080@p79g2000cwp.googlegroups.com> (raw)
In-Reply-To: <ebuj47$bal$1@sunnews.cern.ch>

> The issue with this example is the apparent strong coupling between the
> specification of Rand (of the whole package, in fact) and the
> implementation details that pop up in specs in terms of the Seed name
> used in annotations.

SPARK promotes the hiding of _detail_, but not the hiding of
_information_.

The package spec you cite _does_ need to announce the existance of
"Seed" (but not its type, structure, or anything else).  You are also
correct
to identify that choosing the name "Seed" is crucial, since changing it
later
can have a non-trivial impact on clients of this package.

(Put another way - the abstraction offered by the package should be as
simple as it can be but no simpler (cf Occam's rule))

If you removed the announcement of "Seed" altogether, then the only
legal information flow relation for your PRNG would be

 --# derives X from ;

which (in information flow terms) means "The final value of X is a
constant" - not
a very good abstraction of a random number generator! :-)

 Yours,
  Rod Chapman, SPARK Team

next prev parent reply	other threads:[~2006-08-16  8:53 UTC|newest]

Thread overview: 34+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-08-16  7:56 [SPARK] Code safety and information hiding Maciej Sobczak
2006-08-16  8:53 ` roderick.chapman [this message]
2006-08-16 11:18   ` Stuart
2006-08-16 13:23     ` Maciej Sobczak
2006-08-16 19:49 ` [SPARK] " Jeffrey R. Carter
2006-08-17  7:01   ` Maciej Sobczak
2006-08-17 18:08     ` Jeffrey R. Carter
2006-08-17 20:00       ` Björn Persson
2006-08-18  1:22         ` Jeffrey R. Carter
2006-08-18 19:39           ` Björn Persson
2006-08-19  5:35             ` Jeffrey R. Carter
2006-08-19 12:47               ` Björn Persson
2006-08-20  3:58                 ` Jeffrey R. Carter
2006-08-20 11:35                   ` Björn Persson
2006-08-18 23:02   ` Robert A Duff
2006-08-19  5:40     ` Jeffrey R. Carter
2006-08-19  9:49       ` Stephen Leake
2006-08-20  3:52         ` Jeffrey R. Carter
2006-08-20 19:06           ` Stephen Leake
2006-08-21  1:07             ` Jeffrey R. Carter
2006-08-21  7:25               ` Maciej Sobczak
2006-08-21 19:31                 ` Jeffrey R. Carter
2006-08-21 19:58                   ` Dmitry A. Kazakov
2006-08-21 21:06                     ` Björn Persson
2006-08-22  7:16                       ` Maciej Sobczak
2006-08-22  9:45                         ` Björn Persson
2006-08-22 12:42                           ` Maciej Sobczak
2006-08-22  7:27                       ` Dmitry A. Kazakov
2006-08-21 11:30             ` Colin Paul Gloster
2006-08-22 10:51               ` Stephen Leake
2006-08-23  9:44     ` Peter Amey
2006-08-23 22:37       ` Jeffrey R. Carter
2006-08-24 10:55         ` Peter Amey
2006-08-24 23:33           ` Jeffrey R. Carter

replies disabled

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox