From: "Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de>
Subject: Re: GNAT packages in Linux distributions
Date: Wed, 12 May 2010 19:48:28 +0200
Date: 2010-05-12T19:48:24+02:00 [thread overview]
Message-ID: <1aeof68v367bj$.1pps94zw5zmpd.dlg@40tude.net> (raw)
In-Reply-To: Pine.LNX.4.64.1005121920570.24222@medsec1.medien.uni-weimar.de
On Wed, 12 May 2010 20:10:26 +0200, stefan-lucks@see-the.signature wrote:
> On Wed, 12 May 2010, Dmitry A. Kazakov wrote:
>
>> Any program is partially correct, if otherwise has not been observed. I
>> fail to see how Eiffel is different from C or Assembler in that respect.
>
> In C, if I try to compute the factorial of a (natural) number, I'll always
> get an answer (assuming a decent program, which can be written by a
> first-year computer science student, and a normal C-compiler).
> may be right or wrong. If the input is too large, the answer actually is
> wrong (our first-year student stores the result in an int variable, and
> 100! is too large). But I still get an answer, even if it is wrong.
>
> In Eiffel, I'll either get an answer, or the program will tell that at
> some point of time when computing, say, the factorial of 100, a certain
> exception has been raised. (I didn't try out Eiffel, but that is what I
> would expect.) But if I get an answer, I can be sure it is the right one.
> That is partial correctness.
1. Wrong answer is no more/less incorrect as an exception. Otherwise you
have to introduce some scale of correctness, which is called accuracy. A
program can yield more or less accurate results staying correct.
2. It is unrelated to error checks. The programmer did not use any. That
Eiffel possibly checks for integer overflow and C does not is irrelevant to
the issue.
>> The point is that run-time checks contribute nothing to correctness either
>> partial or not. Because a partially incorrect program remains partially
>> incorrect independently on whether you check that or not:
>
> Technically, any program of the form
>
> {Any Precondition}
> Statements;
> if not Postcondition then
> raise Program_Error;
> end if;
> {Postcondition}
>
> is partially correct, even if "Statements;" are semantic nonsense (as long
> as the whole thing compiles at all), regardless of "{Any Precondition}".
No. If Statements were irrelevant, you could take this:
{Any Precondition}
raise Program_Error;
{Postcondition}
The problem is that Program_Error does not satisfy postcondition.
> Perhaps you don't like raising an exception?
I don't like any action upon a failed check, if that was a check. To self
checks are clearly infeasible.
> OK, we can stick with the original approach from Hoare from 1969, who
> didn't know (or didn't care) about exceptions.
His approach, which I greatly appreciate, is perfectly compatible with
exceptions. Exception propagation is a part of the program behavior to be
checked as anything else. E.g.
pre : x = 1
if x = 1 then
raise Foo;
end if;
post : Foo propagating
This program were be incorrect if it would not raise Foo.
> The following program is
> partially correct, regardless of the "Statements;" and "{Any
> Precondition}":
>
> {Any Precondition}
> Statements;
> while not Postcondition loop
> null;
> end loop;
> {Postcondition}
Hmm, I would consider it totally incorrect => not partially incorrect,
because in no state it satisfies the postcondition.
--
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de
next prev parent reply other threads:[~2010-05-12 17:48 UTC|newest]
Thread overview: 95+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-05-09 17:40 GNAT packages in Linux distributions Dmitry A. Kazakov
2010-05-09 18:16 ` Ludovic Brenta
2010-05-09 19:36 ` Dmitry A. Kazakov
2010-05-09 21:26 ` Ludovic Brenta
2010-05-09 21:34 ` Yannick Duchêne (Hibou57)
2010-05-10 1:20 ` Ludovic Brenta
2010-05-10 1:26 ` Ludovic Brenta
2010-05-25 20:40 ` Yannick Duchêne (Hibou57)
2010-05-10 9:41 ` Stephen Leake
2010-05-10 9:46 ` Ludovic Brenta
2010-05-10 14:29 ` sjw
2010-05-11 7:51 ` Ludovic Brenta
2010-05-11 9:33 ` sjw
2010-05-10 18:47 ` Yannick Duchêne (Hibou57)
2010-05-09 21:28 ` Yannick Duchêne (Hibou57)
2010-05-09 21:30 ` Yannick Duchêne (Hibou57)
2010-05-09 22:44 ` Simon Wright
2010-05-10 7:54 ` Dmitry A. Kazakov
2010-05-10 8:02 ` Dmitry A. Kazakov
2010-05-10 18:45 ` Yannick Duchêne (Hibou57)
2010-05-10 21:00 ` Ludovic Brenta
2010-05-10 22:17 ` Yannick Duchêne (Hibou57)
2010-05-11 6:56 ` Ludovic Brenta
2010-05-11 7:39 ` Dmitry A. Kazakov
2010-05-11 8:06 ` Yannick Duchêne (Hibou57)
2010-05-11 15:46 ` Pascal Obry
2010-05-11 16:05 ` Yannick Duchêne (Hibou57)
2010-05-11 16:09 ` Pascal Obry
2010-05-11 16:09 ` Pascal Obry
2010-05-11 17:08 ` stefan-lucks
2010-05-11 16:39 ` Yannick Duchêne (Hibou57)
2010-05-11 19:45 ` Yannick Duchêne (Hibou57)
2010-05-11 23:44 ` Yannick Duchêne (Hibou57)
2010-05-12 12:12 ` Mark Lorenzen
2010-05-12 14:55 ` Yannick Duchêne (Hibou57)
2010-05-11 17:35 ` Pascal Obry
2010-05-11 18:06 ` Yannick Duchêne (Hibou57)
2010-05-11 16:23 ` Yannick Duchêne (Hibou57)
2010-05-11 16:41 ` J-P. Rosen
2010-05-11 16:45 ` Dmitry A. Kazakov
2010-05-11 19:21 ` Yannick Duchêne (Hibou57)
2010-05-12 8:41 ` stefan-lucks
2010-05-12 14:52 ` Yannick Duchêne (Hibou57)
2010-05-12 15:59 ` Phil Thornley
2010-05-12 16:49 ` Yannick Duchêne (Hibou57)
2010-05-13 8:05 ` Phil Thornley
2010-05-12 15:37 ` Dmitry A. Kazakov
2010-05-12 16:06 ` Yannick Duchêne (Hibou57)
2010-05-12 17:24 ` Dmitry A. Kazakov
2010-05-12 18:09 ` Georg Bauhaus
2010-05-12 18:33 ` Dmitry A. Kazakov
2010-05-12 18:53 ` Georg Bauhaus
2010-05-12 21:57 ` Dmitry A. Kazakov
2010-05-13 2:03 ` Georg Bauhaus
2010-05-13 8:39 ` Dmitry A. Kazakov
2010-05-14 23:45 ` Georg Bauhaus
2010-05-15 9:30 ` Dmitry A. Kazakov
2010-05-15 18:39 ` Georg Bauhaus
2010-05-15 20:33 ` Dmitry A. Kazakov
2010-05-15 0:17 ` Robert A Duff
2010-05-15 9:40 ` Dmitry A. Kazakov
2010-05-12 18:15 ` Georg Bauhaus
2010-05-25 20:45 ` Yannick Duchêne (Hibou57)
2010-05-26 7:55 ` Dmitry A. Kazakov
2010-05-26 8:38 ` stefan-lucks
2010-05-26 8:01 ` Yannick Duchêne (Hibou57)
2010-05-26 11:25 ` Yannick Duchêne (Hibou57)
2010-05-26 13:02 ` stefan-lucks
2010-05-26 12:22 ` Yannick Duchêne (Hibou57)
2010-05-27 12:47 ` stefan-lucks
2010-05-27 12:26 ` Yannick Duchêne (Hibou57)
2010-05-26 13:06 ` (see below)
2010-05-27 12:41 ` stefan-lucks
2010-05-27 12:29 ` Yannick Duchêne (Hibou57)
2010-05-27 15:21 ` (see below)
2010-06-03 3:16 ` Yannick Duchêne (Hibou57)
2010-06-03 10:42 ` Brian Drummond
2010-06-03 21:14 ` (see below)
2010-06-03 22:00 ` Britt Snodgrass
2010-06-03 22:29 ` (see below)
2010-06-03 13:49 ` (see below)
2010-06-04 13:49 ` Georg Bauhaus
2010-06-04 13:53 ` Georg Bauhaus
2010-06-04 14:24 ` Yannick Duchêne (Hibou57)
2010-06-04 17:34 ` Georg Bauhaus
2010-06-04 15:29 ` (see below)
2010-05-12 18:10 ` stefan-lucks
2010-05-12 17:48 ` Dmitry A. Kazakov [this message]
2010-05-13 0:37 ` stefan-lucks
2010-05-13 9:09 ` Dmitry A. Kazakov
2010-05-13 0:33 ` Yannick Duchêne (Hibou57)
2010-05-10 14:15 ` GNAT Pro license (was: " Peter Hermann
2010-05-10 1:40 ` Björn Persson
2010-05-10 2:04 ` Yannick Duchêne (Hibou57)
2010-05-10 7:01 ` Ludovic Brenta
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox