From: "Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de>
Subject: Re: Class wide preconditions: error in GNAT implementation?
Date: Mon, 18 Feb 2013 15:25:04 +0100
Date: 2013-02-18T15:25:04+01:00 [thread overview]
Message-ID: <1r2tvdtl13at0.3nopie8tus4v.dlg@40tude.net> (raw)
In-Reply-To: ly621qq8u2.fsf@pushface.org
On Mon, 18 Feb 2013 09:17:57 +0000, Simon Wright wrote:
> "Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de> writes:
>
>> On Sat, 16 Feb 2013 11:55:55 -0800 (PST), ytomino wrote:
>>
>>> On Sunday, February 17, 2013 1:35:12 AM UTC+9, Dmitry A. Kazakov wrote:
>>>> On Sat, 16 Feb 2013 05:13:53 -0800 (PST), ytomino wrote:
>>>>>>> In this case, the caller should keep As.foo'Pre'Class because
>>>>>> calling As.foo.
>>>>>> No, the caller shall satisfy the precondition of the
>>>>>> callee. Regarding inheritance, a primitive operation (callee) may
>>>>>> weaken the precondition it overrides. This is why logical
>>>>>> disjunction apply, as Randy said.
>>>>> No. The caller is "client" of not Bs but As, in this case.
>>>>
>>>> The precondition of a dispatching call is one of the class. The
>>>> precondition of the specific operation can be weaker. The
>>>> precondition of a LSP subclass can be stronger. All three shall be
>>>> satisfied by the caller, but only the first one is actually
>>>> constraining for it, because the second two are automatically
>>>> satisfied through the mechanism of dispatching call and type
>>>> coercion.
>>>
>>> Yes. *only the first one* = only As.foo'Pre'Class should be satisfied.
>>
>> No, all preconditions must be satisfied, otherwise, the program is
>> incorrect, provided it is correctness we are talking about.
> [...]
>> But then the precondition of B'Class is *required* to be true for an
>> object which is in that class. The precondition of A'Class is weaker
>> and need not to be checked if one for B'Class is satisfied.
>
> This is the wrong way round. A subclass can only _weaken_ the
> precondition of the superclass. Anything else violates LSP.
LSP is wrong in general. A narrower "truer" version of LSP applies
specifically to operations and their preconditions and all that in the
context of substitutability, which is not the case for a dispatching call.
A dispatching call does not substitute unless the body is inherited.
Anyway, trivially, consider the following types:
type A is ...;
type B is new A with ...;
The predicate P=x in A'Class is true for both A and B. The predicate Q=y in
B'Class is true B and false for A. hence Q=>P, Q is stronger.
[Tag checks violate LSP]
> This new feature introduces a whole new opportunity for error: getting
> the preconditions wrong.
Yes, but the major crime here is mingling correctness with program
semantics. The thing meant to be executed in the prologue of an operation
has nothing to do with correctness, it is about operation composition upon
inheritance and/or about object construction.
--
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de
next prev parent reply other threads:[~2013-02-18 14:25 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-02-15 3:55 Class wide preconditions: error in GNAT implementation? ytomino
2013-02-15 10:15 ` Georg Bauhaus
2013-02-15 13:16 ` ytomino
2013-02-16 1:01 ` Randy Brukardt
2013-02-16 2:50 ` ytomino
2013-02-16 9:28 ` Dmitry A. Kazakov
2013-02-16 13:13 ` ytomino
2013-02-16 16:35 ` Dmitry A. Kazakov
2013-02-16 19:55 ` ytomino
2013-02-16 20:34 ` ytomino
2013-02-18 8:30 ` Dmitry A. Kazakov
2013-02-18 9:17 ` Simon Wright
2013-02-18 14:25 ` Dmitry A. Kazakov [this message]
2013-02-18 18:04 ` Simon Wright
2013-02-18 19:27 ` Dmitry A. Kazakov
2013-02-18 20:42 ` Simon Wright
2013-02-19 9:07 ` Dmitry A. Kazakov
2013-02-18 19:02 ` ytomino
2013-02-18 19:44 ` Dmitry A. Kazakov
2013-02-16 15:16 ` Georg Bauhaus
2013-02-16 20:23 ` Simon Wright
2013-02-17 15:12 ` ytomino
2013-02-18 17:49 ` Simon Wright
2013-02-18 18:45 ` ytomino
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox