From: "Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de>
Subject: Re: Operation can be dispatching in only one type
Date: Tue, 8 Dec 2009 10:22:59 +0100
Date: 2009-12-08T10:23:00+01:00 [thread overview]
Message-ID: <1wv3of2u7rbx8.4a6yeffk4uf3.dlg@40tude.net> (raw)
In-Reply-To: hfk624$ej8$1@munin.nbi.dk
On Mon, 7 Dec 2009 18:19:11 -0600, Randy Brukardt wrote:
> "Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de> wrote in message
> news:1gcigitaii0u0.1psu2vj52e66g$.dlg@40tude.net...
>> On Fri, 4 Dec 2009 20:45:19 -0600, Randy Brukardt wrote:
>>
>>> Writing in Ada 2012 as proposed today
>>> (and that might change before it gets standardized):
>>>
>>> procedure Do_Something (Window : Claw.Basic_Window_Type; ...)
>>> with Pre => Is_Valid (Window);
>>
>> Why not to allow such constraints for subtypes? E.g.
>>
>> subtype Valid_Window_Type is Window_Type when Is_Valid;
>>
>> then simply:
>>
>> procedure Do_Something (Window : Valid_Window_Type; ...)
>
> That's also under consideration, but there are some problems with it. One
> problem is that such types are very confusing in array indexes/slices (do
> the values all participate or just the ones that pass the predicate?)
Only ones of the subtype, obviously. But the problem is same as with the
index sliding: when two subsets of the index are equivalent, either
nominally (when elements are same) or structurally (when the number of
elements is same + maybe other conditions). Structural equivalence might
appear convenient, but it is always a source of confusion.
> are a couple of others as well.
>
> Another issue is that not all preconditions/postconditions can be written
> this way. For one thing, a precondition can depend on multiple parameters at
> once. Another issues is that the entry condition and exit conditions may be
> different for a parameter. For instance, from Claw:
>
> procedure Create (Window : Basic_Window_Type; ...)
> with Pre => not Is_Valid (Window),
> Post => Is_Valid (Window);
Mutating [sub]type? That looks like a case for a constructor to me (an old
discussion).
> So subtypes cannot completely replace pre and post conditions, but they can
> be a complement to them.
Absolutely.
However I consider it differently. In my view pre-/postconditions and
invariants should be static, used strictly for program correctness proofs.
Subtypes should complement them for dynamic run-time checks (recoverable
faults).
--
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de
next prev parent reply other threads:[~2009-12-08 9:22 UTC|newest]
Thread overview: 132+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-11-13 20:12 Operation can be dispatching in only one type xorque
2009-11-13 20:34 ` Dmitry A. Kazakov
2009-11-13 20:43 ` xorque
2009-11-13 21:14 ` Dmitry A. Kazakov
2009-11-13 20:44 ` xorque
2009-11-16 17:43 ` Adam Beneschan
2009-11-16 20:28 ` Dmitry A. Kazakov
2009-11-16 20:32 ` Dmitry A. Kazakov
2009-11-16 21:35 ` Adam Beneschan
2009-11-16 22:28 ` Dmitry A. Kazakov
2009-11-17 22:10 ` Adam Beneschan
2009-11-18 9:46 ` Dmitry A. Kazakov
2009-11-18 16:39 ` Adam Beneschan
2009-11-18 19:21 ` Dmitry A. Kazakov
2009-11-19 0:27 ` Randy Brukardt
2009-11-19 2:11 ` Robert A Duff
2009-11-19 15:57 ` Adam Beneschan
2009-11-19 19:39 ` Robert A Duff
2009-11-19 23:43 ` Randy Brukardt
2009-11-19 8:50 ` Dmitry A. Kazakov
2009-11-19 23:54 ` Randy Brukardt
2009-11-20 8:34 ` Dmitry A. Kazakov
2009-11-20 10:58 ` Jean-Pierre Rosen
2009-11-21 6:02 ` Randy Brukardt
2009-11-21 13:07 ` Dmitry A. Kazakov
2009-11-22 5:45 ` xorque
2009-11-22 11:25 ` Georg Bauhaus
2009-11-22 11:30 ` xorque
2009-11-22 16:25 ` Dmitry A. Kazakov
2009-11-22 16:27 ` xorque
2009-11-22 16:42 ` Dmitry A. Kazakov
2009-11-22 16:52 ` xorque
2009-11-22 17:41 ` Dmitry A. Kazakov
2009-11-22 18:03 ` xorque
2009-11-22 18:08 ` xorque
2009-11-22 18:28 ` Dmitry A. Kazakov
2009-11-22 18:41 ` xorque
2009-11-22 21:47 ` Robert A Duff
2009-11-23 3:42 ` stefan-lucks
2009-11-30 20:36 ` Robert A Duff
2009-11-30 23:54 ` (see below)
2009-12-01 12:13 ` Georg Bauhaus
2009-12-01 12:23 ` Georg Bauhaus
2009-12-01 12:44 ` Georg Bauhaus
2009-12-01 13:48 ` Dmitry A. Kazakov
2009-12-01 15:02 ` Georg Bauhaus
2009-12-01 16:18 ` Dmitry A. Kazakov
2009-12-01 17:52 ` Georg Bauhaus
2009-12-01 18:47 ` Dmitry A. Kazakov
2009-12-01 21:53 ` John B. Matthews
2009-12-02 0:32 ` Georg Bauhaus
2009-12-02 11:18 ` John B. Matthews
2009-12-02 14:29 ` Jean-Pierre Rosen
2009-12-02 15:35 ` Georg Bauhaus
2009-12-02 1:13 ` Georg Bauhaus
2009-12-02 9:07 ` Dmitry A. Kazakov
2009-12-02 12:35 ` John B. Matthews
2009-12-02 13:35 ` Dmitry A. Kazakov
2009-12-03 5:23 ` Randy Brukardt
2009-12-03 20:21 ` John B. Matthews
2009-12-03 5:29 ` Randy Brukardt
2009-12-03 11:24 ` Georg Bauhaus
2009-12-03 23:08 ` Randy Brukardt
2009-12-04 8:52 ` Dmitry A. Kazakov
2009-12-05 2:45 ` Randy Brukardt
2009-12-05 10:32 ` Dmitry A. Kazakov
2009-12-08 0:19 ` Randy Brukardt
2009-12-08 4:30 ` stefan-lucks
2009-12-08 9:12 ` Dmitry A. Kazakov
2009-12-10 4:09 ` Randy Brukardt
2009-12-11 0:10 ` Robert A Duff
2009-12-08 9:22 ` Dmitry A. Kazakov [this message]
2009-12-08 10:06 ` Georg Bauhaus
2009-12-08 10:23 ` Dmitry A. Kazakov
2009-12-08 10:33 ` Georg Bauhaus
2009-12-08 10:49 ` Dmitry A. Kazakov
2009-12-01 23:51 ` Randy Brukardt
2009-11-23 8:52 ` Dmitry A. Kazakov
2009-11-30 20:43 ` Robert A Duff
2009-12-01 9:00 ` Dmitry A. Kazakov
2009-12-01 5:45 ` stefan-lucks
2009-12-01 11:12 ` Dmitry A. Kazakov
2009-12-01 8:01 ` stefan-lucks
2009-12-01 13:37 ` Dmitry A. Kazakov
2009-12-15 23:54 ` Robert A Duff
2009-11-23 7:48 ` Georg Bauhaus
2009-11-23 7:58 ` Georg Bauhaus
2009-11-19 16:04 ` Adam Beneschan
2009-11-19 2:23 ` tmoran
2009-11-19 8:32 ` Dmitry A. Kazakov
-- strict thread matches above, loose matches on Subject: below --
2015-11-23 10:23 operation " Serge Robyns
2015-11-23 11:29 ` Dmitry A. Kazakov
2015-11-23 13:05 ` Serge Robyns
2015-11-23 13:48 ` Dmitry A. Kazakov
2015-11-23 14:16 ` Serge Robyns
2015-11-23 14:59 ` G.B.
2015-11-23 15:52 ` Dmitry A. Kazakov
2015-11-23 17:40 ` Jeffrey R. Carter
2015-11-24 9:08 ` Serge Robyns
2015-11-24 16:44 ` AdaMagica
2015-11-24 17:09 ` Jeffrey R. Carter
2015-11-24 18:37 ` Serge Robyns
2015-11-24 20:18 ` Jeffrey R. Carter
2015-11-24 20:40 ` Serge Robyns
2015-11-24 20:25 ` Niklas Holsti
2015-11-24 21:48 ` Jeffrey R. Carter
2015-11-25 8:24 ` Dmitry A. Kazakov
2015-11-25 11:22 ` Serge Robyns
2015-11-25 17:38 ` Dmitry A. Kazakov
2015-11-26 11:30 ` Serge Robyns
2015-11-26 13:14 ` Dmitry A. Kazakov
2015-11-26 14:27 ` Serge Robyns
2015-11-26 15:16 ` J-P. Rosen
2015-11-26 18:27 ` Serge Robyns
2015-11-26 21:20 ` J-P. Rosen
2015-11-27 8:37 ` Dmitry A. Kazakov
2015-11-27 12:58 ` J-P. Rosen
2015-11-27 13:39 ` Dmitry A. Kazakov
2015-11-30 22:22 ` Randy Brukardt
2015-12-01 8:46 ` Dmitry A. Kazakov
2015-12-01 11:19 ` G.B.
2015-12-01 13:56 ` Dmitry A. Kazakov
2015-12-01 16:05 ` G.B.
2015-12-01 17:58 ` Dmitry A. Kazakov
2015-12-02 13:06 ` G.B.
2015-12-02 13:31 ` Dmitry A. Kazakov
2015-12-02 19:33 ` Randy Brukardt
2015-12-02 19:27 ` Randy Brukardt
2015-11-29 17:59 ` Jacob Sparre Andersen
2015-11-30 22:29 ` Randy Brukardt
2015-11-25 12:27 ` G.B.
2015-11-25 17:25 ` Dmitry A. Kazakov
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox