RE: pre-condition vs post-condition

RE: pre-condition vs post-condition

[Ed Knoll @(719)593-5182]

>is raised.  Should the given country's presence be listed as a pre-condition
>for this function, or should its absense (it doesn't exist) and the raising
>of COUNTRY_ERROR be listed as a post-condition?

The answer is that neither post- or pre-condition is best, or rather both 
are based on the context of the situation.  How is the module being 
used?  What is the scope of the module?  Is it a reusable component?  
Does it interface with other modules in a known or "friendly" environment, 
or is it interfacing/interacting with external subsystems of unknown quality?

For a module which is part of the internal workings of a subsystem, a 
pre-condition would be more reasonable.  It makes more sense for every
module to insure that the data they pass on/generate is always correct.
If modules of the same working subsystem have to verify all inputs, too 
much overhead/coupling is incurred.

However, if a module is interacting with components external to a subsystem
and these components are unknown/unrelated to the local subsystem, it makes
more sense to do the error checking and to document the exceptions as part of 
the behavior of the subsystem.  Well behaved subsystems under valid and 
invalid stimulus will be more portable/reusable then subsystems which react 
unpredictably in the presence of invalid stimulus.

Ed Knoll
Texas Instruments
knoll@coopn1.csc.ti.com

Re: Pre-condition vs Post-condition

[Neil Webre]

When the questions of exceptions and pre- and post-conditions came up,
I answered by mail to the poster. Since there have been some replies
via news, I am posting my reply which follows:

To: cml8@robin.cs.uofs.edu
Subject: Re: Pre-condition vs. Post-condition
Organization: Cal Poly State Univ,CSC Dept,San Luis Obispo,CA 93407

   If a pre-condition is not met, the result of execution is undefined
   (maybe unspecified is a better word). In the case of exceptions, if
   you write the fact that an exception will occur in certain cases,
   in your postcondition, then it seems to me that you have written
   a specification of results if the "error" condition happens. Therefore
   the error condition was not a precondition since your algorithm
   has a well defined and specified result for that case. 

   I am in the process of writing a textbook. What we have done is to
   write the specs of procedures and functions in the following form:

   procedure kaboom(...);
   -- precondition : ....
   -- postcondition : ....
   -- exceptions : ...

   Properly speaking, the exceptions clause is part of the postcondition.
   However, since exceptions are a standard way of handling "errors"
   in Ada, we broke them out into a separate clause.
   Preconditions are reserved to screen out conditions that truly have no
   defined results. It is the job of the client to assure that the
   precondition is met prior to execution of the procedure or function.