From: Alan Brain <aebrain@dynamite.com.au>
Subject: Re: Simulating Eiffel-style assertions (was: Papers on the Ariane-5 crash and Design by Contract)
Date: 1997/03/26
Date: 1997-03-26T00:00:00+00:00 [thread overview]
Message-ID: <3339F210.69E3@dynamite.com.au> (raw)
In-Reply-To: 5h6jc0$jvu@news.rhrz.uni-bonn.de
Wolfgang Reddig wrote:
> Consider a 'Car' class having an invariant which states that cars have
> either two or four doors. Lets assume there is a method 'make_limousine', which
> adds two doors (forgive the C++ notation, but I'm not very familiar with
> the syntax of Eiffel):
>
> void Car::make_limousine()
> {
> require(no_of_doors() == 2)
> ensure(no_of_doors() == 4)
>
> add_door(); // this would (incorrectly) cause an invariant failure!
> add_door();
> }
But surely there's another way. Consider the following reasoning:
Cars, for our purposes, have either 2 or 4 doors, never 3, never 5.
So we can have:
type CAR_DOOR_NUMBER_TYPE is ( Two, Four );
type CAR_RECORD_TYPE is
record
-- some data about the car, make, model etc here
--
NUMBER_OF_DOORS : CAR_DOOR_NUMBER_TYPE;
--
-- and maybe some more data here
--
end record;
-- then for the code
ADD_TWO_DOORS (ToCar : CAR_RECORD_TYPE ) is
begin
ToCar.NUMBER_OF_DOORS := CAR_RECORD_TYPE'SUCC (
ToCar.NUMBER_OF_DOORS);
--
-- or, if you want to 'Fail Safe'
--
-- ToCar.NUMBER_OF_DOORS := Four;
--
exception
when CONSTRAINT_ERROR => -- There already WERE Four Doors!
-- if you want to 'Fail Safe'
ToCar.NUMBER_OF_DOORS := Four;
-- if you want to crash and burn, or destroy the rocket
-- raise;
when others => -- Has to be a hardware problem, or some
-- C program overrunning its array bounds,
-- or a bug in the compiler -
null; -- Try keeping fingers crossed and hoping
-- for the best?
end ADD_TWO_DOORS;
No apologies for the Ada-83 syntax. Ada supplies the tools to "Judo" the
problem, avoid the concept of a 3-door car from being expressible. But
as Ariane-5 showed, having the capability to do this /= actually doing
it.
C++'s enums appear similar, but that's another matter.
--
aebrain@dynamite.com.au <> <> How doth the little Crocodile
| Alan & Carmel Brain| xxxxx Improve his shining tail?
| Canberra Australia | xxxxxHxHxxxxxx _MMMMMMMMM_MMMMMMMMM
100026.2014 compuserve o OO*O^^^^O*OO o oo oo oo oo
By pulling MAERKLIN Wagons, in 1/220 Scale
See http://www.z-world.com/graphics/z/master/8856.gif for picture
next prev parent reply other threads:[~1997-03-26 0:00 UTC|newest]
Thread overview: 247+ messages / expand[flat|nested] mbox.gz Atom feed top
1997-03-15 0:00 Papers on the Ariane-5 crash and Design by Contract Bertrand Meyer
1997-03-18 0:00 ` Ariane-5: can you clarify? (Re: Please do not start a language war) Jon S Anthony
[not found] ` <tz8ohcjv7cc.fsf@aimnet.com>
1997-03-16 0:00 ` Papers on the Ariane-5 crash and Design by Contract Robert Dewar
1997-03-17 0:00 ` Please do not start a language war (was " Jean-Marc Jezequel
1997-03-18 0:00 ` Richard Irvine
1997-03-18 0:00 ` Ken Garlington
1997-03-19 0:00 ` Jean-Marc Jezequel
1997-03-19 0:00 ` Richard Kaiser
1997-03-21 0:00 ` Ken Garlington
1997-03-21 0:00 ` Jean-Marc Jezequel
1997-03-25 0:00 ` Ken Garlington
1997-03-26 0:00 ` Trust but verify " Robert S. White
1997-03-25 0:00 ` Bertrand Meyer
1997-03-26 0:00 ` Robb Nebbe
1997-03-27 0:00 ` Ken Garlington
1997-03-28 0:00 ` Jeffrey W. Stulin
1997-03-31 0:00 ` Ken Garlington
1997-03-28 0:00 ` Karel Th�nissen
1997-03-28 0:00 ` Ken Garlington
1997-04-07 0:00 ` Jean-Marc Jezequel
1997-03-29 0:00 ` the one and only real true kibo
[not found] ` <199703190839.JAA02652@stormbringer.irisa.fr>
1997-03-19 0:00 ` Please do not start a language war " Ken Garlington
1997-03-20 0:00 ` Robert S. White
1997-03-20 0:00 ` Martin Tom Brown
1997-03-21 0:00 ` Wolfgang Gellerich
1997-03-21 0:00 ` Robert S. White
1997-03-20 0:00 ` John L. Ahrens
1997-03-20 0:00 ` Roger T.
1997-03-21 0:00 ` Ken Garlington
1997-03-21 0:00 ` Jean-Marc Jezequel
1997-03-24 0:00 ` Ken Garlington
[not found] ` <tz8913l930b.fsf_-_@aimnet.com>
1997-03-18 0:00 ` Ariane-5: can you clarify? (Re: Please do not start a language war) Gavin Collings
1997-03-18 0:00 ` Ariane-5: can you clarify? (Re: Please do not start a language war Roedy Green
1997-03-17 0:00 ` Papers on the Ariane-5 crash and Design by Contract Bertrand Meyer
1997-03-18 0:00 ` John McCabe
1997-03-18 0:00 ` Ray McVay
1997-03-27 0:00 ` Robert Dewar
1997-03-29 0:00 ` the one and only real true kibo
1997-03-30 0:00 ` Nick Roberts
1997-04-06 0:00 ` Doctorb
1997-04-08 0:00 ` Ron Crocker
1997-04-11 0:00 ` Richard Riehle
1997-03-17 0:00 ` Nick Leaton
1997-03-17 0:00 ` Richard Kaiser
1997-03-18 0:00 ` Richard Kaiser
1997-03-18 0:00 ` Nick Leaton
1997-03-19 0:00 ` Richard Kaiser
1997-03-19 0:00 ` Jean-Marc Jezequel
1997-03-19 0:00 ` Richard Kaiser
1997-03-19 0:00 ` Fergus Henderson
1997-03-18 0:00 ` Jean-Marc Jezequel
1997-03-19 0:00 ` Ken Garlington
1997-03-18 0:00 ` Richard Kaiser
1997-03-18 0:00 ` Nick Leaton
1997-03-18 0:00 ` "Paul E. Bennett"
1997-03-19 0:00 ` Nick Leaton
1997-03-24 0:00 ` Joachim Durchholz
1997-03-25 0:00 ` Robert Dewar
1997-03-31 0:00 ` Jan Galkowski
1997-03-31 0:00 ` Joachim Durchholz
1997-04-02 0:00 ` Robert Dewar
1997-04-03 0:00 ` Martin Tom Brown
1997-04-04 0:00 ` Jonathan Egre'
1997-04-06 0:00 ` Robert Dewar
1997-04-06 0:00 ` Nick Roberts
1997-04-04 0:00 ` Derek Clarke
1997-03-31 0:00 ` Alexander Anderson
1997-04-01 0:00 ` Alexander Anderson
1997-04-02 0:00 ` Ken Garlington
1997-03-20 0:00 ` John the Hamster
[not found] ` <tz8g1xtzx9y.fsf@aimnet.com>
1997-03-18 0:00 ` Anders Pytte
1997-03-18 0:00 ` Jean-Marc Jezequel
1997-03-18 0:00 ` Anders Pytte
1997-03-19 0:00 ` Programming language fanaticism! Louis Bastarache
1997-03-20 0:00 ` Anders Pytte
1997-03-20 0:00 ` Papers on the Ariane-5 crash and Design by Contract Matt Kennel (Remove 'nospam' to reply)
1997-03-24 0:00 ` Joachim Durchholz
1997-03-24 0:00 ` Anders Pytte
1997-03-26 0:00 ` Matt Kennel (Remove 'nospam' to reply)
1997-03-29 0:00 ` Anders Pytte
1997-03-29 0:00 ` Steve Furlong
1997-03-26 0:00 ` Robert Dewar
1997-03-27 0:00 ` the one and only real true kibo
1997-03-29 0:00 ` the one and only real true kibo
1997-03-29 0:00 ` Nick S Bensema
1997-03-30 0:00 ` the one and only real true kibo
1997-03-18 0:00 ` Anders Pytte
1997-03-21 0:00 ` Ken Garlington
1997-03-21 0:00 ` Bertrand Meyer
1997-03-21 0:00 ` William Clodius
1997-03-21 0:00 ` Bertrand Meyer
1997-03-23 0:00 ` the one and only real true kibo
1997-03-23 0:00 ` William Clodius
1997-03-22 0:00 ` Fergus Henderson
1997-03-22 0:00 ` Bertrand Meyer
1997-03-23 0:00 ` the one and only real true kibo
1997-03-23 0:00 ` Anders Pytte
1997-03-24 0:00 ` FUD (Re: Papers on the Ariane-5 crash and Design by Contract) Alexander Anderson
1997-03-24 0:00 ` Alexander Anderson
1997-03-23 0:00 ` Papers on the Ariane-5 crash and Design by Contract Anders Pytte
[not found] ` <3335BC24.13728473@eiffel.com>
1997-03-23 0:00 ` Bertrand Meyer
1997-03-24 0:00 ` Robert Dewar
1997-03-31 0:00 ` Ken Garlington
1997-04-01 0:00 ` Bertrand Meyer
1997-03-25 0:00 ` Ken Garlington
1997-03-24 0:00 ` the one and only real true kibo
1997-03-24 0:00 ` Ken Garlington
1997-03-24 0:00 ` Ken Garlington
1997-03-26 0:00 ` Robert Dewar
1997-03-26 0:00 ` Ken Garlington
[not found] ` <E7ox17.MKx@syd.csa.com.au>
1997-03-28 0:00 ` Ken Garlington
1997-03-24 0:00 ` John Hogg
1997-03-18 0:00 ` Laurent Moussault
1997-03-17 0:00 ` Alexander Anderson
1997-03-17 0:00 ` Please do not start a language war (was " Jon S Anthony
1997-03-18 0:00 ` Kent Tong
1997-03-20 0:00 ` Ranan Fraer
1997-03-17 0:00 ` Robert I. Eachus
1997-03-17 0:00 ` Martin Tom Brown
1997-03-17 0:00 ` John McCabe
[not found] ` <tz8n2s1hrdc.fsf@aimnet.com>
1997-03-20 0:00 ` John McCabe
1997-03-20 0:00 ` John McCabe
1997-03-20 0:00 ` Jean-Marc Jezequel
1997-03-20 0:00 ` John McCabe
1997-03-21 0:00 ` Niall Cooling
1997-03-21 0:00 ` Gavin Collings
1997-03-27 0:00 ` Joachim Durchholz
1997-04-03 0:00 ` Robert I. Eachus
1997-04-04 0:00 ` Derek Clarke
1997-04-04 0:00 ` Chris Beer
1997-04-03 0:00 ` Gavin Collings
1997-04-03 0:00 ` Ken Garlington
1997-04-04 0:00 ` Derek Clarke
1997-04-04 0:00 ` Derek Clarke
1997-04-06 0:00 ` Robert Dewar
1997-04-07 0:00 ` Ken Garlington
1997-04-09 0:00 ` Gavin Collings
1997-04-04 0:00 ` Ken Garlington
1997-04-04 0:00 ` Robert Dewar
1997-04-03 0:00 ` Robin Rosenberg
1997-03-24 0:00 ` Ken Garlington
1997-03-26 0:00 ` Thomas Beale
1997-03-26 0:00 ` Ken Garlington
1997-03-21 0:00 ` "Paul E. Bennett"
1997-03-22 0:00 ` Nigel Tzeng
1997-03-23 0:00 ` John McCabe
1997-03-17 0:00 ` Paul Johnson
1997-03-17 0:00 ` Enrico Facchin - Sartori E.T.
1997-03-19 0:00 ` Anders Pytte
1997-03-18 0:00 ` Ken Garlington
1997-03-18 0:00 ` Tarjei Jensen
1997-03-18 0:00 ` Ken Garlington
1997-03-19 0:00 ` Eric M. Boyd
1997-03-19 0:00 ` Jeffrey W. Stulin
[not found] ` <3345cd60.2092398@news.sydney.apana.org.au>
1997-04-03 0:00 ` Ariane-5 crash , Eiffel and Ada Jeffrey W. Stulin
1997-04-03 0:00 ` Nick Leaton
1997-04-08 0:00 ` AdaWorks
1997-03-18 0:00 ` Papers on the Ariane-5 crash and Design by Contract Jon S Anthony
1997-03-18 0:00 ` Jon S Anthony
1997-03-19 0:00 ` Ron Forrester
1997-03-21 0:00 ` Ken Garlington
1997-03-22 0:00 ` Ron Forrester
1997-03-18 0:00 ` Jon S Anthony
1997-03-18 0:00 ` Robert I. Eachus
1997-03-18 0:00 ` Jon S Anthony
1997-03-18 0:00 ` Ulrich Windl
1997-03-19 0:00 ` Karel Th�nissen
1997-03-19 0:00 ` Jon S Anthony
1997-03-19 0:00 ` Ken Garlington
1997-03-20 0:00 ` Richard Kaiser
1997-03-24 0:00 ` Ken Garlington
1997-03-20 0:00 ` Martin Tom Brown
1997-03-21 0:00 ` Frank Manning
1997-03-21 0:00 ` Martin Tom Brown
1997-03-23 0:00 ` Frank Manning
1997-03-25 0:00 ` Ken Garlington
1997-03-19 0:00 ` Ken Garlington
1997-03-19 0:00 ` Karel Th�nissen
1997-03-19 0:00 ` Ariane-5: can you clarify? (Re: Please do not start a language war) Karel Th�nissen
1997-03-19 0:00 ` Papers on the Ariane-5 crash and Design by Contract Jon S Anthony
1997-03-20 0:00 ` Jean-Marc Jezequel
1997-03-24 0:00 ` Ken Garlington
1997-03-20 0:00 ` Paul Johnson
1997-03-24 0:00 ` Ken Garlington
1997-03-24 0:00 ` Design by Contract in C++ (was Re: Papers on the Ariane-5 crash and Design by Contract) Anders Pytte
1997-03-19 0:00 ` Papers on the Ariane-5 crash and Design by Contract Nick Leaton
1997-03-20 0:00 ` Ariane-5: can you clarify? (Re: Please do not start a language war) Karel Th�nissen
1997-03-20 0:00 ` Nick Leaton
1997-03-20 0:00 ` Papers on the Ariane-5 crash and Design by Contract Robert I. Eachus
1997-03-20 0:00 ` Ariane-5: can you clarify? (Re: Please do not start a language war) Nick Leaton
1997-03-20 0:00 ` Papers on the Ariane-5 crash and Design by Contract Robert I. Eachus
1997-03-21 0:00 ` Please do not start a language war (was " Jon S Anthony
1997-03-21 0:00 ` Ulrich Windl
[not found] ` <tz8sp1qiywm.fsf@aimnet.com>
1997-03-21 0:00 ` ae59
1997-03-21 0:00 ` Alexander Anderson
1997-03-23 0:00 ` "Paul E. Bennett"
1997-03-22 0:00 ` Jon S Anthony
1997-03-28 0:00 ` Matt Kennel (Remove 'nospam' to reply)
1997-03-22 0:00 ` Ariane-5: can you clarify? (Re: Please do not start a language war) Stuart Yeates
1997-03-22 0:00 ` Papers on the Ariane-5 crash and Design by Contract Bertrand Meyer
1997-03-22 0:00 ` Anders Pytte
1997-03-23 0:00 ` Steve Furlong
1997-03-24 0:00 ` Anders Pytte
1997-03-24 0:00 ` Simulating Eiffel-style assertions (was: Papers on the Ariane-5 crash and Design by Contract) Wolfgang Reddig
1997-03-24 0:00 ` Anders Pytte
1997-03-25 0:00 ` Wolfgang Reddig
1997-03-25 0:00 ` Anders Pytte
1997-03-31 0:00 ` Joachim Durchholz
1997-03-26 0:00 ` Alan Brain [this message]
1997-03-26 0:00 ` Wolfgang Reddig
1997-03-29 0:00 ` How old time languages survive EJon
1997-03-22 0:00 ` Papers on the Ariane-5 crash and Design by Contract Bertrand Meyer
1997-03-23 0:00 ` Dale Stanbrough
[not found] ` <3335E18E.33590565@eiffel.com>
1997-03-23 0:00 ` FUD (Re: Papers on the Ariane-5 crash and Design by Contract) Bertrand Meyer
1997-03-24 0:00 ` William Grosso
1997-03-24 0:00 ` Brad Appleton
1997-03-24 0:00 ` Bertrand Meyer
1997-03-24 0:00 ` William Clodius
1997-03-24 0:00 ` Papers on the Ariane-5 crash and Design by Contract Robert Dewar
1997-03-24 0:00 ` Manners (was Re: Papers on the Ariane-5 crash and Design by Contract) Bertrand Meyer
1997-03-25 0:00 ` the one and only real true kibo
1997-03-24 0:00 ` Papers on the Ariane-5 crash and Design by Contract Ken Garlington
1997-03-27 0:00 ` Joachim Durchholz
1997-03-31 0:00 ` Ken Garlington
1997-04-06 0:00 ` Joachim Durchholz
1997-03-24 0:00 ` Ariane-5: can you clarify? (Re: Please do not start a language war) Nick Leaton
1997-03-24 0:00 ` Papers on the Ariane-5 crash and Design by Contract Robb Nebbe
1997-03-24 0:00 ` Ariane-5: can you clarify? (Re: Please do not start a language war) William Clodius
1997-03-24 0:00 ` Ken Garlington
1997-03-24 0:00 ` Papers on the Ariane-5 crash and Design by Contract Ken Garlington
1997-03-24 0:00 ` Alexander Anderson
1997-03-24 0:00 ` Jon S Anthony
1997-03-24 0:00 ` Ariane-5: can you clarify? (Re: Please do not start a language war) Ken Garlington
1997-03-24 0:00 ` Papers on the Ariane-5 crash and Design by Contract Ken Garlington
1997-03-25 0:00 ` Ariane-5: can you clarify? (Re: Please do not start a language war) David Starr
1997-03-25 0:00 ` Ken Garlington
1997-03-25 0:00 ` Ken Garlington
1997-03-25 0:00 ` Papers on the Ariane-5 crash and Design by Contract Robert I. Eachus
1997-03-26 0:00 ` Alexander Anderson
1997-03-26 0:00 ` Jon S Anthony
1997-03-26 0:00 ` Ken Garlington
1997-03-27 0:00 ` Trust but verify (was " Robert I. Eachus
1997-03-28 0:00 ` Jon S Anthony
1997-03-28 0:00 ` Trust but verify (was " Robert I. Eachus
1997-03-31 0:00 ` Ken Garlington
1997-03-19 0:00 ` Chris Brand
1997-03-23 0:00 ` the one and only real true kibo
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox