From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=0.2 required=5.0 tests=BAYES_00,INVALID_MSGID,
	REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: fac41,2c6139ce13be9980
X-Google-Attributes: gidfac41,public
X-Google-Thread: 1108a1,2c6139ce13be9980
X-Google-Attributes: gid1108a1,public
X-Google-Thread: f43e6,2c6139ce13be9980
X-Google-Attributes: gidf43e6,public
X-Google-Thread: 103376,3d3f20d31be1c33a
X-Google-Attributes: gid103376,public
From: Ken Garlington <kennieg@flash.net>
Subject: Re: Safety-critical development in Ada and Eiffel
Date: 1997/07/23
Message-ID: <33D6A3C4.F5F@flash.net>#1/1
X-Deja-AN: 258552598
References: <33CE0BB7.10CE@XYZZYcalfp.com> <EDrG9G.BF4@syd.csa.com.au>
Organization: Flashnet Communications, http://www.flash.net
Reply-To: kennieg@flash.net
Newsgroups: comp.object,comp.software-eng,comp.lang.ada,comp.lang.eiffel
Date: 1997-07-23T00:00:00+00:00
List-Id: <comp.lang.ada>


Don Harrison wrote:
> 
> Richie Bielak wrote:
> 
> :I always thought it would be nice to have postconditions of the form:
> :
> :       ensure
> :               execution_time < 10 -- 10 milliseconds, let's say
> :
> :So an exception would be raised if the routine took too long
> :to execute.
> 
> I've also been thinking along these lines since about a year ago. It sits very
> well with DBC, IMO.

This would work if there is an inherent time limit to the object's
functionality.
It won't work if the issue is the contribution to the object to a thread
of
execution, particularly if the object is going to support multiple
threads. The
issue of specifying absolute time in an environment where objects are
reused
in future applications is also a sticking point. ADARTS does thread
timeline
analysis independently of object interface specification, which in my
experience makes more sense.

> 
> Also, the idea of express messages in SCOOP caters for the situation where
> a time-critical thread *must* execute without fail.
> 
> (For more information, see Object-oriented Software Construction (2nd ed.)
> Section 30.8 - "Requesting Special Service").
> 
> Don.
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> Don Harrison             donh@syd.csa.com.au