Re: Safety of the Booch Ada 95 Components

["Matthew Heaney" <matthew_heaney@acm.org>]

In article <x7vu2lowfr2.fsf@pogner.demon.co.uk> , Simon Wright 
<simon@pogner.demon.co.uk>  wrote:

> The BCs equivalent for assignment is (no warranties, remember)
>
>   BB == BB' and (BA == BB'
>                  or an exception is raised)

That's exactly it.

Yes, this lacks "rollback semantics," but I'm perfectly happy with this
postcondition, as it's likely to be far more efficient than its stronger
alternative:

   HB == HB' and (HA == HB'
                  or an exception is raised and HA == HA')

I'd be willing to bet that most systems programmers would NOT be
satisfied with this postcondition, if they knew how inefficient it is
compared to the other.

Perhaps there is a middle position.  We could guarantee that if
assignment fails, then the target data structure is cleared, instead of
being left in some unknown state:

  HB == HB' and (HA == HB'
                 or an exception is raised and HA.Length == 0)


--
The political forces that try to eliminate evolution from science
classrooms impose a narrow, sectarian doctrine on our educational
systems. This imposition represents an affront not only to the
constitutional separation of church and state but also to the moral and
intellectual integrity embedded in that constitution.

<http://www.nabt.org/evolutionks.html>