From: Eric Hughes <eric.eh9@gmail.com>
Subject: Re: Ada.Strings.Bounded
Date: Mon, 14 Apr 2008 18:35:05 -0700 (PDT)
Date: 2008-04-14T18:35:05-07:00 [thread overview]
Message-ID: <8862aecc-c70d-46cc-a140-f26d9b0acfb4@z24g2000prf.googlegroups.com> (raw)
In-Reply-To: 48039eb1$0$629$9b4e6d93@newsspool1.arcor-online.net
On Apr 14, 12:13 pm, Georg Bauhaus <rm.tsoh.plus-
bug.bauh...@maps.futureapps.de> wrote:
> It might be worth noting that this kind of "correctness"
> specifically precludes factors that are essential to typical
> Ada programming: for a program to solve a problem correctly,
> use of time and storage must stay within specified bounds, too.
>
> Is there a definition of "correctness" that includes more than
> the necessary, static, computer agnostic precondition
> of "left side of equation equals right side of equation" no
> matter when and how?
Yes.
To me, the quickest way of getting at the essence of such conditions
is to start trying to write them down. You need symbols for that.
You need a function symbol for, say, the time something takes and
another for the space something takes. You need units of time and
units of space for the results. You need literal expressions for
durations of time and amounts of space to write down bounds. All
these are analytical symbols that need not be part of the language
they are analyzing.
The traditional method of correctness uses only the symbols of a
programming language combined with those of predicate calculus.
Simply from lack of expressibility, this traditional method cannot
directly address issues of time and space. You need to obtain those
symbols from somewhere, and this pretty much means constructing an
execution model that provides a place to root those symbols.
Execution models, however, are properties of the target processor and
execution environment, and thus outside of and, really, independent of
the abstractions of high-level languages. So, to ground this in Ada,
should there be a Ada-wide execution model? Probably not. Might
there be someday a way of expressing an execution model in Ada? I
would hope so.
One of the consequences of this is that, in general, you can't prove
performance predicates about a program by itself, but only together
with an execution model. Admittedly most execution models are
similar, but it would be a error of categories to assert a universal
one. (I don't mean to say that a canonical one might not be useful.)
There's a whole area of practical experience to gather about the
similarities of such proof prior to standardization, and I wouldn't
rush in quickly.
Finally, in order for this to work, you have to be able to connect
execution of the high-level program with execution of a program of
equivalent effect in the execution model. This is where that Hoare
paper that I mentioned a while back, "Proof of correctness of data
representations" comes in. It describes exactly how this works.
Eric
next prev parent reply other threads:[~2008-04-15 1:35 UTC|newest]
Thread overview: 108+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-03-31 22:44 Untyped Ada? Phaedrus
2008-04-01 0:16 ` Randy Brukardt
2008-04-01 7:19 ` tmoran
2008-04-01 7:44 ` Dmitry A. Kazakov
2008-04-01 8:28 ` Jean-Pierre Rosen
2008-04-01 21:44 ` Phaedrus
2008-04-01 21:51 ` Ludovic Brenta
2008-04-01 17:09 ` Pascal Obry
2008-04-01 22:00 ` Phaedrus
2008-04-02 7:31 ` Dmitry A. Kazakov
2008-04-04 15:16 ` Graham
2008-04-04 16:10 ` Pascal Obry
2008-04-04 21:09 ` Ada.Bounded_Strings Adam Beneschan
2008-04-04 21:15 ` Ada.Strings.Bounded Adam Beneschan
2008-04-05 4:39 ` Ada.Strings.Bounded Gautier
2008-04-05 9:43 ` Ada.Strings.Bounded Pascal Obry
2008-04-05 10:10 ` Ada.Strings.Bounded Dmitry A. Kazakov
2008-04-05 11:36 ` Ada.Strings.Bounded Gautier
2008-04-05 12:14 ` Ada.Strings.Bounded Pascal Obry
2008-04-06 0:31 ` Ada.Strings.Bounded Randy Brukardt
2008-04-07 14:57 ` Ada.Strings.Bounded Adam Beneschan
2008-04-07 15:23 ` Ada.Strings.Bounded Dmitry A. Kazakov
2008-04-07 16:34 ` Ada.Strings.Bounded stefan-lucks
2008-04-07 17:34 ` Ada.Strings.Bounded (see below)
2008-04-12 18:50 ` Ada.Strings.Bounded Eric Hughes
2008-04-12 19:46 ` Ada.Strings.Bounded Georg Bauhaus
2008-04-13 16:53 ` Ada.Strings.Bounded Eric Hughes
2008-04-13 20:10 ` Ada.Strings.Bounded Robert A Duff
2008-04-13 23:52 ` Ada.Strings.Bounded Eric Hughes
2008-04-14 8:00 ` Ada.Strings.Bounded Dmitry A. Kazakov
2008-04-14 15:25 ` Ada.Strings.Bounded Eric Hughes
2008-04-14 18:36 ` Ada.Strings.Bounded Dmitry A. Kazakov
2008-04-15 1:39 ` Ada.Strings.Bounded Eric Hughes
2008-04-12 21:09 ` Ada.Strings.Bounded Dmitry A. Kazakov
2008-04-13 16:31 ` Ada.Strings.Bounded Eric Hughes
2008-04-13 20:02 ` Ada.Strings.Bounded Robert A Duff
2008-04-13 23:20 ` Ada.Strings.Bounded Eric Hughes
2008-04-14 9:07 ` Ada.Strings.Bounded Dmitry A. Kazakov
2008-04-14 15:50 ` Ada.Strings.Bounded Eric Hughes
2008-04-14 18:52 ` Ada.Strings.Bounded Dmitry A. Kazakov
2008-04-15 2:07 ` Ada.Strings.Bounded Eric Hughes
2008-04-15 8:02 ` Ada.Strings.Bounded Dmitry A. Kazakov
2008-04-15 14:20 ` Ada.Strings.Bounded Eric Hughes
2008-04-15 15:23 ` Ada.Strings.Bounded Dmitry A. Kazakov
2008-04-16 2:51 ` Ada.Strings.Bounded Eric Hughes
2008-04-16 8:00 ` Ada.Strings.Bounded Dmitry A. Kazakov
[not found] ` <bc3a8b4e-63fe-47a6-b10b-7056f6d7d586@w5g2000prd.googlegroups.com>
2008-04-15 14:58 ` Ada.Strings.Bounded Dmitry A. Kazakov
2008-04-16 2:46 ` Ada.Strings.Bounded Eric Hughes
2008-04-16 8:16 ` Ada.Strings.Bounded Dmitry A. Kazakov
2008-04-16 14:40 ` Ada.Strings.Bounded Eric Hughes
2008-04-16 18:28 ` Ada.Strings.Bounded Dmitry A. Kazakov
2008-04-21 0:44 ` Ada.Strings.Bounded Eric Hughes
2008-04-21 14:08 ` Ada.Strings.Bounded Robert A Duff
2008-04-21 16:35 ` Ada.Strings.Bounded Eric Hughes
2008-04-21 18:04 ` Ada.Strings.Bounded Robert A Duff
2008-04-22 0:19 ` Ada.Strings.Bounded Eric Hughes
2008-04-22 0:49 ` Ada.Strings.Bounded Adam Beneschan
2008-04-22 1:02 ` Ada.Strings.Bounded Adam Beneschan
2008-04-22 15:30 ` Ada.Strings.Bounded Eric Hughes
2008-04-22 16:08 ` Ada.Strings.Bounded Robert A Duff
2008-04-22 15:25 ` Ada.Strings.Bounded Eric Hughes
2008-04-22 15:54 ` Ada.Strings.Bounded Robert A Duff
2008-04-22 15:41 ` Ada.Strings.Bounded Robert A Duff
2008-04-22 17:49 ` Ada.Strings.Bounded Dmitry A. Kazakov
2008-04-22 18:26 ` Ada.Strings.Bounded Samuel Tardieu
2008-04-22 18:59 ` Ada.Strings.Bounded Dmitry A. Kazakov
2008-04-22 18:47 ` Ada.Strings.Bounded Eric Hughes
2008-04-22 19:19 ` Ada.Strings.Bounded Dmitry A. Kazakov
2008-04-22 19:41 ` Ada.Strings.Bounded Robert A Duff
2008-04-22 22:55 ` Ada.Strings.Bounded Eric Hughes
2008-04-23 6:40 ` Ada.Strings.Bounded christoph.grein
2008-04-23 6:54 ` Ada.Strings.Bounded christoph.grein
2008-04-23 10:42 ` Ada.Strings.Bounded Georg Bauhaus
2008-04-23 12:32 ` Ada.Strings.Bounded Dmitry A. Kazakov
2008-04-23 12:52 ` Ada.Strings.Bounded christoph.grein
2008-04-23 13:34 ` Ada.Strings.Bounded Georg Bauhaus
2008-04-23 15:12 ` Ada.Strings.Bounded Adam Beneschan
2008-04-23 15:36 ` Ada.Strings.Bounded (see below)
2008-04-23 17:09 ` Ada.Strings.Bounded Ray Blaak
2008-04-24 0:29 ` Ada.Strings.Bounded Randy Brukardt
2008-04-22 20:15 ` Ada.Strings.Bounded Adam Beneschan
2008-04-23 13:14 ` Ada.Strings.Bounded Peter Hermann
2008-04-23 14:40 ` Ada.Strings.Bounded Dmitry A. Kazakov
2008-04-23 15:03 ` Ada.Strings.Bounded Adam Beneschan
2008-04-22 19:56 ` Ada.Strings.Bounded Adam Beneschan
2008-04-21 18:50 ` Ada.Strings.Bounded Dmitry A. Kazakov
2008-04-22 0:31 ` Ada.Strings.Bounded Eric Hughes
2008-04-14 15:11 ` Ada.Strings.Bounded Adam Beneschan
2008-04-14 16:09 ` Ada.Strings.Bounded Eric Hughes
2008-04-14 18:13 ` Ada.Strings.Bounded Georg Bauhaus
2008-04-15 1:35 ` Eric Hughes [this message]
2008-04-15 20:33 ` Ada.Strings.Bounded Georg Bauhaus
2008-04-16 3:11 ` Ada.Strings.Bounded Eric Hughes
2008-04-04 23:35 ` Ada.Bounded_Strings Robert A Duff
2008-04-05 1:46 ` Ada.Bounded_Strings Adam Beneschan
2008-04-05 4:55 ` Ada.Bounded_Strings Randy Brukardt
2008-04-05 7:30 ` Ada.Bounded_Strings Dmitry A. Kazakov
2008-04-06 0:44 ` Ada.Bounded_Strings Randy Brukardt
2008-04-04 16:18 ` Untyped Ada? Adam Beneschan
2008-04-04 16:32 ` DScott
2008-04-04 17:38 ` Dmitry A. Kazakov
2008-04-04 18:52 ` Georg Bauhaus
2008-04-05 8:07 ` Dmitry A. Kazakov
2008-04-04 19:14 ` Graham
2008-04-04 21:06 ` tmoran
2008-04-05 8:44 ` Dmitry A. Kazakov
2008-04-12 16:50 ` Eric Hughes
2008-04-04 18:02 ` adaworks
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox