Re: Unconstrained type Unchecked_Deallocation

[Robert Dewar <robert_dewar@my-deja.com>]

In article <38F0B641.2346CF95@earthlink.net>,
  "Robert I. Eachus" <rieachus@earthlink.net> wrote:
> Robert Dewar wrote:
>
> > This is complete nonsense as far as I am concerned. The
> > difficulty of conversion here is completely unaffected by
> > whether the unchecked conversion is in the body or in the
> > spec. In either case we have conversions that must be dealt
> > with, and the set of problems is identical in the two cases.
>
>    Sorry, it is completely different.

<<detailed discussion snipped>>

Your discussion boils down to worrying about a class of
programmers who have the following characteristics.

1. They would not dream of looking in a body, and taking
liberties with information derived therefrom.

2. They will look at an unchecked conversion in the spec and
feel free to do stupid things.

OK, maybe there are such programmers, but I have not met them.
I meet really two classes of programmes in this kind of respect.

1. Those who are careful, and know that it would be folly to
depend on the representational equivalence implied by an
unchecked conversion, whether or not it is in the spec or the
body.

2. Those who will do what they like, regardless of what is nice,
and will not hesitate a moment to draw the same (bad) conclusion
from an unchecked conversion in the body as in the spec.

I think trying to make this out as an important methodological
issue is bogus. After all, if you have a function in the spec
whose spec is that it convers from integer to address by the
moral equivalent of unchecked conversion, then you can draw
evil conclusions just from this spec. I cannot imagine some
wonderful high level semantic description of this conversion
that is at an abstraction level different from unchecked
conversion (assuming a reasonable implementation thereof).


Sent via Deja.com http://www.deja.com/
Before you buy.