From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: * X-Spam-Status: No, score=1.3 required=5.0 tests=BAYES_00,INVALID_MSGID, MSGID_RANDY autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,f1111f1bf805022b X-Google-Attributes: gid103376,public From: Robert Dewar Subject: Re: Unconstrained type Unchecked_Deallocation Date: 2000/04/09 Message-ID: <8cqjjb$muu$1@nnrp1.deja.com>#1/1 X-Deja-AN: 608787082 References: <8a0h55$qc5$1@nnrp1.deja.com> <38C3D82F.C9F81832@bton.ac.uk> <38C566CE.6283C0AD@rational.com> <8a6f5s$5st$1@nnrp1.deja.com> <38EBAAD6.3EA21F14@earthlink.net> <8cica0$1iu$1@nnrp1.deja.com> <38F0B641.2346CF95@earthlink.net> X-Http-Proxy: 1.0 x37.deja.com:80 (Squid/1.1.22) for client 205.232.38.14 Organization: Deja.com - Before you buy. X-Article-Creation-Date: Sun Apr 09 18:53:36 2000 GMT X-MyDeja-Info: XMYDJUIDrobert_dewar Newsgroups: comp.lang.ada X-Http-User-Agent: Mozilla/4.61 [en] (OS/2; I) Date: 2000-04-09T00:00:00+00:00 List-Id: In article <38F0B641.2346CF95@earthlink.net>, "Robert I. Eachus" wrote: > Robert Dewar wrote: > > > This is complete nonsense as far as I am concerned. The > > difficulty of conversion here is completely unaffected by > > whether the unchecked conversion is in the body or in the > > spec. In either case we have conversions that must be dealt > > with, and the set of problems is identical in the two cases. > > Sorry, it is completely different. <> Your discussion boils down to worrying about a class of programmers who have the following characteristics. 1. They would not dream of looking in a body, and taking liberties with information derived therefrom. 2. They will look at an unchecked conversion in the spec and feel free to do stupid things. OK, maybe there are such programmers, but I have not met them. I meet really two classes of programmes in this kind of respect. 1. Those who are careful, and know that it would be folly to depend on the representational equivalence implied by an unchecked conversion, whether or not it is in the spec or the body. 2. Those who will do what they like, regardless of what is nice, and will not hesitate a moment to draw the same (bad) conclusion from an unchecked conversion in the body as in the spec. I think trying to make this out as an important methodological issue is bogus. After all, if you have a function in the spec whose spec is that it convers from integer to address by the moral equivalent of unchecked conversion, then you can draw evil conclusions just from this spec. I cannot imagine some wonderful high level semantic description of this conversion that is at an abstraction level different from unchecked conversion (assuming a reasonable implementation thereof). Sent via Deja.com http://www.deja.com/ Before you buy.