From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: fac41,2c6139ce13be9980 X-Google-Attributes: gidfac41,public X-Google-Thread: 103376,3d3f20d31be1c33a X-Google-Attributes: gid103376,public From: jsa@alexandria.organon.com (Jon S Anthony) Subject: Re: Precondition Checking For Ada 0X (Was: Separation of IF and Imp: process issue?) Date: 1997/09/18 Message-ID: #1/1 X-Deja-AN: 273611655 References: <341FB47D.1B81@stratus.com> Distribution: world Organization: PSINet Newsgroups: comp.lang.ada,comp.lang.eiffel Date: 1997-09-18T00:00:00+00:00 List-Id: In article bobduff@world.std.com (Robert A Duff) writes: > Note the conceptual difference between preconditions and invariants -- > it's the responsibility of the client to make sure a precondition is > true before calling something, but it's *supposedly* the responsibility > of the class itself to maintain its own invariants. Another very important point in connection with this is that there are many cases where invariants are "system wide" (or even domain wide) and cannot be the responsibility of "the class", which in fact can't even check the invariant much less ensure whether it is true or not (_really_ invariant). In this case, the most that can be done at the "component level" is to publish the "invariant" as a requirement (say in a functional representation (FR) sense or more typically as simply a comment) and then simply _assume_ it. /Jon -- Jon Anthony STL, Belmont, MA 02178, 617.484.3383 "Nightmares - Ha! The way my life's been going lately, Who'd notice?" -- Londo Mollari