From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Thread: 103376,34257fd17abeba14 X-Google-Attributes: gid103376,public X-Google-Language: ENGLISH,ASCII Path: g2news2.google.com!news4.google.com!border1.nntp.dca.giganews.com!nntp.giganews.com!wns13feed!worldnet.att.net!attbi_s71.POSTED!53ab2750!not-for-mail From: "Jeffrey R. Carter" Organization: jrcarter at acm dot org User-Agent: Thunderbird 1.5.0.5 (Windows/20060719) MIME-Version: 1.0 Newsgroups: comp.lang.ada Subject: Re: [SPARK] Code safety and information hiding References: <7V3Fg.13573$E02.5018@newsb.telia.net> In-Reply-To: <7V3Fg.13573$E02.5018@newsb.telia.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit Message-ID: <_C8Fg.96140$FQ1.5902@attbi_s71> NNTP-Posting-Host: 12.201.97.176 X-Complaints-To: abuse@mchsi.com X-Trace: attbi_s71 1155864122 12.201.97.176 (Fri, 18 Aug 2006 01:22:02 GMT) NNTP-Posting-Date: Fri, 18 Aug 2006 01:22:02 GMT Date: Fri, 18 Aug 2006 01:22:02 GMT Xref: g2news2.google.com comp.lang.ada:6252 Date: 2006-08-18T01:22:02+00:00 List-Id: Bj�rn Persson wrote: > > Do you call them state variables even when they're local in a subprogram > and "global" only to a nested subprogram? Generally, no. State should usually be encapsulated in a package. In the context of SPARK's "own" and "global" annotations, state for a state-machine package is what I was discussing. There are cases where a main subprogram is essentially a state machine and simply calls subprograms that operate on the state, and I've hacked out a few of those in my day. In retrospect, though, a better and more thorough design, with better encapsulation of the state, would have been better. Variables such as you discuss, though, don't generally have the negative effects of true global variables, found in library-level package specs. I've seen safety-critical SW designed around thousands of such variables in hundreds of packages, with absolutely no documentation. This results in maximal coupling and minimal cohesion. I find such SW very difficult to understand, and don't understand how it was ever certified. -- Jeff Carter "I'm particularly glad that these lovely children were here today to hear that speech. Not only was it authentic frontier gibberish, it expressed a courage little seen in this day and age." Blazing Saddles 88