From: Niklas Holsti <niklas.holsti@tidorum.invalid>
Subject: Re: Seeking for papers about tagged types vs access to subprograms
Date: Mon, 13 May 2013 22:20:12 +0300
Date: 2013-05-13T22:20:12+03:00 [thread overview]
Message-ID: <avcsncFc6g6U1@mid.individual.net> (raw)
In-Reply-To: <1y21fg5hvajvd.1femngelic1xp.dlg@40tude.net>
On 13-05-13 10:22 , Dmitry A. Kazakov wrote:
> On Mon, 13 May 2013 08:21:14 +0300, Niklas Holsti wrote:
>
>> The point of the example was to illustrate typestate analysis. For this
>> example, with only Open - (Read/Write)* - Close, your approach collapses
>> the example into a trivial one, where adherence to the operation
>> protocol is ensured by the necessity to declare a File_Info object
>> before it can be used. So it would no longer be a useful example.
>
> It is still a useful example of a good software component design.
Hm. In this thread, I think this example is interesting only if it can
show us alternatives to typestate analysis, giving the same verification
power by other means. I don't think this Open-in-declaration approach
(essentially removing the Open and Close operations from the problem)
applies in the general case, so I don't find it interesting in this thread.
>> Your approach works in some cases, but it is problematic if you cannot
>> initialize the object to an "active" state in its declaration, for
>> example because the "activation" is conditional in some way, or must be
>> delayed.
>
> This is rather a language problem. Most of such cases can be attributed to
> the lack or insufficient constructors. The notorious Ada's problem with
> task components is due to the lack of class-wide constructors, when
> Initialize tries to sit on two chairs struggling to be both a specific and
> a class-wide initialization.
The initialization step, which is just the first state transition of an
object, is only a small part of the problem for typestate analysis.
>> The "activation" must then be done in a statement, and the
>> declaration leaves the object in some inactive initial state.
>
> That is not a problem so long this state is not exposed. The idea is that
> when you have an object which may transit from state to state (e.g. a
> connection object, when the connection can be lost), you should not expose
> this state.
Even if the state is hidden from the clients, it is present internally,
and must be considered in any analysis of correctness.
> You better make the object to maintain the state (e.g. by
> making the connection restored by the object automatically) and leave its
> interface free of the state (e.g. an operation on unconnected object would
> block or else raise Busy_Error etc).
Here "unconnected object" is analogous to "closed file". The state
exists, even if hidden from clients. In fact, from the point of view of
typestate analysis, the state is or should be visible, since it affects
the availability or success of operations on the object.
The goal of typestate analysis, even of client code, is to show if
operations can be illegally applied and thus fail, for example by
raising Busy_Error. For this, the analysis must include the
"unconnected" state.
>> Another limitation in your approach is that the opening and closing of
>> different files must be strictly nested: if you declare and open file A,
>> then declare and open file B, file B must be closed before file A is
>> closed (as long as it all happens in the same task). Such forced
>> constraints between the states of different object is often not wanted.
>
> You can have a container, e.g. a bag, to handle this.
This introduces a new object -- the container -- with its own, perhaps
more complex state: whether or not it contains the object (e.g. a
File_Object) that is our real interest. Not a good idea, I think.
> Jeffrey's model translates this into the problem of object's scope
> (lifetime), which saves time and mental efforts.
Only in this special case, the "file" example, where the state structure
is so simple that after hiding the first state transition (Open) into
the construction of the object, and the last state transition (Close)
into the destruction, there is only one state left (Is_Open), which
makes typestate analysis trivial.
--
Niklas Holsti
Tidorum Ltd
niklas holsti tidorum fi
. @ .
next prev parent reply other threads:[~2013-05-13 19:20 UTC|newest]
Thread overview: 202+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-04-28 5:14 Seeking for papers about tagged types vs access to subprograms Yannick Duchêne (Hibou57)
2013-04-30 0:31 ` Yannick Duchêne (Hibou57)
2013-04-30 0:41 ` Shark8
2013-04-30 1:00 ` Yannick Duchêne (Hibou57)
2013-05-02 1:18 ` Randy Brukardt
2013-05-02 2:29 ` Jeffrey Carter
2013-05-06 10:00 ` Yannick Duchêne (Hibou57)
2013-05-06 10:18 ` Dmitry A. Kazakov
2013-05-06 10:55 ` Yannick Duchêne (Hibou57)
2013-05-06 12:11 ` Dmitry A. Kazakov
2013-05-06 13:16 ` Yannick Duchêne (Hibou57)
2013-05-06 14:16 ` Dmitry A. Kazakov
2013-05-06 15:15 ` Yannick Duchêne (Hibou57)
2013-05-06 18:55 ` Dmitry A. Kazakov
2013-05-06 20:05 ` Adam Beneschan
2013-05-07 7:30 ` Dmitry A. Kazakov
2013-05-10 4:33 ` Yannick Duchêne (Hibou57)
2013-05-07 20:35 ` Jacob Sparre Andersen news
2013-05-07 20:44 ` Yannick Duchêne (Hibou57)
2013-05-07 22:32 ` Dennis Lee Bieber
2013-05-07 23:10 ` Adam Beneschan
2013-05-08 0:18 ` Shark8
2013-05-10 4:34 ` Yannick Duchêne (Hibou57)
2013-05-10 8:27 ` Simon Wright
2013-05-10 18:08 ` Niklas Holsti
2013-05-08 7:38 ` Dmitry A. Kazakov
2013-05-08 7:59 ` Yannick Duchêne (Hibou57)
2013-05-08 8:23 ` Dmitry A. Kazakov
2013-05-08 9:39 ` Yannick Duchêne (Hibou57)
2013-05-08 9:51 ` Yannick Duchêne (Hibou57)
2013-05-08 10:23 ` Dmitry A. Kazakov
2013-05-08 11:08 ` Yannick Duchêne (Hibou57)
2013-05-08 15:29 ` Dmitry A. Kazakov
2013-05-08 16:13 ` Yannick Duchêne (Hibou57)
2013-05-08 18:17 ` Dmitry A. Kazakov
2013-05-10 4:35 ` Yannick Duchêne (Hibou57)
2013-05-08 20:27 ` Randy Brukardt
2013-05-09 7:33 ` Dmitry A. Kazakov
2013-05-09 22:19 ` Randy Brukardt
2013-05-10 3:29 ` Yannick Duchêne (Hibou57)
2013-05-10 4:16 ` Yannick Duchêne (Hibou57)
2013-05-10 8:42 ` Dmitry A. Kazakov
2013-05-10 11:18 ` Yannick Duchêne (Hibou57)
2013-05-10 12:15 ` Dmitry A. Kazakov
2013-05-10 12:40 ` Yannick Duchêne (Hibou57)
2013-05-10 12:59 ` Yannick Duchêne (Hibou57)
2013-05-10 13:54 ` Dmitry A. Kazakov
2013-05-10 14:01 ` Yannick Duchêne (Hibou57)
2013-05-10 14:27 ` Dmitry A. Kazakov
2013-05-10 15:20 ` Yannick Duchêne (Hibou57)
2013-05-11 7:22 ` Georg Bauhaus
2013-05-10 18:04 ` Niklas Holsti
2013-05-10 19:33 ` Yannick Duchêne (Hibou57)
2013-05-11 0:18 ` Randy Brukardt
2013-05-11 7:14 ` Yannick Duchêne (Hibou57)
2013-05-11 21:06 ` Niklas Holsti
2013-05-11 23:19 ` Shark8
2013-05-12 6:09 ` Niklas Holsti
2013-05-14 2:02 ` Randy Brukardt
2013-05-12 6:44 ` Yannick Duchêne (Hibou57)
2013-05-12 8:10 ` Niklas Holsti
2013-05-12 8:49 ` Yannick Duchêne (Hibou57)
2013-05-12 18:56 ` Jeffrey Carter
2013-05-12 22:15 ` Robert A Duff
2013-05-13 0:26 ` Jeffrey Carter
2013-05-13 7:03 ` Yannick Duchêne (Hibou57)
2013-05-13 13:15 ` Robert A Duff
2013-05-13 17:30 ` Jeffrey Carter
2013-05-13 18:01 ` J-P. Rosen
2013-05-13 18:39 ` Bill Findlay
2013-05-13 18:57 ` Jeffrey Carter
2013-05-13 19:13 ` Robert A Duff
2013-05-13 20:38 ` J-P. Rosen
2013-05-14 7:26 ` Dmitry A. Kazakov
2013-05-14 20:00 ` Robert A Duff
2013-05-15 10:10 ` Dmitry A. Kazakov
2013-05-14 19:56 ` Robert A Duff
2013-05-15 4:24 ` Yannick Duchêne (Hibou57)
2013-05-15 9:28 ` Dmitry A. Kazakov
2013-05-15 11:31 ` Peter C. Chapin
2013-05-15 12:32 ` Yannick Duchêne (Hibou57)
2013-05-15 19:59 ` Peter C. Chapin
2013-05-15 20:56 ` Dmitry A. Kazakov
2013-05-15 12:46 ` Dmitry A. Kazakov
2013-05-15 18:15 ` Jeffrey Carter
2013-05-15 19:18 ` Eryndlia Mavourneen
2013-05-15 19:57 ` Dmitry A. Kazakov
2013-05-15 20:37 ` Yannick Duchêne (Hibou57)
2013-05-15 20:48 ` Dmitry A. Kazakov
2013-05-16 12:45 ` Eryndlia Mavourneen
2013-05-16 17:16 ` Jeffrey Carter
2013-05-16 9:41 ` G.B.
2013-05-16 12:35 ` J-P. Rosen
2013-05-15 14:21 ` J-P. Rosen
2013-05-14 2:14 ` Randy Brukardt
2013-05-14 19:35 ` Robert A Duff
2013-05-15 4:11 ` Yannick Duchêne (Hibou57)
2013-05-16 23:36 ` Randy Brukardt
2013-05-13 5:21 ` Niklas Holsti
2013-05-13 7:22 ` Dmitry A. Kazakov
2013-05-13 8:23 ` Yannick Duchêne (Hibou57)
2013-05-13 19:20 ` Niklas Holsti [this message]
2013-05-14 8:14 ` Dmitry A. Kazakov
2013-05-10 3:47 ` Yannick Duchêne (Hibou57)
2013-05-11 0:22 ` Randy Brukardt
2013-05-11 7:22 ` Yannick Duchêne (Hibou57)
2013-05-10 3:59 ` Yannick Duchêne (Hibou57)
2013-05-10 4:03 ` Yannick Duchêne (Hibou57)
2013-05-10 7:48 ` Dmitry A. Kazakov
2013-05-10 8:12 ` Yannick Duchêne (Hibou57)
2013-05-10 15:11 ` Yannick Duchêne (Hibou57)
2013-05-11 0:42 ` Randy Brukardt
2013-05-11 6:37 ` Dmitry A. Kazakov
2013-05-11 7:06 ` Georg Bauhaus
2013-05-11 7:42 ` Dmitry A. Kazakov
2013-05-11 8:14 ` Yannick Duchêne (Hibou57)
2013-05-14 2:29 ` Randy Brukardt
2013-05-14 7:44 ` Dmitry A. Kazakov
2013-05-14 11:34 ` Yannick Duchêne (Hibou57)
2013-05-14 12:16 ` Dmitry A. Kazakov
2013-05-14 13:13 ` Yannick Duchêne (Hibou57)
2013-05-14 18:41 ` Randy Brukardt
2013-05-15 11:20 ` Peter C. Chapin
2013-05-15 13:00 ` Dmitry A. Kazakov
2013-05-15 21:12 ` Peter C. Chapin
2013-05-15 22:08 ` Dmitry A. Kazakov
2013-05-16 11:31 ` Peter C. Chapin
2013-05-16 11:56 ` Yannick Duchêne (Hibou57)
2013-05-16 12:20 ` Dmitry A. Kazakov
2013-05-16 13:10 ` Peter C. Chapin
2013-05-16 13:54 ` Dmitry A. Kazakov
2013-05-16 17:15 ` G.B.
2013-05-16 18:09 ` Peter C. Chapin
2013-05-16 19:16 ` Dmitry A. Kazakov
2013-05-16 21:59 ` Georg Bauhaus
2013-05-17 19:57 ` Dmitry A. Kazakov
2013-05-16 21:20 ` Niklas Holsti
2013-05-16 23:20 ` Peter C. Chapin
2013-05-17 5:25 ` Niklas Holsti
2013-05-17 7:53 ` Georg Bauhaus
2013-05-16 13:09 ` Eryndlia Mavourneen
2013-05-11 7:58 ` Yannick Duchêne (Hibou57)
2013-05-11 9:08 ` Dmitry A. Kazakov
2013-05-11 18:14 ` Niklas Holsti
2013-05-11 8:03 ` Yannick Duchêne (Hibou57)
2013-05-11 9:16 ` Dmitry A. Kazakov
2013-05-11 11:49 ` Georg Bauhaus
2013-05-11 12:25 ` Dmitry A. Kazakov
2013-05-11 22:51 ` Robert A Duff
2013-05-12 6:02 ` Dmitry A. Kazakov
2013-05-12 6:25 ` Yannick Duchêne (Hibou57)
2013-05-12 7:14 ` Dmitry A. Kazakov
2013-05-12 7:37 ` Simon Wright
2013-05-12 7:59 ` Dmitry A. Kazakov
2013-05-12 8:21 ` Yannick Duchêne (Hibou57)
2013-05-12 9:25 ` Dmitry A. Kazakov
2013-05-12 9:32 ` Yannick Duchêne (Hibou57)
2013-05-12 10:07 ` Dmitry A. Kazakov
2013-05-11 7:32 ` Yannick Duchêne (Hibou57)
2013-05-11 7:46 ` Yannick Duchêne (Hibou57)
2013-05-14 12:46 ` Weaker typing as a part of the way to stronger typing? (Was: Seeking for papers about tagged types vs access to subprograms) Jacob Sparre Andersen
2013-05-14 19:08 ` Randy Brukardt
2013-05-10 16:02 ` Seeking for papers about tagged types vs access to subprograms Yannick Duchêne (Hibou57)
2013-05-08 20:12 ` Randy Brukardt
2013-05-09 7:50 ` Dmitry A. Kazakov
2013-05-09 21:43 ` Randy Brukardt
2013-05-10 4:39 ` Yannick Duchêne (Hibou57)
2013-05-10 7:49 ` Dmitry A. Kazakov
2013-05-11 0:09 ` Randy Brukardt
2013-05-11 6:40 ` Dmitry A. Kazakov
2013-05-14 3:01 ` Randy Brukardt
2013-05-14 8:32 ` Dmitry A. Kazakov
2013-05-14 19:02 ` Randy Brukardt
2013-05-15 4:43 ` Yannick Duchêne (Hibou57)
2013-05-16 23:27 ` Randy Brukardt
2013-05-15 9:14 ` G.B.
2013-05-15 12:08 ` Dmitry A. Kazakov
2013-05-15 14:43 ` G.B.
2013-05-15 15:02 ` Dmitry A. Kazakov
2013-05-14 19:21 ` Robert A Duff
2013-05-10 4:29 ` Yannick Duchêne (Hibou57)
2013-05-07 1:14 ` Randy Brukardt
2013-05-07 2:42 ` Yannick Duchêne (Hibou57)
2013-05-07 1:09 ` Randy Brukardt
2013-05-07 7:41 ` Dmitry A. Kazakov
2013-05-07 20:27 ` Jacob Sparre Andersen news
2013-05-07 20:40 ` Yannick Duchêne (Hibou57)
2013-05-08 7:57 ` Dmitry A. Kazakov
2013-05-08 20:37 ` Randy Brukardt
2013-05-09 8:04 ` Dmitry A. Kazakov
2013-05-09 21:33 ` Randy Brukardt
2013-05-10 7:15 ` Dmitry A. Kazakov
2013-05-11 1:00 ` Randy Brukardt
2013-05-11 7:08 ` Yannick Duchêne (Hibou57)
2013-05-11 7:12 ` Dmitry A. Kazakov
2013-05-14 2:52 ` Randy Brukardt
2013-05-11 5:31 ` Simon Wright
2013-05-11 7:22 ` Dmitry A. Kazakov
2013-05-02 1:09 ` Randy Brukardt
2013-05-02 6:56 ` Dmitry A. Kazakov
2013-05-02 21:49 ` Randy Brukardt
2013-05-03 6:49 ` Dmitry A. Kazakov
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox