From: Maciej Sobczak <no.spam@no.spam.com>
Subject: Re: [SPARK] Code safety and information hiding
Date: Thu, 17 Aug 2006 09:01:21 +0200
Date: 2006-08-17T09:01:21+02:00 [thread overview]
Message-ID: <ec1480$o4c$1@sunnews.cern.ch> (raw)
In-Reply-To: <gFKEg.138542$1i1.49988@attbi_s72>
Jeffrey R. Carter wrote:
>> type Seed_Type is private;
>
> This is never referenced, so may be removed.
I specifically wrote '-- ...' in the private part to show that it has
some content, but not relevant to the main point.
>> private -- ...
>
> No private part needed, since we've removed Seed_Type.
The private part is needed to define Seed_Type, which was elided as not
relevant.
But as I've said, it's not relevant. :-)
>> It looks that the dependency between the body and spec is no longer
>> one-way, as it logically should be, but the coupling is stronger - I
>> cannot even change the name of the own Seed object, because it will
>> force me to update the annotations in the specs; which in turn will
>> force other packages (which should not depend on what name I use for
>> Seed) that depend on these specs to recompile.
>
> No such coupling need exist. Suppose you decide during implementation
> that the name of the state variable should really be Fred. This probably
> means that you need to revisit the design decisions that lead to
> choosing the name Seed, but maybe Seed is a good name for the clients of
> the package, but not for the implementation. In that case, the body can
> contain
>
> --# own Seed is Fred;
Interesting, but it looks that there is another solution to this:
refinement. The specification only says that there is some State and the
body clarifies what are the components of the State. This decouples the
minor design decisions (like the choice of names in the implementation)
from the clients, which then only need to know what affects the state -
now treated in abstract terms - and what doesn't.
> [Aside: I really don't like the use of the term "global" for state
> variables. True global variables (in package specs) should be illegal;
> state variables are a different cup of fish and should not be tainted by
> the "global" label.]
Agreed. Moreover, SPARK calls "global" even those variables, which are
actually local in the scope that encloses the definition of the given
subprogram. Intuitively, "globalness" of some name should not be a
property of the place where the name is used.
--
Maciej Sobczak : http://www.msobczak.com/
Programming : http://www.msobczak.com/prog/
next prev parent reply other threads:[~2006-08-17 7:01 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-08-16 7:56 [SPARK] Code safety and information hiding Maciej Sobczak
2006-08-16 8:53 ` roderick.chapman
2006-08-16 11:18 ` Stuart
2006-08-16 13:23 ` Maciej Sobczak
2006-08-16 19:49 ` [SPARK] " Jeffrey R. Carter
2006-08-17 7:01 ` Maciej Sobczak [this message]
2006-08-17 18:08 ` Jeffrey R. Carter
2006-08-17 20:00 ` Björn Persson
2006-08-18 1:22 ` Jeffrey R. Carter
2006-08-18 19:39 ` Björn Persson
2006-08-19 5:35 ` Jeffrey R. Carter
2006-08-19 12:47 ` Björn Persson
2006-08-20 3:58 ` Jeffrey R. Carter
2006-08-20 11:35 ` Björn Persson
2006-08-18 23:02 ` Robert A Duff
2006-08-19 5:40 ` Jeffrey R. Carter
2006-08-19 9:49 ` Stephen Leake
2006-08-20 3:52 ` Jeffrey R. Carter
2006-08-20 19:06 ` Stephen Leake
2006-08-21 1:07 ` Jeffrey R. Carter
2006-08-21 7:25 ` Maciej Sobczak
2006-08-21 19:31 ` Jeffrey R. Carter
2006-08-21 19:58 ` Dmitry A. Kazakov
2006-08-21 21:06 ` Björn Persson
2006-08-22 7:16 ` Maciej Sobczak
2006-08-22 9:45 ` Björn Persson
2006-08-22 12:42 ` Maciej Sobczak
2006-08-22 7:27 ` Dmitry A. Kazakov
2006-08-21 11:30 ` Colin Paul Gloster
2006-08-22 10:51 ` Stephen Leake
2006-08-23 9:44 ` Peter Amey
2006-08-23 22:37 ` Jeffrey R. Carter
2006-08-24 10:55 ` Peter Amey
2006-08-24 23:33 ` Jeffrey R. Carter
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox