From: "Randy Brukardt" <randy@rrsoftware.com>
Subject: Re: Silly and stupid post-condition or not ?
Date: Fri, 3 Feb 2012 21:16:34 -0600
Date: 2012-02-03T21:16:34-06:00 [thread overview]
Message-ID: <jgi7uq$ph8$1@munin.nbi.dk> (raw)
In-Reply-To: 1q29nqwr7e7u4.1qrz4gd6twxim.dlg@40tude.net
"Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de> wrote in message
news:1q29nqwr7e7u4.1qrz4gd6twxim.dlg@40tude.net...
...
> You and Randy confuse a generalized semantics with an undefined one. The
> key question is the relation of the variance of the
> generalized/unspecified
> part to the program's behavior. In your example odd values like 1,3 are
> not
> used by the program, or at least supposed to be unused. In the OP example,
> Format_Error of unspecified semantics is to be used heavily.
In practice, they're the same thing. It will never be practical to fully
describe the semantics a real program (like, say, an Ada compiler). Even if
someone invents a far more descriptive formalism than plain Ada expressions
to describe such things, it's going to be far too complex to use.
(Personally, I get confused when people start going beyond basic boolean
logic; I'd rather people didn't even bother to go beyond that because it's
worthless to the majority of programmers.)
Beyond that, there is not such thing as "I don't intend to use something".
Unless the program somehow prevents it, *it* will get used and will happen.
You will get odd values in the data type that J-P described -- it does not
matter how they happened. And you will be happy (or at least ought to be)
that some bugs are detected even if not all.
But to claim that just because it's practically impossible to describe the
complete behavior of real systems does not mean that there is no benefit to
describing the easy part. And that is exactly what you are arguing -- and it
should be clear to any Ada programmer that that is a fallicy.
Similarly, describing *part* of the semantics of a subprogram with a
postcondition, and part with comments is perfectly valid and possibly
useful. (That's especially true as checking many of the requirements might
be too expensive at runtime, and thus they practically have to be omitted
from the formal postcondition.)
Randy.
next prev parent reply other threads:[~2012-02-04 3:16 UTC|newest]
Thread overview: 84+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-01-30 23:11 Silly and stupid post‑condition or not ? Yannick Duchêne (Hibou57)
2012-01-31 6:47 ` J-P. Rosen
2012-01-31 18:48 ` Jeffrey Carter
2012-01-31 22:02 ` Yannick Duchêne (Hibou57)
2012-01-31 8:54 ` Dmitry A. Kazakov
2012-01-31 9:35 ` Georg Bauhaus
2012-01-31 10:22 ` Dmitry A. Kazakov
2012-01-31 12:33 ` Georg Bauhaus
2012-01-31 13:52 ` Dmitry A. Kazakov
2012-01-31 15:34 ` Georg Bauhaus
2012-01-31 16:24 ` Dmitry A. Kazakov
2012-01-31 19:44 ` Georg Bauhaus
2012-02-01 8:41 ` Dmitry A. Kazakov
2012-02-01 10:37 ` stefan-lucks
2012-02-01 10:51 ` Yannick Duchêne (Hibou57)
2012-02-01 13:49 ` Yannick Duchêne (Hibou57)
2012-02-01 13:49 ` Dmitry A. Kazakov
2012-02-01 16:37 ` stefan-lucks
2012-02-02 1:50 ` Silly and stupid post�?'condition " Randy Brukardt
2012-02-02 1:56 ` Silly and stupid postâ?'condition or not ? Yannick Duchêne (Hibou57)
2012-02-03 2:45 ` Silly and stupid post�?'condition or not ? Randy Brukardt
2012-02-02 8:25 ` Silly and stupid post‑condition " Dmitry A. Kazakov
2012-02-02 9:01 ` stefan-lucks
2012-02-02 9:18 ` stefan-lucks
2012-02-02 10:04 ` Dmitry A. Kazakov
2012-01-31 22:08 ` Yannick Duchêne (Hibou57)
2012-01-31 17:28 ` Dmitry A. Kazakov
2012-01-31 22:12 ` Yannick Duchêne (Hibou57)
2012-02-01 8:49 ` Dmitry A. Kazakov
2012-02-01 8:36 ` Stephen Leake
2012-02-01 16:30 ` Silly and stupid post-condition " Adam Beneschan
2012-02-02 9:40 ` Stephen Leake
2012-02-02 13:20 ` Georg Bauhaus
2012-02-02 13:35 ` Yannick Duchêne (Hibou57)
2012-02-03 3:13 ` Randy Brukardt
2012-02-03 3:33 ` Yannick Duchêne (Hibou57)
2012-02-03 8:12 ` Simon Wright
2012-02-07 2:29 ` BrianG
2012-02-07 10:43 ` Simon Wright
2012-02-08 2:25 ` BrianG
2012-02-07 21:15 ` Robert A Duff
2012-02-03 9:11 ` Dmitry A. Kazakov
2012-02-04 3:27 ` Randy Brukardt
2012-02-04 10:15 ` Dmitry A. Kazakov
2012-02-03 12:25 ` Phil Thornley
2012-02-04 9:30 ` Phil Thornley
2012-02-04 12:02 ` Phil Thornley
2012-02-05 6:18 ` Randy Brukardt
2012-02-05 10:23 ` Phil Thornley
2012-02-05 10:55 ` Yannick Duchêne (Hibou57)
2012-02-05 15:03 ` Robert A Duff
2012-02-05 18:04 ` Phil Thornley
2012-02-05 21:27 ` Robert A Duff
2012-02-05 23:09 ` Phil Thornley
2012-02-07 2:05 ` Randy Brukardt
2012-02-07 9:38 ` Dmitry A. Kazakov
2012-02-05 11:31 ` Yannick Duchêne (Hibou57)
2012-02-05 14:50 ` Robert A Duff
2012-02-07 2:11 ` Randy Brukardt
2012-02-07 2:34 ` BrianG
2012-02-07 4:38 ` Yannick Duchêne (Hibou57)
2012-02-09 3:10 ` Randy Brukardt
2012-02-04 23:07 ` Stephen Leake
2012-02-05 2:49 ` Yannick Duchêne (Hibou57)
2012-02-05 6:29 ` Randy Brukardt
2012-02-05 11:40 ` Yannick Duchêne (Hibou57)
2012-02-07 1:36 ` Randy Brukardt
2012-02-05 15:16 ` Robert A Duff
2012-02-06 4:56 ` Yannick Duchêne (Hibou57)
2012-02-06 14:39 ` Robert A Duff
2012-02-06 16:12 ` Yannick Duchêne (Hibou57)
2012-02-07 1:46 ` Randy Brukardt
2012-02-07 17:24 ` Robert A Duff
2012-02-03 6:26 ` J-P. Rosen
2012-02-03 9:12 ` Dmitry A. Kazakov
2012-02-03 9:48 ` Yannick Duchêne (Hibou57)
2012-02-03 11:09 ` Dmitry A. Kazakov
2012-02-03 11:40 ` Yannick Duchêne (Hibou57)
2012-02-03 13:18 ` Dmitry A. Kazakov
2012-02-03 14:14 ` Yannick Duchêne (Hibou57)
2012-02-03 14:45 ` Dmitry A. Kazakov
2012-02-04 3:16 ` Randy Brukardt [this message]
2012-02-04 6:27 ` Yannick Duchêne (Hibou57)
2012-02-04 10:47 ` Dmitry A. Kazakov
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox