Re: Silly and stupid post-condition or not ?

comp.lang.ada
 help / color / mirror / Atom feed

From: "Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de>
Subject: Re: Silly and stupid post-condition or not ?
Date: Sat, 4 Feb 2012 11:47:46 +0100
Date: 2012-02-04T11:47:46+01:00	[thread overview]
Message-ID: <l45fh1taar7a.3yazbzju0eq4.dlg@40tude.net> (raw)
In-Reply-To: jgi7uq$ph8$1@munin.nbi.dk

On Fri, 3 Feb 2012 21:16:34 -0600, Randy Brukardt wrote:

> "Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de> wrote in message 
> news:1q29nqwr7e7u4.1qrz4gd6twxim.dlg@40tude.net...
> ...
>> You and Randy confuse a generalized semantics with an undefined one. The
>> key question is the relation of the variance of the generalized/unspecified
>> part to the program's behavior. In your example odd values like 1,3 are not
>> used by the program, or at least supposed to be unused. In the OP example,
>> Format_Error of unspecified semantics is to be used heavily.
> 
> In practice, they're the same thing. It will never be practical to fully 
> describe the semantics a real program (like, say, an Ada compiler). Even if 
> someone invents a far more descriptive formalism than plain Ada expressions 
> to describe such things, it's going to be far too complex to use.

Sure, but this is a fault of your (read: ARG) approach.

Look, you are trying to describe the semantics of a program written in the 
language (Ada expression) in the same language (Ada expression), though in 
the form of "pre-"/"post-" conditions. That would not work. No need to even 
try! Isn't it obvious, that there is no value added? It is the same 
language of same power. Why do you expect it work any better by merely 
moving code from bodies to the declarations?

> Beyond that, there is not such thing as "I don't intend to use something". 
> Unless the program somehow prevents it, *it* will get used and will happen.

Absolutely. But that does not imply that a dynamic check could magically 
make unusable usable.

> You will get odd values in the data type that J-P described -- it does not 
> matter how they happened. And you will be happy (or at least ought to be) 
> that some bugs are detected even if not all.

No, I am very unhappy when the original appearance of a bug is modified by 
some middleman (e.g. exception propagation).

That is assuming absence of false positives. But as we learned from the 
history accessibility checks, false positives are very likely to happen. 
When highly qualified Ada designers failed to design a check properly, what 
to expect from a layman programmer adding fancy pre-/postconditions in his 
program?

> But to claim that just because it's practically impossible to describe the 
> complete behavior of real systems does not mean that there is no benefit to 
> describing the easy part.

No, if that description is incomplete;
No, if that is a dynamic check, rather than a description;
No, if the remaining part cannot be implemented because of the choice made;
No, if the easy part is unimportant to the goal at hand.

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de

     prev parent reply	other threads:[~2012-02-04 10:48 UTC|newest]

Thread overview: 84+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-01-30 23:11 Silly and stupid post‑condition or not ? Yannick Duchêne (Hibou57)
2012-01-31  6:47 ` J-P. Rosen
2012-01-31 18:48   ` Jeffrey Carter
2012-01-31 22:02     ` Yannick Duchêne (Hibou57)
2012-01-31  8:54 ` Dmitry A. Kazakov
2012-01-31  9:35   ` Georg Bauhaus
2012-01-31 10:22     ` Dmitry A. Kazakov
2012-01-31 12:33       ` Georg Bauhaus
2012-01-31 13:52         ` Dmitry A. Kazakov
2012-01-31 15:34           ` Georg Bauhaus
2012-01-31 16:24             ` Dmitry A. Kazakov
2012-01-31 19:44               ` Georg Bauhaus
2012-02-01  8:41                 ` Dmitry A. Kazakov
2012-02-01 10:37                   ` stefan-lucks
2012-02-01 10:51                     ` Yannick Duchêne (Hibou57)
2012-02-01 13:49                     ` Yannick Duchêne (Hibou57)
2012-02-01 13:49                     ` Dmitry A. Kazakov
2012-02-01 16:37                       ` stefan-lucks
2012-02-02  1:50                         ` Silly and stupid post�?'condition " Randy Brukardt
2012-02-02  1:56                           ` Silly and stupid postâ?'condition or notÂ ? Yannick Duchêne (Hibou57)
2012-02-03  2:45                             ` Silly and stupid post�?'condition or not ? Randy Brukardt
2012-02-02  8:25                         ` Silly and stupid post‑condition " Dmitry A. Kazakov
2012-02-02  9:01                           ` stefan-lucks
2012-02-02  9:18                           ` stefan-lucks
2012-02-02 10:04                             ` Dmitry A. Kazakov
2012-01-31 22:08         ` Yannick Duchêne (Hibou57)
2012-01-31 17:28 ` Dmitry A. Kazakov
2012-01-31 22:12   ` Yannick Duchêne (Hibou57)
2012-02-01  8:49     ` Dmitry A. Kazakov
2012-02-01  8:36 ` Stephen Leake
2012-02-01 16:30   ` Silly and stupid post-condition " Adam Beneschan
2012-02-02  9:40     ` Stephen Leake
2012-02-02 13:20       ` Georg Bauhaus
2012-02-02 13:35         ` Yannick Duchêne (Hibou57)
2012-02-03  3:13       ` Randy Brukardt
2012-02-03  3:33         ` Yannick Duchêne (Hibou57)
2012-02-03  8:12         ` Simon Wright
2012-02-07  2:29           ` BrianG
2012-02-07 10:43             ` Simon Wright
2012-02-08  2:25               ` BrianG
2012-02-07 21:15             ` Robert A Duff
2012-02-03  9:11         ` Dmitry A. Kazakov
2012-02-04  3:27           ` Randy Brukardt
2012-02-04 10:15             ` Dmitry A. Kazakov
2012-02-03 12:25         ` Phil Thornley
2012-02-04  9:30         ` Phil Thornley
2012-02-04 12:02         ` Phil Thornley
2012-02-05  6:18           ` Randy Brukardt
2012-02-05 10:23             ` Phil Thornley
2012-02-05 10:55               ` Yannick Duchêne (Hibou57)
2012-02-05 15:03               ` Robert A Duff
2012-02-05 18:04                 ` Phil Thornley
2012-02-05 21:27                   ` Robert A Duff
2012-02-05 23:09                     ` Phil Thornley
2012-02-07  2:05               ` Randy Brukardt
2012-02-07  9:38                 ` Dmitry A. Kazakov
2012-02-05 11:31             ` Yannick Duchêne (Hibou57)
2012-02-05 14:50             ` Robert A Duff
2012-02-07  2:11               ` Randy Brukardt
2012-02-07  2:34             ` BrianG
2012-02-07  4:38               ` Yannick Duchêne (Hibou57)
2012-02-09  3:10               ` Randy Brukardt
2012-02-04 23:07         ` Stephen Leake
2012-02-05  2:49           ` Yannick Duchêne (Hibou57)
2012-02-05  6:29           ` Randy Brukardt
2012-02-05 11:40             ` Yannick Duchêne (Hibou57)
2012-02-07  1:36               ` Randy Brukardt
2012-02-05 15:16             ` Robert A Duff
2012-02-06  4:56               ` Yannick Duchêne (Hibou57)
2012-02-06 14:39                 ` Robert A Duff
2012-02-06 16:12                   ` Yannick Duchêne (Hibou57)
2012-02-07  1:46               ` Randy Brukardt
2012-02-07 17:24                 ` Robert A Duff
2012-02-03  6:26       ` J-P. Rosen
2012-02-03  9:12         ` Dmitry A. Kazakov
2012-02-03  9:48           ` Yannick Duchêne (Hibou57)
2012-02-03 11:09             ` Dmitry A. Kazakov
2012-02-03 11:40               ` Yannick Duchêne (Hibou57)
2012-02-03 13:18                 ` Dmitry A. Kazakov
2012-02-03 14:14                   ` Yannick Duchêne (Hibou57)
2012-02-03 14:45                     ` Dmitry A. Kazakov
2012-02-04  3:16           ` Randy Brukardt
2012-02-04  6:27             ` Yannick Duchêne (Hibou57)
2012-02-04 10:47             ` Dmitry A. Kazakov [this message]

replies disabled

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox