home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!eiffel!eiffel.com
- From: ram@eiffel.com (Raphael Manfredi)
- Newsgroups: comp.lang.eiffel
- Subject: Re: Semantics of invariants
- Message-ID: <159@eiffel.eiffel.com>
- Date: 16 Dec 92 18:13:29 GMT
- References: <1992Dec15.213603.16406@bony1.bony.com> <1992Dec16.163847.17559@nrao.edu>
- Sender: ram@eiffel.com
- Organization: Interactive Software Engineering, Santa Barbara CA
- Lines: 35
-
- Quoting cflatter@nrao.edu from comp.lang.eiffel:
- >In article 16406@bony1.bony.com, richieb@bony1.bony.com (Richard Bielak) writes:
- >>Is the invariant supposed to be true *ALL* the time, once the object is
- >>created?
- >>
- >You can invalidate a class invariant inside a function or procedure
- >provided that it is true on exit. In other words the class invariant
- >is an implicit conjunct of both the precondition and the postcondition
- >of a function or procedure.
-
- Well, that's not completely true. The invariant is indeed added to the
- preconditions and postconditions of a feature ONLY when called remotely,
- i.e. when you write:
-
- a.f;
-
- If you only call:
-
- f;
-
- then the invariant is NOT checked. The reason behind this is that one class
- (e.g. SORTED_TWO_WAY_LIST) may temporarily violate its invariant (typically
- when sorting the list). The sorting algorithm may well rely on two or three
- subroutines, and checking the invariant while in an inconsistent state would
- be fatal... At the time the execution flow "exits" from the class (i.e. when
- we return from the feature in SORTED_TWO_WAY_LIST which was called by a client),
- then of course the invariant must be checked.
-
- This makes the "invariant check" operation difficult, if not impossible, to
- implement concurrently as Richard Bielak suggested it.
- --
- Raphael Manfredi <ram@eiffel.com>
- Interactive Software Engineering Inc.
- 270 Storke Road, Suite #7 / Tel +1 (805) 685-1006 \
- Goleta, California 93117, USA \ Fax +1 (805) 685-6869 /
-
