[MUD-Dev] Object Models

John Buehler johnbue at msn.com
Thu Nov 30 09:52:39 CET 2000 

> Miroslav Silovic writes:

> "John Buehler" <johnbue at msn.com> writes:
>
> > To me, runtime type checking implies the possibility of a piece of
> > code getting its hands on a component that is supposed to be type A,
> > but in fact it is type B.  Static type checking is intended to
> > ensure that this situation does not take place because the component
> > is known to be type B and, therefore, cannot be passed to the code
> > which has declared itself to accept only type A components.
>
> This is so easy to catch by testing that it's almost irrelevant. The
> assertions failures are the real source of errors in any interesting
> piece of code.
>
> > Your mention of verification of pre- and post-conditions, class
> > invariants and such suggests to me that you consider this to be
> > related to type checking.  It is, after a fashion, but we were doing
> > those things up front.  So we would define precise contracts,
> > implement components and then verify those components against those
> > contracts by actually running the component exhaustively and
> > verifying that the contracts were adhered to.  Once that process is
> > completed, the component is declared to be of type X and is shipped.
>
> Yes, well, type is a set of objects satifying certain conditions. So a
> set of objects that satisfy a precondition is also a type, by this
> definition (I know of at least two programming languages that don't
> make a distiction between a type and a constraint).
>
> So you're telling me that you -still- check your types by testing,
> which is precisely my argument.
>
> > > Whenever I use strong typing, I'm left with an impression that I spend
> > > lots of effort declaring things for VERY little gain - this is because
> > > most of my errors end up having nothing to do with anything that can
> > > be statically checked.
> >
> > This really throws me a curve.  What errors are we talking about?
>
> I meant 'bugs' here.

Sorry for quoting the whole thing, but it seems to point to the real
difference.  We would extensively exercise a component in order to verify
that it actually satisfies all assertions about a given type, and then we
would rely on a language's typing system (which is hopefully strong) to
ensure that only components which are permitted to be used will be used.
Certainly we're running the component in order to verify its correct
operation, but we're not doing it in the running application.  A separate
test rig is used, with per-contract tests that also ensure full code and arc
coverage.

Because so much effort boils down to ensuring that the type of a component
is a very real statement (no known deviations), the use of strong typing
then gains significant value.  We didn't polute things by then using type
casts which were, unfortunately, permitted by the language (C).

The 'real' difference may be a thousand angels versus a thousand and one on
the head of a pin.  I'm not sure.

JB


_______________________________________________
MUD-Dev mailing list
MUD-Dev at kanga.nu
https://www.kanga.nu/lists/listinfo/mud-dev

More information about the mud-dev-archive mailing list