[cap-talk] is defensive correctness a plausible null hypothesis?
tribble at e-dean.com
Sun May 15 18:58:35 PDT 2011
I think we (likely MarkM) originally coined the term in:
<http://www.erights.org/talks/promises/paper/tgc05.pdf>Which is expanded
upon in his thesis:
On Sun, May 15, 2011 at 6:37 PM, David Barbour <dmbarbour at gmail.com> wrote:
> On Sun, May 15, 2011 at 2:30 PM, Matej Kosik <kosik at fiit.stuba.sk> wrote:
>> I see no way how properties such as defensive correctness
> and defensive consistency could be proved.
> Perhaps you should provide your working definition of 'defensive
> correctness' and 'defensive consistency', along with your assumed
> operational context (local processes? within a process? distributed
> The first reference I found, from a paper on Oz-E , describes,
> "Defensive correctness: is when every entity explicitly checks its
> input arguments when invoked." I imagine this is saying that
> developers at least ensure well-formed inputs, which is much
> weaker than checking invariants and postconditions and the like.
> If 'checking the input arguments' is the definition of 'defensive
> correctness', then what would be the problem with proving it?
> Seems like it would just take a quick inspection of each object...
>  http://www.info.ucl.ac.be/~pvr/oze.pdf
> cap-talk mailing list
> cap-talk at mail.eros-os.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cap-talk