From: Peter Williams <pwil3058@bigpond.net.au>
To: Tomas Carnecky <tom@dbservice.com>
Cc: Bernd Eckenfels <ecki-news2004-05@lina.inka.de>,
linux-kernel@vger.kernel.org
Subject: Re: [RFC] Splitting kernel headers and deprecating __KERNEL__
Date: Fri, 03 Dec 2004 09:17:13 +1100 [thread overview]
Message-ID: <41AF9469.1060301@bigpond.net.au> (raw)
In-Reply-To: <41AEFCCC.10907@dbservice.com>
Tomas Carnecky wrote:
> Peter Williams wrote:
>
>> Design by contract isn't really an agreement between the caller and
>> the callee (which may not even exist when the contract is created).
>> It's more of a (one way) promise by the callee that if the interface
>> is used as described in the contract that it will correctly perform
>> the advertised operation (where the advertised operation generally
>> includes descriptions of possible failures and how they will be
>> signalled). Most C APIs meet these criteria even though their pre and
>> post conditions are expressed less formally than an Eiffel interface.
>
>
> Design by Contract, as seen in the Eiffel language, is not a one way
> promise, it's a contract between the caller and callee. Both sides have
> to fullfil their part of the contract, the caller has to make sure that
> the input are valid, and (only) given that, the callee can/has to make
> sure that the caller gets the right output.
>
> BTW, Bertrand Meyer is one of my professors, I should know the Eiffel
> language... :)
Yes, but I still think it's essentially a one way thing. The writer of
the callee doesn't have to consult with the writer of the caller to
negotiate the contract (although that option isn't ruled out either) so
it's essentially a unilateral promise on the part of the callee. This
would especially be the case when writing library interfaces as it's
impossible for the writer of the callee to negotiate with all the
(potential) writers of callers to agree on an interface.
>
>> I agree but think it's important to realize that it's a unilateral
>> promise on the part of the callee (rather than agreement between the
>> callee and the caller) which is in accord with Linus's view of the ABI.
>
>
> Whenever you have two sides/parties, you have to agree on _something_,
> otherwise you can't communicate, if you speak to someone, you have to
> choose a language in which to speak, that's the first agreement.
> In this situation you have two sides, the kernel and the userspace. Your
> first agreement is the syscall number, and then the arguments, the type
> and format of the arguments, etc. Both sides have to agree on those things.
Not really. In the final analysis, userspace has to accept what the
kernel provides. It's not really a conversation it's more like a
billboard on which the kernel describes an interface and makes promises
about how it will operate if used according to the specification (or
contract). If the caller fails to use the interface within the
constraints of the specification (or contract) then the result is
indeterminate and the callee can do whatever it likes including failing
silently or even crashing (although that wouldn't be a good idea for a
kernel interface).
Peter
--
Peter Williams pwil3058@bigpond.net.au
"Learning, n. The kind of ignorance distinguishing the studious."
-- Ambrose Bierce
next prev parent reply other threads:[~2004-12-02 22:17 UTC|newest]
Thread overview: 185+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-11-25 15:13 [RFC] Splitting kernel headers and deprecating __KERNEL__ David Howells
2004-11-25 15:23 ` David Woodhouse
2004-11-25 16:54 ` Matthew Wilcox
2004-11-25 18:17 ` David Woodhouse
2004-11-27 3:24 ` Greg KH
2004-11-28 23:37 ` Paul Mackerras
2004-11-29 1:28 ` Linus Torvalds
2004-11-29 4:36 ` Jeff Garzik
2004-11-29 4:57 ` Al Viro
2004-11-29 5:27 ` Tim Hockin
2004-11-29 7:51 ` Arjan van de Ven
2004-12-05 0:49 ` Rob Landley
2004-12-05 2:26 ` Andries Brouwer
2004-12-05 13:19 ` David Greaves
2004-12-05 15:57 ` Andries Brouwer
2004-12-05 23:05 ` Rob Landley
2004-12-06 9:56 ` Andries Brouwer
2004-11-29 9:42 ` David Woodhouse
2004-11-30 8:08 ` Alex Riesen
2004-11-30 8:57 ` Alex Riesen
2004-12-01 11:46 ` Ralf Baechle
2004-12-02 1:21 ` H. Peter Anvin
2004-11-29 9:53 ` Paul Mackerras
2004-11-29 9:57 ` Arjan van de Ven
2004-11-29 10:01 ` David Woodhouse
2004-11-29 11:41 ` Mariusz Mazur
2004-11-29 17:09 ` Alexandre Oliva
2004-11-29 17:41 ` Linus Torvalds
2004-11-29 22:44 ` Al Viro
2004-12-01 11:36 ` Roman Zippel
[not found] ` <oract0thnj.fsf@livre.redhat.lsd.ic.unicamp.br>
2004-11-29 23:00 ` Linus Torvalds
2004-11-30 0:45 ` H. Peter Anvin
2004-11-30 5:31 ` Herbert Poetzl
2004-11-30 6:44 ` bert hubert
2004-11-30 21:22 ` Alexandre Oliva
2004-11-30 22:22 ` Linus Torvalds
2004-11-30 22:57 ` Alexandre Oliva
2004-11-30 23:12 ` Linus Torvalds
2004-12-01 19:41 ` Alexandre Oliva
2004-12-01 19:54 ` Matthew Wilcox
2004-12-02 3:58 ` Linus Torvalds
2004-12-02 4:28 ` Bernd Eckenfels
2004-12-02 5:11 ` Peter Williams
2004-12-02 11:30 ` Tomas Carnecky
2004-12-02 22:17 ` Peter Williams [this message]
2004-12-02 9:29 ` Pekka Enberg
2004-12-02 15:35 ` Linus Torvalds
2004-12-02 21:46 ` Pekka Enberg
2004-11-30 15:33 ` David Howells
2004-11-30 15:51 ` Linus Torvalds
2004-11-30 16:18 ` David Howells
2004-11-30 20:47 ` Alexandre Oliva
2004-11-30 20:56 ` Linus Torvalds
2004-11-30 21:30 ` Alexandre Oliva
2004-11-30 21:39 ` Alexandre Oliva
2004-11-30 23:33 ` Matthew Wilcox
2004-11-30 22:25 ` Linus Torvalds
2004-11-30 22:34 ` David Woodhouse
2004-11-30 22:51 ` Linus Torvalds
2004-11-30 23:50 ` David Woodhouse
2004-12-01 0:10 ` Linus Torvalds
2004-12-01 0:18 ` Linus Torvalds
2004-12-01 8:10 ` Arjan van de Ven
2004-12-01 0:24 ` David Woodhouse
2004-12-01 0:37 ` Linus Torvalds
2004-12-01 0:47 ` David Woodhouse
2004-12-01 0:57 ` Linus Torvalds
2004-12-01 1:06 ` David Woodhouse
2004-12-01 1:23 ` Linus Torvalds
2004-12-01 6:48 ` BAIN
2004-12-01 2:02 ` cdrom.h (was Re: [RFC] Splitting kernel headers...) Matthew Wilcox
2004-11-30 22:52 ` [RFC] Splitting kernel headers and deprecating __KERNEL__ Mariusz Mazur
2004-11-30 23:05 ` Linus Torvalds
2004-11-30 23:05 ` Alexandre Oliva
2004-11-30 15:35 ` David Woodhouse
2004-11-30 15:58 ` Linus Torvalds
2004-11-30 16:28 ` David Woodhouse
2004-11-30 16:53 ` Linus Torvalds
2004-11-30 17:52 ` David Woodhouse
2004-11-30 18:21 ` Linus Torvalds
2004-11-30 20:28 ` Mariusz Mazur
2004-11-30 20:47 ` Linus Torvalds
2004-11-30 22:33 ` Sam Ravnborg
2004-11-30 22:44 ` Mariusz Mazur
2004-11-30 23:03 ` Al Viro
2004-11-30 23:08 ` Mariusz Mazur
2004-12-01 5:23 ` Sam Ravnborg
2004-12-01 10:52 ` Mariusz Mazur
2004-12-01 18:08 ` Sam Ravnborg
2004-11-30 23:13 ` Alexandre Oliva
2004-11-30 23:36 ` Chris Friesen
2004-12-01 5:50 ` H. Peter Anvin
2004-11-30 22:48 ` Matt Mackall
2004-11-30 22:51 ` Christoph Hellwig
2004-11-30 23:09 ` Chris Friesen
2004-11-30 23:35 ` Matt Mackall
2004-12-01 0:23 ` Miquel van Smoorenburg
2004-11-30 22:55 ` Linus Torvalds
2004-11-30 23:29 ` Matt Mackall
2004-12-03 1:03 ` Krzysztof Halasa
2004-11-30 23:51 ` David Woodhouse
2004-11-30 17:55 ` Al Viro
2004-11-30 16:33 ` David Howells
2004-11-30 16:57 ` Linus Torvalds
2004-12-14 5:51 ` Werner Almesberger
2004-12-14 15:49 ` Linus Torvalds
2004-12-14 16:50 ` Werner Almesberger
2004-12-14 17:58 ` Linus Torvalds
2004-12-14 21:46 ` Werner Almesberger
2004-12-14 21:58 ` Linus Torvalds
2004-12-14 23:49 ` Krzysztof Halasa
2004-12-15 0:09 ` Werner Almesberger
2004-12-16 0:58 ` Krzysztof Halasa
2004-12-14 19:23 ` Horst von Brand
2004-12-14 19:45 ` Sam Ravnborg
2004-12-14 19:58 ` Linus Torvalds
2004-12-14 20:25 ` Andreas Schwab
2004-12-14 20:33 ` Linus Torvalds
2004-12-14 16:55 ` Andreas Schwab
2004-12-14 17:59 ` Linus Torvalds
2004-11-26 11:52 ` David Howells
2004-11-27 20:39 ` Sam Ravnborg
2004-11-25 18:20 ` Alexandre Oliva
2004-11-25 21:01 ` Matthew Wilcox
2004-11-25 22:35 ` David Woodhouse
2004-11-26 11:42 ` Alexandre Oliva
2004-11-27 0:13 ` Andreas Steinmetz
2004-11-27 0:26 ` David Woodhouse
2004-11-27 0:30 ` Andreas Steinmetz
2004-11-27 0:38 ` David Woodhouse
2004-11-26 11:47 ` Alexandre Oliva
2004-11-26 11:53 ` David Woodhouse
2004-11-27 16:12 ` Krzysztof Halasa
2004-11-26 11:58 ` David Howells
2004-11-26 12:00 ` David Woodhouse
2004-11-26 14:19 ` Matthew Wilcox
2004-11-26 14:33 ` David Woodhouse
2004-11-27 12:10 ` Alexander Stohr
2004-11-27 3:46 ` Adam Heath
2004-11-30 12:18 ` Horst von Brand
2004-11-29 16:34 ` Alexandre Oliva
2004-11-25 18:45 ` Matthew Wilcox
2004-11-26 23:56 ` Grzegorz Kulewski
2004-11-27 1:27 ` Tomas Carnecky
2004-11-27 1:41 ` Grzegorz Kulewski
2004-11-27 2:03 ` Tomas Carnecky
2004-11-29 11:08 ` David Howells
2004-11-27 3:07 ` Kyle Moffett
2004-11-27 4:29 ` Tonnerre
2004-11-27 3:51 ` Matthew Wilcox
2004-11-27 16:47 ` Randy.Dunlap
2004-11-27 17:16 ` David Woodhouse
2004-11-27 22:53 ` Arnd Bergmann
2004-11-27 23:12 ` David Woodhouse
2004-11-27 23:27 ` Randy.Dunlap
2004-11-27 23:32 ` David Woodhouse
2004-11-27 23:56 ` Arnd Bergmann
2004-11-28 7:13 ` Arjan van de Ven
2004-11-28 12:03 ` Arnd Bergmann
2004-11-28 12:19 ` Arjan van de Ven
2004-11-28 16:34 ` Kevin Puetz
2004-11-28 12:28 ` Wichert Akkerman
2004-11-28 12:44 ` Arjan van de Ven
2004-11-28 16:21 ` Jakub Jelinek
2004-11-28 7:20 ` Christoph Hellwig
2004-11-27 4:05 ` Chris Friesen
2004-11-27 4:30 ` Tomas Carnecky
2004-11-27 21:03 ` Sam Ravnborg
2004-11-27 21:11 ` Andreas Steinmetz
2004-11-27 21:19 ` Sam Ravnborg
2004-11-27 21:49 ` Andreas Steinmetz
2004-11-27 23:21 ` Arnd Bergmann
2004-11-28 13:24 ` Andreas Steinmetz
2004-11-28 13:40 ` Arnd Bergmann
2004-11-29 20:01 ` H. Peter Anvin
2004-11-30 0:34 ` Kyle Moffett
2004-11-30 0:51 ` H. Peter Anvin
2004-12-14 7:07 ` Werner Almesberger
-- strict thread matches above, loose matches on Subject: below --
2004-11-27 19:43 Dan Kegel
2004-11-27 21:06 ` Sam Ravnborg
[not found] <34Xo6-2P0-19@gated-at.bofh.it>
[not found] ` <35i9f-2vZ-25@gated-at.bofh.it>
[not found] ` <35iLS-2Uo-1@gated-at.bofh.it>
[not found] ` <35kb6-46Q-25@gated-at.bofh.it>
2004-11-28 0:55 ` ak
2004-11-28 13:32 ` Arnd Bergmann
2004-11-30 1:43 Jean Tourrilhes
2004-11-30 4:22 ` Linus Torvalds
2004-11-30 6:51 ` H. Peter Anvin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=41AF9469.1060301@bigpond.net.au \
--to=pwil3058@bigpond.net.au \
--cc=ecki-news2004-05@lina.inka.de \
--cc=linux-kernel@vger.kernel.org \
--cc=tom@dbservice.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox