-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ensuring object properties in protocol session states #691
Comments
Having transitions interspersed among other statements is simpler in one sense, but it certainly results in more complex overall control flow, with partial sets of effects executed within a state depending on when the transition out of the state is encountered. One question is whether transition statements could occur anywhere, including within the body of a loop (if such a notion exists in RecordFlux). Should a transition statement be treated roughly the same as a "return" or "exit" statement in Ada? If a state is treated like a function that returns the identity of the next state to be visited, then interspersing conditional transition statements would be analogous to what you could do in Ada with conditional return statements. There are coding conventions that frown on such "early" return statements, and they can cause maintenance headaches if you add some code at the end of a function presuming that it will be reached on every execution of the function. Similarly, allowing "early" transition statements means that it is less clear which statements within the state are executed on every "visit" of the state. Some sort of special indenting of transition statements might be justified so they don't just disappear when occurring within a long block of statements. |
There are no loop statements or other "block" statements in RecordFlux. So I do not see the need to restrict the occurrence of transition statements.
Yes, I think so.
I see that there are advantages and disadvantages of "early" return statements. Personally, I have the feeling that the advantages of "early" return statements outweigh their disadvantages.
That makes sense, although indenting such a statement seems uncommon to me. At least, I'm not aware of a similar convention in any programming language. I think having syntax highlighting where |
As an example of indenting/outdenting, I have seen the Ada "exit" statement outdented as follows:
Something like this might be useful for transition statements. I am not a fan of relying on syntax highlighting as the only indicator of something significant, since there are plenty of contexts where the highlighting will not be available. |
This also fixes the code generation for message fields with a sequence type name equal to the package name. Ref. #691
This also fixes the code generation for message fields with a sequence type name equal to the package name. Ref. #691
This also fixes the code generation for message fields with a sequence type name equal to the package name. Ref. #691
Context and Problem Statement
In many cases, certain properties of an object must be fulfilled before the object can be used for specific actions.
Examples
E1
Network_Channel'Write (TLS_Record::TLS_Record'(Tag => TLS_Record::Alert, Legacy_Record_Version => TLS_Record::TLS_1_2, Length => Alert_Message'Size / 8, Fragment => Alert_Message'Opaque));
Ensure:
Alert_Message'Size / 8 <= 16384
E2
Ensure:
Handshake_Control_Message'Valid
,GreenTLS_Alert_Message'Valid
andDescription /= Close_Notify and Description /= User_Canceled
E3
Ensure:
Server_Key_Update_Message'Valid
andTLS_Record_Message'Valid
andTLS_Record_Message.Tag = Application_Data and TLS_Record_Message.Legacy_Record_Version = TLS_1_2
E4-6
#292 (comment)
E7 Integer overflows
#687
Considered Options
O1 State contracts
+ Contracts are well-known concept
− Many small states needed for common operations
O2 Conditional transitions
transition TARGET_STATE if CONDITION
transition TARGET_STATE
as last statement in a state+ Simple and flexible
+ Enables transitions as early as possible
+ Avoids additional states just for checking conditions
− Repetition of already defined properties
− Repetitive declaration of transitions to the same error state
O3 Exceptions
+ Good readability (no repetition of already defined properties or splitting in multiple states necessary)
+ Extendable by more expressive exceptions (i.e., matching constraints which led to the exception)
Decision Outcome
O3
Tasks
The text was updated successfully, but these errors were encountered: