On Sun, 29 Apr 2018 14:50:08 +0100
Gareth's Downstairs Computer
 wrote:

> On 29/04/2018 13:43, Ahem A Rivet's Shot wrote:
> >  One way to create subtle and nasty bugs is to write code that
> > depends on the implementation rather than the spec.
>
> All code depends upon the implementation.

 Wrong! For an example some years ago I was involved in creating a
tool kit for people building products in the company (online scientific
journals) - there came a time when I found that an efficiency problem in
the lowest level of the toolkit (by now about four years old in production
use with a lot of higher level toolkit and product sitting on top of that
bottom layer). It was subtle and fiddly - fixing it properly required
rewriting the entire of the lowest level.

 In many places that would be deemed too risky - but we had good
unit tests and a strong philosophy of documenting interfaces and working to
interface documentation. So when I rewrote the entire bottom layer keeping
just the API and got it to pass the (untouched) unit tests we released it
(staged of course - integration tests, acceptance tests ...) - *nothing*
went wrong anywhere.

> For example, string handling in C is not part of the
> language spec.

 It is part of the library spec - there's more than one spec. Every
layer you depend on should have a spec, if it doesn't don't depend on it.

--
Steve O'Hara-Smith                          |   Directable Mirror Arrays
C:\>WIN                                     | A better way to focus the sun
The computer obeys and wins.                |    licences available see
You lose and Bill collects.                 |    http://www.sohara.org/

--- SoupGate-Win32 v1.05