Most GNU C++ library classes possess a method named OK()
,
that is useful in helping to verify correct performance of class
operations.
The OK()
operations checks the "representation invariant" of a
class object. This is a test to check whether the object is in a valid
state. In effect, it is a (sometimes partial) verification of the
library's promise that (1) class operations always leave objects in
valid states, and (2) the class protects itself so that client functions
cannot corrupt this state.
While no simple validation technique can assure that all operations
perform correctly, calls to OK()
can at least verify that
operations do not corrupt representations. For example for String
a, b, c; ... a = b + c;
, a call to a.OK();
will guarantee that
a
is a valid String
, but does not guarantee that it
contains the concatenation of b + c
. However, given that a
is known to be valid, it is possible to further verify its properties,
for example via a.after(b) == c && a.before(c) == b
. In other
words, OK()
generally checks only those internal representation
properties that are otherwise inaccessible to users of the class. Other
class operations are often useful for further validation.
Failed calls to OK()
call a class's error
method if
one exists, else directly call abort
. Failure indicates
an implementation error that should be reported.
With only rare exceptions, the internal support functions for a class
never themselves call OK()
(although many of the test files
in the distribution call OK()
extensively).
Verification of representational invariants can sometimes be very time consuming for complicated data structures.