Skip to Main Content
This paper discusses the current style of algebraic data type specifications. Some simple examples illustrate that whether or not two objects of the type being specified are equal can be implementation dependent, even for very simple objects of the type. To remedy this, it is proposed that specifications should be safe, where safety is a stronger requirement than Guttag's sufficient completeness. The paper also discusses when an operator should be part of a specification and when it should be introduced by extension, and concludes with safe specifications of some common data types.