Support for representation invariants
*************************************

   Most GNU C++ library classes possess a method named `OK()', that is
useful in helping to verify correct performance of class operations.

   The `OK()' operations checks the "representation invariant" of a
class object. This is a test to check whether the object is in a valid
state. In effect, it is a (sometimes partial) verification of the
library's promise that (1) class operations always leave objects in
valid states, and (2) the class protects itself so that client functions
cannot corrupt this state.

   While no simple validation technique can assure that all operations
perform correctly, calls to `OK()' can at least verify that operations
do not corrupt representations. For example for `String a, b, c; ... a
= b + c;', a call to `a.OK();' will guarantee that `a' is a valid
`String', but does not guarantee that it contains the concatenation of
`b + c'. However, given that `a' is known to be valid, it is possible
to further verify its properties, for example via `a.after(b) == c &&
a.before(c) == b'. In other words, `OK()' generally checks only those
internal representation properties that are otherwise inaccessible to
users of the class. Other class operations are often useful for further
validation.

   Failed calls to `OK()' call a class's `error' method if one exists,
else directly call `abort'. Failure indicates an implementation error
that should be reported.

   With only rare exceptions, the internal support functions for a class
never themselves call `OK()' (although many of the test files in the
distribution call `OK()' extensively).

   Verification of representational invariants can sometimes be very
time consuming for complicated data structures.