From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-0.3 required=5.0 tests=BAYES_00,
	REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4
Path: 
 eternal-september.org!reader01.eternal-september.org!reader02.eternal-september.org!news.eternal-september.org!news.eternal-september.org!news.eternal-september.org!feeder.eternal-september.org!aioe.org!.POSTED!not-for-mail
From: "Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de>
Newsgroups: comp.lang.ada
Subject: Re: Preconditions which anyway would be caught?
Date: Sun, 10 Aug 2014 09:24:53 +0200
Organization: cbb software GmbH
Message-ID: <14zsfaffv1uwu.12pijzz9mdaj8$.dlg@40tude.net>
References: <ls5f3l$4t8$1@speranza.aioe.org>
 <7vydnShDldsh6XvO4p2dnAA@giganews.com> <BJadnfLOjLUf6HvO4p2dnAA@giganews.com>
 <c4nglvFm5o1U1@mid.individual.net>
Reply-To: mailbox@dmitry-kazakov.de
NNTP-Posting-Host: pFv5JukiA5DRwd1gSNRC4g.user.speranza.aioe.org
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Complaints-To: abuse@aioe.org
User-Agent: 40tude_Dialog/2.0.15.1
X-Notice: Filtered by postfilter v. 0.8.2
Xref: news.eternal-september.org comp.lang.ada:21636
Date: 2014-08-10T09:24:53+02:00
List-Id: <comp.lang.ada>

On Sun, 10 Aug 2014 00:04:11 +0300, Niklas Holsti wrote:

> On 14-08-09 22:24 , Peter Chapin wrote:
>> On 2014-08-09 15:21, Peter Chapin wrote:
>> 
>>> Proper syntax here is
>>>
>>> function Inverse(X : Float)
>>>   with Pre => (X /= 0) is
>>> begin
>>>    return 1/X;
>>> end;
>> 
>> Well that's closer. How about
>> 
>> function Inverse(X : Float) return Float
>>   with Pre => (X /=0) is
>> begin
>>    return 1/X;
>> end;
> 
> Just to be a pedant: shouldn't that have some decimals on the literals:
> 
> function Inverse(X : Float) return Float
>   with Pre => (X /= 0.0) is
> begin
>   return 1.0/X;
> end;
> 
> In addition, is it really true that all Float numbers /= 0.0 can be
> inverted without error? What if X is a denormalized number which has
> suffered gradual underflow... won't its inverse overflow, because there
> is no concept of "gradual overflow" in IEEE floats?

But 1.0/0.0 is perfectly OK in IEEE floats. It is NaN.

Methodically the approach is wrong. A precondition is chosen to ensure the
post-condition. What is the post-condition of Inverse?

1. Whatever garbage but no exceptions
2. 1.0/X * X in 1.0 - err .. 1.0 + err
...

Once the post-condition is defined, the precondition is the least
constraint allowing an implementation that ensures it.

Specifying precondition for the sake of having them is meaningless.

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de