From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM autolearn=ham autolearn_force=no version=3.4.4 X-Google-Thread: 103376,df055ffdd469757d X-Google-NewGroupId: yes X-Google-Attributes: gida07f3367d7,domainid0,public,usenet X-Google-Language: ENGLISH,ASCII-7-bit X-Received: by 10.66.162.65 with SMTP id xy1mr649260pab.6.1360983036693; Fri, 15 Feb 2013 18:50:36 -0800 (PST) X-Received: by 10.50.217.201 with SMTP id pa9mr326347igc.17.1360983036463; Fri, 15 Feb 2013 18:50:36 -0800 (PST) Path: ov8ni9pbb.1!nntp.google.com!su1no5424540pbb.0!postnews.google.com!glegroupsg2000goo.googlegroups.com!not-for-mail Newsgroups: comp.lang.ada Date: Fri, 15 Feb 2013 18:50:36 -0800 (PST) In-Reply-To: Complaints-To: groups-abuse@google.com Injection-Info: glegroupsg2000goo.googlegroups.com; posting-host=122.18.177.220; posting-account=Mi71UQoAAACnFhXo1NVxPlurinchtkIj NNTP-Posting-Host: 122.18.177.220 References: User-Agent: G2/1.0 MIME-Version: 1.0 Message-ID: <30edd381-7505-496a-99e5-f884faf33c33@googlegroups.com> Subject: Re: Class wide preconditions: error in GNAT implementation? From: ytomino Injection-Date: Sat, 16 Feb 2013 02:50:36 +0000 Content-Type: text/plain; charset=ISO-8859-1 Date: 2013-02-15T18:50:36-08:00 List-Id: On Saturday, February 16, 2013 10:01:53 AM UTC+9, Randy Brukardt wrote: > This looks right to me (well, actually not quite, see far below). > >It seems that the preconditions were evaluated as pragma Assert > >(B'Pre'Class and then A'Pre'Class); > > Class-wide Preconditions are combined with "or", not "and". And of course > Once you get True for "or", you don't need to evaluate any more of them. See > 6.1.1(33/3)- "if and only if all ... evaluated to False". > The order of evaluation of these expressions is unspecified, so which one > gets evaluated depends on the compiler. > > Postconditions (and specific preconditions) are combined with "and". > > The reasons for this are found in the theories of LSP. I could explain it, > but it would take me all day, and you'd probably be more confused than you > started. :-) (It took a long time for most of the ARG, me included, to > understand this well enough to determine whether or not the features were > properly defined.) Oh! Sorry, you are right at this point. That's evaluated as pragma Assert (B'Pre'Class or else A'Pre'Class); I had a mistake in writing. I really wanted to talk about the treatment of Pre'Class in dispatching call. > OTOH, I didn't realize that you had a dispatching call. In that case, the > precondition is supposed to just be the Pre'Class for A, which is stronger > that A or B which a direct call would use. Probably GNAT dispatched and then > checked the precondition. Technically, that's wrong Yes. GNAT inserts Pre'Class into function body. AARM 6.1.1 38.a/3-b/3 indicates, if my understanding is right, Pre'Class should be evaluated after parameters are evaluated and before dispatching. > (although I would have a > hard time caring, the reason for the stronger precondition on dispatching > calls is to allow analysis without knowing the actual tag, it doesn't have > anything to do with correctness). No. It's related to correctness. Precondition is a promise for caller, not callee. In this case, the caller should keep As.foo'Pre'Class because calling As.foo. This rule specified by AARM is agreement with the conclusion of the discussion of D language and explained in Eiffel. I read the Eiffel book "Object-Oriented Software Construction 2/E" and this part of AARM again and again when I knew the error of dmd on last year. At that time, I had been contented because AARM seems right for me. But, this behavior of GNAT is completely the same as dmd concluded that had a bug.