From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: fac41,2c6139ce13be9980 X-Google-Attributes: gidfac41,public X-Google-Thread: 1108a1,2c6139ce13be9980 X-Google-Attributes: gid1108a1,public X-Google-Thread: 103376,3d3f20d31be1c33a X-Google-Attributes: gid103376,public X-Google-Thread: f43e6,2c6139ce13be9980 X-Google-Attributes: gidf43e6,public From: Nick Leaton Subject: Re: Safety-critical development in Ada and Eiffel Date: 1997/07/17 Message-ID: <33CE082E.65FF@calfp.co.uk>#1/1 X-Deja-AN: 257404112 X-NNTP-Posting-Host: calfp.demon.co.uk [158.152.70.168] References: <33CD1722.2D24@calfp.co.uk> Newsgroups: comp.object,comp.software-eng,comp.lang.ada,comp.lang.eiffel Date: 1997-07-17T00:00:00+00:00 List-Id: Warwick Pulley wrote: stuff on implementing assertions in Ada deleted > Example 2 above is an example how the assertions can be "mis-implemented" in > Ada, because the logic is wrong and necessary code was included in the "if" > statement. As you have said, all you need in Eiffel is the boolean > expression itself, and since Eiffel has a special clauses for these > assertions it's not possible to include vital procedural code within these > clauses. Why would you want to place procedural code in an assertion? It is the same as saying you want to have a side effect of a function. If it is vital code, then presuably you always want it executed. Or it may be debugging/tracing information, in which case it isn't an assertion, but it should be placed in some form of conditional compilation or execution block. Separate point. One of the valid objections that has been raised with assertions is question of execution time being different with them on from when they are off. >From other posters, it seems that with life critical systems (avionics) that this is an important consideration. Am I the only one who finds this worrying, that systems you have to trust depend on some calculation as to how the program is going to run? What happens if a new compiler comes out that has a different optimisation technique? -- Nick