From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,FREEMAIL_FROM, INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,1e5c102037393131 X-Google-Attributes: gid103376,public From: "Nick Roberts" Subject: Re: Assertions Date: 1999/05/13 Message-ID: <373c862b@eeyore.callnetuk.com>#1/1 X-Deja-AN: 477940695 References: <3736D243.1EEBF1AB@globalnet.co.uk> <3736F549.E3DDCDEB@pwfl.com> <7h83lc$rd$1@nnrp1.deja.com> <3739CECA.6A49865B@averstar.com> <1999May12.163911.1@eisner.decus.org> X-Original-NNTP-Posting-Host: da134d108.dialup.callnetuk.com X-Mimeole: Produced By Microsoft MimeOLE V4.72.3110.3 X-Complaints-To: newsabuse@remarq.com X-Trace: 926714474 02H499TBW8004D443C uk25.supernews.com Organization: RemarQ http://www.remarQ.com Newsgroups: comp.lang.ada Date: 1999-05-13T00:00:00+00:00 List-Id: I would suggest that a pragma Assert expands to something like the following: if not boolean_expression then Ada.Exceptions.Raise_Exception( Ada.Assertions.Assert_Failure'Identity, "Test expression evaluated to False in a pragma Assert." & NL & "Page: " & Page & "Line: " & Line & NL & "File: " & Source_File_Name & NL & [""|string_expression]); end if; where NL is the implementation's code for a line break. Then there should be a package: package Ada.Assertions is Assert_Failure: exception [renames lower_level_exception]; end; I think it's also got to be made explicit that if a pragma Assert in the place of a declaration---in the declarative region of a certain block---raises an exception, that exception must be immediately propagated out of the block (and can never be handled inside the block). I would also suggest the following points. 1. There's no reason why the compiler should not be able to assume that any assertion's condition holds true, regardless of whether assertion checking is turned on or off. This would obviously be highly desirable, since, in many cases, it would allow optimising compilers to make optimisations they otherwise could not. The situation is analogous to other checks: if a check is turned off, and consequently an exception fails to be raised, the program's behaviour is undefined, and possibly highly erratic; if Assertion_Check is on (the default) the failure of an assertion's condition will always raise an exception (so the condition will certainly always hold as a post condition). 2. I don't see why assertions should not be allowed to have side-effects. Whether it would be wise, in practice, for an assertion to have side effects is another matter (to be left to the 'wisdom' of the programmer ;-). 3. If Assertion_Check is turned off, but the compiler can nevertheless detect (at compile time) that an assertion's condition will always fail (be False), it should still be entitled to raise an exception. Again, this is analogous to the other checks. In theory, the compiler should be entitled to continue checking any assertions it fancies. 4. A pragma Assert must not be evaluated by the elaboration of a preelaborated library unit. ------------------------------------- Nick Roberts -------------------------------------