From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-0.3 required=5.0 tests=BAYES_00,
	REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 103376,cd1591f986baca62,start
X-Google-Attributes: gid103376,public
X-Google-ArrivalTime: 2001-03-10 13:28:04 PST
Path: 
 supernews.google.com!sn-xit-03!supernews.com!logbridge.uoregon.edu!news.maxwell.syr.edu!news.mindspring.net!not-for-mail
From: Lao Xiao Hai <laoxhai@ix.netcom.com>
Newsgroups: comp.lang.ada
Subject: AdaYY; Assertions?
Date: Sat, 10 Mar 2001 13:24:10 -0800
Organization: AdaWorks Software Engineering
Message-ID: <3AAA9B7A.36B601F0@ix.netcom.com>
Reply-To: richard@adaworks.com
NNTP-Posting-Host: 3f.35.b5.20
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Server-Date: 10 Mar 2001 21:26:26 GMT
X-Mailer: Mozilla 4.7 [en] (Win98; I)
X-Accept-Language: en
Xref: supernews.google.com comp.lang.ada:5616
Date: 2001-03-10T21:26:26+00:00
List-Id: <comp.lang.ada>

During the development of Ada 95, there was discussion about
including an assertion capability for pre-conditions, post-conditions,
and invariants.   During a conversation with someone, I was told
the safety-critical community was uneasy about this capability and
felt including it would lead to a false sense of security.

Since then, a lot of additional discussion has emerged regarding ideas
such as Design By Contract.   Also, I am using a textbook, for a C++
data structures class, in which all of the code examples include comment

code for pre-, post- and invariant conditions.   Of course, C++ has no
capability built into the language to support these assertions, so the
compiler can never check them.

It seems to me that Ada's architecture is inherently hospitable to the
concept.
Granted, the type definition model is a kind of implied assertion
capability,
conservative and reliable.  Also granted, one can declare pre-conditions
that
self-contradictory and totally confuse the resulting code.  However, a
modest
addition to the next version of Ada could be a powerful capability and
make
the language conformant with the publication of algorithm textbooks
that,
increasingly, demonstrate their examples by including pre-, post-, and
invariant
assertions.

Richard Riehle
richard@adaworks.com
rdriehle@nps.navy.mil       (I am currently teaching some classes,
including Ada,
                                            at the nearby Naval
Postgraduate School,
                                             and this is my email
address there)