Re: Assertions in the Next Ada Standard

comp.lang.ada
 help / color / mirror / Atom feed

From: FGD <presbeis@look.ca>
Subject: Re: Assertions in the Next Ada Standard
Date: Fri, 11 Jan 2002 15:07:10 -0500
Date: 2002-01-11T15:07:10-05:00	[thread overview]
Message-ID: <3C3F45EE.7030808@look.ca> (raw)
In-Reply-To: 3C3E8438.E780D942@adaworks.com

Richard Riehle wrote:

> I am hoping to see something like pre-conditions, post-conditions,
> and invariants in the next revision of Ada.  I would be pleased if
> we simply adopted the wording already used in Eiffel:  require,
> ensure, and invariant, but I am not intractable about the terminology.

Though I'm not familiar with Eiffel and its use of those idioms, but 
this sounds like an attractive proposal. However, if you allow me to 
play Devil's advocate, could you give a concrete example where this has 
significant benefits.

For suprograms, this doesn't seem essential because of Ada's strong 
typing. It may however be very useful for loops and related constructs. 
But I can find *weak* replacements within Ada. For invariants, enclose 
loops in a block statement, e.g.

     declare
         Const_X : constant Integer := X;
         -- invariant X
         Pos_Y : Positive := Y;
         -- ensure Y > 0
         -- invariant (Y > 0)
     begin
         loop
             ...
         end loop;
     end;

This also allows for catching exceptions locally, or use pragma Suppress 
to allow optimizations. For require and ensure, enclose the loop in an 
inlined procedure similar to the above. These replacements are weak 
because Ada types cannot conveniently represent assertions such as X /= 
0 or X > Y for variable X and Y. Perhaps some type improvements could do 
the job instead?

There is one place where I can see some genuine benefits. It would be 
possible to specify exception conditions in declarative parts, e.g. 
(improvised syntax)

     function "/" (L, R : Integer_Type) return Integer_Type;
     for "/" require R /= 0;

     function "*" (L, R : Matrix) return Matrix;
     for "*" require L.Columns = R.Rows;
     for "*" ensure return.Rows = L.Rows;
     for "*" ensure return.Columns = R.Columns;

Or perhaps type improvements could do the job:

     -- Disconnected ranges?

     subtype Nonzero_Integer_Type is Integer_Type
         range Integer_Type'First .. -1 | 1 .. Integer_Type'Last;

     function "/"
         (L : Integer_Type;
          R : Nonzero_Integer_Type)
         return Integer_Type

     -- Dummy discriminants?

     function "*"
         (L : Matrix(Rows => M, Columns => L);
          R : Matrix(Rows => L, Columns => N))
         return Matrix(Rows => M, Columns => N);

Perhaps I'm missing something, how does Eiffel use these?

-- Frank

next prev parent reply	other threads:[~2002-01-11 20:07 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-01-11  6:20 Assertions in the Next Ada Standard Richard Riehle
2002-01-11  9:23 ` Dale Stanbrough
2002-01-11 13:47   ` Robert A Duff
2002-01-11 23:28   ` Nick Roberts
2002-01-12  1:30     ` Darren New
2002-01-11 20:07 ` FGD [this message]
2002-01-11 20:39   ` Wes Groleau
2002-01-12  4:56     ` Robert Dewar
2002-01-12  7:30   ` Richard Riehle
2002-01-12 19:58     ` FGD
2002-01-12 21:27       ` Ed Falis
2002-01-12 22:45     ` Darren New
2002-01-14 17:20       ` Robert A Duff
2002-01-14 17:42         ` Darren New
2002-01-14 23:16     ` Mark Lundquist
2002-01-17  6:23     ` Richard Riehle

replies disabled

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox