From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,7a7040918881fd02 X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2002-01-11 12:00:11 PST Path: archiver1.google.com!news1.google.com!newsfeed.stanford.edu!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!newsfeed.direct.ca!look.ca!brick.direct.ca!brie.direct.ca.POSTED!not-for-mail Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii; format=flowed From: FGD MIME-Version: 1.0 Message-ID: <3C3F45EE.7030808@look.ca> NNTP-Posting-Date: Fri, 11 Jan 2002 11:56:48 PST NNTP-Posting-Host: 209.148.71.52 Newsgroups: comp.lang.ada Organization: Look Communications - http://www.look.ca References: <3C3E8438.E780D942@adaworks.com> Subject: Re: Assertions in the Next Ada Standard User-Agent: Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:0.9.4) Gecko/20011128 Netscape6/6.2.1 X-Accept-Language: en-us X-Complaints-To: abuse@look.ca X-Trace: brie.direct.ca 1010779008 209.148.71.52 (Fri, 11 Jan 2002 11:56:48 PST) Date: Fri, 11 Jan 2002 15:07:10 -0500 Xref: archiver1.google.com comp.lang.ada:18794 Date: 2002-01-11T15:07:10-05:00 List-Id: Richard Riehle wrote: > I am hoping to see something like pre-conditions, post-conditions, > and invariants in the next revision of Ada. I would be pleased if > we simply adopted the wording already used in Eiffel: require, > ensure, and invariant, but I am not intractable about the terminology. Though I'm not familiar with Eiffel and its use of those idioms, but this sounds like an attractive proposal. However, if you allow me to play Devil's advocate, could you give a concrete example where this has significant benefits. For suprograms, this doesn't seem essential because of Ada's strong typing. It may however be very useful for loops and related constructs. But I can find *weak* replacements within Ada. For invariants, enclose loops in a block statement, e.g. declare Const_X : constant Integer := X; -- invariant X Pos_Y : Positive := Y; -- ensure Y > 0 -- invariant (Y > 0) begin loop ... end loop; end; This also allows for catching exceptions locally, or use pragma Suppress to allow optimizations. For require and ensure, enclose the loop in an inlined procedure similar to the above. These replacements are weak because Ada types cannot conveniently represent assertions such as X /= 0 or X > Y for variable X and Y. Perhaps some type improvements could do the job instead? There is one place where I can see some genuine benefits. It would be possible to specify exception conditions in declarative parts, e.g. (improvised syntax) function "/" (L, R : Integer_Type) return Integer_Type; for "/" require R /= 0; function "*" (L, R : Matrix) return Matrix; for "*" require L.Columns = R.Rows; for "*" ensure return.Rows = L.Rows; for "*" ensure return.Columns = R.Columns; Or perhaps type improvements could do the job: -- Disconnected ranges? subtype Nonzero_Integer_Type is Integer_Type range Integer_Type'First .. -1 | 1 .. Integer_Type'Last; function "/" (L : Integer_Type; R : Nonzero_Integer_Type) return Integer_Type -- Dummy discriminants? function "*" (L : Matrix(Rows => M, Columns => L); R : Matrix(Rows => L, Columns => N)) return Matrix(Rows => M, Columns => N); Perhaps I'm missing something, how does Eiffel use these? -- Frank