From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-0.3 required=5.0 tests=BAYES_00,
	REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 103376,7a7040918881fd02
X-Google-Attributes: gid103376,public
X-Google-ArrivalTime: 2002-01-11 12:40:14 PST
Path: 
 archiver1.google.com!news1.google.com!newsfeed.stanford.edu!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!newsfeed.mathworks.com!cyclone.swbell.net!bos-service1.ext.raytheon.com!dfw-service2.ext.raytheon.com.POSTED!not-for-mail
Message-ID: <3C3F4D9B.79019B90@spamcop.net>
From: Wes Groleau <wesgroleau@spamcop.net>
Reply-To: wesgroleau@spamcop.net
X-Mailer: Mozilla 4.77 [en] (Windows NT 5.0; U)
X-Accept-Language: en,es-MX,es,pt,fr-CA,fr
MIME-Version: 1.0
Newsgroups: comp.lang.ada
Subject: Re: Assertions in the Next Ada Standard
References: <3C3E8438.E780D942@adaworks.com> <3C3F45EE.7030808@look.ca>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Date: Fri, 11 Jan 2002 15:39:55 -0500
NNTP-Posting-Host: 151.168.144.162
X-Complaints-To: news@ext.ray.com
X-Trace: dfw-service2.ext.raytheon.com 1010781609 151.168.144.162 (Fri,
 11 Jan 2002 14:40:09 CST)
NNTP-Posting-Date: Fri, 11 Jan 2002 14:40:09 CST
Organization: Raytheon Company
Xref: archiver1.google.com comp.lang.ada:18797
Date: 2002-01-11T15:39:55-05:00
List-Id: <comp.lang.ada>


>      declare
>          Const_X : constant Integer := X;
>          -- invariant X
>          Pos_Y : Positive := Y;
>          -- ensure Y > 0
>          -- invariant (Y > 0)
>      begin
>          loop
>              ...
>          end loop;
>      end;

The "ensure" works, but not the "invariants."  Neither of those
declarations prevents an assignment to X or Y.

I never saw the official proposal (if there was one) but
I'd think it should be inside a subprogram:

pragma Require   ( condition );
pragma Invariant ( condition );
pragma Ensure    ( condition );

or after a subprogram declaration:

pragma Require   ( subprogram, condition );
pragma Invariant ( subprogram, condition );
pragma Ensure    ( subprogram, condition );

Rules of scope could be based on those of Eiffel, unless Eiffel
experience has shown a need for modification.

Since they're pragmas, any vendor could try them out without
affecting validation.

-- 
Wes Groleau
http://freepages.rootsweb.com/~wgroleau