From: Georg Bauhaus <rm.tsoh.plus-bug.bauhaus@maps.futureapps.de>
Subject: On pragma Precondition etc.
Date: Fri, 25 Jul 2008 10:01:49 +0200
Date: 2008-07-25T10:01:49+02:00 [thread overview]
Message-ID: <4889886d$0$18827$9b4e6d93@newsspool2.arcor-online.net> (raw)
A question about syntax.
Thanks to GNAT 2008, there is now some initial support
for stating preconditions and postconditions of supprograms,
using pragma Pre-/Postcondition.
Randy Brukardt has presented more thoughts on this to
the Ada Comments mailing list; notably, by describing
means to express a type's invariant, T'Constraint.
(GNAT's pragmas can be used to state conditions right after
the spec of a subprogram, and also at the start of
declarations of a supbrogram body. Thus,
procedure Foo(X, Y: Natural);
pragma Precondition(X > Y);)
My question is about the syntactical link of a Pre-/Postcondition
to a subprogram declaration. Using GNAT's approach, the link is
implicit:
A spec Pre-/Postcondition applies to the immediately preceding
subprogram declaration and to nothing else.
At first sight it seems natural to *not* name the subprogram in
the Pre-/Postcondition pragma. You could refer the questioner
to the Department of Redundancy Department.
On the other hand, there are opportunities for code restructuring.
What happens to the Pre-/Postconditions then? I suggest the they
can get mixed up. For example, exchange the alphabetical
order of the following function declarations in a hurry,
function More(X, Y: Integer);
-- ...
pragma Precondition(X > 2 * Y);
function Less(X, Y: Integer);
-- ...
pragma Precondition(X < 2 * Y);
So I would contend the lack of a *local_name* parameter
in the pragmas Pre-/Postcondition.
The parameter could be like those of pragma No_Return or
pragma Inline, making the link to the subprogram explicit.
We would have something like
function More(X, Y: Integer);
-- ...
pragma Precondition(More, X > 2 * Y);
function Less(X, Y: Integer);
-- ...
pragma Precondition(Less, X < 2 * Y);
And now there is no doubt about the subprogram to which a
Pre-/Postcondition belongs. (A rule that a spec Pre-/Postcondition
pragma must come right after its subprogram will establish
consistency.)
(On the Ada Comments list, there seems to have been some agreement
that there should be some syntax in the future, perhaps obsoleting
this discussion...)
next reply other threads:[~2008-07-25 8:01 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-07-25 8:01 Georg Bauhaus [this message]
2008-07-25 10:50 ` On pragma Precondition etc stefan-lucks
2008-07-25 11:05 ` mockturtle
2008-07-25 11:44 ` Alex R. Mosteo
2008-07-25 11:56 ` Georg Bauhaus
2008-07-28 8:02 ` Alex R. Mosteo
2008-07-29 11:18 ` Martin Krischik
2008-07-29 12:08 ` Dmitry A. Kazakov
2008-07-29 14:19 ` Georg Bauhaus
2008-07-29 14:49 ` Georg Bauhaus
2008-07-29 15:00 ` Dmitry A. Kazakov
2008-07-29 15:14 ` Georg Bauhaus
2008-07-29 15:55 ` Georg Bauhaus
2008-07-29 17:49 ` Dmitry A. Kazakov
2008-07-30 9:06 ` Georg Bauhaus
2008-07-30 13:47 ` Dmitry A. Kazakov
2008-07-30 17:45 ` Georg Bauhaus
2008-07-31 8:12 ` Dmitry A. Kazakov
2008-07-31 23:06 ` Georg Bauhaus
2008-08-01 8:40 ` Dmitry A. Kazakov
2008-07-30 9:22 ` Georg Bauhaus
2008-07-30 13:56 ` Dmitry A. Kazakov
2008-07-25 14:39 ` Robert A Duff
2008-07-25 16:50 ` Pascal Obry
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox