From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=0.4 required=5.0 tests=BAYES_00,FORGED_MUA_MOZILLA autolearn=no autolearn_force=no version=3.4.4 X-Google-Thread: 103376,b78c363353551702 X-Google-NewGroupId: yes X-Google-Attributes: gida07f3367d7,domainid0,public,usenet X-Google-Language: ENGLISH,ASCII-7-bit Received: by 10.68.227.67 with SMTP id ry3mr7131514pbc.8.1340567470678; Sun, 24 Jun 2012 12:51:10 -0700 (PDT) Path: l9ni15551pbj.0!nntp.google.com!news2.google.com!goblin2!goblin.stu.neva.ru!xlned.com!feeder1.xlned.com!npeer.de.kpn-eurorings.net!npeer-ng0.de.kpn-eurorings.net!newsfeed.arcor.de!newsspool1.arcor-online.net!news.arcor.de.POSTED!not-for-mail Date: Sun, 24 Jun 2012 21:51:08 +0200 From: Georg Bauhaus User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:12.0) Gecko/20120428 Thunderbird/12.0.1 MIME-Version: 1.0 Newsgroups: comp.lang.ada Subject: Re: about the new Ada 2012 pre/post conditions References: <1hgo6aks03zy.by4pq4xbjsgf$.dlg@40tude.net> <1jvy3elqtnd1j.1sjbk32evhp1f$.dlg@40tude.net> <1oih2rok18dmt.avbwrres5k12.dlg@40tude.net> <4fe59ea0$0$9502$9b4e6d93@newsspool1.arcor-online.net> <1mkp7fzlk1b0y.1ueinfjn48fcy$.dlg@40tude.net> <4fe72b6b$0$9504$9b4e6d93@newsspool1.arcor-online.net> <1bbvp3ghpjb5s.1go1s1qvcmagh$.dlg@40tude.net> In-Reply-To: <1bbvp3ghpjb5s.1go1s1qvcmagh$.dlg@40tude.net> Message-ID: <4fe76fad$0$9507$9b4e6d93@newsspool1.arcor-online.net> Organization: Arcor NNTP-Posting-Date: 24 Jun 2012 21:51:09 CEST NNTP-Posting-Host: 3389b79c.newsspool1.arcor-online.net X-Trace: DXC=X]]T_@P]\Dic==]BZ:afN4Fo<]lROoRAnkgeX?EC@@@[A^MO;>XjJGPCY\c7>ejVHUA8SZ>dQUNG7lmI25kaf]B X-Complaints-To: usenet-abuse@arcor.de Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Date: 2012-06-24T21:51:09+02:00 List-Id: On 24.06.12 18:06, Dmitry A. Kazakov wrote: > On Sun, 24 Jun 2012 16:59:55 +0200, Georg Bauhaus wrote: > >> On 23.06.12 13:01, Dmitry A. Kazakov wrote: >>> Compare: a contract violation is an *unbounded ERROR*. >> >> Do you mean, I should imagine a contract violation that, >> when checks are turned off, result in erroneous execution? > > The effect of contract violation is unbounded because not contracted. The effect of a contract violation is part of the contract between client and supplier, by definition, even when it appears to be rather trivial: When working under the rules of DbC, a violation that is detected by the contract checking system must engage the exception mechanism. This mechanism is supposed to entail a rescuing action, recursively, or a bail out---and there is LRM 11.6, anyway. So, 1. if X0 might violate the contract of ADT[*] Y, then X0, or some Xn on X0's behalf, must handle the effect of the violation, as outlined. There is a guarantee that every (efficiently decidable, let us say) violation is detected if (a) checks are on, or (b) the proof obligation has had the effect of showing that there is no violation, for all inputs. 2. Effects of exceptional situations may or may not be expressible at all, due to the nature of Ada exceptions that, unfortunately, cover both "exceptional situation" and "non-local transfer of control". In "exceptional situation", there may not be any form of control because this is what the word "exception" means in this case: the program can control all situations except those whose effects are not known when designing. We would be trying to handle Program_Error in advance. > When you say that something behaves in a certain way under specified > conditions, e.g. raises exception when out of range, that is the contract. > > 1. violation => nothing guaranteed > 2. effect is bounded => these bounds are in the contract > > 1+2 = contract violation is necessarily *equivalent* to undefined behavior. > > What is so difficult about this? It is a theory in a different universe of notions. __ [*] A contract as in Design by Contract applies to ADTs only, somewhat like the full set of different aspects is made for ADTs in Ada 2012.