From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=0.4 required=5.0 tests=BAYES_00,FORGED_MUA_MOZILLA
	autolearn=no autolearn_force=no version=3.4.4
X-Google-Thread: 103376,b78c363353551702
X-Google-NewGroupId: yes
X-Google-Attributes: gida07f3367d7,domainid0,public,usenet
X-Google-Language: ENGLISH,ASCII-7-bit
Received: by 10.68.228.227 with SMTP id sl3mr2974970pbc.5.1341323354133;
        Tue, 03 Jul 2012 06:49:14 -0700 (PDT)
Path: 
 l9ni10735pbj.0!nntp.google.com!news1.google.com!volia.net!news2.volia.net!feed-A.news.volia.net!news.musoftware.de!wum.musoftware.de!news.karotte.org!uucp.gnuu.de!newsfeed.arcor.de!newsspool2.arcor-online.net!news.arcor.de.POSTED!not-for-mail
Date: Tue, 03 Jul 2012 15:48:32 +0200
From: Georg Bauhaus <rm.dash-bauhaus@futureapps.de>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7;
 rv:13.0) Gecko/20120614 Thunderbird/13.0.1
MIME-Version: 1.0
Newsgroups: comp.lang.ada
Subject: Re: about the new Ada 2012 pre/post conditions
References: <jrsjr7$uuo$1@speranza.aioe.org> <js00co$clj$1@munin.nbi.dk>
 <1jvy3elqtnd1j.1sjbk32evhp1f$.dlg@40tude.net> <js2hq5$9fj$1@munin.nbi.dk>
 <1oih2rok18dmt.avbwrres5k12.dlg@40tude.net>
 <4fe59ea0$0$9502$9b4e6d93@newsspool1.arcor-online.net>
 <1mkp7fzlk1b0y.1ueinfjn48fcy$.dlg@40tude.net>
 <4fe72b6b$0$9504$9b4e6d93@newsspool1.arcor-online.net>
 <1bbvp3ghpjb5s.1go1s1qvcmagh$.dlg@40tude.net>
 <4fe76fad$0$9507$9b4e6d93@newsspool1.arcor-online.net>
 <1jt8vhzxfrv2i.eohce4d3rwx1$.dlg@40tude.net>
 <4fe83aaa$0$6624$9b4e6d93@newsspool2.arcor-online.net>
 <1pkfv0tiod3rn$.onx6dmaa3if9$.dlg@40tude.net>
 <Pine.LNX.4.64.1206251438390.12735@medsec1.medien.uni-weimar.de>
 <1i1mp8xs3vtl2.1oc4m66qtfgzq.dlg@40tude.net>
 <Pine.LNX.4.64.1206251734140.12735@medsec1.medien.uni-weimar.de>
 <bdpvyb9h7rvt.zbq0kbiq72wj.dlg@40tude.net>
 <Pine.LNX.4.64.1206261316320.22921@medsec1.medien.uni-weimar.de>
 <xmybo646240w$.13rwa9qwsliyp$.dlg@40tude.net> <jstvu4$jh4$1@munin.nbi.dk>
 <a555h2psfssb$.1be3awg0xbewa.dlg@40tude.net>
In-Reply-To: <a555h2psfssb$.1be3awg0xbewa.dlg@40tude.net>
Message-ID: <4ff2f831$0$6566$9b4e6d93@newsspool3.arcor-online.net>
Organization: Arcor
NNTP-Posting-Date: 03 Jul 2012 15:48:33 CEST
NNTP-Posting-Host: f63d9579.newsspool3.arcor-online.net
X-Trace: 
 DXC=U@D^a;W8MiMAa;:RKVJ>LEMcF=Q^Z^V3H4Fo<]lROoRA8kF<OcfhCOKFOi;j7TObNBnc\616M64>JLh>_cHTX3jM:7Nh`<AhZlC
X-Complaints-To: usenet-abuse@arcor.de
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Date: 2012-07-03T15:48:33+02:00
List-Id: <comp.lang.ada>

On 03.07.12 14:53, Dmitry A. Kazakov wrote:
> It is *not* OK to evaluate precondition of a program by the program itself.
> It is similar to how halting becomes a problem:

Three participants have already noted that starting from two
different assignments of meaning to words such as "contract"
and "program design", chances are that conclusions differ.

> procedure P is
> begin
>    while not HALT (P) loop
>       null;
>    end loop;
> end P;
> 
> All this boils down to self-referential stuff.


Yes. Normal program design can hope to get close to a primitive
recursive programming process.


procedure Design_Program is
  Result : Program;
  V      : Inputs_Iterator;
  Y,
  Expected : Outputs;

  Bug : exception;
begin
  loop
    Result := Design;
    V := Test_Suite;
    for X in V loop
      Expected := Knowledge (X);
      if STEP (Result, X) > THRESHOLD then
         raise Bug with "STEP";
      end if;
      if Y /= Expected then
         raise Bug with "FAIL";
      end if;
    end loop;
  end loop;
end Design_Program;

The programming process can strive for success in showing
that STEP <= THRESHOLD for all inputs. Bugs still leave
some risks. But reducing risk and still taking some risks
is normal engineering, isn't it?