From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
	autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 103376,7a7040918881fd02
X-Google-Attributes: gid103376,public
X-Google-ArrivalTime: 2002-01-11 20:56:26 PST
Path: archiver1.google.com!postnews1.google.com!not-for-mail
From: dewar@gnat.com (Robert Dewar)
Newsgroups: comp.lang.ada
Subject: Re: Assertions in the Next Ada Standard
Date: 11 Jan 2002 20:56:26 -0800
Organization: http://groups.google.com/
Message-ID: <5ee5b646.0201112056.2a9a2786@posting.google.com>
References: <3C3E8438.E780D942@adaworks.com> <3C3F45EE.7030808@look.ca>
 <3C3F4D9B.79019B90@spamcop.net>
NNTP-Posting-Host: 205.232.38.14
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Trace: posting.google.com 1010811386 5788 127.0.0.1 (12 Jan 2002 04:56:26
 GMT)
X-Complaints-To: groups-abuse@google.com
NNTP-Posting-Date: 12 Jan 2002 04:56:26 GMT
Xref: archiver1.google.com comp.lang.ada:18812
Date: 2002-01-12T04:56:26+00:00
List-Id: <comp.lang.ada>

Wes Groleau <wesgroleau@spamcop.net> wrote in message news:<3C3F4D9B.79019B90@spamcop.net>...
> >      declare
> >          Const_X : constant Integer := X;
> >          -- invariant X
> >          Pos_Y : Positive := Y;
> >          -- ensure Y > 0
> >          -- invariant (Y > 0)
> >      begin
> >          loop
> >              ...
> >          end loop;
> >      end;
> 
> The "ensure" works, but not the "invariants."  Neither of those
> declarations prevents an assignment to X or Y.
> 
> I never saw the official proposal (if there was one) but
> I'd think it should be inside a subprogram:
> 
> pragma Require   ( condition );
> pragma Invariant ( condition );
> pragma Ensure    ( condition );
> 
> or after a subprogram declaration:
> 
> pragma Require   ( subprogram, condition );
> pragma Invariant ( subprogram, condition );
> pragma Ensure    ( subprogram, condition );
> 
> Rules of scope could be based on those of Eiffel, unless Eiffel
> experience has shown a need for modification.
> 
> Since they're pragmas, any vendor could try them out without
> affecting validation.


Probably more realistically, someone could implement these
in the FSF version of GNAT perhaps. I doubt any vendor is
likely to do work in this area, I certainly have not seen
any significant interest from any of our supported users
in such a feature.

Robert Dewar
Ada Core Technologies