From: Richard D Riehle <laoXhai@ix.netcom.com>
Subject: Re: Assertions
Date: 1999/05/18
Date: 1999-05-17T18:02:46-07:00 [thread overview]
Message-ID: <7hqe7m$q7i@sjx-ixn1.ix.netcom.com> (raw)
In-Reply-To: 3739CECA.6A49865B@averstar.com
In article <3739CECA.6A49865B@averstar.com>,
Tucker Taft <stt@averstar.com> wrote:
>In any case, here is a strawman:
>
> pragma Assert(boolean_expression [, string_expression]);
>
In one of my JOOP columns I proposed going a little further,
coming closer to the Eiffel model,
pragma Pre_condition (boolean_expression [ ... ]);
pragma Post_condition (boolean_expression [ ... ]);
pragma Invariant (boolean_expression [ ... ]);
with the further suggestion that we adopt Require, Ensure, and
Invariant from the Eiffel language.
One must be careful with assertions as pragmas. It is quite
possible to declare a non-sensical assertion that is never
detected by the compiler. When declaring assertions for a
derivation class, one can construct a boolean expression that
holds for the root of the class but fails for some derived type.
This is a fundamental problem with assertions. The more conservative
approach of Ada, in which every type is invariant tends to be more
appropriate for safety-critical software. If there were some way
to formally prove, through a software routine, that an assertion
did not resolve to some completely silly set of propositions during
the derivation process, we might be more inclined to depend on them.
As things stand now, assertion pragmas, while a good idea on the
surface, could easily create more problems than they solve.
I think we need to proceed with some caution in this area. SPARK
does take a very conservative approach with assertions. However,
SPARK does not support extensible derivation classes. This eliminates
one of the potential dangers of relying on assertions. Am I being too
cautious here?
Richard Riehle
richard@adaworks.com
http://www.adaworks.com
next prev parent reply other threads:[~1999-05-18 0:00 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
1999-05-10 0:00 Assertions J & A Richardson
1999-05-10 0:00 ` Assertions Marin David Condic
1999-05-11 0:00 ` Assertions Robert Dewar
1999-05-11 0:00 ` Assertions Nick Roberts
1999-05-11 0:00 ` Assertions Robert Dewar
1999-05-12 0:00 ` Assertions Dale Stanbrough
1999-05-12 0:00 ` Assertions Robert Dewar
1999-05-12 0:00 ` Assertions Tucker Taft
1999-05-12 0:00 ` Assertions Larry Kilgallen
1999-05-12 0:00 ` Assertions Tucker Taft
1999-05-13 0:00 ` Assertions Nick Roberts
1999-05-17 0:00 ` Assertions Dale Stanbrough
1999-05-19 0:00 ` Assertions Nick Roberts
1999-05-22 0:00 ` Assertions Dale Stanbrough
1999-05-22 0:00 ` Assertions Ray Blaak
1999-05-22 0:00 ` Assertions Robert Dewar
1999-05-23 0:00 ` Assertions Nick Roberts
1999-05-24 0:00 ` Assertions Dale Stanbrough
1999-05-24 0:00 ` Assertions Ray Blaak
1999-05-22 0:00 ` Assertions Robert Dewar
1999-05-23 0:00 ` Assertions Nick Roberts
1999-05-12 0:00 ` Assertions Marin David Condic
1999-05-18 0:00 ` Richard D Riehle [this message]
1999-05-19 0:00 ` Assertions Nick Roberts
1999-05-19 0:00 ` Assertions Richard D Riehle
1999-05-20 0:00 ` Assertions stimuli
1999-05-21 0:00 ` Assertions Richard D Riehle
1999-05-21 0:00 ` Assertions Robert Dewar
1999-05-20 0:00 ` Assertions Ehud Lamm
1999-05-21 0:00 ` Assertions Robert Dewar
1999-05-21 0:00 ` Assertions Ehud Lamm
1999-05-21 0:00 ` Assertions Tucker Taft
1999-05-20 0:00 ` Assertions stimuli
1999-05-12 0:00 ` Assertions Peter Amey
1999-05-12 0:00 ` Assertions Robert Dewar
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox