From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID
	autolearn=no autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 103376,2e71cf22768a124d
X-Google-Attributes: gid103376,public
From: bobduff@world.std.com (Robert A Duff)
Subject: Re: next "big" language?? (disagree)
Date: 1996/06/25
Message-ID: <DtK4z1.9G1@world.std.com>#1/1
X-Deja-AN: 162064542
references: <ag129.511.000A9CE9@ucs.cam.ac.uk> <JSA.96Jun19115535@organon.com>
 <dewar.835306677@schonberg> <DtIqn8.ADH@thomsoft.com>
organization: The World Public Access UNIX, Brookline, MA
newsgroups: comp.lang.ada
Date: 1996-06-25T00:00:00+00:00
List-Id: <comp.lang.ada>


In article <DtIqn8.ADH@thomsoft.com>, Keith Thompson <kst@thomsoft.com> wrote:
>What gets interesting is having an option to disable assertion checking
>(as GNAT does).  If the checking is disabled, may the compiler still
>assume that X /= 0?  GNAT has chosen not to make this assumption.
>The alternative model (which I prefer) is to treat assertions in much
>the same was as predefined checks; execution of code that violates an
>assertion is erroneous.

I would think both ways of disabling would be useful.  The latter is
equivalent to pragma Suppress, with an implementation-defined check
name.

>By the way, here's another way to implement assertions without special
>compiler support:
>
>      subtype Truth is Boolean range True .. True;

>...This is probably an incomplete solution, since I *think* the
                        ^^^^^^^^^^
You misspelled "incorrect".  ;-)

>compiler is allowed to eliminate X_Non_Zero if it's never referenced.

Exactly.  11.6 says that the check can be eliminated.  If you're
implementing your own assertions, you want to use an explicit
raise_statement to raise the exception, since 11.6 doesn't apply to
explicit raise_statements.

Just define these in some with'ed-everywhere package:

    procedure Assert(Condition: Boolean) is
    begin
        if not Condition then
            raise Assertion_Failed;
        end if;
    end Assert;
    
    type Dummy is (Junk);
    function Assert(Condition: Boolean) return Dummy is
    begin
        Assert(Condition);
        return Junk; -- Ignored return value.
    end Assert;

The latter is so you can assert things in declarative contexts:

    subtype S is range 1..Function_Call(X);
    D: Dummy := Assert(S'Last > 10);

I find that the majority of assertions in my code are in declarative
contexts.  This is because a precondition for a procedure ought to be
evaluated before the procedure does anything, and the declarative part
of a procedure does stuff.  It's annoying that I can't just say
"Assert(S'Last > 10);" there.

In GNAT, the "pragma" before Assert is slightly less annoying.

>Perhaps pragma Volatile can be used to work around this, but that
>introduces other complications.

Hmm.  I hadn't thought of using Volatile in that way.

- Bob