From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Thread: 103376,64f0fb07a88662b1 X-Google-Attributes: gid103376,public X-Google-Language: ENGLISH,ASCII-7-bit Path: g2news1.google.com!news3.google.com!news.glorb.com!border1.nntp.dca.giganews.com!nntp.giganews.com!local01.nntp.dca.giganews.com!nntp.megapath.net!news.megapath.net.POSTED!not-for-mail NNTP-Posting-Date: Fri, 01 Apr 2005 17:15:07 -0600 From: "Randy Brukardt" Newsgroups: comp.lang.ada References: Subject: Re: Contract checking in Ada Date: Fri, 1 Apr 2005 17:17:28 -0600 X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 5.50.4927.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4927.1200 Message-ID: NNTP-Posting-Host: 64.32.209.38 X-Trace: sv3-LWuusEBvuXWnsbjmphT2bBkBR5dnt/i+j7HaM+kJwAJveJ0U02aWCUz66tAXoeAaUiLFvsjfkTCJfdw!hhlg0JO/7dcivbw0EdV4s4P1W8iUbvRBM6strZfqZgPcuTzCAyChV7DA7VzNbzp7qMHOSKlnPrDh X-Complaints-To: abuse@megapath.net X-DMCA-Complaints-To: abuse@megapath.net X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your complaint properly X-Postfilter: 1.3.32 Xref: g2news1.google.com comp.lang.ada:10231 Date: 2005-04-01T17:17:28-06:00 List-Id: "Tapio Kelloniemi" wrote in message news:Oe73e.6358$qc.2422@reader1.news.jippii.net... ... > Programming by contract features are IMHO disabled (speaking in free > software terminology) when a stable version is released, or in other > words, when a final product goes out. That's a horrible idea. That's like wearing a life-preserver when training on land, and then discarding it when you go to sea! The problem is that assertions of all stripes (like runtime checks) detect unanticipated conditions before much damage is done. And no one antipicates (and thus tests) every possible issue. Yes, sometimes you have to suppress checks (and conditions), but you want to do that only in the most performance critical parts of your application. A feature that makes your whole application like that is a feature that will be rarely used. > Xconditions are certainly a huge > performance hit, but not as much as inserting a break point at the > beginning and end of every subprogram in a debugger and then manually > examining parameter and result values, if program behaves oddly. All other > run-time checks are also expensive and that is why Ada provides a way to > disable them. Xconditions could actually speed up code that is considered > to be stable. This is because subprograms' parameters' validity checking > can be written as a precondition and does not need to be executed, when > the caller knows that a bad value cannot be passed in any situation. > For example subprograms of Ada.Strings's child packages have many checks for > their parameters' validity and as some of the subprograms are implemented > (in GNAT) in terms of others, the checks are doubled. That's also a bad idea. Indeed, we had something like that in pragma Assert and eventually dropped it because of the objections. Again, the issue is that you need to be checking for the unanticipated. You shouldn't be assuming that the asserts will pass without checking. OTOH, the compiler may be able to optimize out checks and preconditions on calls given the preconditions on the arguments. That's fine (its the reason for the null exclusion, for instance); but doing so by assumption, rather than by checking, is bad news. Randy.