From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Thread: 103376,64f0fb07a88662b1 X-Google-Attributes: gid103376,public X-Google-Language: ENGLISH,ASCII-7-bit Path: g2news1.google.com!news1.google.com!news4.google.com!news3.google.com!news.glorb.com!feeder.enertel.nl!nntpfeed-01.ops.asmr-01.energis-idc.net!216.196.110.149.MISMATCH!border2.nntp.ams.giganews.com!border1.nntp.ams.giganews.com!nntp.giganews.com!feeder2.news.jippii.net!reader1.news.jippii.net!53ab2750!not-for-mail From: Tapio Kelloniemi Subject: Re: Contract checking in Ada References: Newsgroups: comp.lang.ada Message-ID: Date: Fri, 01 Apr 2005 08:02:54 GMT NNTP-Posting-Host: 217.30.176.187 X-Complaints-To: newsmaster@saunalahti.com X-Trace: reader1.news.jippii.net 1112342574 217.30.176.187 (Fri, 01 Apr 2005 11:02:54 EEST) NNTP-Posting-Date: Fri, 01 Apr 2005 11:02:54 EEST Organization: Saunalahti Customer Xref: g2news1.google.com comp.lang.ada:10204 Date: 2005-04-01T08:02:54+00:00 List-Id: Randy Brukardt wrote: >"Martin Dowie" wrote in message >news:d2hcqs$ct0$1@sparta.btinternet.com... >> Tapio Kelloniemi wrote: >> > But back to my original question, how could I implement programming by >> > contract now when the designers have abandoned it in their great wisdom? >> >> And I don't think you're being very fair to the Ada0Y team. The effort >> that has gone into/is going into it is still huge! I did not mean that quite seriously, though I'm sad programming by contract got rejected. If I did not appreciate the work of AdaXY teams, I would not be here asking questions and wasting your time. >> It would be great if there were dozens of volunteers to promote new >> proposals but the sad truth is very few people are capable of writing an >> amendment to the RM (and I certainly include myself is the 'not able' >> camp). When people talk about "language lawyers" it isn't far from the >> truth! The knowledge of the language has to be absolutely inside-out if >> you want to be able to amend the actual language - not so much the >> standard library but even that's tricky. I agree. Looking at references of other languages reveals that some are quite different from ARM, and not in the positive sense. Some I have read are almost tutorials to the language with very few syntax descriptions. Such manuals certainly are ambiguous in many places and some concepts ar eleft unclear altogether. >Yes, and they have to be very carefully reviewed, both for language issues >and for implementation ones. (You don't want the new features to cause >programs to run much slower -- the dreaded "distributed overhead"). These >proposals kept getting messier and messier, and that played a part in their >eventually being abandoned. You don't have to tell, I've programmed in C++ (hopefully there aren't any C++ programmers reading this...) >For instance, Postconditions required a mechanism to get at the original >values of parameters. Which meant that those values had to be saved >somewhere. That would be a huge performance hit unless it is possible to >tell in advance whether or not the original value would be required. We >never had a proposal with that property (it really needs to be visible on a >purely syntax basis; otherwise it can be too complex to figure out, as it >would depend on name resolution and visibility). Programming by contract features are IMHO disabled (speaking in free software terminology) when a stable version is released, or in other words, when a final product goes out. Xconditions are certainly a huge performance hit, but not as much as inserting a break point at the beginning and end of every subprogram in a debugger and then manually examining parameter and result values, if program behaves oddly. All other run-time checks are also expensive and that is why Ada provides a way to disable them. Xconditions could actually speed up code that is considered to be stable. This is because subprograms' parameters' validity checking can be written as a precondition and does not need to be executed, when the caller knows that a bad value cannot be passed in any situation. For example subprograms of Ada.Strings's child packages have many checks for their parameters' validity and as some of the subprograms are implemented (in GNAT) in terms of others, the checks are doubled. -- Tapio