From: stefan-lucks@see-the.signature
Subject: Re: On pragma Precondition etc.
Date: Fri, 25 Jul 2008 12:50:41 +0200
Date: 2008-07-25T12:50:41+02:00 [thread overview]
Message-ID: <Pine.LNX.4.64.0807251224010.10913@medsec1.medien.uni-weimar.de> (raw)
In-Reply-To: <4889886d$0$18827$9b4e6d93@newsspool2.arcor-online.net>
On Fri, 25 Jul 2008, Georg Bauhaus wrote:
> We would have something like
>
> function More(X, Y: Integer);
> -- ...
> pragma Precondition(More, X > 2 * Y);
>
>
> function Less(X, Y: Integer);
> -- ...
> pragma Precondition(Less, X < 2 * Y);
>
> And now there is no doubt about the subprogram to which a
> Pre-/Postcondition belongs. (A rule that a spec Pre-/Postcondition
> pragma must come right after its subprogram will establish
> consistency.)
This seems to break with overloading of subprogram names. I seem to recall
that
"pragma Inline(Foo)"
is asking to inlie *all* functions / procedures with the name "Foo". This
may be OK for inlining, but you definitively don't want to use the same
preconditions which happen to have the same way. Consider the following:
function More(X, Y: Integer) return Integer;
pragma Precondition(More, X > 2 * Y); --1--
function More(X, Y: Integer) return Boolean;
pragma Precondition(More, (X>0) or (Y>0)); --2--
function More(X, Y: Whatever) return Whatever; --3--
The intention is that precondition --1-- sticks to the function returning
Integer and precondition --2-- sticks to the one returning Boolean -- not
that both preconditions stick to both functions!
And neither precondition should stick to the function marked by --3--.
Depending on the type Whatever, that shouldn't even compile ...
So the syntactical link between a subprogram declaration and its
precondition cannot just depend on the subprogram name. But then, the
function name actually becomes redundant, and the current GNAT convention
appears to be the better one:
function More(X, Y: Integer) return Integer;
pragma Precondition(X > 2 * Y); --1--
function More(X, Y: Integer) return Boolean;
pragma Precondition((X>0) or (Y>0)); --2--
function More(X, Y: Whatever) return Whatever; --3--
An alternative would be to repeat the entire function declaration in the
pragma:
function More(X, Y: Integer) return Integer;
pragma Precondition(function More(X,Y: Integer) return Integer,
X > 2 * Y); --1--
Ada is always a bit verbose, which often is good for readability. But this
would throw a bit too much of redundant information at the reader.
Stefan
--
------ Stefan Lucks -- Bauhaus-University Weimar -- Germany ------
Stefan dot Lucks at uni minus weimar dot de
------ I love the taste of Cryptanalysis in the morning! ------
next prev parent reply other threads:[~2008-07-25 10:50 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-07-25 8:01 On pragma Precondition etc Georg Bauhaus
2008-07-25 10:50 ` stefan-lucks [this message]
2008-07-25 11:05 ` mockturtle
2008-07-25 11:44 ` Alex R. Mosteo
2008-07-25 11:56 ` Georg Bauhaus
2008-07-28 8:02 ` Alex R. Mosteo
2008-07-29 11:18 ` Martin Krischik
2008-07-29 12:08 ` Dmitry A. Kazakov
2008-07-29 14:19 ` Georg Bauhaus
2008-07-29 14:49 ` Georg Bauhaus
2008-07-29 15:00 ` Dmitry A. Kazakov
2008-07-29 15:14 ` Georg Bauhaus
2008-07-29 15:55 ` Georg Bauhaus
2008-07-29 17:49 ` Dmitry A. Kazakov
2008-07-30 9:06 ` Georg Bauhaus
2008-07-30 13:47 ` Dmitry A. Kazakov
2008-07-30 17:45 ` Georg Bauhaus
2008-07-31 8:12 ` Dmitry A. Kazakov
2008-07-31 23:06 ` Georg Bauhaus
2008-08-01 8:40 ` Dmitry A. Kazakov
2008-07-30 9:22 ` Georg Bauhaus
2008-07-30 13:56 ` Dmitry A. Kazakov
2008-07-25 14:39 ` Robert A Duff
2008-07-25 16:50 ` Pascal Obry
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox