From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-0.3 required=5.0 tests=BAYES_00,
	REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4
X-Google-Thread: 103376,99e73f65ea2533b9
X-Google-Attributes: gid103376,domainid0,public,usenet
X-Google-Language: ENGLISH,ASCII-7-bit
Path: 
 g2news1.google.com!news1.google.com!eweka.nl!lightspeed.eweka.nl!npeer.de.kpn-eurorings.net!npeer-ng2.kpn.DE!usenet-feed.fhg.de!news-koe1.dfn.de!news-lei1.dfn.de!news.uni-weimar.de!not-for-mail
From: stefan-lucks@see-the.signature
Newsgroups: comp.lang.ada
Subject: Re: and then... (a curiosity)
Date: Tue, 2 Sep 2008 15:32:40 +0200
Organization: Bauhaus-Universitaet Weimar
Message-ID: <Pine.LNX.4.64.0809021510300.11408@medsec1.medien.uni-weimar.de>
References: 
 <18b41828-bda4-4484-8884-ad62ce1c831d@f36g2000hsa.googlegroups.com>
  <57qdnfULQ9tzKCHVnZ2dnUVZ_tHinZ2d@comcast.com>
 <Pine.LNX.4.64.0809020925030.9968@medsec1.medien.uni-weimar.de>
 <48bd0003$1@news.post.ch>
 <Pine.LNX.4.64.0809021210200.10279@medsec1.medien.uni-weimar.de>
 <a328076a-5b2e-4e05-8a07-87de6e72cf1d@s50g2000hsb.googlegroups.com>
Reply-To: stefan-lucks@see-the.signature
NNTP-Posting-Host: medsec1.medien.uni-weimar.de
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Trace: tigger.scc.uni-weimar.de 1220358045 28406 141.54.178.228 (2 Sep 2008
 12:20:44 GMT)
X-Complaints-To: news@tigger.scc.uni-weimar.de
NNTP-Posting-Date: Tue, 2 Sep 2008 12:20:44 +0000 (UTC)
X-X-Sender: lucks@medsec1.medien.uni-weimar.de
In-Reply-To: 
 <a328076a-5b2e-4e05-8a07-87de6e72cf1d@s50g2000hsb.googlegroups.com>
Xref: g2news1.google.com comp.lang.ada:1863
Date: 2008-09-02T15:32:40+02:00
List-Id: <comp.lang.ada>

On Tue, 2 Sep 2008, Ludovic Brenta wrote:

> stefan-lu...@see-the.signature wrote:
> >   if (X >= A'First) and (X <= A'Last) and (A[X]=Y) then
> >     ...
> >   else
> >     ...
> >   end if;
> >
> > should *not* raise a Constraint_Error if X < A'First or X > A'Last, but
> > instead handle the "else" case.
> 
> Except that X may be a function returning a different value for each
> call!

On the level of formal logic, there isn't really space for side effects. 

> > The bad thing is that Constraint_Error counts as a valid side effect here.
> 
> And what would be an "invalid" side effect?

A "valid" side effect would, e.g., be changing a global variable. On the 
other hand, a function which raises an exception is essentially a function 
returning some value outside its domain (but inside an extended domain). 
This isn't quite like a side-effect -- only Ada pretends it is. 

> > Ideally, the program should check the other branches of the "and"
> > expression, and only propagate the exception if none of them evaluates to
> > false without raising an exception of its own.
> 
> No, because the Constraint_Error (or other exception, or other side
> effect such as logging, assignment to a variable, etc.) may be
> intentional! The compiler does not and should not try to read your
> mind. At least I would find it very disturbing to program in a
> language that would try to "do what I mean, not what I say".

Well, if the program requirements are that the side effects for A and B 
actually occur, I consider it poor programming style if people just write

  if A(X) and B(Y) then ... end if;

IMHO, much better style is the following:

  declare
    Tmp_A: Boolean := A(X);
    Tmp_B: Boolean := B(X);
  begin
    if Tmp_A and Tmp_B then ... end if;
  end;

This makes the programmers intention clear, "if A(X) and B(X)" doesn't. 

> > Consider a programm fragment like
> >
> >   if X and Y then
> >     ...
> >   end if
> >
> > Assume Y raises a Constraint_Error if X is false. This appears to be a
> > common bug pattern in Ada. 
[...]
> I have seen this bug a couple of times and always concluded it was
> *my* fault and that I should have used "and then" to specify that the
> order of evaluation was important. In such situation the mathematical
> "and" (where "X and Y" is strictly equivalent to "Y and X") is not
> what I want.

Right! 

But do you really dispute that following the mathematical conventions 
as much as possible would improve readability? 

> I definitely like the fact that Ada gives me the choice (short-circuit
> or full evaluation) and the means ("and" vs. "and then") to express my
> intent exactly.

A short-circuit "and" (instead of "and then") would not remove that choice 
-- see the "much better style" above. 

In any case, instead of an explicit syntax for short-circuit "and" an 
explict syntax for the rare non-short-circuit cases would be preferable, 
perhaps "if A(X) and all B(Y) then ... end if;".




-- 
------ Stefan Lucks   --  Bauhaus-University Weimar  --   Germany  ------
               Stefan dot Lucks at uni minus weimar dot de
------  I  love  the  taste  of  Cryptanalysis  in  the  morning!  ------