From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=unavailable autolearn_force=no version=3.4.4 Path: buffer1.nntp.dca1.giganews.com!border1.nntp.dca1.giganews.com!nntp.giganews.com!goblin3!goblin.stu.neva.ru!news-2.dfn.de!news.dfn.de!news.uni-weimar.de!medsec1.medien.uni-weimar.de!lucks From: Stefan.Lucks@uni-weimar.de Newsgroups: comp.lang.ada Subject: Re: {Pre,Post}conditions and side effects Date: Tue, 9 Jun 2015 19:16:22 +0200 Organization: Bauhaus-Universitaet Weimar Message-ID: References: <2430252d-52a1-4609-acef-684864e6ca0c@googlegroups.com> <9ee5e186-5aaa-4d07-9490-0f9fdbb5ca18@googlegroups.com> <87tww5296f.fsf@adaheads.sparre-andersen.dk> <871tj9dp5b.fsf@theworld.com> <87oali5i6n.fsf@adaheads.sparre-andersen.dk> <87617povr4.fsf@adaheads.sparre-andersen.dk> NNTP-Posting-Host: medsec1.medien.uni-weimar.de Mime-Version: 1.0 Content-Type: multipart/mixed; BOUNDARY="8323329-1331327714-1433870183=:27469" X-Trace: pinkpiglet.scc.uni-weimar.de 1433870634 9146 141.54.178.228 (9 Jun 2015 17:23:54 GMT) X-Complaints-To: news@pinkpiglet.scc.uni-weimar.de NNTP-Posting-Date: Tue, 9 Jun 2015 17:23:54 +0000 (UTC) X-X-Sender: lucks@debian In-Reply-To: User-Agent: Alpine 2.20 (DEB 67 2015-01-07) Xref: number.nntp.giganews.com comp.lang.ada:193547 Date: 2015-06-09T19:16:22+02:00 List-Id: --8323329-1331327714-1433870183=:27469 Content-Type: text/plain; charset=iso-8859-15; format=flowed Content-Transfer-Encoding: QUOTED-PRINTABLE On Tue, 9 Jun 2015, G.B. wrote: > It has been suggested in some places that assertion control > should be exercised with the help of a Config package. > > with $Condition$ =3D> > (if Config.Is_Expensive_Test_666 (N) > then True > =09else (for all I in 2 .. N-1 =3D> (N mod I) /=3D 0)); On one hand, it is cool that the syntax for contracts is sufficiently=20 flexible to allow this kind of thing, On the other hand, this is a plain=20 abuse of the syntax for contracts, and it significantly decreases the=20 contract's readability, because the real meaning is just $Condition$ =3D> (for all I in 2 .. N-1 =3D> (N mod I) /=3D 0) while the rest *could* be misunderstood as "under certain circumstances, the above condition doesn't need to hold", rather than "this condition=20 must always hold, even though it is not always checked or verified". > While it was considered practical, maybe even charming because Config > is just Ada, allowing to choose configuration names, permitting > conditional conditions (cf. N above), it would inevitably introduce > idiosyncrasies and, more importantly IMO, shift attention to Config > stuff. Indeed! A somewhat lightweigt extension of the Ada 2012 syntax could allow=20 $Condition$(Boolean_Expression), with $Condition$(True) being the same=20 as $Condition$, e.g.: pre(False) =3D> -- require this, but never check (for all I in 2 .. N-1 =3D> (N mod I) /=3D 0), pre(Testing_Level >=3D Minimum ) =3D> ((N mod 2 /=3D 0) and then (N mod 3 /=3D 0)); pre(Testing_Level >=3D High) =3D> -- checked during nightly tests (for all I in 5 .. Num_Type'Min(2**32, N-1) =3D> (N mod I) /=3D 0)), ------ I love the taste of Cryptanalysis in the morning! ------ uni-weimar.de/de/medien/professuren/mediensicherheit/people/stefan-lucks --Stefan.Lucks (at) uni-weimar.de, Bauhaus-Universit=E4t Weimar, Germany-- --8323329-1331327714-1433870183=:27469--