From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM autolearn=unavailable autolearn_force=no version=3.4.4 X-Received: by 10.182.158.6 with SMTP id wq6mr13361830obb.13.1429898369093; Fri, 24 Apr 2015 10:59:29 -0700 (PDT) X-Received: by 10.182.252.66 with SMTP id zq2mr79820obc.38.1429898369072; Fri, 24 Apr 2015 10:59:29 -0700 (PDT) Path: border2.nntp.dca1.giganews.com!nntp.giganews.com!news.glorb.com!l13no9598211iga.0!news-out.google.com!n7ni15981igk.0!nntp.google.com!l13no9598209iga.0!postnews.google.com!glegroupsg2000goo.googlegroups.com!not-for-mail Newsgroups: comp.lang.ada Date: Fri, 24 Apr 2015 10:59:28 -0700 (PDT) In-Reply-To: Complaints-To: groups-abuse@google.com Injection-Info: glegroupsg2000goo.googlegroups.com; posting-host=75.161.70.239; posting-account=lJ3JNwoAAAAQfH3VV9vttJLkThaxtTfC NNTP-Posting-Host: 75.161.70.239 References: <2430252d-52a1-4609-acef-684864e6ca0c@googlegroups.com> User-Agent: G2/1.0 MIME-Version: 1.0 Message-ID: Subject: Re: {Pre,Post}conditions and side effects From: Shark8 Injection-Date: Fri, 24 Apr 2015 17:59:29 +0000 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Xref: number.nntp.giganews.com comp.lang.ada:192906 Date: 2015-04-24T10:59:28-07:00 List-Id: On Monday, December 22, 2014 at 4:32:22 PM UTC-7, Randy Brukardt wrote: > "Jean Fran=E7ois Martinez" wrote in message=20 > >First time I read about Pre-Post conditions in Ada 2012 I felt some=20 > >disconfort about > >functions invoked in pre/post conditions being allowed to have side=20 > >effects. Tus it is > >possible to have programs that work when checks are enabled and break wh= en=20 > >they > >are disabled that because the side effets "make them work". I don't li= ke=20 > >"solutions" > >like "the compiler will allow you to soot yourself in the foot so be=20 > >careful". That is C > >not Ada > > > >Perhaps it would have been a good idea to have a No_Side_Effects aspect = and=20 > >only > >functions labelled with this pragma would be allowed in pre/post=20 > >conditions. >=20 > This was proposed with the original proposal. It was eventually dropped= =20 > because it is too hard to define what a side-effect actually is (easy=20 > definitions are too fierce). >=20 > [SNIP] >=20 > To summarize, we spent a lot of time agonizing about this particular issu= e,=20 > wording solutions, and the like. It's most certainly not the case that it= =20 > wasn't considered, but more that we felt that the alternative of strong= =20 > restrictions would be barely usable. >=20 > Randy Brukardt, ARG Editor. I too don't like the possibility of letting the side-effects of aspects imp= act program correctness, but you do present some good reasoning (the diffic= ulty of defining those, and the immaturity of static-analysis on that point= [if it's not defined, you can't check it]). -- All that said, thank you, a= nd the rest of the ARG, for your work on Ada in-general, and this issue in = particular.