From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-0.3 required=5.0 tests=BAYES_00, REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4 X-Google-Thread: 103376,ea5071f634c2ea8b X-Google-NewGroupId: yes X-Google-Attributes: gida07f3367d7,domainid0,public,usenet X-Google-Language: ENGLISH,ASCII-7-bit Received: by 10.68.0.170 with SMTP id 10mr7508563pbf.2.1322126888895; Thu, 24 Nov 2011 01:28:08 -0800 (PST) Path: lh20ni12231pbb.0!nntp.google.com!news2.google.com!goblin1!goblin2!goblin.stu.neva.ru!aioe.org!.POSTED!not-for-mail From: "Dmitry A. Kazakov" Newsgroups: comp.lang.ada Subject: Re: Generic-Package Elaboration Question / Possible GNAT Bug. Date: Thu, 24 Nov 2011 10:27:48 +0100 Organization: cbb software GmbH Message-ID: References: <7bf9bc32-850a-40c6-9ae2-5254fe220533@f29g2000yqa.googlegroups.com> <3snehoqgs8ia$.1nobjem6g6hx6$.dlg@40tude.net> <128rdz2581345$.c4td19l7qp9z$.dlg@40tude.net> <16ipwvpdavifr$.17bxf7if7f6kh$.dlg@40tude.net> <4ecb78b1$0$6643$9b4e6d93@newsspool2.arcor-online.net> <1iofgbqznsviu$.phvidtvxlyj4$.dlg@40tude.net> <4ecbb96e$0$6581$9b4e6d93@newsspool3.arcor-online.net> <4ecbdfdb$0$6629$9b4e6d93@newsspool2.arcor-online.net> <12hfiflyf7pr5$.l3pkpgoid8xt$.dlg@40tude.net> <1ecuhb030iugz.4q1hfjx371xa.dlg@40tude.net> <4ecc393d$0$7625$9b4e6d93@newsspool1.arcor-online.net> <124aq618dmove.884jj64mzm6w$.dlg@40tude.net> <1jxx617mf2cqf$.1j076axdq83mr$.dlg@40tude.net> <1cjufyo57vlpg$.11kf45cs5vnb7.dlg@40tude.net> Reply-To: mailbox@dmitry-kazakov.de NNTP-Posting-Host: FbOMkhMtVLVmu7IwBnt1tw.user.speranza.aioe.org Mime-Version: 1.0 X-Complaints-To: abuse@aioe.org User-Agent: 40tude_Dialog/2.0.15.1 X-Notice: Filtered by postfilter v. 0.8.2 Xref: news2.google.com comp.lang.ada:14592 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Date: 2011-11-24T10:27:48+01:00 List-Id: On Thu, 24 Nov 2011 08:07:45 +0000, Simon Wright wrote: > To take Georg's example of the stack, I don't see how you're going to > express the fact that its capacity is bounded other than by comments > about constraint errors or by preconditions. The point is that when this behavior can be expressed then that expression is static, per definition of the word "expressed." When it cannot be expressed then it is not. A dynamic precondition does not express anything, because it is unknown until run-time. If it is known, then it is not dynamic. > I seem to be tempted into speculations about SPARK at this point. Stacks > seem to be a rather dangerous construct from the point of view of > proving correctness, logic not being very good at counting. SPARK does it right, Eiffel and now Ada do it wrong. My plea is not to full ourselves. If correctness cannot be proved statically, then the requirement expressed by the precondition must be considered as not satisfied. That precondition must be replaced by "true", and the corresponding exception (Stack_Full) added to the postcondition. The clients must respect this new contract and handle Stack_Full. I would like Ada integrated rather with SPARK than with Eiffel, allowing the programmer to choose between static correctness and, when that does not work or seem to be too expensive, contracts extended with exceptions. -- Regards, Dmitry A. Kazakov http://www.dmitry-kazakov.de