From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: f891f,9d58048b8113c00f X-Google-Attributes: gidf891f,public X-Google-Thread: 1014db,9d58048b8113c00f X-Google-Attributes: gid1014db,public X-Google-Thread: 101deb,b20bb06b63f6e65 X-Google-Attributes: gid101deb,public X-Google-Thread: 10cc59,9d58048b8113c00f X-Google-Attributes: gid10cc59,public X-Google-Thread: 103376,2e71cf22768a124d X-Google-Attributes: gid103376,public From: dewar@cs.nyu.edu (Robert Dewar) Subject: Re: next "big" language?? (disagree) Date: 1996/06/20 Message-ID: #1/1 X-Deja-AN: 161770584 references: <4q707h$1r2@krusty.irvine.com> organization: Courant Institute of Mathematical Sciences newsgroups: comp.lang.pascal,comp.lang.c,comp.lang.misc,comp.lang.pl1,comp.lang.ada Date: 1996-06-20T00:00:00+00:00 List-Id: Jon said "I have to agree with Jon's point here. I don't see any reason why the definition of the language would have to prevent the compiler from using the information for optimization. If the customer didn't want that to happen, the vendor could add a command-line option or pragma to tell the compiler not to. Don't Ada compilers already have command-line options and/or pragmas to control how much optimization takes place, anyway?" This is really quite a tricky and subtle issue. If you do not see any problem, then it is likely you don't see the issues fully yet. The basic problem is that the notion of assertion can mean many things, and at the level of discussing the precise semantics of assertions, there are fundamental disagreements. There is certainly a school of thought that is insistent that it is crucial that assertions NOT affect the semantics or even the behavior of the program. You can declare this silly if you like, but it is more helpful if everyone makes the effort to understand the issues. In GNAT, pragma Assert (X); means EXACTLY if not X then raise Assert_Error; end if; which is well defined, but not at all in the category of assertions that the compiler can take advantage of, which can behave in a completely differrent (and possibly suprising manner). For instance, another view of assertions is exemplified by the following: pragma Assert (X /= 0); ... Q := 30 / X; where the compiler "knows" that X is non-zero, and therefore skips the test for X being zero in the division, and consequently generates some junk value in Q. In this model, assertions do not correspond to any executable code. There is nothing wrong with either of these models of assertions (or with any of several different models), but they are VERY different, and what we found in practice is that people had very strong opinions that an assert in the language should mean one or other of these, and that it was silly to suggest any alternative meaning -- not exactly a recipe for agreement, or for the devising of a language feature that would not cause a lot of confusion. I expect most Ada 95 compilers will copy the GNAT pragma Assert, but this is of course only one possible interpretation of this notion (it happens to be one whose semantics are very easy to describe, but it is not necessarily what everyone wants!).