From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=unavailable autolearn_force=no version=3.4.4 Path: eternal-september.org!reader01.eternal-september.org!reader02.eternal-september.org!news.eternal-september.org!news.eternal-september.org!news.eternal-september.org!feeder.eternal-september.org!usenet.blueworldhosting.com!feeder02.blueworldhosting.com!border4.nntp.dca.giganews.com!border2.nntp.dca.giganews.com!border3.nntp.dca.giganews.com!Xl.tags.giganews.com!border1.nntp.dca.giganews.com!nntp.giganews.com!local2.nntp.dca.giganews.com!news.giganews.com.POSTED!not-for-mail NNTP-Posting-Date: Thu, 11 Jul 2013 06:56:02 -0500 Date: Thu, 11 Jul 2013 07:56:02 -0400 From: "Peter C. Chapin" User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130623 Thunderbird/17.0.7 MIME-Version: 1.0 Newsgroups: comp.lang.ada Subject: Re: On contracts and implementations References: <51de7c5d$0$6566$9b4e6d93@newsspool3.arcor-online.net> In-Reply-To: <51de7c5d$0$6566$9b4e6d93@newsspool3.arcor-online.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Message-ID: X-Usenet-Provider: http://www.giganews.com X-Trace: sv3-uykb7S3AgVLm05E95PLwJs619s2KpbSeJ4ot5CrBLI2bAQhAdMmM1rNTtWIGtPjzXLlpO4Y128x4EGd!gGNpE0FY5CJ2Hk2cMThmFGtP41OMWgF7RIbAyUuv3m1n0CU6qH4vZCgMA22/RPA= X-Complaints-To: abuse@giganews.com X-DMCA-Notifications: http://www.giganews.com/info/dmca.html X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your complaint properly X-Postfilter: 1.3.40 X-Original-Bytes: 2430 Xref: news.eternal-september.org comp.lang.ada:16292 Date: 2013-07-11T07:56:02-04:00 List-Id: On 07/11/2013 05:35 AM, G.B. wrote: > There is a claim that contracts of Ada 2012 are part of the > implementation. They are not. I think the litmus test for contract code vs "ordinary" code is that the contracts should be removable without changing the functional behavior of the program. This means that any checks of errors arising from the execution environment, such as missing files or bad user input, can't be in contracts. It is important to be able to remove contracts for performance reasons. I'm not talking about the constant time overhead of extra range checks. I'm talking about major performance costs. For example a binary search function might reasonably have a pre- condition that states the input array is sorted. Checking that contract requires O(n) time and is thus asymptotically slower than the function itself. One might be able to tolerate that during testing on small data sets. Furthermore it would be useful to be able to prove that nowhere is the function called with an unsorted array. However, it is unlikely that the deployed program could tolerate the slow down in asymptotic running time. On a full sized data set we might be talking about a 1,000,000x reduction in speed! Peter