From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Thread: 103376,3a7c118fd2cc64f9 X-Google-NewGroupId: yes X-Google-Attributes: gida07f3367d7,domainid0,public,usenet X-Google-Language: ENGLISH,ASCII-7-bit Path: g2news1.google.com!news3.google.com!feeder.news-service.com!weretis.net!feeder4.news.weretis.net!nuzba.szn.dk!news.jacob-sparre.dk!pnx.dk!jacob-sparre.dk!ada-dk.org!.POSTED!not-for-mail From: "Randy Brukardt" Newsgroups: comp.lang.ada Subject: Re: A hole in Ada type safety Date: Sat, 30 Apr 2011 18:39:58 -0500 Organization: Jacob Sparre Andersen Research & Innovation Message-ID: References: <87oc3odtci.fsf@mid.deneb.enyo.de> <87tydfbtp3.fsf@mid.deneb.enyo.de> NNTP-Posting-Host: static-69-95-181-76.mad.choiceone.net X-Trace: munin.nbi.dk 1304206805 12653 69.95.181.76 (30 Apr 2011 23:40:05 GMT) X-Complaints-To: news@jacob-sparre.dk NNTP-Posting-Date: Sat, 30 Apr 2011 23:40:05 +0000 (UTC) X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2900.5931 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5931 X-RFC2646: Format=Flowed; Original Xref: g2news1.google.com comp.lang.ada:19106 Date: 2011-04-30T18:39:58-05:00 List-Id: "Florian Weimer" wrote in message news:87tydfbtp3.fsf@mid.deneb.enyo.de... ... > And once there is something like this in the language, it is difficult > to decide if a new addition (such as aliased parameters) make things > worse or not. Not sure how something that adds new capabilities only for elementary types could make anything worse. We also ran across this particular erroneousness in another case; we decided that we had to let subprograms trust their constraints (which introduces some additional erroneousness) as the alternative requires a lot of additional code for discriminanted parameters. (I forget where the wording change for that ended up.) Cases like this is why I like to say that all real Ada programs are erroneous, so any result is allowed. :-) If you could write an entire program in SPARK, that could make that statement a falsehood, but the Ada runtime is most likely erroneous for some reason (interfacing to C tends to end up erroneous in some cases, for instance). You'd probably need a SPARK runtime on top of a SPARK OS in order to make a non-erroneous program a reality. Randy.