From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
	autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 103376,a00006d3c4735d70
X-Google-Attributes: gid103376,public
X-Google-ArrivalTime: 2004-02-02 07:33:36 PST
Path: 
 archiver1.google.com!news2.google.com!fu-berlin.de!uni-berlin.de!tar-atanamir.cbb-automation.DE!not-for-mail
From: Dmitry A. Kazakov <mailbox@dmitry-kazakov.de>
Newsgroups: comp.lang.ada
Subject: Re: In-Out Parameters for functions
Date: Mon, 02 Feb 2004 16:41:43 +0100
Message-ID: <loqs105qi5ud0uhet3vbjinlhknmaf4o40@4ax.com>
References: <wccvfmxrw9q.fsf@shell01.TheWorld.com>
 <vcve10h7hhlc8pea4vu5pvr5035917i60r@4ax.com>
 <1075303237.975898@master.nyc.kbcfp.com>
 <9khh10pti0dn8gcp7f18ghptaifluj0fud@4ax.com>
 <1075390647.405841@master.nyc.kbcfp.com>
 <pan.2004.01.29.18.20.03.61778@email.ro>
 <1075405582.982776@master.nyc.kbcfp.com>
 <s06k109c4nesjr09rhtilrh1ksjsanl6cs@4ax.com>
 <1075482385.142744@master.nyc.kbcfp.com>
 <tk3s10lso10c53841dr3sk5kiok5p46gjf@4ax.com>
 <1075732402.294581@master.nyc.kbcfp.com>
NNTP-Posting-Host: tar-atanamir.cbb-automation.de (212.79.194.116)
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Trace: news.uni-berlin.de 1075736015 30835619 212.79.194.116 ([77047])
X-Newsreader: Forte Agent 1.8/32.548
Xref: archiver1.google.com comp.lang.ada:5181
Date: 2004-02-02T16:41:43+01:00
List-Id: <comp.lang.ada>

On Mon, 02 Feb 2004 09:33:21 -0500, Hyman Rosen <hyrosen@mail.com>
wrote:

>Dmitry A. Kazakov wrote:
>> Which means that the code is wrong.
> > ...
> > Because "found to work" /= "found correct".
> > ...
>> But isn't it better to know that the code remains valid for any order?
>
>There's no question that the code is wrong. There's no question that
>as the language stands, it would be better to know that it is valid
>for any order. The problem is that wrong code which has been found
>to work can slip out into production. We know this is the case in C
>for array bounds and pointer access, exacerbated by the compiler not
>checking for these kinds of errors, and I don't see why it should not
>be the case for Ada errors not detected by the compiler.

It should be the case, but it does not imply fixing the order.
Semantically wrong code cannot be made correct by doing that. To
continue your analogy with bounds checks, it is like to allow wrong
array index, but to define the result of A [-99999999999] as 0. It is
not much better. Better is to check, which means checking for
order-dependent side effects.

Fixing and specifying does not solve the problem of knowing what and
how things are fixed. In C++ A & B | C is legal and specified, but I
do appreciate Ada for making A and B or C illegal.

>Once this code has slipped out into production, what gain is there by
>having it potentially break by a change in environment?

Wrong code should not go so far.

--
Regards,
Dmitry A. Kazakov
www.dmitry-kazakov.de