Re: "functional" programming in Ada

[Simon Wright <simon@pushface.org>]

"Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de> writes:
> On 08/03/2018 04:34, Randy Brukardt wrote:
[...]
>> The various contracts (preconditions, postconditions, predicates,
>> etc.) all contain some executable code, and it is necessary for
>> callers to be able to understand those contracts. Expression
>> functions help in this, while the bulk of the implementation should
>> remain in the body.
>
> These are not contracts if have any executable code, and more
> importantly, understanding cannot be achieved by exposing
> implementation/code.
>
> P.S. Contracts exist prior the program (programs, actuall) and surely
> prior to any execution of (any implementation of any programs under
> the contract).

When I was taught VDM (a long time ago, and never put to actual project
use) we wrote what are essentially contracts. You'd be left to implement
the corresponding code following the contracts.

Pre/postconditions etc correspond to these contracts, in a potentially
executable form, and I'm going to call them contracts as a convenient
shorthand (as in the Rationale).

As you know, the meaning of the program mustn't depend on actually
executing the contracts, and the default GNAT behaviour is not to
generate executable code for them (I don't know whether expression
functions which are only involved in contracts actually generate object
code, but one would hope they'd be eliminated by compiler analysis).

An expression function in the spec has to help in understanding what the
contract says. I wondered whether it might correspond to a lemma? ("a
subsidiary proposition , proved for use in the proof of another
proposition").