From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00
	autolearn=unavailable autolearn_force=no version=3.4.4
Path: 
 eternal-september.org!reader01.eternal-september.org!reader02.eternal-september.org!news.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: Simon Wright <simon@pushface.org>
Newsgroups: comp.lang.ada
Subject: Re: Ada 2012 Constraints (WRT an Ada IR)
Date: Mon, 05 Dec 2016 11:09:44 +0000
Organization: A noiseless patient Spider
Message-ID: <lywpfed43r.fsf@pushface.org>
References: <c06ee4e6-d616-4e01-ba2e-cb111a81f6f6@googlegroups.com>
	<o1jdgk$tja$1@dont-email.me>
	<92ed75e9-baae-455c-9e34-53348dc6eaef@googlegroups.com>
	<o1kpbo$rni$1@gioia.aioe.org>
	<b777d7e3-4779-4566-b741-8617a9501fd0@googlegroups.com>
	<o1kqk9$tmk$1@gioia.aioe.org>
	<e5adb2c3-f526-4152-9ec9-6e4182e18825@googlegroups.com>
	<o1m2oi$g8l$1@gioia.aioe.org>
	<03847fd7-5699-48de-bb3c-ef5512398f26@googlegroups.com>
	<o1ndod$14ke$1@gioia.aioe.org>
	<3ef819e8-55f7-4ef7-9f37-77e6abc33f98@googlegroups.com>
	<o1oohd$13nu$1@gioia.aioe.org> <o1q81b$9kc$1@franka.jacob-sparre.dk>
	<o1s71b$oi7$1@gioia.aioe.org> <o1sj6s$9vp$1@dont-email.me>
	<o1u6en$1igc$2@gioia.aioe.org> <o1uj70$qe2$1@dont-email.me>
	<o1uroj$jsj$1@gioia.aioe.org>
	<47366b42-c0a3-41bf-a44a-5241c109d60f@googlegroups.com>
	<alpine.DEB.2.20.1612050922450.22845@debian>
	<o23a8a$11e9$1@gioia.aioe.org>
Mime-Version: 1.0
Content-Type: text/plain
Injection-Info: mx02.eternal-september.org;
 posting-host="13a48b20e3abcc3e17ca919ea6e22c35";
	logging-data="28885"; mail-complaints-to="abuse@eternal-september.org";
	posting-account="U2FsdGVkX18Z9W/FGGt9brpU4K3imBTkoALAELRNMxk="
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1 (darwin)
Cancel-Lock: sha1:neHb4QJ5bJYPzmhuiB2uAH7Nh4s=
	sha1:xPx9hTUbtiKg0xCMWa90UMy89D4=
Xref: news.eternal-september.org comp.lang.ada:32613
Date: 2016-12-05T11:09:44+00:00
List-Id: <comp.lang.ada>

"Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de> writes:

> On 05/12/2016 09:41, Stefan.Lucks@uni-weimar.de wrote:
>> On Sun, 4 Dec 2016, Robert Eachus wrote:
>
>>> I would consider it a major bug to have a pragma Assert that could
>>> fail at run-time absent a hardware failure or some such. (Even though
>>> it would be turned off in production code.)

Yes. Though it's really up to the system engineers to decide on system
behaviour in the presence of software failure.

>> I don't quite think so. A failed Assert (or a failed pre- or
>> postcondition, which are essentially a nice way to put Asserts in
>> specifications) *may* be checked even in the productin system. What is
>> important is to always shut down when upon Assert-failure -- preferably
>> after writing diagnostic information to wherever digagnostics goe.
[...]
> Things called in Ada pre- and post-conditions if evaluated during
> run-time are merely subprogram bodies booby-trapped with unanticipated
> exceptions. Bad thing.

Just as bad a thing as Constraint_Error.

To me, there's no practical difference, at any rate from a black box
point of view, between a language-defined exception and an assertion (or
condifion) failure; just a matter of who defines what is out of the
envelope for the program.