From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00
	autolearn=unavailable autolearn_force=no version=3.4.4
Path: 
 eternal-september.org!reader01.eternal-september.org!reader02.eternal-september.org!news.eternal-september.org!mx02.eternal-september.org!feeder.eternal-september.org!gandalf.srv.welterde.de!news.jacob-sparre.dk!loke.jacob-sparre.dk!pnx.dk!.POSTED!not-for-mail
From: "Randy Brukardt" <randy@rrsoftware.com>
Newsgroups: comp.lang.ada
Subject: Re: {Pre,Post}conditions and side effects
Date: Wed, 13 May 2015 20:32:36 -0500
Organization: Jacob Sparre Andersen Research & Innovation
Message-ID: <mj0tvk$q2l$1@loke.gir.dk>
References: 
 <2430252d-52a1-4609-acef-684864e6ca0c@googlegroups.com><AnYlw.957256$Rp.242412@fx23.iad><0a718b39-ebd3-4ab5-912e-f1229679dacc@googlegroups.com><wccoaqucn51.fsf@shell01.TheWorld.com><9ee5e186-5aaa-4d07-9490-0f9fdbb5ca18@googlegroups.com><alpine.CYG.2.11.1412231747100.4196@WIL414CHAPIN.vtc.vsc.edu><wccegrpq2om.fsf@shell01.TheWorld.com><87tww5296f.fsf@adaheads.sparre-andersen.dk><871tj9dp5b.fsf@theworld.com><ce4af31e-d491-479f-a5b3-0b3eedea2a68@googlegroups.com><midvq5$2u3$1@loke.gir.dk><alpine.DEB.2.11.1505071103310.14859@debian><migc9a$jp8$1@loke.gir.dk><alpine.DEB.2.11.1505072052570.16448@debian><mijen0$1hj$1@loke.gir.dk>
 <87pp6a1u9w.fsf@jester.gateway.sonic.net><mirhjl$kvm$1@loke.gir.dk>
 <877fsd1xb5.fsf@jester.gateway.sonic.net> <mitt8a$goo$1@loke.gir.dk>
 <huo4vktkck8l$.15z81uhs8zx2h.dlg@40tude.net> <mivdul$bh9$1@dont-email.me>
NNTP-Posting-Host: rrsoftware.com
X-Trace: loke.gir.dk 1431567156 26709 24.196.82.226 (14 May 2015 01:32:36 GMT)
X-Complaints-To: news@jacob-sparre.dk
NNTP-Posting-Date: Thu, 14 May 2015 01:32:36 +0000 (UTC)
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.5931
X-RFC2646: Format=Flowed; Response
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.6157
Xref: news.eternal-september.org comp.lang.ada:25872
Date: 2015-05-13T20:32:36-05:00
List-Id: <comp.lang.ada>

"G.B." <bauhaus@futureapps.invalid> wrote in message 
news:mivdul$bh9$1@dont-email.me...
...
> when there is only this place?
>
>   Binary_Search (It : Num; Data : Ary)
>     with Pre => Is_Sorted (Ary);
>
> vs
>
>   type Sorted_Array is private
>      with Type_Invariant => Is_Sorted (Sorted_Array);
>
>   Binary_Search (It : Num; Data : Sorted_Ary);

I'd prefer to use predicates and subtypes to describe this (since Dmitry 
denies the value of subtypes, I'm not surprised that he'd use an invariant 
instead. Specifically:

   subtype Sorted_Array is Ary
      with Dynamic_Predicate => Is_Sorted (Sorted_Array);

   function Binary_Search (It : Num; Data : Sorted_Array) return Boolean;

Note that there is no precondition here; it's embodied in the subtypes. 
That's typical for Ada code going back to the beginning of Ada time; it 
makes sense to expand upon it. After all, no one is writing Pre => It in 
Num'range, even though that clearly part of the precondition as well.

With this specification, you can pass in an object of type Ary that you 
don't know is sorted (and get a check on the call, just like the check on 
Num), or you can pass in an object of subtype Sorted_Array and push the 
check to elsewhere. I prefer the latter, because no one should be assuming a 
critical property like Is_Sorted for the binary search; it ought to be 
declared elsewhere that it is required on the parameter, else you have a 
maintenance hazard (maintainer doesn't know about the Is_Sorted requirement, 
so they change the array in some way that the check is no longer true. 
Problems ensue.)

                                       Randy.