From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00
	autolearn=unavailable autolearn_force=no version=3.4.4
Path: 
 eternal-september.org!reader01.eternal-september.org!reader02.eternal-september.org!news.eternal-september.org!news.eternal-september.org!feeder.eternal-september.org!aioe.org!.POSTED!not-for-mail
From: "Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de>
Newsgroups: comp.lang.ada
Subject: Re: Ada 2012 Constraints (WRT an Ada IR)
Date: Fri, 2 Dec 2016 17:21:00 +0100
Organization: Aioe.org NNTP Server
Message-ID: <o1s71b$oi7$1@gioia.aioe.org>
References: <c06ee4e6-d616-4e01-ba2e-cb111a81f6f6@googlegroups.com>
 <o1jdgk$tja$1@dont-email.me>
 <92ed75e9-baae-455c-9e34-53348dc6eaef@googlegroups.com>
 <o1kpbo$rni$1@gioia.aioe.org>
 <b777d7e3-4779-4566-b741-8617a9501fd0@googlegroups.com>
 <o1kqk9$tmk$1@gioia.aioe.org>
 <e5adb2c3-f526-4152-9ec9-6e4182e18825@googlegroups.com>
 <o1m2oi$g8l$1@gioia.aioe.org>
 <03847fd7-5699-48de-bb3c-ef5512398f26@googlegroups.com>
 <o1ndod$14ke$1@gioia.aioe.org>
 <3ef819e8-55f7-4ef7-9f37-77e6abc33f98@googlegroups.com>
 <o1oohd$13nu$1@gioia.aioe.org> <o1q81b$9kc$1@franka.jacob-sparre.dk>
NNTP-Posting-Host: s3c6wwRqkurrfTZpuYYZ+w.user.gioia.aioe.org
Mime-Version: 1.0
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
X-Complaints-To: abuse@aioe.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101
 Thunderbird/45.5.1
X-Mozilla-News-Host: news://news.aioe.org
X-Notice: Filtered by postfilter v. 0.8.2
Xref: news.eternal-september.org comp.lang.ada:32556
Date: 2016-12-02T17:21:00+01:00
List-Id: <comp.lang.ada>

On 01/12/2016 23:26, Randy Brukardt wrote:
> "Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de> wrote in message
> news:o1oohd$13nu$1@gioia.aioe.org...
> ...
>> On the contrary, predicates is useless and dangerous mess.
>
> I can understand "useless" (that's an opinion I don't share, but it's fair
> to have it), and I understand "mess" (the difference between static and
> dynamic predicates shouldn't have happened; I wanted set constraints instead
> of static predicates, which would have been more consistent), but I don't
> understand dangerous. Predicates (and all contracts, for that matter) are
> designed not the affect the semantics of a program at all if they are
> removed (or "Ignored").

When the contract specifies some behavior, e.g. raising or not raising 
exceptions?

> Moreover, predicates are inherited in much the same way that constraints
> (and null exclusions as well, those also aren't formally constraints);

Inheritance by no means imply safety.

Unconditional substitutability requires strengthening constraints of the 
out-parameters and weakening constraints of the in-parameters. For 
in-out it is both weakening the pre- and strengthening post-conditions, 
i.e. always wrong unless proven otherwise...

If under "inheritance" you mean conjunction with the parent's predicate 
it is strengthening.

> there's little difference in the way any of these work. So it's hard to see
> why constraints would be OK and predicates would be dangerous. (It's
> actually more the other way around, since suppressing a contraint can
> actually make a program dangerous; that's not possible for a predicate.)

Selected constraints are OK, because they are known to do known things. 
Predicates are just arbitrary expressions the programmer sets without 
understanding all effects of his actions. There is no language support 
to eliminate undesired effects or to define in any form the behavior 
expected to be checked against one in effect.

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de