From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=unavailable autolearn_force=no version=3.4.4 Path: eternal-september.org!reader01.eternal-september.org!reader02.eternal-september.org!news.eternal-september.org!news.eternal-september.org!feeder.eternal-september.org!nntp-feed.chiark.greenend.org.uk!ewrotcd!reality.xs3.de!news.jacob-sparre.dk!franka.jacob-sparre.dk!pnx.dk!.POSTED!not-for-mail From: "Randy Brukardt" Newsgroups: comp.lang.ada Subject: Re: Ada 2012 Constraints (WRT an Ada IR) Date: Fri, 2 Dec 2016 13:15:12 -0600 Organization: JSA Research & Innovation Message-ID: References: <92ed75e9-baae-455c-9e34-53348dc6eaef@googlegroups.com> <03847fd7-5699-48de-bb3c-ef5512398f26@googlegroups.com> <3ef819e8-55f7-4ef7-9f37-77e6abc33f98@googlegroups.com> NNTP-Posting-Host: rrsoftware.com X-Trace: franka.jacob-sparre.dk 1480706054 13334 24.196.82.226 (2 Dec 2016 19:14:14 GMT) X-Complaints-To: news@jacob-sparre.dk NNTP-Posting-Date: Fri, 2 Dec 2016 19:14:14 +0000 (UTC) X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2900.5931 X-RFC2646: Format=Flowed; Response X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.6157 Xref: news.eternal-september.org comp.lang.ada:32558 Date: 2016-12-02T13:15:12-06:00 List-Id: "Dmitry A. Kazakov" wrote in message news:o1s71b$oi7$1@gioia.aioe.org... > On 01/12/2016 23:26, Randy Brukardt wrote: >> "Dmitry A. Kazakov" wrote in message >> news:o1oohd$13nu$1@gioia.aioe.org... >> ... >>> On the contrary, predicates is useless and dangerous mess. >> >> I can understand "useless" (that's an opinion I don't share, but it's >> fair >> to have it), and I understand "mess" (the difference between static and >> dynamic predicates shouldn't have happened; I wanted set constraints >> instead >> of static predicates, which would have been more consistent), but I don't >> understand dangerous. Predicates (and all contracts, for that matter) are >> designed not the affect the semantics of a program at all if they are >> removed (or "Ignored"). > > When the contract specifies some behavior, e.g. raising or not raising > exceptions? That's a bad contract. (Especially for predicates.) Some of us (including me) wanted to have Ada require no side-effects in contracts, but we got bogged down in deciding precisely what is a side-effect and it ended up as an unimplementable implementation permission. Hopefully, Ada 202x will handle this better. >> Moreover, predicates are inherited in much the same way that constraints >> (and null exclusions as well, those also aren't formally constraints); > > Inheritance by no means imply safety. > > Unconditional substitutability requires strengthening constraints of the > out-parameters and weakening constraints of the in-parameters. For in-out > it is both weakening the pre- and strengthening post-conditions, i.e. > always wrong unless proven otherwise... > > If under "inheritance" you mean conjunction with the parent's predicate it > is strengthening. Constraints work the same way. So why the difference?? >> there's little difference in the way any of these work. So it's hard to >> see >> why constraints would be OK and predicates would be dangerous. (It's >> actually more the other way around, since suppressing a contraint can >> actually make a program dangerous; that's not possible for a predicate.) > > Selected constraints are OK, because they are known to do known things. > Predicates are just arbitrary expressions the programmer sets without > understanding all effects of his actions. There is no language support to > eliminate undesired effects or to define in any form the behavior expected > to be checked against one in effect. I agree with the last statement (outside of static predicates, which are quite restricted expressions and thus can only do limited things), but that should change in the next version of Ada. At least I hope it does. Randy.