From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00
	autolearn=unavailable autolearn_force=no version=3.4.4
Path: 
 eternal-september.org!reader01.eternal-september.org!reader02.eternal-september.org!news.eternal-september.org!news.eternal-september.org!feeder.eternal-september.org!aioe.org!.POSTED!not-for-mail
From: "Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de>
Newsgroups: comp.lang.ada
Subject: Re: Ada 2012 Constraints (WRT an Ada IR)
Date: Mon, 5 Dec 2016 09:58:50 +0100
Organization: Aioe.org NNTP Server
Message-ID: <o23a8a$11e9$1@gioia.aioe.org>
References: <c06ee4e6-d616-4e01-ba2e-cb111a81f6f6@googlegroups.com>
 <o1jdgk$tja$1@dont-email.me>
 <92ed75e9-baae-455c-9e34-53348dc6eaef@googlegroups.com>
 <o1kpbo$rni$1@gioia.aioe.org>
 <b777d7e3-4779-4566-b741-8617a9501fd0@googlegroups.com>
 <o1kqk9$tmk$1@gioia.aioe.org>
 <e5adb2c3-f526-4152-9ec9-6e4182e18825@googlegroups.com>
 <o1m2oi$g8l$1@gioia.aioe.org>
 <03847fd7-5699-48de-bb3c-ef5512398f26@googlegroups.com>
 <o1ndod$14ke$1@gioia.aioe.org>
 <3ef819e8-55f7-4ef7-9f37-77e6abc33f98@googlegroups.com>
 <o1oohd$13nu$1@gioia.aioe.org> <o1q81b$9kc$1@franka.jacob-sparre.dk>
 <o1s71b$oi7$1@gioia.aioe.org> <o1sj6s$9vp$1@dont-email.me>
 <o1u6en$1igc$2@gioia.aioe.org> <o1uj70$qe2$1@dont-email.me>
 <o1uroj$jsj$1@gioia.aioe.org>
 <47366b42-c0a3-41bf-a44a-5241c109d60f@googlegroups.com>
 <alpine.DEB.2.20.1612050922450.22845@debian>
NNTP-Posting-Host: vZYCW951TbFitc4GdEwQJg.user.gioia.aioe.org
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-15; format=flowed
Content-Transfer-Encoding: 7bit
X-Complaints-To: abuse@aioe.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101
 Thunderbird/45.5.1
X-Notice: Filtered by postfilter v. 0.8.2
Xref: news.eternal-september.org comp.lang.ada:32612
Date: 2016-12-05T09:58:50+01:00
List-Id: <comp.lang.ada>

On 05/12/2016 09:41, Stefan.Lucks@uni-weimar.de wrote:
> On Sun, 4 Dec 2016, Robert Eachus wrote:

>> I would consider it a major bug to have a pragma Assert that could
>> fail at run-time absent a hardware failure or some such. (Even though
>> it would be turned off in production code.)
>
> I don't quite think so. A failed Assert (or a failed pre- or
> postcondition, which are essentially a nice way to put Asserts in
> specifications) *may* be checked even in the productin system. What is
> important is to always shut down when upon Assert-failure -- preferably
> after writing diagnostic information to wherever digagnostics goe.

A run-time "failed" Assert is an if-statement evaluating false. There is 
nothing of failure there.

Things called in Ada pre- and post-conditions if evaluated during 
run-time are merely subprogram bodies booby-trapped with unanticipated 
exceptions. Bad thing.

> On one hand, there are systems that must not shut down (maybe an
> autopilot at flight time). If that is the case, Assert-checking in
> production executables is plain wrong.

It is plain wrong regardless. If assertion is a correctness statement it 
shall never be checked at run time. If assertion is an if-statement with 
exception raised upon one of the outcomes it must *always* be evaluated 
unless the condition proven static. It is either or, never both.

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de