From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM autolearn=ham autolearn_force=no version=3.4.4 X-Google-Thread: 103376,ad06d2d7cb045687 X-Google-NewGroupId: yes X-Google-Attributes: gida07f3367d7,domainid0,public,usenet X-Google-Language: ENGLISH,UTF8 Received: by 10.68.227.40 with SMTP id rx8mr900242pbc.5.1328093474882; Wed, 01 Feb 2012 02:51:14 -0800 (PST) Path: lh20ni248166pbb.0!nntp.google.com!news2.google.com!goblin2!goblin.stu.neva.ru!aioe.org!.POSTED!not-for-mail From: =?utf-8?Q?Yannick_Duch=C3=AAne_=28Hibou57?= =?utf-8?Q?=29?= Newsgroups: comp.lang.ada Subject: Re: =?utf-8?B?U2lsbHkgYW5kIHN0dXBpZCBwb3N04oCRY29uZGl0aW9uIG9yIG5vdMKgPw==?= Date: Wed, 01 Feb 2012 11:51:12 +0100 Organization: Ada @ Home Message-ID: References: <12kegkefstjiy.115bw2vmx23ll.dlg@40tude.net> <4f27b5e8$0$6628$9b4e6d93@newsspool2.arcor-online.net> <19jyp0vyqkcop$.6oatj9p6pcp1$.dlg@40tude.net> <4f27dfa5$0$6570$9b4e6d93@newsspool4.arcor-online.net> <12pod8zxdo56v.16pnewlc853au$.dlg@40tude.net> <4f280a00$0$6583$9b4e6d93@newsspool3.arcor-online.net> <4f284488$0$6634$9b4e6d93@newsspool2.arcor-online.net> <1wn5azarpihb1.13g4tvu7fddve.dlg@40tude.net> NNTP-Posting-Host: yjcSGUalJJv/+5FoacrMUw.user.speranza.aioe.org Mime-Version: 1.0 X-Complaints-To: abuse@aioe.org User-Agent: Opera Mail/11.61 (Linux) X-Notice: Filtered by postfilter v. 0.8.2 Content-Type: text/plain; charset=utf-8; format=flowed; delsp=yes Content-Transfer-Encoding: Quoted-Printable Date: 2012-02-01T11:51:12+01:00 List-Id: Le Wed, 01 Feb 2012 11:37:31 +0100, a = =C3=A9crit: > On Wed, 1 Feb 2012, Dmitry A. Kazakov wrote: > >> But that seems not bad enough. To make the disaster complete, it shou= ld >> become undefined as well. Right? > > This doesn't need to be a disaster. > > 1. For the purpose of proving program correctness, you don't necessari= ly > need complete postconditions. As a trivial example, consider Will read the remaining of your post later, but for now, I agree with yo= u. = Post conditions are not even necessarily a matter of correctness, this m= ay = also be a matter of completing a behavior description. At least here, no= = exception is raised, and it may deals with input from the outside world,= = which can hardly be proved to be always correct. In the area of correctness however, there is another signature I did not= = quote before, which may talk better to Dmitry. Here is: function Image (Instance : Instance_Type) return Image_Type with Post =3D> (Parsed (Image'Result).Status =3D Parsed) and (Parsed (Image'Result).Instance =3D Instance); -- Result can always be successfully parsed and the resulting -- instance is always equal to the one whose image is returned. The postcondition for Image, also talks about Parsed behavior. So you ha= ve = an option to ensure correctness, providing a given image was produced by= = the Image function. -- = =E2=80=9CSyntactic sugar causes cancer of the semi-colons.=E2=80=9D [1] =E2=80=9CStructured Programming supports the law of the excluded muddle.= =E2=80=9D [1] [1]: Epigrams on Programming =E2=80=94 Alan J. =E2=80=94 P. Yale Univers= ity