From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM
	autolearn=ham autolearn_force=no version=3.4.4
X-Google-Thread: a07f3367d7,d3770aac68211766,start
X-Google-Attributes: gida07f3367d7,public,usenet
X-Google-NewGroupId: yes
X-Google-Language: ENGLISH,UTF8
Received: by 10.180.105.198 with SMTP id go6mr1665629wib.2.1352353220005;
        Wed, 07 Nov 2012 21:40:20 -0800 (PST)
From: =?utf-8?Q?Yannick_Duch=C3=AAne_=28Hibou57?=
 =?utf-8?Q?=29?=
 <yannick_duchene@yahoo.fr>
Newsgroups: comp.lang.ada
Subject: Class wide preconditions: error in the Ada 2012 Rationale?
Date: Mon, 05 Nov 2012 21:41:48 +0100
Organization: Ada @ Home
Message-ID: <op.wnbifyvyule2fv@cardamome>
NNTP-Posting-Host: 80Danr8LSk+wZCZOQUcJiA.user.speranza.aioe.org
Mime-Version: 1.0
X-Complaints-To: abuse@aioe.org
User-Agent: Opera Mail/12.02 (Linux)
X-Notice: Filtered by postfilter v. 0.8.2
Path: 
 ha8ni167505wib.1!nntp.google.com!feeder3.cambriumusenet.nl!82.197.223.108.MISMATCH!feeder2.cambriumusenet.nl!feed.tweaknews.nl!209.197.12.246.MISMATCH!nx02.iad01.newshosting.com!newshosting.com!216.196.98.146.MISMATCH!border3.nntp.dca.giganews.com!border1.nntp.dca.giganews.com!nntp.giganews.com!news.mccarragher.com!news.grnet.gr!newsfeed.CARNet.hr!aioe.org!.POSTED!not-for-mail
Content-Type: text/plain; charset=utf-8; format=flowed; delsp=yes
Content-Transfer-Encoding: Quoted-Printable
Date: 2012-11-05T21:41:48+01:00
List-Id: <comp.lang.ada>

I have a doubt, and this one disturb me, so this topic.

I was reading the revised version (fourth draft) of the Ada 2012  =

Rationale, when I saw this:

> However, the rules regarding preconditions are perhaps surprising.
> The specific precondition Pre for Equilateral_Triangle must be true =

> (checked in the body) but so long as just one of the class wide =

> preconditions Pre'Class for Object and Triangle is true then all iswel=
l.

Then later, a summary of the rule:

> In summary, class wide preconditions are checked at the point of call.=
 =

> Class wide postconditions and both specific pre- and postconditionsare=
  =

> checked in the actual body.

I believe either my understanding is wrong, or the Rationale is wrong. T=
he  =

above statements are not compatible with the substitution principle. Wha=
t  =

if a sub=E2=80=91program expects a a class wide type with a root type an=
d its  =

precondition, and get a derived type with a specific precondition it can=
't  =

know about?

There may be a comment on that point, see below, but first, an example  =

test, compiled with GNAT:


     with Ada.Text_IO;

     procedure Ex
     is
        package P1 is

           type T is interface;
           Condition : Boolean;

           procedure P (E : T) is abstract
           with Pre'Class =3D> P1.Condition;
        end;

        package P2 is

           type T is interface and P1.T;
           Condition : Boolean;

           overriding
           procedure P (E : T) is abstract
           with Pre'Class =3D> P2.Condition;
        end;

        package P3 is

           type T is new P2.T with null record;
           Condition : Boolean;

           overriding
           procedure P (E : T)
           with Pre'Class =3D> P3.Condition;
        end;

        package body P3 is
           procedure P (E : T)
           is begin
              Ada.Text_IO.Put_Line ("You're OK!");
           end;
        end;

        E : P3.T;
     begin
        P1.Condition :=3D True;
        P2.Condition :=3D True;
        P3.Condition :=3D True; -- Hint: try to set this to `False`.
        E.P;
     end Ex;


Side=E2=80=91note: the package prefix added to access the condition in t=
he  =

=E2=80=9CPre'Class=E2=80=9D, are not strictly required, but required wit=
h GNAT to bypass  =

one of its bug.

Test this example modifying each of the conditions: it `P3.Condition` is=
  =

set to `False`, there won't be any error at runtime, and you'll be OK,  =

although `P3.Condition` is the specific precondition for the concrete  =

implementation. It will fails only if all preconditions are false. No  =

specific precondition seems to be checked in the body of `P`, or else it=
  =

would trigger an exception when `P3.Condition` is set to `False`.

GNAT's interpretation is compatible with my own, and does not seems to b=
e  =

compatible with the one from the Rationale.

But there may be a trick? Let's try turning `E.P;` into `P3.P (E);`: sam=
e  =

result. Not let's try turning `P3.P (E);` into `P3.P (P3.T'(E));`: same =
 =

result. GNAT does not know about anything like specific precondition, an=
d  =

I'm OK with GNAT this time.

So is this me not understanding the Rationale? Or the Rationale has eith=
er  =

wrong or unclear words?


-- =

=E2=80=9CSyntactic sugar causes cancer of the semi-colons.=E2=80=9D [1]
=E2=80=9CStructured Programming supports the law of the excluded muddle.=
=E2=80=9D [1]
[1]: Epigrams on Programming =E2=80=94 Alan J. =E2=80=94 P. Yale Univers=
ity