From: "Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de>
Subject: Re: Tests in a software release
Date: Tue, 31 Oct 2017 09:32:58 +0100
Date: 2017-10-31T09:32:58+01:00 [thread overview]
Message-ID: <ot9cfr$1k6s$1@gioia.aioe.org> (raw)
In-Reply-To: ot981s$7m5$1@dont-email.me
On 2017-10-31 08:17, G.B. wrote:
> On 30.10.17 21:56, Dmitry A. Kazakov wrote:
>> On 2017-10-30 21:44, G. B. wrote:
>>> Dmitry A. Kazakov <mailbox@dmitry-kazakov.de> wrote:
>>>> On 2017-10-28 08:53, G.B. wrote:
>>>>> On 27.10.17 20:54, Dmitry A. Kazakov wrote:
>>>>>> The contract requires Constraint_Error propagation.
>>>>>
>>>>> Checks require Constraint_Error propagation.
>>>>
>>>> Checks ensure Constraint_Error as a part of implementation.
>>>
>>> Implementation of checks, not of contracts.
>>
>> This is exactly same.
>
> So, Ada programs will check theirs checks?
Implementation of bounds check = implementation of contract on bounds check.
It is called tautology.
> Expectations can be stated in comments,
> or be part of accompanying documentation and still
> be part of a contract.
>
>> There is nothing that is not behavior.
>
> Checking is behavior. However, let SPARK check conditions
> of a contract, and let the result be Truth. Then they
> have been checked before the program even runs, and
> turning *off* Ada checks is, therefore, justified.
That is what I said. Checks can be removed only when statically proven
not to fail. This is called optimization.
If in the IF-statement the condition is proven statically true, the
ELSE-part can be removed. Just same.
Ada could have a pragma to remove all ELSE parts of all IF-statements.
Would anybody argue for that? (:-))
> Disabling Ada checks means to rely on this contract.
It relays on proven properties of the program.
>> There is nothing that may not fall under the contract.
>
> There are very many things, even in a program,
> that do exist, exhibit behavior, but are not
> part of any known, non-fictional contract, such as
> the transitive closure of an unspeakable hypothesis.
Sure. Contract only limits behavior it does not specify it. The point is
that any run-time check is behavior of the callee and cannot be argued
something belonging to the caller or to whatever else. Body may be not
all behavior, e.g. if the check happens on the caller's side of the call.
--
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de
next prev parent reply other threads:[~2017-10-31 8:32 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-25 19:30 Tests in a software release Victor Porton
2017-10-26 7:20 ` Dmitry A. Kazakov
2017-10-27 18:06 ` G. B.
2017-10-27 18:54 ` Dmitry A. Kazakov
2017-10-28 6:53 ` G.B.
2017-10-28 7:35 ` Dmitry A. Kazakov
2017-10-30 20:44 ` G. B.
2017-10-30 20:56 ` Dmitry A. Kazakov
2017-10-31 7:17 ` G.B.
2017-10-31 8:32 ` Dmitry A. Kazakov [this message]
2017-11-03 7:24 ` G.B.
2017-11-03 8:16 ` Dmitry A. Kazakov
2017-11-03 12:49 ` Shark8
2017-11-04 10:15 ` G.B.
2017-11-15 0:11 ` Randy Brukardt
2017-11-15 17:57 ` G. B.
2017-11-15 20:46 ` Dmitry A. Kazakov
2017-11-17 15:36 ` Shark8
2017-11-15 22:17 ` Randy Brukardt
2017-11-16 21:44 ` G.B.
2017-11-17 0:15 ` Randy Brukardt
2017-11-17 15:45 ` Shark8
2017-11-18 1:07 ` Randy Brukardt
2017-11-15 0:06 ` Randy Brukardt
2017-11-15 8:47 ` Dmitry A. Kazakov
2017-11-15 21:53 ` Randy Brukardt
2017-11-15 16:47 ` Jeffrey R. Carter
2017-11-15 16:59 ` J-P. Rosen
2017-11-15 20:45 ` Dmitry A. Kazakov
2017-11-15 21:58 ` Randy Brukardt
2017-11-16 5:50 ` J-P. Rosen
2017-11-16 23:53 ` Randy Brukardt
2017-11-15 0:01 ` Randy Brukardt
2017-11-16 17:02 ` Robert Eachus
2017-11-17 0:20 ` Randy Brukardt
2017-11-22 20:40 ` Robert Eachus
2017-11-14 23:55 ` Randy Brukardt
2017-10-26 8:09 ` Stefan.Lucks
2017-10-26 17:30 ` Simon Clubley
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox