From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00
	autolearn=unavailable autolearn_force=no version=3.4.4
Path: 
 eternal-september.org!reader01.eternal-september.org!reader02.eternal-september.org!feeder.eternal-september.org!.POSTED!not-for-mail
From: G. B. <nonlegitur@nmhp.invalid>
Newsgroups: comp.lang.ada
Subject: Re: Tests in a software release
Date: Wed, 15 Nov 2017 17:57:42 -0000 (UTC)
Organization: A noiseless patient Spider
Message-ID: <ouhv6m$cig$1@dont-email.me>
References: <osqoph$1ves$1@gioia.aioe.org>
 <oss2c3$1p2m$1@gioia.aioe.org>
 <osvsjs$t4b$1@dont-email.me>
 <osvvds$s97$1@gioia.aioe.org>
 <ot19fo$7mi$2@dont-email.me>
 <ot1bvm$ub7$1@gioia.aioe.org>
 <ot82v3$h2c$1@dont-email.me>
 <ot83l0$1rb1$1@gioia.aioe.org>
 <ot981s$7m5$1@dont-email.me>
 <ot9cfr$1k6s$1@gioia.aioe.org>
 <oth5k4$eih$1@dont-email.me>
 <oug0n1$h7m$1@franka.jacob-sparre.dk>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Injection-Date: Wed, 15 Nov 2017 17:57:42 -0000 (UTC)
Injection-Info: reader02.eternal-september.org;
 posting-host="2eade7c34ebe049b63ede5ff76108c6e";
	logging-data="12880"; mail-complaints-to="abuse@eternal-september.org";
	posting-account="U2FsdGVkX1/xDb7u2Rwko/2uaUKuw3SF+hEnejfrXDM="
User-Agent: NewsTap/5.2.6 (iPhone/iPod Touch)
Cancel-Lock: sha1:w/7CUkmVWDQ+IxHL2fnm+/qsdP8=
	sha1:gSoVymm7p7/1ADuhI409uxNWJ6E=
Xref: feeder.eternal-september.org comp.lang.ada:48909
Date: 2017-11-15T17:57:42+00:00
List-Id: <comp.lang.ada>

Randy Brukardt <randy@rrsoftware.com> wrote:
> "G.B." <bauhaus@notmyhomepage.invalid> wrote in message 
> news:oth5k4$eih$1@dont-email.me...
> ...
>>> Checks can be removed only when statically proven not to fail.
>> 
>> Programmers may remove checks whenever they think
>> they should. No fancy proof is required(*).
> 
> Such programmers should be fired at the earliest opportunity.

When I, the programer who knows he is obeying
the clause of the contract that my company and
the supplier‘s have both signed (sic), then the
other party insisting that we should nevertheless 
run their checks does not abide.

And is giving an interesting impression of their
understanding of both contracts and quality.

> That turns Ada 
> into an inferior version of C.

Contracts remove needs for talking about 
what can so easily go wrong in C, because that
has already been talked about and written down
as a contract clause. Ada types and compilers
do help, but only so much.

The most important thing is, designing by contract 
is *not* programming defensively. By definition.