From: "Randy Brukardt" <randy@rrsoftware.com>
Subject: Re: Interesting article on ARG work
Date: Thu, 5 Apr 2018 17:12:02 -0500
Date: 2018-04-05T17:12:02-05:00 [thread overview]
Message-ID: <pa66vj$20n$1@franka.jacob-sparre.dk> (raw)
In-Reply-To: 17b6d5b9-5909-4f0c-ab25-9b3cf4fd0450@googlegroups.com
"Bojan Bozovic" <bozovic.bojan@gmail.com> wrote in message
news:17b6d5b9-5909-4f0c-ab25-9b3cf4fd0450@googlegroups.com...
...
> Ah I was victim of April the 1st joke! I wasn't joking though. My
> proposal was to add assertions in general to Ada, as something in
> the core language, like exceptions are, or tasks, which would
> function just as "ghost code" you had in mind when
>
> pragma assertion_policy (check);
>
> is used. Maybe not use assertion keyword but use functions with
> ghost? I really can't say which approach wold work best, from the
> point of function, readability and conciseness. That is for ARG to
> decide.
But what would the point be? A pragma is a first-class part of the language
(it's not optional!). And a pragma can be used in places that a statement
cannot be used (that is, with declarations). To get even equivalent
functionality that way would be fairly complex (needing both statements and
declarations). Sounds like a lot of work for very little gain.
Personally, I don't see a lot of value in pragma Assert in the first place
(as opposed to the other contract assertions). I'm in the camp that
suppressing/ignoring checks ought to be a last resort, only to be used when
performance goals can't be met any other way (using a better algorithm is
always a better way). As such, "cheap" assertions might as well just be part
of the code; I would never want to remove them. Often, the compiler can
prove that they're true (so there is no cost), and if not, a well-defined
failure is better than erroneous execution where anything can happen.
For instance, the Janus/Ada compiler has a lot of code like:
if Node.Solution = null then
Internal_Error ("Missing solution");
This could have been modeled as an assertion:
pragma Assert (Node.Solution /= null, "Missing solution");
but the above modeling allows calling a fairly complex error management
routine (which, if trace mode is on, gives the user various interactive
debugging options). And we wouldn't want to remove the check in any case;
it's much better to detect the problem in a controlled way rather than an
uncontrolled one (especially if all checking has been suppressed).
Some assertions are expensive to run, and thus shouldn't run all of the
time. For those, I generally find that it is best to tie them to the
debugging mode for whatever subsystem that they are related to. (Pretty much
every program I write has a variety of debugging modes, so that one has a
limited amount of debugging information to look through to find problems. I
usually write my programs with a substantial amount of debugging from the
start, and then usually keep any debugging added to find specific problems.
Whenever I haven't had substantial debugging, I've always found I've had to
add it, in order to get any confidence that the code is doing the right
thing.) Since there are multiple such debugging modes, tying everything to a
single "check/ignore" flag is much too coarse for my purposes. So again
there isn't much use for pragma Assert.
Randy.
next prev parent reply other threads:[~2018-04-05 22:12 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-02 3:32 Interesting article on ARG work Randy Brukardt
2018-04-02 14:49 ` Dan'l Miller
2018-04-03 16:34 ` Bojan Bozovic
2018-04-03 22:33 ` Randy Brukardt
2018-04-04 2:12 ` Bojan Bozovic
2018-04-04 15:05 ` Dan'l Miller
2018-04-04 15:30 ` gerdien.de.kruyf
2018-04-04 16:09 ` Dan'l Miller
2018-04-04 22:30 ` Randy Brukardt
2018-04-04 22:43 ` Paul Rubin
2018-04-05 0:44 ` Mehdi Saada
2018-04-05 21:23 ` Randy Brukardt
2018-04-05 2:05 ` Bojan Bozovic
2018-04-05 22:12 ` Randy Brukardt [this message]
2018-04-06 13:35 ` Bojan Bozovic
2018-04-07 2:01 ` Randy Brukardt
2018-04-05 7:21 ` Dmitry A. Kazakov
2018-04-05 22:18 ` Randy Brukardt
2018-04-06 7:30 ` Dmitry A. Kazakov
2018-04-07 2:25 ` Randy Brukardt
2018-04-07 10:11 ` Dmitry A. Kazakov
2018-04-07 15:27 ` Dan'l Miller
2018-04-07 15:59 ` Dmitry A. Kazakov
2018-04-08 0:14 ` Dan'l Miller
2018-04-08 7:46 ` Dmitry A. Kazakov
2018-04-08 19:48 ` Dan'l Miller
2018-04-08 20:09 ` Dmitry A. Kazakov
2018-04-09 3:50 ` Dan'l Miller
2018-04-09 6:40 ` Jan de Kruyf
2018-04-09 7:43 ` Dmitry A. Kazakov
2018-04-09 13:40 ` Dan'l Miller
2018-04-09 14:13 ` Dmitry A. Kazakov
2018-04-09 14:36 ` Dan'l Miller
2018-04-09 14:44 ` Dmitry A. Kazakov
2018-04-09 15:03 ` Dan'l Miller
2018-04-09 16:12 ` Niklas Holsti
2018-04-09 16:30 ` Dmitry A. Kazakov
2018-04-09 16:45 ` Niklas Holsti
2018-04-09 17:33 ` Dan'l Miller
2018-04-09 19:47 ` Dmitry A. Kazakov
2018-04-09 20:24 ` Randy Brukardt
2018-04-10 8:17 ` Dmitry A. Kazakov
2018-04-09 18:08 ` Dan'l Miller
2018-04-09 21:17 ` Niklas Holsti
2018-04-09 22:09 ` Dan'l Miller
2018-04-10 19:23 ` Niklas Holsti
2018-04-10 19:46 ` Dan'l Miller
2018-04-15 7:50 ` Niklas Holsti
2018-04-15 13:31 ` Dan'l Miller
2018-04-15 18:37 ` Niklas Holsti
2018-04-09 20:14 ` Randy Brukardt
2018-04-06 23:49 ` Dan'l Miller
2018-04-12 10:21 ` Marius Amado-Alves
2018-04-15 13:07 ` Ada conditional compilation and program variants Niklas Holsti
2018-05-07 8:41 ` Jacob Sparre Andersen
2018-04-06 13:35 ` Interesting article on ARG work Marius Amado-Alves
2018-04-07 2:15 ` Randy Brukardt
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox