From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00
	autolearn=unavailable autolearn_force=no version=3.4.4
Path: 
 eternal-september.org!reader01.eternal-september.org!feeder.eternal-september.org!aioe.org!.POSTED.yTvCNOh9TRCAIcX40YItlQ.user.gioia.aioe.org!not-for-mail
From: "Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de>
Newsgroups: comp.lang.ada
Subject: Re: Intervention needed?
Date: Mon, 1 Apr 2019 18:51:14 +0200
Organization: Aioe.org NNTP Server
Message-ID: <q7tfi3$1483$1@gioia.aioe.org>
References: <b196da6e-4614-42f9-9147-b1708c6e5094@googlegroups.com>
 <q68mv0$rea$1@dont-email.me>
 <a4ab4f3c-9151-47c7-9d3f-f6a23451fa0e@googlegroups.com>
 <bba8f6a8-36ce-4bed-bd84-8a9ea7dc02f7@googlegroups.com>
 <q699nu$ban$1@franka.jacob-sparre.dk>
 <6e1977a5-701e-4b4f-a937-a1b89d9127f0@googlegroups.com>
 <q6pa1g$3j7$1@franka.jacob-sparre.dk>
 <6f9ea847-2903-48c8-9afc-930201f2765a@googlegroups.com>
 <q6qa4u$kd0$1@gioia.aioe.org>
 <f4eee526-e607-4e1f-843f-9913c9c093f9@googlegroups.com>
 <q6rphu$arn$1@franka.jacob-sparre.dk>
 <f610da94-1309-4cb6-8c7b-47f3099381e5@googlegroups.com>
 <q71hbi$aua$1@franka.jacob-sparre.dk> <q728mu$5je$1@gioia.aioe.org>
 <b4dd0ab5-7698-4a03-b119-a4ce0be208a8@googlegroups.com>
 <q7giel$bdv$1@dont-email.me> <87a7hgvxnx.fsf@nightsong.com>
 <4e240c66-dce8-417f-9147-a53973681e29@googlegroups.com>
 <q7i2qb$bqn$1@gioia.aioe.org>
 <28b6a472-6c3a-40a6-8a96-2e27a65ab2ef@googlegroups.com>
 <q7kljf$1t2m$1@gioia.aioe.org>
 <a29feba5-ea18-4661-82fc-a88b99dbd5ab@googlegroups.com>
NNTP-Posting-Host: yTvCNOh9TRCAIcX40YItlQ.user.gioia.aioe.org
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Complaints-To: abuse@aioe.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101
 Thunderbird/60.6.1
X-Notice: Filtered by postfilter v. 0.9.2
Content-Language: en-US
Xref: reader01.eternal-september.org comp.lang.ada:56030
Date: 2019-04-01T18:51:14+02:00
List-Id: <comp.lang.ada>

On 2019-04-01 17:13, Optikos wrote:

>  One clarifying question that I have is:  how would you “prove no Constraint_Error propagating”?  At run-time or at compile-time or at engineering-time using tools other than the compiler?

It must be the compiler. The programmer states contracts of the 
subprograms and if the contracts cannot be proven to hold that is a 
compile-time error.

The problem is, of course, specifying the mandatory strength of a proof 
AKA false negatives vs. false positives. If a fact cannot be proven true 
by one compiler that makes the program illegal even if another compiler 
could prove it.

E.g. in the current Ada the program

    function Foo return Integer is
    begin
       raise Data_Error;
    end Foo;

is illegal, though every compiler can prove its equivalence to the legal 
one:

    function Foo return Integer is
    begin
       raise Data_Error;
       return 0;
    end Foo;

One way out could be user provided axioms which the compiler is allowed 
to use when it fails to find a proof (with a warning of course):

    function Foo return Integer is
    begin
       raise Data_Error;
## I swear there is a return statement
    end Foo;

> If at compile-time or at engineering-time using tools other than the compiler, then that is the solution that ATS2 and ATS3 are pursuing, where ATS's type views are rough analogues of what you are calling exception contracts here.

Exception contracts are not related to types. But otherwise, yes, SPARK 
must be integrated into Ada.

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de