From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00
	autolearn=unavailable autolearn_force=no version=3.4.4
Path: 
 eternal-september.org!reader01.eternal-september.org!feeder.eternal-september.org!nntp-feed.chiark.greenend.org.uk!ewrotcd!newsfeed.xs3.de!news.jacob-sparre.dk!franka.jacob-sparre.dk!pnx.dk!.POSTED.rrsoftware.com!not-for-mail
From: "Randy Brukardt" <randy@rrsoftware.com>
Newsgroups: comp.lang.ada
Subject: Re: Intervention needed?
Date: Tue, 2 Apr 2019 16:55:42 -0500
Organization: JSA Research & Innovation
Message-ID: <q80lou$sdn$1@franka.jacob-sparre.dk>
References: 
 <b196da6e-4614-42f9-9147-b1708c6e5094@googlegroups.com><c16f6c7d-34d9-4d7e-96e6-9c00e387b2a9@googlegroups.com><q66m95$8ri$1@dont-email.me><a534f338-a418-424e-8043-31c738682807@googlegroups.com><q68mv0$rea$1@dont-email.me><a4ab4f3c-9151-47c7-9d3f-f6a23451fa0e@googlegroups.com><bba8f6a8-36ce-4bed-bd84-8a9ea7dc02f7@googlegroups.com><q699nu$ban$1@franka.jacob-sparre.dk><87wokhk289.fsf@mid.deneb.enyo.de><q7m5f7$o1k$1@franka.jacob-sparre.dk><87va01gv3t.fsf@mid.deneb.enyo.de><q7tvrn$oci$1@franka.jacob-sparre.dk>
 <lywokdfk5q.fsf@pushface.org>
Injection-Date: Tue, 2 Apr 2019 21:55:43 -0000 (UTC)
Injection-Info: franka.jacob-sparre.dk;
 posting-host="rrsoftware.com:24.196.82.226";
	logging-data="29111"; mail-complaints-to="news@jacob-sparre.dk"
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.5931
X-RFC2646: Format=Flowed; Original
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.7246
Xref: reader01.eternal-september.org comp.lang.ada:56048
Date: 2019-04-02T16:55:42-05:00
List-Id: <comp.lang.ada>

"Simon Wright" <simon@pushface.org> wrote in message 
news:lywokdfk5q.fsf@pushface.org...
> "Randy Brukardt" <randy@rrsoftware.com> writes:
>
>> The only way to make such a check that wouldn't trigger all of the
>> time would require looking at both the body and the call at the same
>> time -- a complete abandonment of privacy and separation of concerns.
>
> But it would be the compiler looking, not me.

Doesn't matter. One can't depend on the contract of a subprogram if some 
calls are going to be illegal/raise P_E because of the contents of the body. 
The whole point privacy/separation of concerns is that no one (programmers, 
tools, compilers) can see/depend on any of the details of the 
implementation -- that allows one to reason (including make proofs) about a 
call without looking in bodies (nor for those bodies to actually exist when 
the reasoning occurs). Otherwise, one can only reason about a complete 
program, which has many nasty effects (much of the reasoning occurs too 
late, when the design is already frozen and the code exists -- at that point 
it is hard to make fundamental changes).

Ada has always been pretty fanatical about privacy; abandoning that would be 
a huge deal. I'd probably say that Ada has emphasized privacy over pretty 
much everything else (including error detection). It seems unlikely that one 
can have everything -- language design has always been about such 
trade-offs.

                                                        Randy.