From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Thread: 103376,64f0fb07a88662b1,start X-Google-Attributes: gid103376,public X-Google-Language: ENGLISH,ASCII-7-bit Path: g2news1.google.com!news1.google.com!proxad.net!195.70.164.134.MISMATCH!news.tdcnorge.no!uninett.no!uio.no!newsfeed1.funet.fi!newsfeeds.funet.fi!feeder1.news.jippii.net!reader1.news.jippii.net!53ab2750!not-for-mail From: Tapio Kelloniemi Subject: Contract checking in Ada Newsgroups: comp.lang.ada Message-ID: Date: Wed, 30 Mar 2005 10:46:46 GMT NNTP-Posting-Host: 217.30.176.187 X-Complaints-To: newsmaster@saunalahti.com X-Trace: reader1.news.jippii.net 1112179606 217.30.176.187 (Wed, 30 Mar 2005 13:46:46 EEST) NNTP-Posting-Date: Wed, 30 Mar 2005 13:46:46 EEST Organization: Saunalahti Customer Xref: g2news1.google.com comp.lang.ada:10143 Date: 2005-03-30T10:46:46+00:00 List-Id: Hi all Ada has very powerful run-time checking system which allows for safe programming and efficient execution, depending on the user's needs. As I look at the ARM and GNAT Runtime Library sources, I have noticed that this does not unfortunately apply to Ada's standard library. Many subprograms check that its parameters are valid. I'm not saying that parameter validity checking is bad, becuase it is very useful, but the user should be able to disable it, when (s)he is certain, that the conditions will not fail. I'm quite surprised that Ada2005 does not replace library functions' parameter checks with pragma Assert, in which case user could disable checking. In GNAT library, for example, many checks are done twice (or even more times), because the library has its own checks and the language has its own. I'm interested in design by contract and would like to have an implemenation for Ada (like Eiffel's as much as possible). However, pragma Assert and pragma Debug do not suffice. I would like to have pre- and postconditions and type invariants. However I have no idea of how to implement them, except by writing an external tool which would preprocess Ada sources. I don't want to do that. If anyone has any advice (except waiting for Ada2015), please tell me. -- Tapio