From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00
	autolearn=unavailable autolearn_force=no version=3.4.4
Path: 
 eternal-september.org!reader01.eternal-september.org!reader02.eternal-september.org!news.eternal-september.org!mx02.eternal-september.org!feeder.eternal-september.org!news.glorb.com!border1.nntp.dca1.giganews.com!nntp.giganews.com!ottix-news.ottix.net!newsswitch.lcs.mit.edu!nntp.TheWorld.com!.POSTED!not-for-mail
From: Robert A Duff <bobduff@shell01.TheWorld.com>
Newsgroups: comp.lang.ada
Subject: Re: {Pre,Post}conditions and side effects
Date: Tue, 23 Dec 2014 12:05:30 -0500
Organization: The World Public Access UNIX, Brookline, MA
Message-ID: <wccoaqucn51.fsf@shell01.TheWorld.com>
References: <2430252d-52a1-4609-acef-684864e6ca0c@googlegroups.com>
 <AnYlw.957256$Rp.242412@fx23.iad>
 <0a718b39-ebd3-4ab5-912e-f1229679dacc@googlegroups.com>
NNTP-Posting-Host: shell01.theworld.com
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Trace: pcls7.std.com 1419354332 22109 192.74.137.71 (23 Dec 2014 17:05:32
 GMT)
X-Complaints-To: abuse@TheWorld.com
NNTP-Posting-Date: Tue, 23 Dec 2014 17:05:32 +0000 (UTC)
User-Agent: Gnus/5.1008 (Gnus v5.10.8) Emacs/21.3 (irix)
Cancel-Lock: sha1:ujxeTpFF7pnFbjyCN0inXMPOQSk=
Xref: news.eternal-september.org comp.lang.ada:24205
Date: 2014-12-23T12:05:30-05:00
List-Id: <comp.lang.ada>

Jean François Martinez <darkquark99@gmail.com> writes:

> By too late I meant that once something is allowed it is difficult to
> make it illegal since a number of programs would no longer
> compile.

I can think of ways to do what you want without any incompatibility.

>... Now functions invoked in pre/post consitions are only
> supposed to check parms...

I don't agree with that.  It sometimes makes sense for pre/post to
check values of global variables.  Probably not often -- after all,
it's not often that you should have global variables in the first place.
But surely if the job of a procedure is to update some global,
it makes sense to have a postcondition ensuring that it did so
correctly.

Modifying globals in pre/post/predicate/invariant is another story,
and that's what you (correctly) complained about.

>...so most of the time they should be quite
> simple and sensible programmers would avoid side effects (except a few
> debugging Puts) but I still feel uncomfortable.about this Cish "be
> careful while playing russian roulette" philosphy.  At least the
> Rationale should have brought this point to attention.  Author must
> have assummed we were bright enough to figure it.  :)

Well, apparently YOU were bright enough to figure it out.  ;-)

- Bob