From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
	autolearn_force=no version=3.4.4
X-Google-Thread: a07f3367d7,5add429c86f59001
X-Google-Attributes: gida07f3367d7,public,usenet
X-Google-NewGroupId: yes
X-Google-Language: ENGLISH,ASCII-7-bit
Path: 
 g2news2.google.com!news2.google.com!border1.nntp.dca.giganews.com!nntp.giganews.com!nx02.iad01.newshosting.com!newshosting.com!newspeer.monmouth.com!newsswitch.lcs.mit.edu!nntp.TheWorld.com!not-for-mail
From: Robert A Duff <bobduff@shell01.TheWorld.com>
Newsgroups: comp.lang.ada
Subject: Re: Ada vs Eiffel - Ada programmer approach
Date: Mon, 08 Jun 2009 15:37:15 -0400
Organization: The World Public Access UNIX, Brookline, MA
Message-ID: <wccvdn6a55g.fsf@shell01.TheWorld.com>
References: 
 <405b5054-4c8f-4e16-9ea8-503a9b9f976e@t21g2000yqi.googlegroups.com>
 <4A19765C.608@obry.net>
 <8105b65f-4de9-4653-b43a-d55ee33f072d@k2g2000yql.googlegroups.com>
 <a924d96e-17b8-4573-ae86-3ccc924d21c8@x6g2000vbg.googlegroups.com>
 <88f38fe3-01ec-407f-b7b6-84a1d10de7f1@h11g2000yqb.googlegroups.com>
 <wccws7s166w.fsf@shell01.TheWorld.com> <878wk299uj.fsf@willow.rfc1149.net>
NNTP-Posting-Host: shell01.theworld.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: pcls4.std.com 1244489835 29575 192.74.137.71 (8 Jun 2009 19:37:15
 GMT)
X-Complaints-To: abuse@TheWorld.com
NNTP-Posting-Date: Mon, 8 Jun 2009 19:37:15 +0000 (UTC)
User-Agent: Gnus/5.1008 (Gnus v5.10.8) Emacs/21.3 (irix)
Cancel-Lock: sha1:UGIsU7GMNAa7lYvZvcB7TA+P3z4=
Xref: g2news2.google.com comp.lang.ada:6372
Date: 2009-06-08T15:37:15-04:00
List-Id: <comp.lang.ada>

Samuel Tardieu <sam@rfc1149.net> writes:

>>>>>> "Robert" == Robert A Duff <bobduff@shell01.TheWorld.com> writes:
>
> Robert> Newer versions of GNAT have pragmas Precondition and
> Robert> Postcondition.  We're thinking about adding pragma Invariant.
>
> Where would pragma Invariant be declared? At the type/object level or at
> the subprogram level?

An invariant (whether it be a pragma, or some special syntax) would be
attached to a type, and would mean "all objects of this type have
this property, always" (except that maybe objects can temporarily
violate their invariant, so long as the code puts it back).

A related concept that has been discussed is "user-defined constraints".
I'm not sure what the difference is, exactly -- I think with user-defined
constraints, you can't "temporarily violate".

I have expressed the opinion that invariants and/or user-defined
constraints should apply to subtypes, not just types.  Not everyone
agrees.

And if they apply to subtypes, it's a small step to let them apply to
standalone objects ("this object (almost) always has so-and-so
property").

Package invariants have also been discussed.

- Bob