Version 1.1 of ais/ai-00374.txt

Unformatted version of ais/ai-00374.txt version 1.1
Other versions for file ais/ai-00374.txt

!standard 11.5 (00)          04-02-28 AI95-00374/01
!standard 11.4.1 (10)
!class amendment 04-02-28
!status work item 04-02-28
!status received 04-02-28
!priority Medium
!difficulty Medium
!subject Assertions_Only pragma
!summary
An Assertions_Only pragma is proposed to supplement the use of pragma Assert and other assertion pragmas.
!problem
AI-286 proposes a standard Assert pragma. This AI addresses the issue that certain functions, objects, components, etc., might only be used within assertions, and hence might want to be eliminated from the executable when assertions are being Ignored.
Of course clever compilers and linkers could already do some of the elimination of unused functions and objects (components are less likely), but a programmer might want to ensure that particular declarations are never used in code outside of assertions. For this purpose we are proposing an Assertions_Only pragma. This should also simplify the job of eliminating the space associated with such declarations when assertions are being Ignored.
!proposal
The form of the representation pragma Assertions_Only is as follows:
pragma Assertions_Only(local_name);
If an Assertions_Only pragma applies to a declaration, then it also applies to the completion of the declaration, and any declarations declared within the declarative region, if any, associated with the declaration.
A declaration to which Assertions_Only applies may only be referenced within an assertion pragma, or within another construct to which the Assertions_Only pragma applies. Pragma Assert is an assertion pragma. Other language- and implementation-defined pragmas may be identified as being assertion pragmas.
Implementation Advice
When an assertion policy of Ignore applies to all compilation units with visibility on a construct to which Assertions_Only applies, storage space occupied by the construct should be minimized in the executable program.
!wording
!discussion
We have provided a pragma Assertions_Only to address the concern that to make assertion pragmas most valuable, additional operations or objects may need to be defined. This pragma ensures that these additional constructs are only referenced from within assertion pragmas or other Assertions_Only constructs. Implementations are encouraged to minimize storage occupied by such constructs if assertion policy Ignore applies to all compilation units with visibility on the construct. Note that there is no permission to eliminate elaboration of such constructs or the side-effects associated with this elaboration. However, an implementation-defined assertion policy might be used to control aspects of Assertion_Only constructs further.
Here are comments on an issue identified by the HRG that relates to the capabilities provided by the proposed Assertions_Only pragma:
1) Limitations on expressiveness
We believe that Ada is fully capable of expressing almost anything of interest. The System_Of_Units AI provides some examples of using pragma Assert with relatively sophisticated expressions. However, we realize it may be necessary to introduce additional variables or functions. We believe that the Assertions_Only pragma can be used to identify clearly these additional variables or functions, and to enable the implementation to minimize storage devoted to them when assertions are being ignored.
Specific mention is made of implication and quantifiers. Both of these can be readily defined in Ada: Implication can be defined using a rename:
function Implies(A, B : Boolean) return Boolean renames "<=";
Quantification would require defining appropriate functions, perhaps with the help of appropriate generics. Again, the Assertions_Only pragma could be used if storage space were a concern.
... (other issues covered in AI-286).
!example
!ACATS test
!appendix

From: Robert I. Eachus
Sent: Sunday, February 29, 2004  10:55 AM

Not a big deal, but I think that a better name might be Debug_Only or
Debugging_Code, because it makes the intent clearer.  For example you
might have some display code that is never actually called even from an
assertion, but is useful when doing debugging.  Certainly the intent is
that even if the compiler concludes that the procedure or function is
not called, the code should be included if assertions are enabled.

I certainly have no strong feelings on this.  Under any name, the pragma
would be useful.

****************************************************************

From: Robert Dewar
Sent: Monday, March 1, 2004  6:38 PM

I find this overkill. A compile should be able to eliminate unused
stuff in any case, and forcing compilers to do this extra check is
extra work for very minimal gain. We have never felt a need for this
in GNAT (and we are not shy about adding new pragmas :-)

****************************************************************

From: Randy Brukardt
Sent: Monday, March 1, 2004  6:59 PM

So did a number of other ARG members, which is why we asked Tucker to split
it out. (Then it can be handled on its own merits or lack thereof.)

****************************************************************


Questions? Ask the ACAA Technical Agent