Re: Question about OO programming in Ada

["Robert I. Eachus" <rieachus@comcast.net>]

Simon Wright wrote:

> "Robert I. Eachus" <rieachus@comcast.net> writes:
> 
> 
>>subtle memory leaks.  (The usual problem cases are when an exception
>>occurs during the creation or freeing of a data structure.)
> > 
> I'm not at all sure that the Booch Components at
> (http://www.pushface.org/components/bc) are safe against this sort of
> thing -- that is, against running out of memory while adding an
> element to a container. If that is going to be a problem, I would
> expect people to be using the bounded forms, which don't allocate
> memory (of course, the element may be a controlled type with internal
> memory management).
> 
> I would have thought that a system where an exception occurs in
> manipulating data structures is almost bound to be inconsistent and
> needs restarting as soon as possible. Of course if the battle override
> switch is on you will carry on as best you can, but you are definitely
> at risk.
> 
> I doubt you can fix this "merely" by making the containers
> exception-safe. No real help having a consistent list if the data in
> it is inconsistent! (but always nice to avoid walking off the end of a
> list, of course).

I think you are confusing two separate things here.  Some libraries are 
more robust than others with respect to internal failures in the 
component library--that is one reason why I favor choice in such things. 
  But any competent Ada programmer will create an abstraction where 
errors/exceptions in code supplied by the user of the ADT will not 
corrupt the ADT itself.

When you have a call to a user supplied routine at a point that would 
corrupt the data structure, all the ADT designer has to do is wrap the 
"callback" in a declare block that keeps the ADT consistent.  In other 
words:

begin
   User_Callback;
exception
   when others =>
      -- fix data structure
      ...
      raise;
end;

I try to avoid the need for such blocks by placing callbacks outside 
critical areas of code, but when necessary I put the recovery code in. 
Note that the callback can be implicit, for example when creating an 
object of a (generic formal private) type that may have initialization code.


-- 
                                           Robert I. Eachus

100% Ada, no bugs--the only way to create software.