From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,56131a5c3acc678e X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2003-11-29 18:51:07 PST Path: archiver1.google.com!news2.google.com!news.maxwell.syr.edu!small1.nntp.aus1.giganews.com!border1.nntp.aus1.giganews.com!intern1.nntp.aus1.giganews.com!nntp.giganews.com!nntp.comcast.com!news.comcast.com.POSTED!not-for-mail NNTP-Posting-Date: Sat, 29 Nov 2003 20:51:06 -0600 Date: Sat, 29 Nov 2003 21:51:04 -0500 From: "Robert I. Eachus" User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax) X-Accept-Language: en-us, en MIME-Version: 1.0 Newsgroups: comp.lang.ada Subject: Re: Question about OO programming in Ada References: In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Message-ID: <-MCdnWwgF8GHxlSiRVn-vw@comcast.com> NNTP-Posting-Host: 24.34.214.193 X-Trace: sv3-PKT4vhy0LVftRo+VdxPXWbleA4TURjkmlO7Njkq3cQaRymEZtWsmehrW2Qd7bDlWxd1Ou82mXKrHf4H!ya12EXiBKn9zFX/tZI3T4gOI7lMBCJzolCAgCTxfBwnEW8bm9GNg/jSPVNxTcw== X-Complaints-To: abuse@comcast.net X-DMCA-Complaints-To: dmca@comcast.net X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your complaint properly X-Postfilter: 1.1 Xref: archiver1.google.com comp.lang.ada:3039 Date: 2003-11-29T21:51:04-05:00 List-Id: Simon Wright wrote: > "Robert I. Eachus" writes: > > >>subtle memory leaks. (The usual problem cases are when an exception >>occurs during the creation or freeing of a data structure.) > > > I'm not at all sure that the Booch Components at > (http://www.pushface.org/components/bc) are safe against this sort of > thing -- that is, against running out of memory while adding an > element to a container. If that is going to be a problem, I would > expect people to be using the bounded forms, which don't allocate > memory (of course, the element may be a controlled type with internal > memory management). > > I would have thought that a system where an exception occurs in > manipulating data structures is almost bound to be inconsistent and > needs restarting as soon as possible. Of course if the battle override > switch is on you will carry on as best you can, but you are definitely > at risk. > > I doubt you can fix this "merely" by making the containers > exception-safe. No real help having a consistent list if the data in > it is inconsistent! (but always nice to avoid walking off the end of a > list, of course). I think you are confusing two separate things here. Some libraries are more robust than others with respect to internal failures in the component library--that is one reason why I favor choice in such things. But any competent Ada programmer will create an abstraction where errors/exceptions in code supplied by the user of the ADT will not corrupt the ADT itself. When you have a call to a user supplied routine at a point that would corrupt the data structure, all the ADT designer has to do is wrap the "callback" in a declare block that keeps the ADT consistent. In other words: begin User_Callback; exception when others => -- fix data structure ... raise; end; I try to avoid the need for such blocks by placing callbacks outside critical areas of code, but when necessary I put the recovery code in. Note that the callback can be implicit, for example when creating an object of a (generic formal private) type that may have initialization code. -- Robert I. Eachus 100% Ada, no bugs--the only way to create software.