From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,f039470e8f537101 X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2003-07-28 11:03:49 PST Path: archiver1.google.com!news1.google.com!newsfeed.stanford.edu!logbridge.uoregon.edu!feed2.news.rcn.net!rcn!nntp.abs.net!ash.uu.net!spool.news.uu.net!not-for-mail Date: Mon, 28 Jul 2003 14:03:48 -0400 From: Hyman Rosen User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5a) Gecko/20030611 Thunderbird/0.1a X-Accept-Language: en-us, en MIME-Version: 1.0 Newsgroups: comp.lang.ada Subject: Re: Ariane5 FAQ References: <7u9Ua.13412$634.10307@nwrdny03.gnilink.net> <3F215120.1040706@attbi.com> <1059151910.357790@master.nyc.kbcfp.com> <3F248CEE.5050709@attbi.com> <20619edc.0307280934.142502eb@posting.google.com> In-Reply-To: <20619edc.0307280934.142502eb@posting.google.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Organization: KBC Financial Products Message-ID: <1059415429.13837@master.nyc.kbcfp.com> Cache-Post-Path: master.nyc.kbcfp.com!unknown@nightcrawler.nyc.kbcfp.com X-Cache: nntpcache 3.0.1 (see http://www.nntpcache.org/) NNTP-Posting-Host: 204.253.250.10 X-Trace: 1059415429 2653 204.253.250.10 Xref: archiver1.google.com comp.lang.ada:40906 Date: 2003-07-28T14:03:48-04:00 List-Id: Mike Silva wrote: > And, besides "complaining," what action should the code have taken? I > doubt "complaining" alone is an adequate solution! Well, I'm not necessarily a proponent of this view, but I assume that those who are would expect that the code signals a violation in some fashion, perhaps by throwing an exception, or some other mechanism. The key here is that an external datum has violated a constraint of the design. By definition, the code is not prepared to deal with such a value, and yet it must do something. That something must be specified in some fashion, even if that specification is simply to let the code proceed as if the value were legal. By inserting such checks into the code, protection is provided against potential future misuse by verifying that assumed constraints still hold. When they do not, the error is signalled at the first place that the violation is noticed instead of somewhere later down the road. It's really no different than using the various forms of range checking that Ada provides. Some constraints can't be specified purely through the Ada type system, but that doesn't mean that they shouldn't be expressed in the code. As counter arguments, such checks might be expensive in terms of time and space, and they add execution paths which can never be exercised in the normal course of events. And it's possible that for erroneous data to get damped out in the course of normal processing, while detecting the error could abort the system. I don't think there's a unique good answer to the dilemma.