From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-0.3 required=5.0 tests=BAYES_00,
	REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4
X-Google-Thread: 103376,61e9062c1f23b9d5
X-Google-Attributes: gid103376,public,usenet
X-Google-Language: ENGLISH,ASCII-7-bit
Path: 
 g2news1.google.com!news3.google.com!proxad.net!feeder1-2.proxad.net!213.200.89.82.MISMATCH!tiscali!newsfeed1.ip.tiscali.net!news.tiscali.de!newsfeed.hanau.net!noris.net!newsfeed.arcor.de!newsspool2.arcor-online.net!news.arcor.de.POSTED!not-for-mail
From: "Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de>
Subject: Re: contracted exceptions
Newsgroups: comp.lang.ada
User-Agent: 40tude_Dialog/2.0.15.1
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Reply-To: mailbox@dmitry-kazakov.de
Organization: cbb software GmbH
References: <1181165630.012508.55290@i38g2000prf.googlegroups.com>
 <19fxsxv1god43$.1pqq8vgfu2itn$.dlg@40tude.net>
 <ud507n1rt.fsf_-_@STRIPCAPStelus.net> <wccwsyfa5vf.fsf@shell01.TheWorld.com>
 <f4ae75$jtp$1@jacob-sparre.dk> <gwqsi47pdu2j.89sc0pb9332p$.dlg@40tude.net>
 <uzm3aq130.fsf@STRIPCAPStelus.net> <s2uary9xul2i.bsehe8l9otx3.dlg@40tude.net>
 <usl92wdyj.fsf@STRIPCAPStelus.net>
 <cdcp1ydis4o7$.185z3b5nusall$.dlg@40tude.net> <m2k5ue8dhk.fsf@mac.com>
 <1it2vtizha2fi$.jxnoaxmm9sop$.dlg@40tude.net> <m27iqd8g04.fsf@mac.com>
Date: Sat, 9 Jun 2007 20:38:30 +0200
Message-ID: <12vqux55uf5rn.1u5enj1mh0ubk$.dlg@40tude.net>
NNTP-Posting-Date: 09 Jun 2007 20:38:10 CEST
NNTP-Posting-Host: 5087b743.newsspool4.arcor-online.net
X-Trace: 
 DXC=U2>=S4`BCE[=>bdbdS?M0Y4IUK<Cl32<Q4Fo<]lROoRQ4nDHegD_]RUn\^<_[FU6YYDNcfSJ;bb[UIRnRBaCd<M^i0X9@ERe@4XF[\?A8^IbN[
X-Complaints-To: usenet-abuse@arcor.de
Xref: g2news1.google.com comp.lang.ada:16138
Date: 2007-06-09T20:38:10+02:00
List-Id: <comp.lang.ada>

On Sat, 09 Jun 2007 13:32:59 +0100, Simon Wright wrote:

> "Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de> writes:
> 
>> On Fri, 08 Jun 2007 20:15:03 +0100, Simon Wright wrote:
>>
>>> "Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de> writes:
>>> 
>>>> Software and more narrowly exceptions cannot report own bugs. It
>>>> would be a very bad idea to exceptions for that, because vital
>>>> information about the reasons will be inevitably destroyed. The best
>>>> possible way is to break into debugger, stopping everything else.
>>> 
>>> I don't really understand the first sentence of this ..
>>
>> When the program has a bug, then it could be anything, including
>> reporting another or non-existing bug, raising exceptions (false
>> positive), not raising exception (false negative), whatever.
>>
>> Let the probability of a program state where it would have a false
>> positive be sufficiently greater than the probability of the states
>> with false negative. Then it is better not to report anything!
>>
>> What is known about these probabilities?
> 
> Not a lot .. an exception is raised because some assertion made by the
> designer/implementer of the library concerned has turned out to be
> false (the value will be in this range; the file will be open; the
> file is a valid XML document ...).

In Ariane case the physical value was in range but assertion failed.

I don't think that failed run-time assertions should be converted into
exceptions. Among many reasons, one is that this would break exception
contracts:

procedure Foo -- I don't aise Baz
begin
   pragma Assert (<something>); -- I raise Baz when not <something>

The contract would be a lie. Another reason is that you could not handle
Baz, because that would change the program behavior with and without
assertions checked. IMO run-time assertions is an utterly wrong idea.

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de