From: "Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de>
Subject: Re: Contracted exceptions for Ada
Date: Tue, 11 Dec 2007 10:16:09 +0100
Date: 2007-12-11T10:08:24+01:00 [thread overview]
Message-ID: <185k0c8e598ko.16o5j2iv35zpn$.dlg@40tude.net> (raw)
In-Reply-To: fjkqc0$jsq$1@jacob-sparre.dk
On Mon, 10 Dec 2007 19:53:27 -0600, Randy Brukardt wrote:
> "Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de> wrote in message
> news:7m9wkymyi5h7.1235e72is9mp9.dlg@40tude.net...
>> On Fri, 7 Dec 2007 21:30:05 -0600, Randy Brukardt wrote:
> ...
>>> The ARG has discussed "exception contracts" a couple of times, but there
>>> didn't seem that there was enough interest. The problem was mainly that they
>>> simply don't look very valuable
>>
>> My observation is that a big deal of debugging Ada code is about tracing
>> down unexpected exceptions. I cannot give any figures, but it is extremely
>> frequent that a bug manifests itself as an exception propagation. Typically
>> Constraint_Error propagates where you didn't expect it. So the temptation
>> is to catch most of such things at compile time.
>
> That's not going to be useful, since virtually any code that you can write
> *might* raise Constraint_Error,
Why is it a problem?
> and a lot of code *could* raise
> Program_Error, and everything *could* raise Storage_Error. There is no way
> to write a contract that doesn't contain those exceptions.
Program_Error is not my concern. Storage_Error can be fixed as I described
earlier.
And for all, what I meant under exception contracts was not about making a
program exception-free. It was about specifying which exception can
propagate and which cannot.
>>> Another one is what to do if a contract is violated. The obvious answer of
>>> raising Program_Error doesn't do anything other than lose information about
>>> an exception, so that isn't very satisfying.
>>
>> Yes, in my view exception contracts have to be static. (It makes no sense
>> to have run-time exception contracts. As well as any other contracts, there
>> is no any authority body to judge contract violations at run-time.)
>
> OK, but that isn't going to happen in Ada. What you are looking for is a
> static analysis tool, like SPARK. That's especially true as you'll need
> static preconditions to have any hope of eliminating the Constraint_Errors
> (subtypes aren't powerful enough).
This is a separate issue. You seem to imply that the exception contracts
shall specify *when* an exception is raised or not. That is a much harder
problem and it indeed would require pre- and postconditions and cannot be
done in general case. What I am talking about is a much weaker framework
which only proves whether an exception cannot propagate. We do not need
pre-/postconditions for that.
A comparable case is exact real vs. interval arithmetic. We don't need
exact exception propagation analysis, we do a conservative *estimation* of.
--
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de
next prev parent reply other threads:[~2007-12-11 9:16 UTC|newest]
Thread overview: 97+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-12-06 15:00 Exceptions shaunpatterson
2007-12-06 21:24 ` Exceptions tmoran
2007-12-07 8:54 ` Exceptions Dmitry A. Kazakov
2007-12-07 10:21 ` Exceptions Georg Bauhaus
2007-12-07 15:11 ` Exceptions shaunpatterson
2007-12-07 16:08 ` Exceptions Gautier
2007-12-07 18:56 ` Exceptions Simon Wright
2007-12-08 10:04 ` Exceptions Stephen Leake
2007-12-08 3:30 ` Exceptions Randy Brukardt
2007-12-08 10:09 ` Contracted exceptions for Ada (was: Exceptions) Dmitry A. Kazakov
2007-12-09 10:22 ` Contracted exceptions for Ada Stephen Leake
2007-12-09 11:02 ` Dmitry A. Kazakov
2007-12-11 8:10 ` Stephen Leake
2007-12-11 10:36 ` Dmitry A. Kazakov
2007-12-09 15:11 ` Contracted exceptions for Ada (was: Exceptions) Martin Krischik
2007-12-09 17:36 ` Contracted exceptions for Ada Dmitry A. Kazakov
2007-12-09 18:39 ` Simon Wright
2007-12-10 8:19 ` Dmitry A. Kazakov
2007-12-10 20:25 ` Simon Wright
2007-12-11 8:50 ` Dmitry A. Kazakov
2007-12-11 20:50 ` Simon Wright
2007-12-12 10:20 ` Dmitry A. Kazakov
2007-12-09 19:04 ` Martin Krischik
2007-12-10 8:20 ` Dmitry A. Kazakov
2007-12-09 22:09 ` Robert A Duff
2007-12-10 7:09 ` Stefan Lucks
2007-12-10 16:57 ` Robert A Duff
2007-12-11 1:53 ` Contracted exceptions for Ada (was: Exceptions) Randy Brukardt
2007-12-11 9:16 ` Dmitry A. Kazakov [this message]
2007-12-12 0:26 ` Contracted exceptions for Ada Randy Brukardt
2007-12-08 12:26 ` Exceptions Peter C. Chapin
2007-12-08 14:01 ` Exceptions Dmitry A. Kazakov
2007-12-08 18:01 ` Exceptions Peter C. Chapin
2007-12-09 10:06 ` Exceptions Dmitry A. Kazakov
2007-12-09 12:40 ` Exceptions Peter C. Chapin
2007-12-09 14:31 ` Exceptions Dmitry A. Kazakov
2007-12-09 16:38 ` Exceptions Peter C. Chapin
2007-12-10 8:31 ` Exceptions Dmitry A. Kazakov
2007-12-09 21:56 ` Exceptions Robert A Duff
2007-12-09 10:24 ` Exceptions Stephen Leake
2007-12-09 12:46 ` Exceptions Peter C. Chapin
2007-12-09 21:39 ` Exceptions Robert A Duff
2007-12-09 22:13 ` Exceptions Georg Bauhaus
2007-12-11 8:07 ` Exceptions Stephen Leake
2007-12-11 20:28 ` Exceptions Simon Wright
2007-12-12 22:10 ` Exceptions Maciej Sobczak
2007-12-13 13:40 ` Exceptions Robert A Duff
2007-12-13 14:00 ` Exceptions Maciej Sobczak
2007-12-13 14:44 ` Exceptions Robert A Duff
2007-12-14 0:46 ` Exceptions Ray Blaak
2007-12-14 2:36 ` Exceptions Randy Brukardt
2007-12-14 6:21 ` Exceptions Ray Blaak
2007-12-14 12:40 ` Exceptions Georg Bauhaus
2007-12-14 17:29 ` Exceptions Robert A Duff
2007-12-14 19:32 ` Exceptions Dmitry A. Kazakov
2007-12-15 5:29 ` Exceptions Ray Blaak
2007-12-13 19:29 ` Exceptions Randy Brukardt
2007-12-12 19:18 ` Exceptions Martin Krischik
2007-12-13 13:27 ` Exceptions Robert A Duff
2007-12-13 23:25 ` Exceptions Ray Blaak
2007-12-06 21:25 ` Exceptions Gautier
2007-12-07 4:29 ` Exceptions anon
2007-12-07 4:43 ` Exceptions, part 2 anon
2007-12-07 16:55 ` Exceptions Adam Beneschan
2007-12-07 18:59 ` Exceptions Simon Wright
2007-12-08 0:38 ` Exceptions Adam Beneschan
2007-12-09 21:45 ` Exceptions Robert A Duff
2007-12-09 22:40 ` Exceptions Georg Bauhaus
2007-12-10 8:22 ` Exceptions Dmitry A. Kazakov
2007-12-10 9:20 ` Exceptions Georg Bauhaus
2007-12-10 9:30 ` Exceptions Georg Bauhaus
2007-12-10 10:56 ` Exceptions Dmitry A. Kazakov
2007-12-11 2:18 ` Exceptions Randy Brukardt
2007-12-11 8:19 ` Exceptions Georg Bauhaus
2007-12-11 11:55 ` Exceptions Dmitry A. Kazakov
2007-12-11 16:13 ` Exceptions Georg Bauhaus
2007-12-12 11:18 ` Exceptions Dmitry A. Kazakov
2007-12-10 12:09 ` Exceptions Niklas Holsti
2007-12-10 13:08 ` Exceptions Dmitry A. Kazakov
2007-12-10 20:02 ` Exceptions Niklas Holsti
2007-12-11 12:31 ` Exceptions Dmitry A. Kazakov
2007-12-11 13:21 ` Exceptions Niklas Holsti
2007-12-12 0:01 ` Exceptions Randy Brukardt
2007-12-12 11:37 ` Exceptions Niklas Holsti
2007-12-12 13:14 ` Exceptions Dmitry A. Kazakov
2007-12-12 14:37 ` Exceptions Robert A Duff
2007-12-13 19:20 ` Exceptions Randy Brukardt
2007-12-13 20:15 ` Exceptions Robert A Duff
2007-12-12 11:00 ` Exceptions Dmitry A. Kazakov
2007-12-11 2:12 ` Exceptions Randy Brukardt
2007-12-11 15:17 ` Exceptions Robert A Duff
2007-12-12 0:10 ` Exceptions Randy Brukardt
2007-12-13 19:58 ` Exceptions Robert A Duff
2007-12-14 0:53 ` Exceptions Ray Blaak
2007-12-14 2:48 ` Exceptions Randy Brukardt
2007-12-14 6:33 ` Exceptions Ray Blaak
2007-12-08 10:03 ` Exceptions Stephen Leake
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox