From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-0.3 required=5.0 tests=BAYES_00,
	REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4
X-Google-Thread: 103376,61e9062c1f23b9d5
X-Google-Attributes: gid103376,public,usenet
X-Google-Language: ENGLISH,ASCII-7-bit
Path: 
 g2news1.google.com!news2.google.com!border1.nntp.dca.giganews.com!nntp.giganews.com!newsfeed00.sul.t-online.de!t-online.de!storethat.news.telefonica.de!telefonica.de!newsfeed.arcor.de!newsspool2.arcor-online.net!news.arcor.de.POSTED!not-for-mail
From: "Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de>
Subject: Re: contracted exceptions
Newsgroups: comp.lang.ada
User-Agent: 40tude_Dialog/2.0.15.1
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Reply-To: mailbox@dmitry-kazakov.de
Organization: cbb software GmbH
References: <1181165630.012508.55290@i38g2000prf.googlegroups.com>
 <19fxsxv1god43$.1pqq8vgfu2itn$.dlg@40tude.net>
 <ud507n1rt.fsf_-_@STRIPCAPStelus.net> <wccwsye7iky.fsf@shell01.TheWorld.com>
 <Pine.LNX.4.64.0706081752330.21619@th.informatik.uni-mannheim.de>
 <4669BBBB.8040806@obry.net> <f4crj3$n0a$1@jacob-sparre.dk>
 <wccodjp3syg.fsf@shell01.TheWorld.com>
Date: Sat, 9 Jun 2007 20:37:21 +0200
Message-ID: <1svme16jhnvn9$.j4urjfrb9d2i$.dlg@40tude.net>
NNTP-Posting-Date: 09 Jun 2007 20:37:01 CEST
NNTP-Posting-Host: 12967366.newsspool2.arcor-online.net
X-Trace: 
 DXC=U2>=S4`BCEK^B]`=U:WelBA9EHlD;3YcB4Fo<]lROoRA8kF<OcfhCOK=7c;CKOdS8B[6LHn;2LCVN[<mhadbfdUKZ?iSj\9]g4G0i[M;IUZXCD
X-Complaints-To: usenet-abuse@arcor.de
Xref: g2news1.google.com comp.lang.ada:16137
Date: 2007-06-09T20:37:01+02:00
List-Id: <comp.lang.ada>

On Sat, 09 Jun 2007 14:04:23 -0400, Robert A Duff wrote:

> I can think of lots of rules that are not perfect, but are at least
> superior to the existing rule of silently ignoring the exception.
> 
> The simplest would be to terminate the entire program immediately.
> And print an error message on systems where that makes sense.
> Ada has no way to terminate the whole program (i.e. call "exit"),
> but it should.

Terminate the parent task and that should become equivalent to "exit".

> Or just print an error message.
> 
> Or raise Program_Error in the parent task at the point where that task
> awaits its dependents.  Option: abort all the siblings as well.
> 
> Or put the task to sleep, so the parent waits forever (and the
> programmer has to debug a "deadlock").

Maybe a sort of rendezvous on the predefined entry point with the parent
task? When the parent task accepts it, the exception is propagated out of
the point of rendezvous in the parent, while the offending task finally
rests in peace. When the parent task does not have this entry, then it
(with all its children) is terminated. The process continues until
rendezvous accepted or else death of the main task.

> My solution: allow the programmer to declare that certain regions of
> code cannot run out of memory.  The compiler must reserve enough memory
> (and if can't, then raise S_E before entering that region).  Of course,
> what you can do in such a region is implementation dependent.

Contracted exceptions? Let the user declare a subprogram with the contract
of no Storage_Error. Then the compiler checks that code and if it cannot
generate it in a way that would reserve all necessary memory before
entering the body, it would refuse to compile it.

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de