From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Thread: 103376,64f0fb07a88662b1 X-Google-Attributes: gid103376,public X-Google-Language: ENGLISH,ASCII-7-bit Path: g2news1.google.com!news3.google.com!news.glorb.com!border1.nntp.dca.giganews.com!nntp.giganews.com!local01.nntp.dca.giganews.com!nntp.megapath.net!news.megapath.net.POSTED!not-for-mail NNTP-Posting-Date: Mon, 04 Apr 2005 00:28:46 -0500 From: "Randy Brukardt" Newsgroups: comp.lang.ada References: Subject: Re: Contract checking in Ada Date: Mon, 4 Apr 2005 00:31:07 -0500 X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 5.50.4927.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4927.1200 Message-ID: <2cadnfoO4eMTTc3fRVn-hA@megapath.net> NNTP-Posting-Host: 64.32.209.38 X-Trace: sv3-n27YlexYvBHfXQbPV6ZK+JGQuVAokDVvWB3JdcFIPTfuBlcZtiKrZiIC+3aUj5FvSgAUu4sF2k0OfMA!ObUGtvo84yZW4jFTKY+2vZa19eCGVwTtskefbgeKRc/NZvjOLsvr2YxzPpnkULBzsGw7g90IJ1Vj X-Complaints-To: abuse@megapath.net X-DMCA-Complaints-To: abuse@megapath.net X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your complaint properly X-Postfilter: 1.3.32 Xref: g2news1.google.com comp.lang.ada:10270 Date: 2005-04-04T00:31:07-05:00 List-Id: "Hyman Rosen" wrote in message news:XcY3e.953$7b.886@trndny02... > Randy Brukardt wrote: > > The problem is that assertions of all stripes (like runtime checks) detect > > unanticipated conditions before much damage is done. And no one antipicates > > (and thus tests) every possible issue. > > But in detecting those unanticipated conditions, they do maximum damage. > We've had this discussion before. If some operation raises Constraint > Error or Program Error, or fails some other assertion, the action usually > taken is to abort the program. That can mean losing unsaved work, or just > rendering a program unusable where it might otherwise muddle through and > continue working even thiugh it has done something illegal. Only if the program designer hasn't taken steps to do something useful on unanticipated conditions. And if they haven't done so, that usually suggests shoddy design. Our web and mail programs trap unexpected exceptions, log them, and reset the program to continue running. Our spam filter traps the message for hand-analysis. None of them "abort the program". OTOH, our Ada compiler does let unhandled exceptions abort the program. That seems like a better choice than generating garbage code. There have been a couple instances of failures happening because of broken assertions, but the vast majority have been real problems. Had the compiler gone ahead and generated something, it might has worked -- for a while. Or it might have done something weird that would have cost everyone lots of debugging time. I'd rather get my errors up front. There might be some programs that "muddle through" OK, but I haven't seen or used many of them. The muddling through in the bookeeping software I used probably caused the data file to get corrupted, which made me spend most of a day reentering stuff. I would rather have had a clean crash... It is necessary to decide what to do with unantipated conditions, but that's an important part of application design. When it is not done, you get security holes and corrupted data files that could easily have been prevented. Randy.