From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: fac41,f66d11aeda114c52 X-Google-Attributes: gidfac41,public X-Google-Thread: 103376,f66d11aeda114c52 X-Google-Attributes: gid103376,public From: "Mark L. Fussell" Subject: Re: Building blocks (Was: Design By Contract) Date: 1997/09/19 Message-ID: <34228047.65E8@chimu.com>#1/1 X-Deja-AN: 273806860 References: <5v34m5$pl9$1@trumpet.uni-mannheim.de> <34215E3D.77AE@gsfc.nasa.gov> <3421E190.49CC@chimu.com> <11861963wnr@eiffel.demon.co.uk> X-Trace: 874676252 13742 (none) 206.86.0.12 Organization: ChiMu Corporation Newsgroups: comp.lang.eiffel,comp.lang.ada Date: 1997-09-19T00:00:00+00:00 List-Id: The following extracts salient thread pieces from Paul Johnson, Stephen Leake, Roger Browne, and myself. > > Paul Johnson wrote: > > > Ada allows the programmer to quietly ignore an exception and pretend > > > that a routine succeeded when in fact it failed. This is wrong. Mark L. Fussell writes: [SNIPPED Eiffel Equivalent of Ada Exception] > > The functionality [of the Eiffel version] > > is identical to the Ada version, so it likewise > > "pretends to succeed when in fact it failed". The important thing to > > Bertrand Meyer [from my understanding] is that ONLY the main body can > > exit a routine without exception... Roger Browne wrote: > ..and therefore it must meet the postcondition of that routine, else > it triggers a further exception (a "routine failure" exception). > > So, to the extent that the contract can be coded into the postcondition, > this example does not "pretend to succeed when in fact it failed". And the Ada and Eiffel examples are equivalent from the caller's point of view: exactly the same state was reached when the routine returns. So we have refuted the concept that Ada routines are "flawed" and can 'pretend to succeed' (via "ignoring" exceptions) where Eiffel routines can not. Either both succeeded or both failed. Either both can pretend to succeed (by not throwing an exception when the contract is not fulfilled) or neither can. Two differences are (1) Eiffel has postconditions and could better (automatically) recognize failure which would reduce 'pretending'. And (2) the feel of the code is different, possibly leading to focusing more on fulfilling the contract and recognizing when you can not. These may be good (even superior) things in Eiffel but they don't make Ada's exception mechanism "wrong" or flawed. --Mark mark.fussell@chimu.com i ChiMu Corporation Architectures for Information h M info@chimu.com Object-Oriented Information Systems C u www.chimu.com Architecture, Frameworks, and Mentoring