From: Joachim Durchholz <joachim.durchholz@munich.netsurf.de>
Subject: Re: Building blocks (Was: Design By Contract)
Date: 1997/09/23
Date: 1997-09-23T00:00:00+00:00 [thread overview]
Message-ID: <342801C8.3E313F86@munich.netsurf.de> (raw)
In-Reply-To: mheaney-ya023680002209971930310001@news.ni.net
Matthew Heaney wrote:
>
> In article <3423BE13.9C3852A4@munich.netsurf.de>, Joachim Durchholz
> <joachim.durchholz@munich.netsurf.de> wrote:
>
> I don't understand what you mean by "resume execution at the point
> where
> the execution [exception?] occurred," because Ada does NOT resume
^ yes that's what I meant
> execution
> at the point of the exception. Rather, normal execution is abandoned,
> and
> control passes to the exception handler.
Sorry, I take that point back. There was a mental mix-up involved.
> You are correct in stating that the exception handler can't know at
> which
> point the exception occured, but only if there is a "large" amount of
> program text covered by a handler, and there is more the one place
> where
> the exception can occur. The solution in this case is to localize
> handling
> of the exception, so that it isn't ambiguous:
Agreed.
> >Though Ada has no formal connection to postconditions, so it doesn't
> >offer us guidelines what to do about an exception.
>
> While it's true that Ada syntax does not include a mechanism of
> specifying
> which exceptions can be raised by a subprogram, I wouldn't say that
> there
> are "no guidelines" for what to do about an exception. You simply
> state -
> in the form of a comment - which exceptions can be raised by a
> subprogram,
> and handle them as appropriate.
Hmm... that's exactly what I mean. I'm sure your shop has conventions on
what form these comments should take, but other shops might have
different forms. So you have to train every new programmer to write the
"right" comments. So you can't sell a database that collects the
exception information. There are *many* advantages to have a fixed
syntactical place to place the postconditions.
> >What's disciplined about Eiffel exceptions is not the retry
> instruction,
> >which is somewhat secondary. The discipline of exception handling in
> >Eiffel has other sources:
> >- A precise definition of what an exception indicates (namely a
> routine
> >that fails to fulfill its postcondition - other languages, lacking
> the
> >notion of postcondition, can't even start to compete)
>
> This statement confuses syntax with semantics.
Huh?
A postcondition has a very real semantics in Eiffel. The syntax is just
that - syntax that's necessary to indicate the compiler what these
boolean expressions are about.
[Stuff on not formalizing the set of possible exceptions for Ada
snipped.]
> It is clearly
> not the
> case that Ada - or any other language - "lacks a notion of
> postcondition."
Oh yes it does. In the same way as assembler lacks the notion of
parameter type - yes you can emulate it by heavy commenting and adhering
to informal guidelines, but then the notion is not implemented in the
language, it is implemented in the programming organization around that
language.
> Of course, there's nothing to prevent a programmer from failing to
> fulfill
> his postcondition, or from raising exceptions he hasn't advertised,
> just as
> there is no way to prevent a programmer from returning the value of
> the
> cosine from a function called Sin. But this is a programmer problem,
> not
> an Ada problem.
Yup. And nothing will prevent an Eiffel programmer from doing the same.
However, such errors are more obtrusive in an Eiffel class. Eiffel
routines are typically very short, so a mismatch between a routine body
and its postcondition is often obvious at the first casual glance. (Of
course most programmers will see that even before writing the bug, so
not many bugs of this type manifest themselves to begin with.)
> >- A strict guideline when to raise an exception explicitly: if
> something
> >uncontrollable happens that makes fulfilling a postcondition
> >imnpossible. Such uncontrollable events are: actions by concurrent
> >threads, bugs, unhandled exceptions in called routines, and
> algorithms
> >where controlling the problems is nearly as expensive as just trying
> >(like in matrix inversion, where determining wether a matrix is
> >invertible takes nearly as long as just starting the inversion and
> >aborting if a division by zero occurs).
>
> This is the same guideline one uses in Ada.
It's the guideline that *should* be used in Ada. But I'd bet it isn't
always followed - with pressing deadlines and less-than-perfect
programmers in the shop, you can't be sure that your company's
guidelines will always be followed to the letter or (more importantly)
in spirit.
In Eiffel, letter and spirit are the same, and the policy is already
enforced by the compiler.
Regards,
Joachim
--
Please don't send unsolicited ads.
next prev parent reply other threads:[~1997-09-23 0:00 UTC|newest]
Thread overview: 74+ messages / expand[flat|nested] mbox.gz Atom feed top
1997-09-09 0:00 Building blocks (Was: Design By Contract) Marc Wachowitz
1997-09-15 0:00 ` Joachim Durchholz
1997-09-17 0:00 ` Paul Johnson
1997-09-18 0:00 ` Robert Dewar
1997-09-18 0:00 ` Stephen Leake
1997-09-18 0:00 ` Mark L. Fussell
1997-09-19 0:00 ` Robert A Duff
1997-09-20 0:00 ` Joachim Durchholz
1997-09-22 0:00 ` Matthew Heaney
1997-09-23 0:00 ` Veli-Pekka Nousiainen
1997-10-03 0:00 ` Robert I. Eachus
1997-10-04 0:00 ` Paul Johnson
1997-10-14 0:00 ` Robert I. Eachus
1997-09-23 0:00 ` Joachim Durchholz [this message]
1997-09-23 0:00 ` Jon S Anthony
1997-09-24 0:00 ` Alan E & Carmel J Brain
1997-09-25 0:00 ` Anonymous
1997-09-30 0:00 ` Alan E & Carmel J Brain
1997-09-30 0:00 ` Matthew Heaney
1997-09-30 0:00 ` W. Wesley Groleau x4923
1997-09-30 0:00 ` Matthew Heaney
1997-10-01 0:00 ` Alan E & Carmel J Brain
1997-09-30 0:00 ` Neil Wilson
1997-09-30 0:00 ` Stephen Leake
1997-10-01 0:00 ` Anonymous
1997-10-01 0:00 ` Paul M Gover
1997-10-04 0:00 ` Paul Johnson
1997-10-04 0:00 ` Matthew Heaney
1997-10-15 0:00 ` Paul Johnson
1997-10-15 0:00 ` Matthew Heaney
1997-10-16 0:00 ` Joachim Durchholz
1997-10-17 0:00 ` Robert I. Eachus
1997-10-16 0:00 ` Joachim Durchholz
1997-10-22 0:00 ` Reimer Behrends
1997-10-01 0:00 ` Joachim Durchholz
1997-10-02 0:00 ` Robert A Duff
1997-10-02 0:00 ` Tucker Taft
1997-10-02 0:00 ` Matthew Heaney
1997-10-03 0:00 ` Stephen Leake
1997-10-04 0:00 ` Matthew Heaney
1997-10-07 0:00 ` Robert A Duff
1997-09-24 0:00 ` Richard A. O'Keefe
[not found] ` <11861963wnr@eiffel.demon.co.uk>
1997-09-19 0:00 ` Mark L. Fussell
1997-09-19 0:00 ` Jon S Anthony
1997-09-23 0:00 ` Mark L. Fussell
1997-09-18 0:00 ` W. Wesley Groleau x4923
1997-09-21 0:00 ` Matthew Heaney
1997-09-18 0:00 ` Jon S Anthony
-- strict thread matches above, loose matches on Subject: below --
1997-09-11 0:00 Robert Dewar
1997-09-09 0:00 Marc Wachowitz
1997-09-02 0:00 Design By Contract Jon S Anthony
[not found] ` <JSA.97Sep3201329@alexandria.organon.com>
1997-09-04 0:00 ` Paul Johnson
[not found] ` <5un58u$9ih$1@gonzo.sun3.iaf.nl>
1997-09-06 0:00 ` Building blocks (Was: Design By Contract) Joachim Durchholz
1997-09-08 0:00 ` Paul Johnson
1997-09-08 0:00 ` Brian Rogoff
1997-09-09 0:00 ` W. Wesley Groleau x4923
1997-09-09 0:00 ` Matthew Heaney
1997-09-09 0:00 ` Brian Rogoff
1997-09-09 0:00 ` W. Wesley Groleau x4923
1997-09-10 0:00 ` Robert A Duff
1997-09-12 0:00 ` Jon S Anthony
1997-09-10 0:00 ` Paul Johnson
1997-09-10 0:00 ` Matthew Heaney
1997-09-10 0:00 ` Darren New
1997-09-10 0:00 ` Robert Dewar
1997-09-12 0:00 ` Paul Johnson
1997-09-14 0:00 ` Robert Dewar
1997-09-14 0:00 ` Robert Dewar
1997-09-15 0:00 ` John G. Volan
1997-09-14 0:00 ` Robert Dewar
1997-09-12 0:00 ` Jon S Anthony
1997-09-12 0:00 ` Robert Dewar
1997-09-16 0:00 ` Brian Rogoff
1997-09-09 0:00 ` Veli-Pekka Nousiainen
1997-09-09 0:00 ` Veli-Pekka Nousiainen
1997-09-09 0:00 ` Jon S Anthony
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox