From: Ludovic Brenta <ludovic@ludovic-brenta.org>
Subject: Re: Ensuring postconditions in the face of exceptions
Date: Mon, 15 Mar 2010 02:14:44 -0700 (PDT)
Date: 2010-03-15T02:14:44-07:00 [thread overview]
Message-ID: <3782da9f-3f92-455e-ac1c-7cab721fc4df@d2g2000yqa.googlegroups.com> (raw)
In-Reply-To: 5f3f45c6-0202-4a67-8517-182afaf7dceb@c16g2000yqd.googlegroups.com
Alex Mentis wrote on comp.lang.ada:
> Well, I'm not sure I'm suggesting you raise extra exceptions, just
> handle them in the calling subprogram instead of the called
> subprogram. You're already re-raising the exception with the called
> subprogram exception handler:
The problem with that approach is that the processing of the Dirty
flag is no longer localized in the Refresh procedure which, in fact,
might as well disappear altogether; instead, each caller of Refresh
(or Visit) must now remember to handle exceptions and reset Dirty to
True accordingly.
So let me summarize the various suggestions so far:
(1) pass Dirty as "access" instead of "in out": works but, as you
nicely put it, "One of the nice things about Ada over other languages
is that you generally shouldn't
have to worry about whether a parameter is copy-by-value or copy-by-
reference."
(2) pass Dirty encapsulated in a limited record: also works but this
is even worse (IMHO) than "access" because it obscures the purpose of
the limited record type. I'd have to have 10 lines of comments just to
explain why there is a limited record type containing a single Boolean
component.
(3) make Dirty part of the object type T: the flag is necessary in
only one of the places where T is used; also T is serialized in
several places, so changing it is not a good idea.
(4) handle the exception in the caller: there is no longer a central
place for handling the Dirty flag therefore future maintenance is
harder. As a side effect, the procedure Refresh loses most of its
purpose, so might as well disappear.
I came up with (5): place both Dirty and the Object to be visited in a
record type and pass an access value to that record. This is a
variation of (1); it is still ugly (IMHO) but the record type and the
access-to-record type already existed so the change to the code base
was minimal. Since, however, the existing record type contains many
other things besides the Object and Dirty flag, the procedure Refresh
receives much more information than it really needs, which might break
encapsulation.
All in all, no solution so far is as elegant as I would have liked but
thanks anyway for the various suggestions. I think that (1) is still
the least ugly though.
--
Ludovic Brenta.
next prev parent reply other threads:[~2010-03-15 9:14 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-03-12 9:13 Ensuring postconditions in the face of exceptions Ludovic Brenta
2010-03-12 9:24 ` Ludovic Brenta
2010-03-12 9:29 ` Niklas Holsti
2010-03-12 11:08 ` Ludovic Brenta
2010-03-12 14:00 ` Jeffrey R. Carter
2010-03-13 3:15 ` Randy Brukardt
2010-03-13 15:14 ` Robert A Duff
2010-03-16 3:13 ` Randy Brukardt
2010-03-16 15:18 ` Robert A Duff
2010-03-16 19:00 ` Adam Beneschan
2010-03-16 20:04 ` Robert A Duff
2010-03-16 23:23 ` Randy Brukardt
2010-03-13 17:34 ` Jeffrey R. Carter
2010-03-13 7:54 ` Stephen Leake
[not found] ` <ruqub2y84rqj.179q01lxzgatj$.dlg@40tude.net>
2010-03-13 19:33 ` Georg Bauhaus
2010-03-14 14:05 ` Alex Mentis
2010-03-14 14:21 ` Ludovic Brenta
2010-03-14 15:12 ` Alex Mentis
2010-03-15 9:14 ` Ludovic Brenta [this message]
2010-03-15 11:05 ` cjpsimon
2010-03-15 13:04 ` Ludovic Brenta
2010-03-15 14:16 ` J-P. Rosen
2010-03-15 19:14 ` Jeffrey R. Carter
2010-03-16 19:25 ` Robert Matthews
2010-03-14 15:38 ` Robert A Duff
2010-03-15 8:54 ` Ludovic Brenta
2010-03-15 16:44 ` Robert A Duff
2010-03-15 17:33 ` Ludovic Brenta
2010-03-15 18:36 ` Robert A Duff
2010-03-14 18:57 ` Jeffrey R. Carter
2010-03-15 8:56 ` Ludovic Brenta
2010-03-15 11:04 ` AdaMagica
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox