From: "Peter C. Chapin" <pchapin@sover.net>
Subject: Re: Exceptions
Date: Sun, 09 Dec 2007 07:40:45 -0500
Date: 2007-12-09T07:40:45-05:00 [thread overview]
Message-ID: <475be24c$0$30661$4d3efbfe@news.sover.net> (raw)
In-Reply-To: <1qbsb1u76vyrk.3n8oov6aevw3$.dlg@40tude.net>
Dmitry A. Kazakov wrote:
>> if Has_Acceptable_Value(X) then
>> P1(X);
>> end if;
>>
>> What if Has_Acceptable_Value(X) returns true if X is prime... or a
>> positive power of two? I don't believe you can use Ada subtypes to
>> express conditions like that---or indeed many other possibilities.
>
> Yes, but it that case very design of P1 is in question. Why the set of
> values where P1 is defined does not constitute some semantically integral
> body (like a subtype)?
Well, my example above is a bit contrived. Let's consider a couple of
more realistic examples:
1. X is a string. Has_Acceptable_Value returns true if X is the name
field of some record in a database. The procedure P1 executes some
string handling algorithm that happens to not be meaningful for empty
strings. Thus P1 raises an exception if given such a string. Yet, due to
database constraints (let's say), any X that causes Has_Acceptable_Value
to return true won't be empty so the exception never arises.
2. X is an abstract type representing an XML document.
Has_Acceptable_Value returns true if X is valid according to its
declared schema. P1 does some XML processing but it assumes the document
given to it is well formed and raises exceptions if that is not the
case. Since valid documents are also well formed, those exceptions won't
occur once Has_Acceptable_Value has signed off on X. Indeed, this is one
of the main reasons why validating documents before processing them is
desirable: it simplifies later error handling.
If I understand what you are saying, one would need to define a subtype
of strings that contains all strings but the empty string (for #1) or a
subtype of my abstract type that contains all valid XML documents (for
#2). Can those things be expressed using Ada subtypes? I suppose it
could be done using type derivation, but is invoking that machinery
really better than just ignoring the possibility that P1 will raise and
letting any unexpected exceptions propagate in the usual way?
The issue is particularly acute when there is an else clause on the if.
if Is_Valid_XML(X) then
Process_Document(X);
else
Log_Bad_Document(X);
end if;
Suppose the above is inside a loop that runs over a collection of
documents. Do we really want to include a handler for
Not_Well_Formed_Exception in this procedure just because the contract on
Process_Document says it might raise such an exception? Do we really
want to claim that we propagate that exception when we clearly don't?
You might say that in a careful program (for example in a high integrity
program) unexpected exceptions should not be treated in such a cavalier
manner. I would agree with that. The question is should the language
attempt to force that degree of care on all programs? It's a balance
between usability and safety. As with all things related to security,
overly aggressive policies can backfire when people feel the need to do
silly things to work around them. I suppose at the end of the day it's
really just a matter of taste... which is what makes debates like this
possible. :-)
Peter
next prev parent reply other threads:[~2007-12-09 12:40 UTC|newest]
Thread overview: 100+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-12-06 15:00 Exceptions shaunpatterson
2007-12-06 21:24 ` Exceptions tmoran
2007-12-07 8:54 ` Exceptions Dmitry A. Kazakov
2007-12-07 10:21 ` Exceptions Georg Bauhaus
2007-12-07 15:11 ` Exceptions shaunpatterson
2007-12-07 16:08 ` Exceptions Gautier
2007-12-07 18:56 ` Exceptions Simon Wright
2007-12-08 10:04 ` Exceptions Stephen Leake
2007-12-08 3:30 ` Exceptions Randy Brukardt
2007-12-08 10:09 ` Contracted exceptions for Ada (was: Exceptions) Dmitry A. Kazakov
2007-12-09 10:22 ` Contracted exceptions for Ada Stephen Leake
2007-12-09 11:02 ` Dmitry A. Kazakov
2007-12-11 8:10 ` Stephen Leake
2007-12-11 10:36 ` Dmitry A. Kazakov
2007-12-09 15:11 ` Contracted exceptions for Ada (was: Exceptions) Martin Krischik
2007-12-09 17:36 ` Contracted exceptions for Ada Dmitry A. Kazakov
2007-12-09 18:39 ` Simon Wright
2007-12-10 8:19 ` Dmitry A. Kazakov
2007-12-10 20:25 ` Simon Wright
2007-12-11 8:50 ` Dmitry A. Kazakov
2007-12-11 20:50 ` Simon Wright
2007-12-12 10:20 ` Dmitry A. Kazakov
2007-12-09 19:04 ` Martin Krischik
2007-12-10 8:20 ` Dmitry A. Kazakov
2007-12-09 22:09 ` Robert A Duff
2007-12-10 7:09 ` Stefan Lucks
2007-12-10 16:57 ` Robert A Duff
2007-12-11 1:53 ` Contracted exceptions for Ada (was: Exceptions) Randy Brukardt
2007-12-11 9:16 ` Contracted exceptions for Ada Dmitry A. Kazakov
2007-12-12 0:26 ` Randy Brukardt
2007-12-08 12:26 ` Exceptions Peter C. Chapin
2007-12-08 14:01 ` Exceptions Dmitry A. Kazakov
2007-12-08 18:01 ` Exceptions Peter C. Chapin
2007-12-09 10:06 ` Exceptions Dmitry A. Kazakov
2007-12-09 12:40 ` Peter C. Chapin [this message]
2007-12-09 14:31 ` Exceptions Dmitry A. Kazakov
2007-12-09 16:38 ` Exceptions Peter C. Chapin
2007-12-10 8:31 ` Exceptions Dmitry A. Kazakov
2007-12-09 21:56 ` Exceptions Robert A Duff
2007-12-09 10:24 ` Exceptions Stephen Leake
2007-12-09 12:46 ` Exceptions Peter C. Chapin
2007-12-09 21:39 ` Exceptions Robert A Duff
2007-12-09 22:13 ` Exceptions Georg Bauhaus
2007-12-11 8:07 ` Exceptions Stephen Leake
2007-12-11 20:28 ` Exceptions Simon Wright
2007-12-12 22:10 ` Exceptions Maciej Sobczak
2007-12-13 13:40 ` Exceptions Robert A Duff
2007-12-13 14:00 ` Exceptions Maciej Sobczak
2007-12-13 14:44 ` Exceptions Robert A Duff
2007-12-14 0:46 ` Exceptions Ray Blaak
2007-12-14 2:36 ` Exceptions Randy Brukardt
2007-12-14 6:21 ` Exceptions Ray Blaak
2007-12-14 12:40 ` Exceptions Georg Bauhaus
2007-12-14 17:29 ` Exceptions Robert A Duff
2007-12-14 19:32 ` Exceptions Dmitry A. Kazakov
2007-12-15 5:29 ` Exceptions Ray Blaak
2007-12-13 19:29 ` Exceptions Randy Brukardt
2007-12-12 19:18 ` Exceptions Martin Krischik
2007-12-13 13:27 ` Exceptions Robert A Duff
2007-12-13 23:25 ` Exceptions Ray Blaak
2007-12-06 21:25 ` Exceptions Gautier
2007-12-07 4:29 ` Exceptions anon
2007-12-07 4:43 ` Exceptions, part 2 anon
2007-12-07 16:55 ` Exceptions Adam Beneschan
2007-12-07 18:59 ` Exceptions Simon Wright
2007-12-08 0:38 ` Exceptions Adam Beneschan
2007-12-09 21:45 ` Exceptions Robert A Duff
2007-12-09 22:40 ` Exceptions Georg Bauhaus
2007-12-10 8:22 ` Exceptions Dmitry A. Kazakov
2007-12-10 9:20 ` Exceptions Georg Bauhaus
2007-12-10 9:30 ` Exceptions Georg Bauhaus
2007-12-10 10:56 ` Exceptions Dmitry A. Kazakov
2007-12-11 2:18 ` Exceptions Randy Brukardt
2007-12-11 8:19 ` Exceptions Georg Bauhaus
2007-12-11 11:55 ` Exceptions Dmitry A. Kazakov
2007-12-11 16:13 ` Exceptions Georg Bauhaus
2007-12-12 11:18 ` Exceptions Dmitry A. Kazakov
2007-12-10 12:09 ` Exceptions Niklas Holsti
2007-12-10 13:08 ` Exceptions Dmitry A. Kazakov
2007-12-10 20:02 ` Exceptions Niklas Holsti
2007-12-11 12:31 ` Exceptions Dmitry A. Kazakov
2007-12-11 13:21 ` Exceptions Niklas Holsti
2007-12-12 0:01 ` Exceptions Randy Brukardt
2007-12-12 11:37 ` Exceptions Niklas Holsti
2007-12-12 13:14 ` Exceptions Dmitry A. Kazakov
2007-12-12 14:37 ` Exceptions Robert A Duff
2007-12-13 19:20 ` Exceptions Randy Brukardt
2007-12-13 20:15 ` Exceptions Robert A Duff
2007-12-12 11:00 ` Exceptions Dmitry A. Kazakov
2007-12-11 2:12 ` Exceptions Randy Brukardt
2007-12-11 15:17 ` Exceptions Robert A Duff
2007-12-12 0:10 ` Exceptions Randy Brukardt
2007-12-13 19:58 ` Exceptions Robert A Duff
2007-12-14 0:53 ` Exceptions Ray Blaak
2007-12-14 2:48 ` Exceptions Randy Brukardt
2007-12-14 6:33 ` Exceptions Ray Blaak
2007-12-08 10:03 ` Exceptions Stephen Leake
-- strict thread matches above, loose matches on Subject: below --
1991-03-06 17:24 Exceptions David Erickson
1991-03-06 21:21 ` Exceptions Jerry Callen
1989-06-23 21:57 Exceptions howell
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox