From: "Karel Th�nissen" <thoenissen@garabit.nl>
Subject: Re: and then... (a curiosity)
Date: Thu, 4 Sep 2008 22:06:41 +0200
Date: 2008-09-04T20:06:41+00:00 [thread overview]
Message-ID: <48c03fd1$0$12199$dbd4f001@news.euronet.nl> (raw)
In-Reply-To: Pine.LNX.4.64.0809042139540.26030@medsec1.medien.uni-weimar.de
> On Thu, 4 Sep 2008, stefan-lucks@see-the.signature wrote:
>
>> On Thu, 4 Sep 2008, wrote:
>> > So if I understand you correctly this time, the raising (or not) of an
>> > exception for "if Y/X<000" should in your view depend on the context
>> > where
>> > it is used: [...]
>>
>> No, you misread me again. If you had read some earlier posts from me in
>> this thread, what I am trying to express is that "and" should better do
>> what "and then" actually does. That is it, so simple!
If that /were the only thing you wrote/, then it would indeed be simple. But
in your earlier posting, /and/ a few lines down in the very post I am
replying to now (as a quote from an earlier posting), you write something
different. See few lines further down.
I personally could life with the idea that in Ada, 'and' would have had
conditional formantics (now and-then)and some other operator would have
unconditional formantics (now and). That is just swapping tokens at the
lexical level. Fine. What is your point?
> To be precise, here is a cut-and-paste from what I wrote in another
> posting:
>
> 1. If the A- or the B-part in "if A and B" raises an exception, but the
> other part is false, the "right thing" (TM) to do would be to transfer
> control to the else clause (or below "end if", when there is no else).
> The intermediate result can be viewed as a three-valued logic
> expression, but the final outcome of the Boolean expression must be
> Boolean, of course.
Thank you, there it is.
Contrary to what you write above, this is /not/ the formantics of and-then
in Ada. In Ada, the conditional boolean operators are not symmetric: "A
and-then B" is not equivalent to "A and-then B". So you are proposing
something new in the language beyond the mere choice of lexemes.
The formantics you propose would be an exception handler that does not
discriminate neither for the type of the exception, nor for the side of the
operator where it was raised. The ambiguity of both sides raising an
exception is handled by rule 2 below.
The formantics you propose would execute the else-branch for *any*
exception, not just the divide by zero in the example, but also overflows
and Gods knows what else. A nice place for bugs to hide. It is even worse
than that: if there is no else-branch, then the execution silently continues
after the end-if. Great. Bugs now go completely undetected. The worst
possible thing you could do for high-integrity software.
> 2. If both raise A and B an exception, of if one raises an exception and
> the other one is true, an exception is propagated.
Why not follow your own logic and really use a three-valued logic and
introduce a three-branched if-then-else structure with a third branch for
handling "undefined and undefined" or whatever you call it.
> 3. I would be willing to pragmatically sacrifice mathematical purity for a
> shortcut rule: If A is false, the expression is false, whatever B does.
> If A raises an exception, of if A is true and B raises an exception,
> the exception is propagated.
Congratulations, you just reinvented the and-then in Ada.
> 1. and 2. describe some "ideal" behaviour, but 3. describes what the one
> can realistically expect from the compiler. BTW, the compiler would not
> need to be that incredibly smart. If an exception is raised when
> evaluating a Boolean expression, the exception could be handled inernally,
> to finish evaluating the Boolean expression, and re-raised if neccessary.
1+2 may appear ideal for a mathematician, because of the symmetry it
provides. But we are not doing mathematics. I am a professional software
engineer and I do not want my stupid mistakes, that I do make, caught by
contracts that raise all sorts of violations (program exceptions), go
unnoticed because the exception is silently handled in the else-branche or
not at all if there is no such branche.
Ideal behavior is a fata morgana from lala-land. We have to deal with
fallible developers and machinery.
> ------ Stefan Lucks -- Bauhaus-University Weimar -- Germany ------
> Stefan dot Lucks at uni minus weimar dot de
> ------ I love the taste of Cryptanalysis in the morning! ------
next prev parent reply other threads:[~2008-09-04 20:06 UTC|newest]
Thread overview: 93+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-08-29 21:06 and then... (a curiosity) mockturtle
2008-08-29 21:47 ` Samuel Tardieu
2008-08-30 21:28 ` Maciej Sobczak
2008-08-31 8:28 ` Georg Bauhaus
2008-08-31 23:21 ` Ray Blaak
2008-09-01 8:05 ` Martin Krischik
2008-09-01 17:56 ` Ray Blaak
2008-09-02 6:53 ` Martin Krischik
2008-09-02 14:56 ` Adam Beneschan
2008-09-02 16:28 ` Ray Blaak
2008-09-02 16:26 ` Ray Blaak
2008-09-02 20:50 ` Robert A Duff
2008-09-03 12:35 ` Brian Drummond
2008-09-03 15:56 ` Robert A Duff
2008-09-04 22:09 ` Brian Drummond
2008-09-03 21:01 ` Vinzent Hoefler
2008-09-02 14:50 ` Adam Beneschan
2008-08-29 22:28 ` Adam Beneschan
2008-08-30 1:06 ` Jeffrey R. Carter
2008-08-30 11:21 ` Dmitry A. Kazakov
2008-08-30 15:35 ` Peter C. Chapin
2008-09-02 15:06 ` Adam Beneschan
2008-09-02 3:41 ` Steve
2008-09-02 7:48 ` stefan-lucks
2008-09-02 8:57 ` Martin Krischik
2008-09-02 10:50 ` stefan-lucks
2008-09-02 10:33 ` Ludovic Brenta
2008-09-02 13:32 ` stefan-lucks
2008-09-02 12:53 ` Ludovic Brenta
2008-09-02 17:32 ` Georg Bauhaus
2008-09-03 13:14 ` stefan-lucks
2008-09-03 12:44 ` Dmitry A. Kazakov
2008-09-02 13:39 ` stefan-lucks
2008-09-02 13:40 ` stefan-lucks
2008-09-02 16:48 ` Dmitry A. Kazakov
2008-09-02 17:00 ` Keith Thompson
2008-09-02 19:15 ` Simon Wright
2008-09-02 20:37 ` Robert A Duff
2008-09-02 20:58 ` Jeffrey R. Carter
2008-09-02 21:08 ` Robert A Duff
2008-09-03 12:24 ` Pascal Obry
2008-09-02 22:34 ` Santiago Urueña
2008-09-03 5:56 ` Robert A Duff
2008-09-03 6:55 ` Santiago Urueña
2008-09-03 14:14 ` Adam Beneschan
2008-09-03 0:11 ` Randy Brukardt
2008-09-02 17:20 ` Georg Bauhaus
2008-09-04 1:05 ` Stephen Leake
2008-09-04 6:45 ` stefan-lucks
2008-09-04 7:35 ` Dmitry A. Kazakov
2008-09-04 12:04 ` stefan-lucks
2008-09-04 13:00 ` Dmitry A. Kazakov
2008-09-04 19:05 ` stefan-lucks
2008-09-04 20:28 ` Dmitry A. Kazakov
2008-09-05 6:57 ` stefan-lucks
2008-09-05 6:34 ` Ray Blaak
2008-09-05 14:14 ` Robert A Duff
2008-09-05 15:04 ` Dmitry A. Kazakov
2008-09-07 16:45 ` stefan-lucks
2008-09-05 15:14 ` Hyman Rosen
2008-09-05 15:59 ` Adam Beneschan
2008-09-05 16:10 ` Hyman Rosen
2008-09-07 16:36 ` stefan-lucks
2008-09-07 16:08 ` Gautier
2008-09-04 7:39 ` Karel Th�nissen
2008-09-04 12:12 ` stefan-lucks
2008-09-04 15:13 ` Georg Bauhaus
2008-09-04 15:16 ` Karel Th�nissen
2008-09-04 15:42 ` Dmitry A. Kazakov
2008-09-04 19:27 ` stefan-lucks
2008-09-04 19:43 ` stefan-lucks
2008-09-04 19:40 ` Georg Bauhaus
2008-09-05 7:00 ` stefan-lucks
2008-09-05 6:35 ` Ray Blaak
2008-09-04 20:06 ` Karel Th�nissen [this message]
2008-09-05 7:44 ` stefan-lucks
2008-09-05 6:41 ` Vinzent Hoefler
2008-09-04 20:09 ` Karel Th�nissen
2008-09-05 7:25 ` stefan-lucks
2008-09-05 6:37 ` Ray Blaak
2008-09-05 8:20 ` stefan-lucks
2008-09-05 13:57 ` Robert A Duff
2008-09-04 16:33 ` Dmitry A. Kazakov
2008-09-04 19:31 ` stefan-lucks
2008-09-04 19:59 ` Karel Th�nissen
2008-09-05 7:27 ` stefan-lucks
2008-09-05 8:38 ` Ludovic Brenta
2008-09-04 20:17 ` Dmitry A. Kazakov
2008-09-05 13:26 ` Robert A Duff
2008-09-05 13:49 ` Robert A Duff
2008-09-03 1:24 ` Stephen Leake
2008-09-03 3:31 ` tmoran
2008-09-03 13:22 ` stefan-lucks
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox