Re: Strategies with SPARK which does not support exceptions

["Peter C. Chapin" <pcc482719@gmail.com>]

Pascal Obry wrote:

> There is no exception, so not error to check... I don't see the point of
> the Ok variable.
> 
> I'm probably missing something, can you clarify?

I think what Yannick is talking about is something like this:

-- Full Ada:
procedure Complicated_Operation(X : in Some_Type);
  -- Raises Operation_Failed if there is an error.

-- SPARK:
procedure Complicated_Operation(X : in Some_Type; Ok : out Boolean);
  -- Writes True into 'Ok' if successful, otherwise False.

Now instead of having a nice exception handler you have to do things like

Complicated_Operation(Argument, Success);
if not Success then
  -- Deal with failure here.
else
  -- Continue with the program here.
end if;

Of course this gets a bit ugly if you do lots of operations that might fail.

One thing I've done is something like this

--SPARK:
procedure Complicated_Operation(X : in Some_Type; Ok : in out Boolean);
  -- Writes False into 'Ok' if failed; otherwise no change to 'Ok'.

Now I can do

Ok : Boolean := True;
...
Complicated_Operation(Argument_1, Ok);
Complicated_Operation(Argument_2, Ok);
Complicated_Operation(Argument_3, Ok);
if not Ok then
  -- A failure occurred somewhere above.
end if;

Of course this only works if it's acceptable to continue the program after a
failure of one of the earlier operations. Obviously that's not always going
to be the case.

Peter