From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID
	autolearn=no autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: fac41,f66d11aeda114c52
X-Google-Attributes: gidfac41,public
X-Google-Thread: 103376,f66d11aeda114c52
X-Google-Attributes: gid103376,public
From: dnew@zloty.fv.com (Darren New)
Subject: Re: Building blocks (Was: Design By Contract)
Date: 1997/09/10
Message-ID: <5v6ugr$l5h@newshub.atmnet.net>#1/1
X-Deja-AN: 271389697
References: <JSA.97Sep2182406@alexandria.organon.com>
 <Pine.SGI.3.95.970908193446.11288B-100000@shellx.best.com>
 <mheaney-ya023680000909970121270001@news.ni.net>
 <5v5l26$h62$3@miranda.gmrc.gecm.com>
Organization: FIRST VIRTUAL Holdings Inc.
Newsgroups: comp.lang.ada,comp.lang.eiffel
Date: 1997-09-10T00:00:00+00:00
List-Id: <comp.lang.ada>


>Note that there is no third option.  Also note that the following are
>forbidden:
>
>* Silent failure.  If the server cannot fulfil its contract then it *must*
>  raise an exception.
>
>* Exceptions as normal control structure.  An exception indicates that
>  something has gone wrong: things are not working as intended. 

Elaborating: Actually, I think the theoretical basis for the exceptions
are that you cannot catch an exception and continue on. For example,
if your calling code says

  x := him.blah(y)
  fooble(x)

then if him.blah has a postcondition that Result>0, fooble can rely
on getting an argument whose value is > 0.  If him.blah fails to
return the value that meets the postcondition, an exception is raised
and passed to the caller. Hence, it is *impossible* to call fooble
here with a negative value for x.  There is no equivalent of
  try { x := him.blah(y) } catch (...) { /* do nothing */ }
  fooble(x)

If every line of code does not fulfill its postconditions, it's impossible
to execute the following line. And *that* I believe is what makes
the exception mechanism helpful in reasoning about your code.

Of course, it's also helpful that you do not have to catch errors in
the wrong place.  I very much dislike the Java mechanism when I try
to implement an interface that does not throw IOException (for example)
and I'm doing IO, so I have to figure out what the client is likely
to want in terms of error handling, making reuse difficult. There are
ways around it, but it's kludgey.
  -- Darren