From: "Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de>
Subject: Contracted exceptions for Ada (was: Exceptions)
Date: Sat, 8 Dec 2007 11:09:28 +0100
Date: 2007-12-08T11:09:29+01:00 [thread overview]
Message-ID: <7m9wkymyi5h7.1235e72is9mp9.dlg@40tude.net> (raw)
In-Reply-To: fjd2t9$hkg$1@jacob-sparre.dk
On Fri, 7 Dec 2007 21:30:05 -0600, Randy Brukardt wrote:
> "Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de> wrote in message
> news:uvkiadiwrfh2.wi288ebeq18y.dlg@40tude.net...
> ...
>> When "a way to force" reads "exceptions contract", then the answer is no,
>> there is no way, alas.
>
> The ARG has discussed "exception contracts" a couple of times, but there
> didn't seem that there was enough interest. The problem was mainly that they
> simply don't look very valuable
My observation is that a big deal of debugging Ada code is about tracing
down unexpected exceptions. I cannot give any figures, but it is extremely
frequent that a bug manifests itself as an exception propagation. Typically
Constraint_Error propagates where you didn't expect it. So the temptation
is to catch most of such things at compile time.
(Maybe a wild guess, but this could save Ariane V. A program assumed
Constraint_Error exception free was recompiled for the hardware where that
was not the case.)
> (for Ada, I'm not going to comment on other
> languages) when the details are looked at, and they'd be fairly complex to
> define. The biggest issue is compatibility, of course (since Ada has had
> exceptions from the beginning, and never has had contracts, they'd have to
> be optional - but it's not clear if optional contracts are worth much).
I don't see a problem here. Legacy code will have an implied exception
contract stating that anything may propagate out.
> Another one is what to do if a contract is violated. The obvious answer of
> raising Program_Error doesn't do anything other than lose information about
> an exception, so that isn't very satisfying.
Yes, in my view exception contracts have to be static. (It makes no sense
to have run-time exception contracts. As well as any other contracts, there
is no any authority body to judge contract violations at run-time.)
> (Static detection of contract
> violations isn't possible in general because the contracts have to be
> optional.)
It is not optional it is "any exception may propagate."
> And then there is the problem of predefined exceptions like
> Storage_Error -- every routine *can* raise Storage_Error, although few
> *expect* to do so (if they don't allocate memory). Does that have to be
> included in every contract?
That's up to the programmer's choice. If he chooses to contract
Storage_Error as non-propagating, then be it so.
I think there exist ways to provide much better control over Storage_Error
than we have and without distributed overhead. The contract on
Storage_Error would be conditional. That is - the subroutine Foo does not
raise Storage_Error if there is N1..Nn bytes of free space in the storage
pools P1..Pn. Such contracts are conservatively checkable. Of course, the
actual pool states themselves will never be checked at run-time (following
the principle above).
In extraordinary cases the programmer should have a option to give his word
that a subprogram or a part of require no more than N bytes. That would be
an "unchecked Storage_Error contract", by analogy to Unchecked_Conversion:
function Recursive (...) return ... is
-- I give my word that Recursive uses only 10K of stack
begin
if ... then
return Recursive (...);
else
return ...;
end if;
end Recursive;
> If so, that's ugly, and if not, the oddity of
> not quite a contract is unpleasant. And there are more issues: the
> maintenance cascade when an exception is added or removed;
No problem. Exception contracts should be inheritable. File open would say
"I raise this and that and also anything disk driver does." (I remember
Robert Duff proposed that once.)
> what about
> call-back routines (think Process in the Containers library); and so on.
Conditional contracts: container's Forall is exception E free if Process
is.
> I'm sure that something could be worked out, but it seemed like there were
> more valuable things to do.
Like multiple dispatch? (:-))
--
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de
next prev parent reply other threads:[~2007-12-08 10:09 UTC|newest]
Thread overview: 97+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-12-06 15:00 Exceptions shaunpatterson
2007-12-06 21:24 ` Exceptions tmoran
2007-12-07 8:54 ` Exceptions Dmitry A. Kazakov
2007-12-07 10:21 ` Exceptions Georg Bauhaus
2007-12-07 15:11 ` Exceptions shaunpatterson
2007-12-07 16:08 ` Exceptions Gautier
2007-12-07 18:56 ` Exceptions Simon Wright
2007-12-08 10:04 ` Exceptions Stephen Leake
2007-12-08 3:30 ` Exceptions Randy Brukardt
2007-12-08 10:09 ` Dmitry A. Kazakov [this message]
2007-12-09 10:22 ` Contracted exceptions for Ada Stephen Leake
2007-12-09 11:02 ` Dmitry A. Kazakov
2007-12-11 8:10 ` Stephen Leake
2007-12-11 10:36 ` Dmitry A. Kazakov
2007-12-09 15:11 ` Contracted exceptions for Ada (was: Exceptions) Martin Krischik
2007-12-09 17:36 ` Contracted exceptions for Ada Dmitry A. Kazakov
2007-12-09 18:39 ` Simon Wright
2007-12-10 8:19 ` Dmitry A. Kazakov
2007-12-10 20:25 ` Simon Wright
2007-12-11 8:50 ` Dmitry A. Kazakov
2007-12-11 20:50 ` Simon Wright
2007-12-12 10:20 ` Dmitry A. Kazakov
2007-12-09 19:04 ` Martin Krischik
2007-12-10 8:20 ` Dmitry A. Kazakov
2007-12-09 22:09 ` Robert A Duff
2007-12-10 7:09 ` Stefan Lucks
2007-12-10 16:57 ` Robert A Duff
2007-12-11 1:53 ` Contracted exceptions for Ada (was: Exceptions) Randy Brukardt
2007-12-11 9:16 ` Contracted exceptions for Ada Dmitry A. Kazakov
2007-12-12 0:26 ` Randy Brukardt
2007-12-08 12:26 ` Exceptions Peter C. Chapin
2007-12-08 14:01 ` Exceptions Dmitry A. Kazakov
2007-12-08 18:01 ` Exceptions Peter C. Chapin
2007-12-09 10:06 ` Exceptions Dmitry A. Kazakov
2007-12-09 12:40 ` Exceptions Peter C. Chapin
2007-12-09 14:31 ` Exceptions Dmitry A. Kazakov
2007-12-09 16:38 ` Exceptions Peter C. Chapin
2007-12-10 8:31 ` Exceptions Dmitry A. Kazakov
2007-12-09 21:56 ` Exceptions Robert A Duff
2007-12-09 10:24 ` Exceptions Stephen Leake
2007-12-09 12:46 ` Exceptions Peter C. Chapin
2007-12-09 21:39 ` Exceptions Robert A Duff
2007-12-09 22:13 ` Exceptions Georg Bauhaus
2007-12-11 8:07 ` Exceptions Stephen Leake
2007-12-11 20:28 ` Exceptions Simon Wright
2007-12-12 22:10 ` Exceptions Maciej Sobczak
2007-12-13 13:40 ` Exceptions Robert A Duff
2007-12-13 14:00 ` Exceptions Maciej Sobczak
2007-12-13 14:44 ` Exceptions Robert A Duff
2007-12-14 0:46 ` Exceptions Ray Blaak
2007-12-14 2:36 ` Exceptions Randy Brukardt
2007-12-14 6:21 ` Exceptions Ray Blaak
2007-12-14 12:40 ` Exceptions Georg Bauhaus
2007-12-14 17:29 ` Exceptions Robert A Duff
2007-12-14 19:32 ` Exceptions Dmitry A. Kazakov
2007-12-15 5:29 ` Exceptions Ray Blaak
2007-12-13 19:29 ` Exceptions Randy Brukardt
2007-12-12 19:18 ` Exceptions Martin Krischik
2007-12-13 13:27 ` Exceptions Robert A Duff
2007-12-13 23:25 ` Exceptions Ray Blaak
2007-12-06 21:25 ` Exceptions Gautier
2007-12-07 4:29 ` Exceptions anon
2007-12-07 4:43 ` Exceptions, part 2 anon
2007-12-07 16:55 ` Exceptions Adam Beneschan
2007-12-07 18:59 ` Exceptions Simon Wright
2007-12-08 0:38 ` Exceptions Adam Beneschan
2007-12-09 21:45 ` Exceptions Robert A Duff
2007-12-09 22:40 ` Exceptions Georg Bauhaus
2007-12-10 8:22 ` Exceptions Dmitry A. Kazakov
2007-12-10 9:20 ` Exceptions Georg Bauhaus
2007-12-10 9:30 ` Exceptions Georg Bauhaus
2007-12-10 10:56 ` Exceptions Dmitry A. Kazakov
2007-12-11 2:18 ` Exceptions Randy Brukardt
2007-12-11 8:19 ` Exceptions Georg Bauhaus
2007-12-11 11:55 ` Exceptions Dmitry A. Kazakov
2007-12-11 16:13 ` Exceptions Georg Bauhaus
2007-12-12 11:18 ` Exceptions Dmitry A. Kazakov
2007-12-10 12:09 ` Exceptions Niklas Holsti
2007-12-10 13:08 ` Exceptions Dmitry A. Kazakov
2007-12-10 20:02 ` Exceptions Niklas Holsti
2007-12-11 12:31 ` Exceptions Dmitry A. Kazakov
2007-12-11 13:21 ` Exceptions Niklas Holsti
2007-12-12 0:01 ` Exceptions Randy Brukardt
2007-12-12 11:37 ` Exceptions Niklas Holsti
2007-12-12 13:14 ` Exceptions Dmitry A. Kazakov
2007-12-12 14:37 ` Exceptions Robert A Duff
2007-12-13 19:20 ` Exceptions Randy Brukardt
2007-12-13 20:15 ` Exceptions Robert A Duff
2007-12-12 11:00 ` Exceptions Dmitry A. Kazakov
2007-12-11 2:12 ` Exceptions Randy Brukardt
2007-12-11 15:17 ` Exceptions Robert A Duff
2007-12-12 0:10 ` Exceptions Randy Brukardt
2007-12-13 19:58 ` Exceptions Robert A Duff
2007-12-14 0:53 ` Exceptions Ray Blaak
2007-12-14 2:48 ` Exceptions Randy Brukardt
2007-12-14 6:33 ` Exceptions Ray Blaak
2007-12-08 10:03 ` Exceptions Stephen Leake
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox