From: Bob Duff <bobduff@theworld.com>
Subject: Re: Problems with SPARK 2015 and XMLAda
Date: Fri, 21 Aug 2015 19:44:12 -0400
Date: 2015-08-21T19:44:12-04:00 [thread overview]
Message-ID: <87bne0fbqr.fsf@theworld.com> (raw)
In-Reply-To: mr7a1b$psv$1@dont-email.me
"G.B." <bauhaus@futureapps.invalid> writes:
> Design by Contract™, which wasn't defined by your or me, has
> the "retry" facility as part of the "rescue"(*); ...
Eiffel is a pretty good language design, but "retry" is probably my
least favorite feature of that language. It's just a disguised "goto".
I'm not 100% opposed to goto's in all cases, but they should normally be
avoided, and this is the worst kind of goto -- a goto that jumps
backward, thus forming a loop.
Meyer's examples have kludgy flags to indicate "how did I get here?"
As in "If I got here from the exception handler, then do the exceptional
case, else do the normal case". He even has examples where there's a
counter of the number of times the exception handler was entered.
Yuck.
And the disguised goto is worse than a goto, because there's no label
saying "beware!, somebody jumps here from elsewhere!".
In Ada syntax, this seems clear enough:
procedure P (...) is
begin
Do_Something;
exception
when Some_Error =>
Do_Something_Else;
end P;
But Meyer prefers this:
procedure P (...) is
Flag : Boolean := False;
begin
<<Retry>>
if Flag then
Do_Something_Else;
else
Do_Something;
end if;
exception
when Some_Error =>
Flag := True;
goto Retry; -- Illegal in Ada, for good reason!
end P;
Except the label is implicit in Eiffel, and the "goto Retry" is just
"retry". (Oh, and the initialization to False is also implicit in
Eiffel -- another bad design decision, but unrelated to "retry".)
His complaint about the first version of P is that Do_Something_Else
might violate contracts (because at that time, Ada didn't have any way
to express contracts). But the second version of P has the same
problem, for the same reason (Ada didn't have any way to express
contracts).
It boils down to "Ada exception handlers might have bugs". Well, yeah,
but any code might have bugs. Moving the bugs from the handler to
the main body of code doesn't prevent bugs.
>...both, exceptions as
> assertion failures and exceptions as other failures are parts of
> the definitions surrounding DbC. But not in the way imagined
> here. I'm sure that this imagination of "design by contract" has
> somehow definitions of something quite reasonable. It would be
> nice, though, if the number of naming conflicts could be small.
- Bob
next prev parent reply other threads:[~2015-08-21 23:44 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-08-19 15:58 Problems with SPARK 2015 and XMLAda Serge Robyns
2015-08-19 20:21 ` Simon Wright
2015-08-19 21:22 ` Serge Robyns
2015-08-20 7:10 ` Jacob Sparre Andersen
2015-08-20 10:06 ` Mark Lorenzen
2015-08-20 16:38 ` Shark8
2015-08-20 18:42 ` Peter Chapin
2015-08-20 19:13 ` Jeffrey R. Carter
2015-08-20 20:00 ` Serge Robyns
2015-08-20 20:36 ` Randy Brukardt
2015-08-20 23:21 ` Shark8
2015-08-21 6:26 ` Stefan.Lucks
2015-08-21 7:30 ` Dmitry A. Kazakov
2015-08-21 8:19 ` Stefan.Lucks
2015-08-21 9:37 ` Dmitry A. Kazakov
2015-08-21 10:09 ` G.B.
2015-08-21 11:56 ` Dmitry A. Kazakov
2015-08-21 13:46 ` G.B.
2015-08-21 14:45 ` brbarkstrom
2015-08-21 15:34 ` Dmitry A. Kazakov
2015-08-21 23:44 ` Bob Duff [this message]
2015-08-22 6:22 ` Dmitry A. Kazakov
2015-08-21 10:43 ` Stefan.Lucks
2015-08-21 12:35 ` Dmitry A. Kazakov
2015-08-24 21:32 ` Randy Brukardt
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox