From: Stefan Lucks <lucks@th.informatik.uni-mannheim.de>
Subject: Re: Handling invalid objects
Date: Wed, 22 Mar 2006 19:06:57 +0100
Date: 2006-03-22T19:06:57+01:00 [thread overview]
Message-ID: <Pine.LNX.4.58.0603221828120.13316@th.informatik.uni-mannheim.de> (raw)
In-Reply-To: <dvruqc$8j$1@sunnews.cern.ch>
On Wed, 22 Mar 2006, Maciej Sobczak wrote:
> Dmitry A. Kazakov wrote:
>
> > If Java did it wrong, let's do it right in Ada.
>
> Do what exactly? This is important question.
> The problem with exception specifications is that they are
> self-contradictory:
>
> - We use exceptions when we want to *DECOUPLE* error reporting from
> error handling. We find it especially good in those situations, where
> error reporting site and error handling site are separated by more than
> one level of subroutine calls (otherwise returning error codes is good
> enough).
>
> - We embed contract information in subroutine signatures to *COUPLE* the
> caller with the callee with respect to what they provide to each other
> and what they expect from each other.
>
> Now, "coupling" and "decoupling" are hardly compatible.
[...]
> Ada would do something like this without incurring effects described
> above or without fundamentally changing something in the way subroutines
> are used. But I'm looking forward to see your opinions on this (and
> maybe learn something about Ada culture? :) ).
One thing Ada could reasonably do is to *enable* subroutines to *promise*
to raise no exceptions, or only certain exceptions. (And, of course, to
enable the compiler to verify if this promise is kept. This would, be a
little bit similar to SPARK, which can prove the exception-freedom of
subroutines.)
Of couse, the implication is that the subroutine itself may only use (or
rather "with" ;-) subroutines which make a similar promise, or have to
handle all exceptions ("others").
As an example for a notation, sonsider the following subroutines which any
freedom to raise and propagate exceptions deliberately:
function "+"(A, B: T) return T;
procedure Get (Item: out T);
procedure Put (Item: T);
The remaining source code is not Ada. (Or perhaps it is Ada 2015? :-)
No Exceptions raised:
function "+"(A, B: T) return T
raise null;
procedure Get (Item: out T)
raise null;
procedure Put (Item: T)
raise null;
Some Exceptions may be raised:
function "+"(A, B: T) return T
raise Constraint_Error, Program_Error;
-- can raise or propagate Program_Error, but nothing else
procedure Get (Item: out T)
raise Ada.Text_IO.End_Error,
Ada.Text_IO.Data_Error,
Ada.Text_IO.Mode_Error,
Ada.Text_IO.Layout_Error;
-- can raise or propagate these four exception, none else
Line_Failed : exception;
procedure PutLine (Item: T)
raise Ada.Text_IO.End_Error,
Ada.Text_IO.Data_Error,
Line_Failed;
-- can raise or propagate these three exceptions none else
procedure Put (Item: T)
raise Ada.Text_IO.End_Error,
Ada.Text_IO.Data_Error,
package;
-- can raise or propagate two exceptions from Ada.Text_IO
-- and any exception defined in the current package
I could also imagine a package to specify which errors might be raised or
propagated in any of its subroutines. This would simplify notation.
Consider the following almost-complete example for a package specification
with Ada.Text_IO;
package Some_Library
raise
Ada.Text_IO.End_Error, Ada.Text_IO.Data_Error,
Ada.Text_IO.Mode_Error, Ada.Text_IO.Layout_Error,
Constrained_Error, Program_Error,
package;
-- Any subroutine defined here may raise the four exceptons from
-- Ada.Text_IO, the two exceptions Constrained_Error, Program_Error,
-- from Standard, and the exception(s) defined in the package, namely
-- Line_Failed.
Line_Failed : exception;
type T is private;
function "+"(A, B: T) return T;
procedure PutLine (Item: T);
procedure Put (Item: T);
private
type T is ...; -- which type T wold you like?
end Mod_Some;
Further, when a subroutines X formal parameter is access-to-subroutine,
then any exception raised by a subroutine given as an actual parameter
need not be handled by X. This should be the caller's duty.
--
Stefan Lucks Th. Informatik, Univ. Mannheim, 68131 Mannheim, Germany
e-mail: lucks@th.informatik.uni-mannheim.de
home: http://th.informatik.uni-mannheim.de/people/lucks/
------ I love the taste of Cryptanalysis in the morning! ------
next prev parent reply other threads:[~2006-03-22 18:06 UTC|newest]
Thread overview: 91+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-03-13 19:58 private types ada_student
2006-03-13 20:27 ` Mark Lorenzen
2006-03-13 21:05 ` Pascal Obry
2006-03-13 21:07 ` ada_student
2006-03-13 21:45 ` Simon Wright
2006-03-14 4:51 ` Jeffrey R. Carter
2006-03-14 7:44 ` Brian May
2006-03-14 8:25 ` Ludovic Brenta
2006-03-14 8:47 ` Alex R. Mosteo
2006-03-17 4:33 ` Justin Gombos
2006-03-17 5:17 ` Brian May
2006-03-17 22:50 ` Justin Gombos
2006-03-18 1:17 ` Randy Brukardt
2006-03-18 2:17 ` Justin Gombos
2006-03-21 0:08 ` Randy Brukardt
2006-03-18 8:39 ` Uninitialized variables (was: Re: private types) Dirk Craeynest
2006-03-18 14:06 ` Gautier
2006-03-18 14:36 ` Uninitialized variables Jeffrey Creem
2006-03-21 0:22 ` Uninitialized variables (was: Re: private types) Randy Brukardt
2006-03-21 0:38 ` Randy Brukardt
2006-03-18 12:06 ` private types Martin Dowie
2006-03-18 12:47 ` Robert A Duff
2006-03-17 7:40 ` Maciej Sobczak
2006-03-17 16:41 ` Frank J. Lhota
2006-03-17 23:36 ` Justin Gombos
2006-03-18 1:32 ` Randy Brukardt
2006-03-18 3:21 ` Handling invalid objects Justin Gombos
2006-03-18 7:35 ` Jeffrey R. Carter
2006-03-18 16:10 ` Justin Gombos
2006-03-19 11:00 ` Simon Wright
2006-03-20 23:57 ` Randy Brukardt
2006-03-22 2:06 ` Justin Gombos
2006-03-22 5:23 ` tmoran
2006-03-22 8:48 ` Dmitry A. Kazakov
2006-03-22 9:24 ` Maciej Sobczak
2006-03-22 11:05 ` Dmitry A. Kazakov
2006-03-22 16:42 ` Maciej Sobczak
2006-03-22 18:06 ` Stefan Lucks [this message]
2006-03-23 13:20 ` Dmitry A. Kazakov
2006-03-18 8:57 ` Jacob Sparre Andersen
2006-03-19 19:07 ` Dr. Adrian Wrigley
2006-03-20 15:25 ` Robert A Duff
2006-03-19 22:06 ` Brian May
2006-03-20 21:17 ` Jeffrey R. Carter
2006-03-20 23:44 ` Randy Brukardt
2006-03-22 1:27 ` Justin Gombos
2006-03-18 9:20 ` private types Dmitry A. Kazakov
2006-03-17 13:18 ` Robert A Duff
2006-03-17 23:44 ` Justin Gombos
2006-03-18 9:24 ` Dmitry A. Kazakov
2006-03-18 12:56 ` Robert A Duff
2006-03-18 15:06 ` Justin Gombos
2006-03-19 9:35 ` Martin Krischik
2006-03-19 14:52 ` Peter C. Chapin
2006-03-19 15:08 ` Björn Persson
2006-03-19 16:34 ` Martin Krischik
2006-03-20 9:57 ` Maciej Sobczak
2006-03-20 10:58 ` Peter C. Chapin
2006-03-20 11:19 ` Peter C. Chapin
2006-03-20 13:06 ` Maciej Sobczak
2006-03-20 15:19 ` Robert A Duff
2006-03-20 16:47 ` James Dennett
2006-03-20 19:12 ` Martin Krischik
2006-03-21 7:27 ` Maciej Sobczak
2006-03-20 19:32 ` Martin Krischik
2006-03-21 7:41 ` Maciej Sobczak
2006-03-20 20:29 ` Simon Wright
2006-03-19 17:43 ` Larry Kilgallen
2006-03-19 22:11 ` Peter C. Chapin
2006-03-19 18:15 ` Robert A Duff
2006-03-19 19:20 ` Martin Krischik
2006-03-19 20:43 ` Dr. Adrian Wrigley
2006-03-20 15:01 ` Robert A Duff
2006-03-27 4:07 ` Dave Thompson
2006-03-20 9:40 ` Maciej Sobczak
2006-03-20 15:09 ` Robert A Duff
2006-03-21 8:07 ` Maciej Sobczak
2006-03-26 18:53 ` Robert A Duff
2006-03-19 19:27 ` Jeffrey R. Carter
2006-03-25 21:40 ` Robert A Duff
2006-03-26 0:10 ` Justin Gombos
2006-03-26 1:00 ` Robert A Duff
2006-03-26 6:37 ` Jeffrey R. Carter
2006-03-26 15:43 ` Justin Gombos
2006-03-26 16:32 ` Robert A Duff
2006-03-26 16:51 ` Robert A Duff
2006-03-26 19:41 ` Jeffrey R. Carter
2006-03-26 3:15 ` Frank J. Lhota
2006-03-26 18:28 ` Robert A Duff
2006-03-26 19:43 ` Jeffrey R. Carter
2006-03-26 19:59 ` Simon Wright
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox