From: "Randy Brukardt" <randy@rrsoftware.com>
Subject: Re: Controlled types and exception safety
Date: Wed, 30 Nov 2005 17:52:24 -0600
Date: 2005-11-30T17:52:24-06:00 [thread overview]
Message-ID: <QISdncdeRYvcpxPenZ2dnUVZ_t2dnZ2d@megapath.net> (raw)
In-Reply-To: 4opjf.151627$dP1.509433@newsc.telia.net
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain, Size: 1685 bytes --]
"Bj�rn Persson" <spam-away@nowhere.nil> wrote in message
news:4opjf.151627$dP1.509433@newsc.telia.net...
> Jeffrey R. Carter wrote:
> > 1. An intermediate object of the type is created.
> > 2. Y's bit pattern is copied into the intermediate object.
> > 3. The intermediate object is adjusted.
> > 4. X is finalized.
> > 5. The intermediate object's bit pattern is copied into X.
> > 6. X is adjusted.
> > 7. The intermediate object is finalized.
>
> Can't Maciej's concerns be applied to step 6? What to do about
> exceptions that happen while the new X is being adjusted, after the old
> X has been finalized?
Sure, but it's a bug to let Finalize or Adjust propagate an exception. If
they do, the only reasonable assumption is that the object is corrupted. The
language bends over backwards to insure that a failure of one of these
operations for an object does not corrupt any other object (or component),
which is a strong guarantee in itself.
In just plain old (no controlled types around):
A := B;
the raising of an exception during the assignment leaves A abnormal if A is
composite. In other words, Ada says that objects that are being assigned are
corrupted by an exception.
The solution is to not allow exceptions to be raised by Adjust. Yes, that's
not completely practical, because of Storage_Error, but even there you
should handle the exception and do what you can to prevent corruption of the
object. (Claw leaves the object invalid in this case, so future operations
on it, other than recreating it, will fail.) And this also suggests that you
should try to avoid allocating memory in Adjust (not always possible, of
course).
Randy.
next prev parent reply other threads:[~2005-11-30 23:52 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-11-30 13:57 Controlled types and exception safety Maciej Sobczak
2005-11-30 15:06 ` Dmitry A. Kazakov
2005-11-30 16:19 ` Maciej Sobczak
2005-12-01 0:05 ` Stephen Leake
2005-12-01 9:21 ` Dmitry A. Kazakov
2005-12-01 10:46 ` Maciej Sobczak
2005-12-01 15:08 ` Dmitry A. Kazakov
2005-12-02 4:17 ` Randy Brukardt
2005-12-02 9:29 ` Maciej Sobczak
2005-12-02 18:12 ` tmoran
2005-12-02 19:15 ` Robert A Duff
2005-12-02 21:42 ` tmoran
2005-12-06 9:00 ` Maciej Sobczak
2005-12-06 9:50 ` Dmitry A. Kazakov
2005-12-06 18:34 ` Jeffrey R. Carter
2005-12-06 19:34 ` Randy Brukardt
2005-12-06 21:20 ` Dmitry A. Kazakov
2005-12-07 1:57 ` Jeffrey R. Carter
2005-12-08 0:50 ` Randy Brukardt
2005-12-08 19:37 ` Jeffrey R. Carter
2005-12-09 2:36 ` Randy Brukardt
2005-12-09 6:33 ` Jeffrey R. Carter
2005-12-09 20:35 ` Randy Brukardt
2005-12-10 7:53 ` Jeffrey R. Carter
2005-12-06 20:43 ` Dmitry A. Kazakov
2005-12-07 2:00 ` Jeffrey R. Carter
2005-12-07 10:01 ` Dmitry A. Kazakov
2005-12-02 23:21 ` Robert A Duff
2005-11-30 17:46 ` Jean-Pierre Rosen
2005-11-30 21:02 ` Jeffrey R. Carter
2005-11-30 22:06 ` Björn Persson
2005-11-30 23:52 ` Randy Brukardt [this message]
2005-12-01 5:26 ` Jeffrey R. Carter
2005-12-02 23:51 ` Robert A Duff
2005-12-06 11:41 ` Peter C. Chapin
2005-12-06 12:50 ` Jean-Pierre Rosen
2005-12-06 13:06 ` Dmitry A. Kazakov
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox