From: "Peter C. Chapin" <pcc482719@gmail.com>
Subject: Re: Exception contracts for Ada?
Date: Mon, 24 Dec 2012 14:45:53 -0500
Date: 2012-12-24T14:45:53-05:00 [thread overview]
Message-ID: <XYadnZrAFoJvLUXN4p2dnAA@giganews.com> (raw)
In-Reply-To: <vq78v8umrwu0.qzsnpn347vwx$.dlg@40tude.net>
I know there be dragons down this road, but I will comment on a few of
your points. First, I want to emphasize that I'm not necessarily
disagreeing with you... just elaborating on some ideas.
On 12/24/2012 11:34 AM, Dmitry A. Kazakov wrote:
>> + Should exception contracts be enforced statically or dynamically?
>
> Statically. Contracts cannot be enforced dynamically, it is rubbish.
I tend to agree that exception contracts should be enforced statically
or else you end up with the mess C++ got itself into with its exception
specifications. The problem of what to do at runtime if the contract is
violated seems like a show-stopper for dynamic enforcement.
>> + What about backward compatibility with the existing code base?
>
> No problem at all. Empty (missing) contract = any exception may propagate.
> Everything would be 100% compatible.
But is that what we would want? I'm not sure.
>> + Should exception contracts distinguish between "impossible" exceptions
>> that shouldn't occur in a correct program (like Constraint_Error) and
>> "normal" exceptions that pertain to environmental problems such as
>> invalid input data?
>
> There is no such distinction.
Java does not require exception specifications for certain classes of
exceptions such as for dereferencing null pointers and similar low level
(language support) things. If it did then virtually every method would
need to be decorated with an exception specification.
In Ada there are, for example, so many ways Constraint_Error can be
raised that requiring it to be contracted by every subprogram seems...
wrong somehow.
>> + How should exception contracts interact with generic code?
>
> As any other language thing does. Generic code has "generic contracts"
> which become normal contracts after instantiation.
The interesting part is not the contracts on the generic code itself but
rather on the entities used by the generic code. Are exception contracts
on generic code to be checked when the generic code is compiled or at
instantiation time? Will it be necessary to add syntax so that generic
formal parameters can have their exception contracts declared?
I suppose there are similar questions surrounding the interaction of
pre- and postconditions and generic code. I'm not sufficiently up on Ada
2012 yet to know how those issues are currently handled but I'm guessing
that, because they are dynamic checks, the compiler doesn't worry about
them.
>> + Should exception contracts be a part of a subprogram's type?
>
> There is no subprogram types in Ada so far.
If I call a subprogram indirectly via an access value, what do I know
statically about its exception contract? How can I statically check that
the exception contracts are being honored?
I do know that, in GNAT at least, preconditions can't be declared for
access to subprogram types. Instead the preconditions are checked as the
pointed-to subprogram is entered. I'm not sure if that's ideal but in
any case it seems to make some sense for dynamically checked
preconditions. For statically checked exception contracts, though, it
seems like something more is needed.
> Do you mean the case when P calls to Q which is allowed to propagate E
> while P promises not to propagate E? In that case if analysis shows that P
> never propagates E, no special handler is required.
Yes that's basically what I mean. What you are suggesting sounds like it
would require mandating a certain level of static analysis in compilers.
Otherwise how could one write a portable program? I could imagine a very
advanced compiler saying, "I can see that Q will never raise E in this
situation but at the level of analysis mandated by the standard it would
not be possible to tell that. Thus I'm going to require you to put a
contract on P anyway declaring that P might raise E (even though you and
I both know it won't) for portability to lesser compilers who will
require it."
It seems to me that's a case where the standard is actively interfering
with the capabilities of an advanced compiler.
On the other hand the idea of mandating some level of static analysis
may be an idea who's time has come. I'm thinking again about pre- and
postconditions. Specifying it would be difficult, I imagine.
Peter
next prev parent reply other threads:[~2012-12-24 19:45 UTC|newest]
Thread overview: 66+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-12-18 7:45 Press Release - Ada 2012 Language Standard Approved by ISO Dirk Craeynest
2012-12-18 16:57 ` Robert A Duff
2012-12-18 21:12 ` Bill Findlay
2012-12-18 21:36 ` Jeffrey Carter
2012-12-18 21:57 ` Bill Findlay
2012-12-19 8:33 ` Dmitry A. Kazakov
2012-12-19 9:00 ` Georg Bauhaus
2012-12-19 9:19 ` Dmitry A. Kazakov
2012-12-19 9:21 ` Georg Bauhaus
2012-12-19 9:38 ` Dmitry A. Kazakov
2012-12-19 12:23 ` Georg Bauhaus
2012-12-19 14:34 ` Bill Findlay
2012-12-20 1:52 ` Randy Brukardt
2012-12-21 9:01 ` Dmitry A. Kazakov
2012-12-21 10:13 ` Georg Bauhaus
2012-12-21 10:34 ` Georg Bauhaus
2012-12-21 13:38 ` Dmitry A. Kazakov
2012-12-22 1:40 ` Randy Brukardt
2012-12-22 9:02 ` Dmitry A. Kazakov
2012-12-22 22:38 ` Georg Bauhaus
2012-12-23 8:08 ` Dmitry A. Kazakov
2012-12-23 23:38 ` Shark8
2012-12-24 2:44 ` sbelmont700
2012-12-24 5:29 ` Shark8
2012-12-25 21:51 ` Florian Weimer
2012-12-27 1:00 ` sbelmont700
2012-12-27 1:47 ` Randy Brukardt
2012-12-27 14:29 ` sbelmont700
2012-12-27 15:30 ` Dmitry A. Kazakov
2012-12-27 18:48 ` Jeffrey Carter
2012-12-27 21:54 ` Randy Brukardt
2012-12-27 22:09 ` J-P. Rosen
2013-01-11 11:41 ` Yannick Duchêne (Hibou57)
2013-01-11 11:35 ` Yannick Duchêne (Hibou57)
2013-01-11 16:13 ` Jacob Sparre Andersen
2013-01-12 2:06 ` Randy Brukardt
2013-01-11 11:33 ` Yannick Duchêne (Hibou57)
2013-01-11 14:15 ` Dmitry A. Kazakov
2013-01-11 16:19 ` File_Exists (Was: Press Release - Ada 2012 Language Standard Approved by ISO) Jacob Sparre Andersen
2013-01-11 19:36 ` Yannick Duchêne (Hibou57)
2013-01-14 5:09 ` File_Exists Jacob Sparre Andersen
2013-01-12 7:55 ` File_Exists (Was: Press Release - Ada 2012 Language Standard Approved by ISO) Georg Bauhaus
2012-12-27 20:12 ` compilers, was Re: Press Release - Ada 2012 Language Standard Approved by ISO tmoran
2012-12-27 20:54 ` Shark8
2012-12-27 22:00 ` Randy Brukardt
2012-12-27 10:05 ` Dmitry A. Kazakov
2013-01-11 11:28 ` Yannick Duchêne (Hibou57)
2013-01-11 14:21 ` Dmitry A. Kazakov
2013-01-11 14:23 ` Yannick Duchêne (Hibou57)
2012-12-24 6:44 ` Yannick Duchêne (Hibou57)
2012-12-24 9:02 ` Dmitry A. Kazakov
2012-12-24 11:13 ` Yannick Duchêne (Hibou57)
2012-12-24 15:49 ` Exception contracts for Ada? Was: " Peter C. Chapin
2012-12-24 16:34 ` Dmitry A. Kazakov
2012-12-24 19:45 ` Peter C. Chapin [this message]
2012-12-25 11:09 ` Exception contracts for Ada? Dmitry A. Kazakov
2012-12-27 2:38 ` Randy Brukardt
2012-12-27 2:16 ` Exception contracts for Ada? Was: Re: Press Release - Ada 2012 Language Standard Approved by ISO Randy Brukardt
2012-12-27 15:03 ` Peter C. Chapin
2012-12-27 1:17 ` Randy Brukardt
2013-01-11 17:10 ` Marius Amado-Alves
2012-12-20 21:55 ` Anh Vo
2012-12-21 1:04 ` Bill Findlay
2012-12-18 23:24 ` Randy Brukardt
2012-12-19 8:35 ` Georg Bauhaus
2012-12-19 9:03 ` Dmitry A. Kazakov
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox