From: Stefan.Lucks@uni-weimar.de
Subject: Re: Problems with SPARK 2015 and XMLAda
Date: Fri, 21 Aug 2015 12:43:53 +0200
Date: 2015-08-21T12:43:53+02:00 [thread overview]
Message-ID: <alpine.DEB.2.20.1508211223050.23776@debian> (raw)
In-Reply-To: <1s0gzs5wzjtq2$.1kuy63rfjsov0.dlg@40tude.net>
[-- Attachment #1: Type: text/plain, Size: 2505 bytes --]
On Fri, 21 Aug 2015, Dmitry A. Kazakov wrote:
>> If an exception cannot be handled in the caller's context, the caller
>> cannot satisfy its own postconditions. See above!
>
> Exactly! You cannot implement the caller and thus you must scrap all your
> design (decomposition into modules like caller and callee).
That is Ada. The caller needs to "with" the package where the callee is
defined, anyway.
>>> Since the callee shall not know its callers, which is one of the major
>>> software design principles, there is no way how return code could be a
>>> substitute to exception.
>>
>> Hu?????? That does not make any sense to me!!!
>
> (Which "that"?)
That := "Since the callee ... to exception.";
> Yes, it must re-implement exception propagation throughout all caller,
> existing and potential ones.
Wait a minute -- why did you write "re-implement", rather than
"implement"?
Trying to convert an existing big Ada implementation into SPARK would be a
very tedious pice of work, regardless of exceptions versus error codes. I
am inclined to say, this would be futile from the very beginning.
A fresh project, starting from the scratch, would be entirely different.
> Massive distributed redesign of all client code base. Not a disadvantage,
> indeed, it is a catastrophe.
Agreed! If you have a big code base in Ada, translating it into SPARK
would be the highway to hell, or at least mental insanity.
>> One thing that is frightening about exceptions is that by not handling
>> locally declared exceptions, some global caller's caller cannot handle
>> that specific exception at all -- it can only use *the* *same* catch-all
>>
>> when others => ...;
>
> That is true for non-contracted exceptions only. Clearly Ada and SPARK must
> have had exception contracts which would have statically prevented
> unhandled exceptions, including the "when others =>" mess. E.g. Finialize
> would have "not raising anything" in the contract, which would force you to
> handle all exceptions.
Unfortunately, Ada doesn't have contracted exceptions, today.
> Wrong. I/O states are all known at compile time.
My point was that the overhead for handling error codes is neglible for
these cases.
Stefan
-------- I love the taste of Cryptanalysis in the morning! --------
www.uni-weimar.de/de/medien/professuren/mediensicherheit/people/stefan-lucks
----Stefan.Lucks (at) uni-weimar.de, Bauhaus-Universität Weimar, Germany----
next prev parent reply other threads:[~2015-08-21 10:43 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-08-19 15:58 Problems with SPARK 2015 and XMLAda Serge Robyns
2015-08-19 20:21 ` Simon Wright
2015-08-19 21:22 ` Serge Robyns
2015-08-20 7:10 ` Jacob Sparre Andersen
2015-08-20 10:06 ` Mark Lorenzen
2015-08-20 16:38 ` Shark8
2015-08-20 18:42 ` Peter Chapin
2015-08-20 19:13 ` Jeffrey R. Carter
2015-08-20 20:00 ` Serge Robyns
2015-08-20 20:36 ` Randy Brukardt
2015-08-20 23:21 ` Shark8
2015-08-21 6:26 ` Stefan.Lucks
2015-08-21 7:30 ` Dmitry A. Kazakov
2015-08-21 8:19 ` Stefan.Lucks
2015-08-21 9:37 ` Dmitry A. Kazakov
2015-08-21 10:09 ` G.B.
2015-08-21 11:56 ` Dmitry A. Kazakov
2015-08-21 13:46 ` G.B.
2015-08-21 14:45 ` brbarkstrom
2015-08-21 15:34 ` Dmitry A. Kazakov
2015-08-21 23:44 ` Bob Duff
2015-08-22 6:22 ` Dmitry A. Kazakov
2015-08-21 10:43 ` Stefan.Lucks [this message]
2015-08-21 12:35 ` Dmitry A. Kazakov
2015-08-24 21:32 ` Randy Brukardt
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox