From: "Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de>
Subject: Re: Handling invalid objects
Date: Thu, 23 Mar 2006 14:20:24 +0100
Date: 2006-03-23T14:20:24+01:00 [thread overview]
Message-ID: <aokwx947yn8r$.zoncoz6a7h9q.dlg@40tude.net> (raw)
In-Reply-To: dvruqc$8j$1@sunnews.cern.ch
On Wed, 22 Mar 2006 17:42:53 +0100, Maciej Sobczak wrote:
> Dmitry A. Kazakov wrote:
>
>>>If by exception contracts you mean embedding the exception specification
>>>in the "signature" of the procedure/function, then it was already
>>>exercised by the Java community with rather disappointing effects.
>>
>> If Java did it wrong, let's do it right in Ada.
>
> Do what exactly? This is important question.
Sure.
> - We use exceptions when we want to *DECOUPLE* error reporting from
> error handling. We find it especially good in those situations, where
> error reporting site and error handling site are separated by more than
> one level of subroutine calls (otherwise returning error codes is good
> enough).
Yes, though also see below.
> - We embed contract information in subroutine signatures to *COUPLE* the
> caller with the callee with respect to what they provide to each other
> and what they expect from each other.
No, we are decoupling using contracts. Instead of presenting any concrete
caller, we do a contract. The callee is coupled only to its contract. It
does not to any caller, because it hopes that any caller will respect the
contract.
> Now, "coupling" and "decoupling" are hardly compatible. Let's see where
> it breaks in so-called practice.
>
> First, there is a cascading effect when someone on one end of the chain
> adds a new exception type. Just let's say that the project evolved and
> for example a database got involved in something that was previously
> managed with the use of files.
This is not specific to exceptions. It is "fragile class" design.
You cannot add a new exception type [better to say a class of], this breaks
the contract. You have to stay within the class.
In Ada model, where exceptions are values, this means that the exception
contracts should specify ranges of values [subtype] and a new exception
[value] should be chosen from that range. It is doable.
> Second, the problem is that the error reporting and handling might be
> stated as a contract not between immediate caller and callee, but
> between some entities that operate across some other entity.
[...]
> The real problem is that languages based on simple subroutine calls are
> not appropriate for expressing these kind of relationships. Something
> fundamentally different would be needed to ensure that myFun handles
> exceptions from myComparator without involving sort in this process, but
> I don't see what that thing would look like.
I think it was Robert Duff, who proposed a nice solution for this. When you
have some procedure composed out of another procedure, in this example, you
pass it as a parameter, you could say something like:
A raises this plus anything what B does.
Because B has a defined subroutine type, its contract is statically known.
One could also bind exceptions to types of primitive subprograms. For
example:
type File is tagged ...;
subtype File_Error is File'Exception;
-- The range of exceptions bound to File
procedure Read (X : File) exception File_Error;
type DB is new File with ...;
DB_Error : File_Error := some sugar;
-- Declares a new exception in the range
procedure Read (X : DB); -- This is allowed to raise DB_Error
> Anyway. The whole purpose of exceptions is to provide a kind of
> "out-of-band" channel which is *decoupled* from the main chain of
> subroutine calls.
This is a control-flow view. But there is another, more general view.
Exceptions allow us to weaken preconditions. Without exceptions, a
real-valued sqrt should specify x >= 0.0 as a precondition. This is
unacceptable when x is statically unknown. Exceptions relax the
precondition and bring things back to static. The price is that you leave
the realm of real numbers. You have to this way or another. Either you make
it complex-valued or you say that the result is "Real or Constraint_Error."
Who will deal with this result is the question for another day. But when
exceptions are not contracted, then the gain of static preconditions gets
lost. So in my view, Java's is undoubtedly right here.
--
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de
next prev parent reply other threads:[~2006-03-23 13:20 UTC|newest]
Thread overview: 91+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-03-13 19:58 private types ada_student
2006-03-13 20:27 ` Mark Lorenzen
2006-03-13 21:05 ` Pascal Obry
2006-03-13 21:07 ` ada_student
2006-03-13 21:45 ` Simon Wright
2006-03-14 4:51 ` Jeffrey R. Carter
2006-03-14 7:44 ` Brian May
2006-03-14 8:25 ` Ludovic Brenta
2006-03-14 8:47 ` Alex R. Mosteo
2006-03-17 4:33 ` Justin Gombos
2006-03-17 5:17 ` Brian May
2006-03-17 22:50 ` Justin Gombos
2006-03-18 1:17 ` Randy Brukardt
2006-03-18 2:17 ` Justin Gombos
2006-03-21 0:08 ` Randy Brukardt
2006-03-18 8:39 ` Uninitialized variables (was: Re: private types) Dirk Craeynest
2006-03-18 14:06 ` Gautier
2006-03-18 14:36 ` Uninitialized variables Jeffrey Creem
2006-03-21 0:22 ` Uninitialized variables (was: Re: private types) Randy Brukardt
2006-03-21 0:38 ` Randy Brukardt
2006-03-18 12:06 ` private types Martin Dowie
2006-03-18 12:47 ` Robert A Duff
2006-03-17 7:40 ` Maciej Sobczak
2006-03-17 16:41 ` Frank J. Lhota
2006-03-17 23:36 ` Justin Gombos
2006-03-18 1:32 ` Randy Brukardt
2006-03-18 3:21 ` Handling invalid objects Justin Gombos
2006-03-18 7:35 ` Jeffrey R. Carter
2006-03-18 16:10 ` Justin Gombos
2006-03-19 11:00 ` Simon Wright
2006-03-20 23:57 ` Randy Brukardt
2006-03-22 2:06 ` Justin Gombos
2006-03-22 5:23 ` tmoran
2006-03-22 8:48 ` Dmitry A. Kazakov
2006-03-22 9:24 ` Maciej Sobczak
2006-03-22 11:05 ` Dmitry A. Kazakov
2006-03-22 16:42 ` Maciej Sobczak
2006-03-22 18:06 ` Stefan Lucks
2006-03-23 13:20 ` Dmitry A. Kazakov [this message]
2006-03-18 8:57 ` Jacob Sparre Andersen
2006-03-19 19:07 ` Dr. Adrian Wrigley
2006-03-20 15:25 ` Robert A Duff
2006-03-19 22:06 ` Brian May
2006-03-20 21:17 ` Jeffrey R. Carter
2006-03-20 23:44 ` Randy Brukardt
2006-03-22 1:27 ` Justin Gombos
2006-03-18 9:20 ` private types Dmitry A. Kazakov
2006-03-17 13:18 ` Robert A Duff
2006-03-17 23:44 ` Justin Gombos
2006-03-18 9:24 ` Dmitry A. Kazakov
2006-03-18 12:56 ` Robert A Duff
2006-03-18 15:06 ` Justin Gombos
2006-03-19 9:35 ` Martin Krischik
2006-03-19 14:52 ` Peter C. Chapin
2006-03-19 15:08 ` Björn Persson
2006-03-19 16:34 ` Martin Krischik
2006-03-20 9:57 ` Maciej Sobczak
2006-03-20 10:58 ` Peter C. Chapin
2006-03-20 11:19 ` Peter C. Chapin
2006-03-20 13:06 ` Maciej Sobczak
2006-03-20 15:19 ` Robert A Duff
2006-03-20 16:47 ` James Dennett
2006-03-20 19:12 ` Martin Krischik
2006-03-21 7:27 ` Maciej Sobczak
2006-03-20 19:32 ` Martin Krischik
2006-03-21 7:41 ` Maciej Sobczak
2006-03-20 20:29 ` Simon Wright
2006-03-19 17:43 ` Larry Kilgallen
2006-03-19 22:11 ` Peter C. Chapin
2006-03-19 18:15 ` Robert A Duff
2006-03-19 19:20 ` Martin Krischik
2006-03-19 20:43 ` Dr. Adrian Wrigley
2006-03-20 15:01 ` Robert A Duff
2006-03-27 4:07 ` Dave Thompson
2006-03-20 9:40 ` Maciej Sobczak
2006-03-20 15:09 ` Robert A Duff
2006-03-21 8:07 ` Maciej Sobczak
2006-03-26 18:53 ` Robert A Duff
2006-03-19 19:27 ` Jeffrey R. Carter
2006-03-25 21:40 ` Robert A Duff
2006-03-26 0:10 ` Justin Gombos
2006-03-26 1:00 ` Robert A Duff
2006-03-26 6:37 ` Jeffrey R. Carter
2006-03-26 15:43 ` Justin Gombos
2006-03-26 16:32 ` Robert A Duff
2006-03-26 16:51 ` Robert A Duff
2006-03-26 19:41 ` Jeffrey R. Carter
2006-03-26 3:15 ` Frank J. Lhota
2006-03-26 18:28 ` Robert A Duff
2006-03-26 19:43 ` Jeffrey R. Carter
2006-03-26 19:59 ` Simon Wright
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox