From: Phil Clayton <phil.clayton@lineone.net>
Subject: Re: Strategies with SPARK which does not support exceptions
Date: Tue, 22 Jun 2010 10:01:30 -0700 (PDT)
Date: 2010-06-22T10:01:30-07:00 [thread overview]
Message-ID: <f4df32f6-909e-4fd2-b13f-7bfde1eb56d8@x27g2000yqb.googlegroups.com> (raw)
In-Reply-To: bb33c110-b0d6-4d7a-b8b0-ab03d91562f3@y11g2000yqm.googlegroups.com
On Jun 18, 9:06 am, Phil Thornley <phil.jpthorn...@gmail.com> wrote:
>
> (Perhaps not an entirely serious suggestion, but...)
> The only way of interrupting a code sequence in SPARK is the exit
> statement for a loop, so one possibility might be to create a 'single
> pass' loop with an unconditional exit at the end.
>
> Unfortunately such an unconditional exit is illegal, so you have to
> use 'exit when True;'
>
> Also there may be flow errors for some or all of the 'exit when'
> statements (if the OK values only depend on the program inputs) - but
> here we can put an accept statement - which will usefully document
> that the loop is a not a real loop.
>
> --# accept F, 40, "This is a single pass loop.";
> OK := True;
> loop
> Some complicated code that might set OK;
> exit when not OK;
> Some more complicated code that might set OK;
> exit when not OK;
> Some more code;
> exit when True;
> end loop;
Great example!
This got me wondering why SPARK doesn't allow return statements in a
subprogram body in the same way that unconditional exit statements are
allowed in a loop body because there seems to be very little
difference when your single-iteration loop is the entire subprogram
body.
Consider e.g.
begin
loop
...
if Cond then
...
exit;
end if;
...
exit when True;
end loop;
end ...;
then, surely, it is no worse to just return instead of using exit to
jump to the return point, e.g.
begin
...
if Cond then
...
return;
end if;
...
end ...;
and there could be benefits. This would give limited support for
multiple return points from a subprogram. Whilst not giving the
flexibility of exceptions, Peter's example could at least be:
Complicated_Operation(Argument, Success);
if not Success then
-- Deal with failure here.
return;
end if;
-- Continue with the program here.
which avoids the potentially ugly nesting in the non-error case.
The reasons for a single return point at the end of a subprogram are
(according to John Barnes, yellow SPARK book, section 6.4) that it 1.
simplifies analysis and 2. makes it clearer for the reader because a
return statement can't be buried in the middle of the code. I would
have thought that relaxing the rules on the return statement, as
described above, does not cause extra analysis or readability
problems, given existing support for the exit statement...?
Phil Clayton
next prev parent reply other threads:[~2010-06-22 17:01 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-06-17 15:33 Strategies with SPARK which does not support exceptions Yannick Duchêne (Hibou57)
2010-06-17 17:11 ` Warren
2010-06-17 18:19 ` Yannick Duchêne (Hibou57)
2010-06-21 13:31 ` Warren
2010-06-21 14:10 ` Alexandre K
2010-06-17 19:54 ` Pascal Obry
2010-06-17 22:47 ` Peter C. Chapin
2010-06-18 6:07 ` Claude
2010-06-18 8:06 ` Phil Thornley
2010-06-18 8:49 ` Martin
2010-06-18 17:16 ` mockturtle
2010-06-18 21:51 ` Alexandre K
2010-06-22 17:01 ` Phil Clayton [this message]
2010-06-22 23:14 ` Claude
2010-06-23 16:22 ` Warren
2010-06-24 3:24 ` Claude
2010-06-28 13:14 ` Warren
2010-06-29 8:39 ` Stephen Leake
2010-06-29 20:05 ` Randy Brukardt
2010-06-29 20:49 ` Georg Bauhaus
2010-06-30 5:08 ` Simon Wright
2010-06-30 8:17 ` stefan-lucks
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox