From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Thread: 103376,7d3cb5920e882220 X-Google-Attributes: gid103376,public,usenet X-Google-Language: ENGLISH,ASCII-7-bit Path: g2news1.google.com!news2.google.com!border1.nntp.dca.giganews.com!nntp.giganews.com!newsfeed00.sul.t-online.de!t-online.de!news.buerger.net!nuzba.szn.dk!news.jacob-sparre.dk!pnx.dk!not-for-mail From: "Randy Brukardt" Newsgroups: comp.lang.ada Subject: Re: Contracted exceptions for Ada (was: Exceptions) Date: Mon, 10 Dec 2007 19:53:27 -0600 Organization: Jacob's private Usenet server Message-ID: References: <5947aa62-2547-4fbb-bc46-1111b4a0dcc9@x69g2000hsx.googlegroups.com> <7m9wkymyi5h7.1235e72is9mp9.dlg@40tude.net> NNTP-Posting-Host: static-69-95-181-76.mad.choiceone.net X-Trace: jacob-sparre.dk 1197337792 20378 69.95.181.76 (11 Dec 2007 01:49:52 GMT) X-Complaints-To: news@jacob-sparre.dk NNTP-Posting-Date: Tue, 11 Dec 2007 01:49:52 +0000 (UTC) X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2800.1914 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1914 Xref: g2news1.google.com comp.lang.ada:18884 Date: 2007-12-10T19:53:27-06:00 List-Id: "Dmitry A. Kazakov" wrote in message news:7m9wkymyi5h7.1235e72is9mp9.dlg@40tude.net... > On Fri, 7 Dec 2007 21:30:05 -0600, Randy Brukardt wrote: ... > > The ARG has discussed "exception contracts" a couple of times, but there > > didn't seem that there was enough interest. The problem was mainly that they > > simply don't look very valuable > > My observation is that a big deal of debugging Ada code is about tracing > down unexpected exceptions. I cannot give any figures, but it is extremely > frequent that a bug manifests itself as an exception propagation. Typically > Constraint_Error propagates where you didn't expect it. So the temptation > is to catch most of such things at compile time. That's not going to be useful, since virtually any code that you can write *might* raise Constraint_Error, and a lot of code *could* raise Program_Error, and everything *could* raise Storage_Error. There is no way to write a contract that doesn't contain those exceptions. ... > > Another one is what to do if a contract is violated. The obvious answer of > > raising Program_Error doesn't do anything other than lose information about > > an exception, so that isn't very satisfying. > > Yes, in my view exception contracts have to be static. (It makes no sense > to have run-time exception contracts. As well as any other contracts, there > is no any authority body to judge contract violations at run-time.) OK, but that isn't going to happen in Ada. What you are looking for is a static analysis tool, like SPARK. That's especially true as you'll need static preconditions to have any hope of eliminating the Constraint_Errors (subtypes aren't powerful enough). It is highly unlikely that the language is going to go in that direction; the language has been very careful to avoid requiring analysis beyond that of a single expression, and trying to get vendors to re-architect their compilers is probably a good way to cut the number of Ada implementations to zero. Randy.