From: "Randy Brukardt" <randy@rrsoftware.com>
Subject: Re: MI is sloppy
Date: Fri, 12 Dec 2008 18:08:12 -0600
Date: 2008-12-12T18:08:12-06:00 [thread overview]
Message-ID: <ghuueb$ocn$1@munin.nbi.dk> (raw)
In-Reply-To: 43lprrmyik2q.1esp72deqcw6o.dlg@40tude.net
"Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de> wrote in message
news:43lprrmyik2q.1esp72deqcw6o.dlg@40tude.net...
> On Fri, 12 Dec 2008 13:15:35 +0100, Georg Bauhaus wrote:
>
>> Dmitry A. Kazakov schrieb:
>>
>>>> If you have an ambitious compiler, it might reach out,
>>>> at compile time, for objects whose behavior is then known
>>>> to be constrained by membership in a then known specific
>>>> subtype.
>>>
>>> ... and then inline raising Constraint_Error. Great!
For some reason, I didn't get the other messages to this thread.
But that's not what I'm suggesting. First of all, this is a contract
failure; it has it's own dedicated exception (maybe Assertion_Error). In
addition, I think compilers should be allowed to reject any program in which
that it can be determined statically that the contract exception will
unconditionally be raised. What a programming language can't do is mandate
the cases in which that detection will occur. That will depend on the tools
you use; a really good tool should be able to detect just about everything
statically. (In addition, you could use an exception contract to force this,
or the program would also be illegal.)
...
>> Deriving another type, even if not sufficiently different
>> from the original to warrant a type, is another formal
>> way to trigger the same effect on the programmer, at compile
>> time: "There is something odd about your program".
>
> No, the effect is fundamentally different. The effect is that the program
> becomes illegal, it may not run.
That's exactly what is possible with the contracts that I'm suggesting. But
it cannot be mandated; we have to leave to the tools vendors to describe
what is possible to detect statically (after giving them the framework).
...
>> If we wanted more of the minor differences covered
>> by type hierarchies, we might end up with a Qi type
>> system... For Ada?
>
> 1. Qt is not a programming language.
>
> 2. There is no minor differences in terms of correctness. An incorrect
> program is incorrect.
You are definitely wrong about this, at least in a finite world. The cost to
fix some technically incorrect programs (in manpower, performance,
useability, etc.) is greater than the cost of the error occurring. Such
programs might be technically incorrect, but they're practically correct.
This the reason that we tolerate erroneousness in the language definition.
And it's the reason that we use exception handlers.
> There is no *any* way to predict the effect of incorrectness.
That is surely not true. An Ada bounded error occurs in a program that is
incorrect, but the effect of that incorrectness is strictly bounded.
Randy.
next prev parent reply other threads:[~2008-12-13 0:08 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-12-06 10:09 MI is sloppy (was: Construction initialization problem) Dmitry A. Kazakov
2008-12-06 17:16 ` Georg Bauhaus
2008-12-06 21:16 ` Martin Krischik
2008-12-06 21:35 ` Maciej Sobczak
2008-12-07 9:12 ` MI is sloppy Dmitry A. Kazakov
2008-12-07 15:38 ` Georg Bauhaus
2008-12-07 20:04 ` Dmitry A. Kazakov
2008-12-11 0:40 ` MI is sloppy (was: Construction initialization problem) Randy Brukardt
2008-12-11 10:02 ` MI is sloppy Dmitry A. Kazakov
2008-12-11 21:44 ` Randy Brukardt
2008-12-11 23:17 ` Georg Bauhaus
2008-12-12 10:06 ` Dmitry A. Kazakov
2008-12-12 9:59 ` Dmitry A. Kazakov
2008-12-12 10:50 ` Georg Bauhaus
2008-12-12 11:15 ` Dmitry A. Kazakov
2008-12-12 12:15 ` Georg Bauhaus
2008-12-12 13:35 ` Dmitry A. Kazakov
2008-12-12 14:29 ` Georg Bauhaus
2008-12-12 14:59 ` Dmitry A. Kazakov
2008-12-13 0:08 ` Randy Brukardt [this message]
2008-12-13 9:54 ` Dmitry A. Kazakov
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox