From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-0.3 required=5.0 tests=BAYES_00, REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4 Path: border2.nntp.dca1.giganews.com!nntp.giganews.com!usenet.blueworldhosting.com!feeder01.blueworldhosting.com!feeder.erje.net!eu.feeder.erje.net!weretis.net!feeder4.news.weretis.net!news.mixmin.net!aioe.org!.POSTED!not-for-mail From: "Dmitry A. Kazakov" Newsgroups: comp.lang.ada Subject: Re: How to get nice with GNAT? Date: Tue, 2 Dec 2014 09:42:29 +0100 Organization: cbb software GmbH Message-ID: References: <969708583438656051.436159nonlegitur-futureapps.invalid@reader80.eternal-september.org> <0d085a5a-d4ac-4506-ae5f-8da685f39004@googlegroups.com> <1ukyfvaqgkwo1.6ngfx1v21twz$.dlg@40tude.net> <1g5ttpzi8eywc$.1gluj9evlmeus.dlg@40tude.net> Reply-To: mailbox@dmitry-kazakov.de NNTP-Posting-Host: p9a8jKAGz0rpkSSbWxF1gQ.user.speranza.aioe.org Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Complaints-To: abuse@aioe.org User-Agent: 40tude_Dialog/2.0.15.1 X-Notice: Filtered by postfilter v. 0.8.2 Xref: number.nntp.giganews.com comp.lang.ada:191131 Date: 2014-12-02T09:42:29+01:00 List-Id: On Mon, 1 Dec 2014 16:25:28 -0600, Randy Brukardt wrote: > "Dmitry A. Kazakov" wrote in message > news:1g5ttpzi8eywc$.1gluj9evlmeus.dlg@40tude.net... > ... >> The idea that all/most/some bugs should somehow manifest their wrong >> behavior in exceptions is dubious. > > Fascinating. I'd say the reverse: that almost all bugs quickly manifest > themselves in an exception (at least in well-designed Ada code). For > instance, I tend to make off-by-one errors in index calculations. Such > errors almost always result in a Constraint_Error when the index is used. The index may slip toward another side. Why do you expect that any wrong index would always be out of the range? > Similarly, in Janus/Ada, we've sometimes passed the wrong entity to a > subprogram; that almost always shows up as a Constraint_Error detecting the > use of a non-existent variant. (If a routine expects a symboltable pointer > to an object, and gets a package, the components it needs aren't going to be > there.) In such cases I just use tagged types. The problem here is in weakly-typed design, which makes run-time type errors possible. > Indeed, the recent history of Ada includes more and more ways to specify > what is expected/needed for a parameter/object/component. Null exclusions > (Ada 2005), preconditions, and predicates (Ada 2012) are all ways to more > closely tell the compiler what is intended. > > The next step, IMHO, is to include exception contracts that effectively > require exceptions not to occur. If they in fact do occur, then the program > is wrong and will be rejected by the compiler. That means that "unexpected" > Constraint_Errors will be detected statically and thus the manifestation of > many bugs can be detected -- thus eliminating the bugs at the source. > > Of course, once that next step is taken (and I mean in the context of the > full Ada language, not just some simple subset like SPARK), then you'll > probably be right. But that's still some distance in the future. No. Statically eliminated bugs don't manifest themselves at all. They make the program illegal. The point is that bugs in a legal program may expose any behavior [within of possible]. There is no way to predict this behavior and thus hoping that it would become an exception or setting some variable in some way is dubious. SPARK or any language design would not change this, the bugs they catch are caught, which is good, but the rest will act as it always does. -- Regards, Dmitry A. Kazakov http://www.dmitry-kazakov.de