From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Thread: 103376,c4bd2a19251049b1 X-Google-NewGroupId: yes X-Google-Attributes: gida07f3367d7,domainid0,public,usenet X-Google-Language: ENGLISH,ASCII-7-bit Path: g2news1.google.com!news4.google.com!feeder.news-service.com!feeder.erje.net!news2.arglkargh.de!news.tornevall.net!.POSTED!not-for-mail From: Jeffrey Carter Newsgroups: comp.lang.ada Subject: Re: best practice: error handling Date: Tue, 31 May 2011 11:08:38 -0700 Organization: TornevallNET - http://news.tornevall.net Message-ID: References: <0b95a2a1-6e3d-4ad1-a832-e3099a9bce37@v8g2000yqb.googlegroups.com> NNTP-Posting-Host: 7aca3cd5544eb47e58cee04a34c3c90c Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Trace: fb18559fc996858afa4cf76bb0e540bf X-Complaints-To: abuse@tornevall.net User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.17) Gecko/20110424 Thunderbird/3.1.10 X-Complaints-Language: Spoken language is english or swedish - NOT ITALIAN, FRENCH, GERMAN OR ANY OTHER LANGUAGE! In-Reply-To: <0b95a2a1-6e3d-4ad1-a832-e3099a9bce37@v8g2000yqb.googlegroups.com> X-UserIDNumber: 1738 X-Validate-Post: http://news.tornevall.net/validate.php?trace=fb18559fc996858afa4cf76bb0e540bf X-Complaints-Italiano: Non abbiamo padronanza della lingua italiana - se mandate una email scrivete solo in Inglese, grazie X-Posting-User: 0243687135df8c4b260dd4a9a93c79bd Xref: g2news1.google.com comp.lang.ada:19598 Date: 2011-05-31T11:08:38-07:00 List-Id: On 05/31/2011 07:01 AM, milouz wrote: > > I'm wondering about the best way to handle errors in Ada when calling > a function/procedure that may fails. > > For example, when programming on Unix systems in C, the called > functions usually return a zero or positive value on success and -1 on > failure, while setting a global variable (errno) to give some > informations about the failure. When programming in C, returned error codes are often ignored, leading to errors and security vulnerabilities. Global variables are never a good idea, especially in a concurrent language. This approach should almost never be used. If the "error" is exceptional, then an exception should be raised. If the "error" is unexceptional, then a signal that cannot be ignored/misused should be used. For an example of the latter, consider an Index function that returns the index of a substring ("pattern") in a larger string ("source"). It will be fairly common for the pattern not to occur in the source, so raising an exception is not right here. The Index functions in Ada.Strings.Fixed return Natural, with a value of zero returned if the pattern is not found in the source. However, this can be ignored/misused; calling code can omit the check for zero and use the returned value as if it were a valid index into the string. Sometimes this will cause an exception, but there are cases where it will not; such cases can be hard to find. The correct way to handle this is for the function to return a variant record: type Index_Result (Found : Boolean := False) is record case Found is when False => null; when True => Index : Positive; end case; end record; function Index (Source : in String; Pattern : in String) return Index_Result; Now the signal (the discriminant) cannot be ignored, and the Index Component cannot be misused. -- Jeff Carter "Clear? Why, a 4-yr-old child could understand this report. Run out and find me a 4-yr-old child. I can't make head or tail out of it." Duck Soup 94