From: "Randy Brukardt" <randy@rrsoftware.com>
Subject: Re: Your wish list for Ada 202X
Date: Wed, 16 Apr 2014 17:27:18 -0500
Date: 2014-04-16T17:27:18-05:00 [thread overview]
Message-ID: <lin047$uik$1@loke.gir.dk> (raw)
In-Reply-To: br8bu5Fg3keU1@mid.individual.net
"Niklas Holsti" <niklas.holsti@tidorum.invalid> wrote in message
news:br8bu5Fg3keU1@mid.individual.net...
> On 14-04-15 03:08 , Randy Brukardt wrote:
...
>> Dispatching operations necessarily have weaker contracts than statically
>> bound calls, and that is especially important for "contracts" that can't
>> be
>> described in Ada and thus can't be checked (either statically or
>> dynamically).
>
> Hm, I'm not convinced of that. To me, the informal contract for a
> dispatching operation Foo is "implements the Foo operation as specified
> for the class and as appropriate for the actual type". Of course these
> specifications are given in comments.
A lot of our discussion has become subjective, and I don't know if there is
a lot to be learned comparing somewhat different world-views. So I'm only
going to respond to a couple of points here...
Anyway, there is two problems with "specifications given in comments":
(A) they can't be checked in any automatic or formal way. When humans are
involved, mistakes *will* occur, and if they're not checked, the results
could be disasterous. After all, we just got a lesson in that from OpenSSH.
Had OpenSSH had a formal contract, the problem could not have ever leaked
any information. (If the contract was enforced only at runtime, like Pre in
Ada, OpenSSH might have had at worst a denial-of-service problem, but that
would have been quickly fixed and most of us would have never heard anything
about it.)
(B) English (or other natural language) is ambiguous, and such comments
often only make sense to the author (and recently at that). I often spend as
much time decoding old comments (even ones I wrote years ago) than actually
fixing anything in Janus/Ada these days. There's a decent percentage that
only make sense if one adds a lot of context to them (and of course a few
that defy ever making sense).
> I don't see the "necessarily ... weaker" for the more formal contracts
> either. Yes, for a dispatching call there are more possible callee
> operations (implementations) to check against the contract, but the
> general contract (as experienced by the caller) can be the same for all.
LSP says that preconditions have to combine weaker in order for dispatching
calls to make sense. Whether LSP is really the last word on OOP is an open
question, but if you mean to follow it, at least part of the contract *has*
to be weaker in a dispatching call. There's also the point that a
dispatching call always has to be assumed to be to some body not even
written yet, so it's nearly impossible to say anything definitive about it's
contract. (Pre'Class and the like are supposed to solve this latter problem,
but they have a bug involving (guess what) redispatching so they might not.
At least until the ARG considers the bug, which I really need to write up
one of these days.)
>> After all, most extensions are created by someone other than
>> the originator of the original class,
>
> Not (sadly) the case for my applications. But sometimes years go by
> between the definition of the class and the addition of a derived type,
> so memory can play tricks, and I have had a few hiccups in that area.
> But not many, perhaps thanks to my obsessive commenting.
Commenting is good, but formal contracts are better, simply because they
require you to write the contract in terms that mean the same thing when you
come back to them in 5 years. And then the additional value provided by
checking is gravy to people that truly do comment everything.
...
...
>> This last issue doesn't arise for a class-wide operation, where every
>> call
>> is going to look at an object of TT as type TT.
>
> Except if TT inherits some operation from T, because then that operation
> looks at the object as type T. (I know that from the language-semantics
> point of view the inherited operation acts on TT, but the programmer
> wrote its code with T in mind.)
>
> If redispatching is suspect because it breaks the assocation of an
> operation with a unique type, then inheritance of operations must also
> be suspect, for the same reason.
I understand your point, but I think the language-semantics view is actually
the correct one. One only allows inheritance of operations when the
implementation for T and for TT is thought to be identical. One hopes that
the author of TT considered that carefully!
It's true that maintenance of the T operation might in fact break the TT
operation (meaning that they should have different implementations), so
there is some additional danger in inheritance. There is also danger in
inheritance that the author of TT didn't know about. (I think it would be
much better if all inheritance was explicit; but to be practical that would
require a rather different syntax than Ada uses, and thus such a thing would
not make sense in an Ada perspective. For Claw, we had to write a tool to
figure out what operations exist for each concrete type, as there are so
many primitive operations and so many inheritance trees that it was
completely impossible to keep them straight by hand. I've never been a fan
of the way inheritance is handled in Ada.)
> I suppose one could forbid both inheritance and redispatching. That
> would be a major departure from traditional object/class-oriented
> programming.
Not forbid so much as "require declaration of". Ada already does that for
redispatching; my opinion is that it should be used rarely, but as with all
such tools (e.g. goto), rarely is certainly not never. Twisting a design
around to avoid redispatching is not likely to improve anything.
Similarly, inheritance can cause issues, but a lot of the time it also saves
implementing the same thing five times in a row. (The fact that I couldn't
make inheritance work for implementing parts of the Claw Builder is a
significant part of why it became close to unmaintainable.) My mantra tends
to be that programming languages are better when everything is explicit -
because when programmers and compilers are assuming stuff, it's not unlikely
that the assumptions end up different. And that's when trouble happens.
Randy.
next prev parent reply other threads:[~2014-04-16 22:27 UTC|newest]
Thread overview: 240+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-03-25 21:41 Your wish list for Ada 202X Stoik
2014-03-25 22:14 ` Simon Wright
2014-03-26 6:25 ` Shark8
2014-03-26 20:41 ` Randy Brukardt
2014-03-27 9:20 ` Shark8
2014-03-27 21:50 ` Randy Brukardt
2014-03-28 1:54 ` Jeffrey Carter
2014-03-28 8:17 ` Dmitry A. Kazakov
2014-03-28 21:27 ` Randy Brukardt
2014-03-29 9:44 ` Dmitry A. Kazakov
2014-03-31 23:55 ` Randy Brukardt
2014-04-01 8:20 ` Dmitry A. Kazakov
2014-04-01 10:51 ` G.B.
2014-04-01 12:40 ` Dmitry A. Kazakov
2014-04-02 22:39 ` Randy Brukardt
2014-04-03 2:59 ` Shark8
2014-04-05 11:10 ` Dmitry A. Kazakov
2014-04-08 1:15 ` Randy Brukardt
2014-04-08 9:15 ` Dmitry A. Kazakov
2014-04-08 10:15 ` G.B.
2014-04-08 10:56 ` Dmitry A. Kazakov
2014-04-08 23:37 ` Randy Brukardt
2014-04-09 10:40 ` Dmitry A. Kazakov
2014-04-10 3:28 ` Randy Brukardt
2014-04-10 8:42 ` Georg Bauhaus
2014-04-10 21:52 ` Randy Brukardt
2014-04-10 15:31 ` Dmitry A. Kazakov
2014-04-10 22:08 ` Randy Brukardt
2014-04-11 6:20 ` Dmitry A. Kazakov
2014-04-11 21:34 ` Randy Brukardt
2014-04-10 22:39 ` Randy Brukardt
2014-04-11 6:40 ` Dmitry A. Kazakov
2014-04-11 21:44 ` Randy Brukardt
2014-04-12 8:45 ` Dmitry A. Kazakov
2014-04-14 23:39 ` Randy Brukardt
2014-04-15 7:55 ` Dmitry A. Kazakov
2014-04-15 21:27 ` Randy Brukardt
2014-04-16 7:52 ` Dmitry A. Kazakov
2014-04-16 21:53 ` Randy Brukardt
2014-04-17 7:39 ` Dmitry A. Kazakov
2014-04-17 17:29 ` Randy Brukardt
2014-04-17 19:54 ` Dmitry A. Kazakov
2014-04-11 19:04 ` Niklas Holsti
2014-04-11 20:43 ` Dmitry A. Kazakov
2014-04-11 22:04 ` Niklas Holsti
2014-04-12 8:20 ` Dmitry A. Kazakov
2014-04-12 8:39 ` Nasser M. Abbasi
2014-04-12 9:38 ` Dmitry A. Kazakov
2014-04-12 9:55 ` Georg Bauhaus
2014-04-12 10:45 ` Dmitry A. Kazakov
2014-04-14 23:45 ` Randy Brukardt
2014-04-12 10:17 ` Nasser M. Abbasi
2014-04-12 10:48 ` Dmitry A. Kazakov
2014-04-13 19:43 ` Niklas Holsti
2014-04-13 21:07 ` Dmitry A. Kazakov
2014-04-18 19:10 ` Niklas Holsti
2014-04-18 21:18 ` Dmitry A. Kazakov
2014-04-19 7:35 ` Niklas Holsti
2014-04-19 8:19 ` Dmitry A. Kazakov
2014-04-19 8:39 ` Dmitry A. Kazakov
2014-04-19 9:08 ` Niklas Holsti
2014-04-19 10:06 ` Dmitry A. Kazakov
2014-04-19 13:53 ` Niklas Holsti
2014-04-19 14:21 ` Dmitry A. Kazakov
2014-04-19 18:28 ` Niklas Holsti
2014-04-19 9:05 ` Niklas Holsti
2014-04-19 10:18 ` Dmitry A. Kazakov
2014-04-15 0:08 ` Randy Brukardt
2014-04-15 7:21 ` Natasha Kerensikova
2014-04-15 21:20 ` Randy Brukardt
2014-04-16 6:32 ` Niklas Holsti
2014-04-16 7:24 ` Natasha Kerensikova
2014-04-16 7:31 ` Dmitry A. Kazakov
2014-04-16 9:30 ` Redispatching (was: Your wish list for Ada 202X) J-P. Rosen
2014-04-16 19:53 ` Redispatching Niklas Holsti
2014-04-17 7:26 ` Redispatching Dmitry A. Kazakov
2014-04-17 8:22 ` Redispatching Georg Bauhaus
2014-04-18 20:08 ` Redispatching Niklas Holsti
2014-04-18 20:51 ` Redispatching Dmitry A. Kazakov
2014-04-19 9:17 ` Redispatching Georg Bauhaus
2014-04-19 10:58 ` Redispatching Dmitry A. Kazakov
2014-04-19 11:21 ` Redispatching Georg Bauhaus
2014-04-17 8:53 ` Redispatching J-P. Rosen
2014-04-16 21:44 ` Your wish list for Ada 202X Niklas Holsti
2014-04-16 22:27 ` Randy Brukardt [this message]
2014-04-18 19:59 ` Niklas Holsti
2014-04-18 21:28 ` Randy Brukardt
2014-04-19 8:14 ` Niklas Holsti
2014-04-21 23:09 ` Randy Brukardt
2014-04-22 6:08 ` Niklas Holsti
2014-04-22 8:02 ` Dmitry A. Kazakov
2014-04-22 8:30 ` Shark8
2014-04-22 9:14 ` Dmitry A. Kazakov
2014-04-22 23:23 ` Randy Brukardt
2014-04-23 7:45 ` Dmitry A. Kazakov
2014-04-23 19:43 ` Shark8
2014-04-23 20:00 ` Dmitry A. Kazakov
2014-04-23 21:28 ` Shark8
2014-04-24 7:30 ` Dmitry A. Kazakov
2014-04-24 15:20 ` Shark8
2014-04-24 16:19 ` Dmitry A. Kazakov
2014-04-24 16:50 ` Shark8
2014-04-24 16:57 ` Dmitry A. Kazakov
2014-04-19 10:02 ` Georg Bauhaus
2014-03-27 22:06 ` Randy Brukardt
2014-03-28 5:23 ` Shark8
2014-03-26 8:17 ` Dmitry A. Kazakov
2014-03-26 9:02 ` J Kimball
2014-03-26 9:27 ` Dmitry A. Kazakov
2014-03-26 10:30 ` Marius Amado-Alves
2014-03-26 15:11 ` G.B.
2014-03-26 21:55 ` Simon Clubley
2014-03-26 15:03 ` G.B.
2014-03-26 22:00 ` Simon Clubley
2014-03-26 16:01 ` Anh Vo
2014-03-26 17:04 ` Dmitry A. Kazakov
2014-03-27 15:03 ` Dan'l Miller
2014-03-27 16:02 ` Dmitry A. Kazakov
2014-03-26 16:17 ` Stoik
2014-03-26 17:15 ` Dmitry A. Kazakov
2014-03-26 18:04 ` G.B.
2014-03-26 18:47 ` Simon Wright
2014-03-26 19:51 ` Georg Bauhaus
2014-03-27 14:43 ` Jacob Sparre Andersen
2014-03-27 22:50 ` Randy Brukardt
2014-03-28 5:22 ` J-P. Rosen
2014-03-28 7:54 ` Jacob Sparre Andersen
2014-03-28 21:22 ` Randy Brukardt
2014-03-26 21:06 ` Randy Brukardt
2014-03-26 23:15 ` J Kimball
2014-03-27 8:26 ` Dmitry A. Kazakov
2014-03-27 10:54 ` Georg Bauhaus
2014-03-27 15:42 ` Dmitry A. Kazakov
2014-03-27 21:35 ` Randy Brukardt
2014-04-29 14:26 ` Tero Koskinen
2014-04-29 15:39 ` Dan'l Miller
2014-04-29 17:10 ` Simon Clubley
2014-04-29 17:13 ` Tero Koskinen
2014-04-29 19:42 ` Simon Clubley
2014-03-30 12:28 ` francois_fabien
2014-03-30 13:40 ` Luke A. Guest
2014-03-30 14:24 ` Simon Clubley
2014-03-30 18:48 ` Luke A. Guest
2014-03-30 19:22 ` Dmitry A. Kazakov
2014-03-30 14:28 ` Simon Clubley
2014-03-30 15:14 ` Peter Chapin
2014-03-30 18:48 ` Luke A. Guest
2014-03-30 18:48 ` Luke A. Guest
2014-03-30 23:41 ` Simon Clubley
2014-03-31 15:39 ` Adam Beneschan
2014-03-30 13:46 ` Simon Clubley
2014-03-30 19:02 ` Pascal Obry
2014-03-30 19:33 ` Dmitry A. Kazakov
2014-03-30 19:59 ` Pascal Obry
2014-03-31 15:13 ` Stoik
2014-03-31 16:22 ` Pascal Obry
2014-03-31 16:47 ` Pascal Obry
2014-03-31 18:59 ` Dmitry A. Kazakov
2014-04-05 8:28 ` Pascal Obry
2014-04-05 11:06 ` Georg Bauhaus
2014-04-05 11:20 ` Pascal Obry
2014-04-02 16:21 ` Britt
2014-04-02 22:53 ` Randy Brukardt
2014-04-03 0:01 ` Jeffrey Carter
2014-04-03 5:51 ` Pascal Obry
2014-04-03 6:27 ` Jeffrey Carter
2014-04-03 17:18 ` Pascal Obry
2014-04-03 19:11 ` Dan'l Miller
2014-04-03 19:18 ` Dan'l Miller
2014-04-03 21:17 ` Randy Brukardt
2014-04-04 0:29 ` Jeffrey Carter
2014-04-04 8:20 ` Stefan.Lucks
2014-04-04 19:52 ` J Kimball
2014-04-04 20:43 ` Randy Brukardt
2014-04-04 20:54 ` Shark8
2014-04-04 21:47 ` Luke A. Guest
2014-04-08 0:47 ` Randy Brukardt
2014-04-08 4:43 ` J Kimball
2014-04-08 5:25 ` Jeffrey Carter
2014-04-08 23:44 ` Randy Brukardt
2014-04-04 20:53 ` Randy Brukardt
2014-04-04 23:25 ` Jeffrey Carter
2014-04-03 6:30 ` Georg Bauhaus
2014-04-03 0:06 ` Britt
2014-04-03 15:15 ` Robert A Duff
2014-04-03 20:19 ` Qun-Ying
2014-04-03 22:56 ` Robert A Duff
2014-04-04 18:31 ` Dan'l Miller
2014-04-04 21:08 ` Randy Brukardt
2014-04-05 3:39 ` Peter Chapin
2014-04-04 20:27 ` Shark8
2014-04-14 4:59 ` J Kimball
2014-04-14 6:54 ` Shark8
2014-04-15 0:22 ` Randy Brukardt
2014-04-15 0:18 ` Randy Brukardt
2014-04-15 5:28 ` J Kimball
2014-04-14 22:36 ` Shark8
2014-04-15 8:41 ` J-P. Rosen
2014-04-18 0:55 ` Robert Love
2014-04-18 11:39 ` Simon Wright
2014-04-23 12:55 ` björn lundin
2014-04-23 13:57 ` J-P. Rosen
2014-04-23 14:32 ` björn lundin
2014-04-23 15:43 ` J-P. Rosen
2014-04-23 16:31 ` björn lundin
2014-04-23 16:42 ` J-P. Rosen
2014-04-23 17:51 ` björn lundin
2014-04-23 21:29 ` Pascal Obry
2014-04-23 22:00 ` J-P. Rosen
2014-04-23 23:48 ` Shark8
2014-04-24 5:28 ` J-P. Rosen
2014-04-23 20:11 ` Randy Brukardt
2014-04-23 20:03 ` Randy Brukardt
2014-04-24 9:08 ` björn lundin
2014-04-23 18:02 ` Jeffrey Carter
2014-04-23 20:14 ` Randy Brukardt
2014-04-24 9:16 ` björn lundin
2014-04-24 11:33 ` G.B.
2014-04-24 12:11 ` björn lundin
2014-04-24 12:32 ` G.B.
2014-04-23 14:38 ` Dmitry A. Kazakov
2014-04-23 15:46 ` J-P. Rosen
2014-04-23 16:27 ` Dmitry A. Kazakov
2014-04-23 16:40 ` J-P. Rosen
2014-04-23 17:39 ` Dmitry A. Kazakov
2014-04-23 21:40 ` J-P. Rosen
2014-04-24 7:42 ` Dmitry A. Kazakov
2014-04-24 9:18 ` J-P. Rosen
2014-04-23 14:06 ` Dmitry A. Kazakov
2014-04-23 14:44 ` björn lundin
2014-04-23 20:28 ` Randy Brukardt
2014-04-24 10:31 ` björn lundin
2014-04-25 1:22 ` Randy Brukardt
2014-04-25 2:19 ` Shark8
2014-04-25 7:31 ` Dmitry A. Kazakov
2014-04-23 14:58 ` björn lundin
2014-04-23 18:05 ` Jeffrey Carter
2014-04-23 19:48 ` Shark8
2014-04-24 9:03 ` G.B.
2014-04-25 1:27 ` Randy Brukardt
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox