From: Simon Wright <simon.j.wright@mac.com>
Subject: Re: contracted exceptions
Date: Sat, 09 Jun 2007 22:04:24 +0100
Date: 2007-06-09T22:04:24+01:00 [thread overview]
Message-ID: <m23b1096w7.fsf@mac.com> (raw)
In-Reply-To: 12vqux55uf5rn.1u5enj1mh0ubk$.dlg@40tude.net
"Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de> writes:
> On Sat, 09 Jun 2007 13:32:59 +0100, Simon Wright wrote:
>> Not a lot .. an exception is raised because some assertion made by
>> the designer/implementer of the library concerned has turned out to
>> be false (the value will be in this range; the file will be open;
>> the file is a valid XML document ...).
>
> In Ariane case the physical value was in range but assertion failed.
I thought it was a constraint check?
I was trying to make the point that some restraints on program
legality can be made in the language by defining constrained types,
others you're stuck with hand-coded checks:
pragma Assert ({correct calling sequence}, "bad calling sequence");
or if you prefer
if not {correct calling sequence} then
raise Use_Error;
end if;
All much of a muchness in terms of trying to make sure that the
program is correct and is used correctly.
> I don't think that failed run-time assertions should be converted
> into exceptions. Among many reasons, one is that this would break
> exception contracts:
>
> procedure Foo -- I don't aise Baz
> begin
> pragma Assert (<something>); -- I raise Baz when not <something>
I had forgotten the context of this discussion, I was talking about
Ada :-)
Also, this check is about a precondition, if the caller violates the
precondition she has no right to expect me not to raise unheralded
exceptions!
> The contract would be a lie. Another reason is that you could not
> handle Baz, because that would change the program behavior with and
> without assertions checked. IMO run-time assertions is an utterly
> wrong idea.
As I said before, I see little difference between assertions &
predefined language checks in terms of where they should be
used. Clearly you shouldn't use an assertion where the thing being
checked is legitimate failure behaviour!
pragma Assert (not Vessel_On_Firing_Range);
Start_Test_Missile_Firing;
Of course you can suppress (some) language-defined checks, but then
you get undefined bahaviour at run time if the error condition
happens. Is it worse to get unexpected exceptions or to compute with
out-of-range data?
Best of course to prove that the error can't happen.
--S
next prev parent reply other threads:[~2007-06-09 21:04 UTC|newest]
Thread overview: 69+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-06-06 21:33 Reconsidering assignment Maciej Sobczak
2007-06-06 22:52 ` Ray Blaak
2007-06-07 7:15 ` Maciej Sobczak
2007-06-07 16:34 ` Ray Blaak
2007-06-07 7:10 ` Stefan Lucks
2007-06-07 7:32 ` Maciej Sobczak
2007-06-07 11:11 ` Stefan Lucks
2007-06-07 16:28 ` Ray Blaak
2007-06-07 9:27 ` Dmitry A. Kazakov
2007-06-07 16:54 ` contracted exceptions (was Re: Reconsidering assignment) Ray Blaak
2007-06-07 20:04 ` contracted exceptions Robert A Duff
2007-06-07 21:11 ` Ray Blaak
2007-06-07 23:44 ` Robert A Duff
2007-06-08 2:19 ` Randy Brukardt
2007-06-08 7:39 ` Dmitry A. Kazakov
2007-06-08 8:53 ` Ray Blaak
2007-06-08 12:08 ` Dmitry A. Kazakov
2007-06-08 17:31 ` Ray Blaak
2007-06-08 18:00 ` Dmitry A. Kazakov
2007-06-08 18:20 ` Georg Bauhaus
2007-06-08 18:56 ` Dmitry A. Kazakov
2007-06-08 19:15 ` Simon Wright
2007-06-09 0:14 ` Randy Brukardt
2007-06-09 2:44 ` Larry Kilgallen
2007-06-09 8:21 ` Dmitry A. Kazakov
2007-06-09 12:32 ` Simon Wright
2007-06-09 18:38 ` Dmitry A. Kazakov
2007-06-09 21:04 ` Simon Wright [this message]
2007-06-10 9:21 ` Dmitry A. Kazakov
2007-06-10 11:49 ` Simon Wright
2007-06-10 15:20 ` Dmitry A. Kazakov
2007-06-11 4:13 ` Ray Blaak
2007-06-11 7:58 ` Dmitry A. Kazakov
2007-06-11 17:06 ` Ray Blaak
2007-06-11 19:57 ` Dmitry A. Kazakov
2007-06-10 18:14 ` Georg Bauhaus
2007-06-10 18:12 ` Georg Bauhaus
2007-06-11 7:55 ` Dmitry A. Kazakov
2007-06-11 14:15 ` Bob Spooner
2007-06-11 15:14 ` Georg Bauhaus
2007-06-11 15:20 ` (see below)
2007-06-11 16:39 ` Georg Bauhaus
2007-06-11 19:50 ` Simon Wright
2007-06-08 11:26 ` Martin Krischik
2007-06-08 12:02 ` Robert A Duff
2007-06-08 11:22 ` contracted exceptions (was Re: Reconsidering assignment) Martin Krischik
2007-06-08 17:44 ` Ray Blaak
2007-06-08 12:10 ` contracted exceptions Robert A Duff
2007-06-08 15:56 ` Stefan Lucks
2007-06-08 20:27 ` Pascal Obry
2007-06-09 0:19 ` Randy Brukardt
2007-06-09 18:04 ` Robert A Duff
2007-06-09 18:37 ` Dmitry A. Kazakov
2007-06-09 20:43 ` Robert A Duff
2007-06-10 9:21 ` Dmitry A. Kazakov
2007-06-11 19:18 ` Randy Brukardt
2007-06-12 6:55 ` Jean-Pierre Rosen
2007-06-08 17:40 ` Ray Blaak
2007-06-09 18:14 ` Robert A Duff
2007-06-08 19:18 ` Simon Wright
2007-06-09 22:37 ` Reconsidering assignment Maciej Sobczak
2007-06-10 9:21 ` Dmitry A. Kazakov
2007-06-11 9:04 ` Maciej Sobczak
2007-06-11 13:09 ` Dmitry A. Kazakov
2007-06-11 18:57 ` Randy Brukardt
2007-06-11 21:12 ` Maciej Sobczak
2007-06-12 8:31 ` Dmitry A. Kazakov
2007-06-12 9:31 ` Georg Bauhaus
2007-06-12 10:03 ` Dmitry A. Kazakov
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox