From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM autolearn=ham autolearn_force=no version=3.4.4 X-Google-Thread: 103376,61e9062c1f23b9d5 X-Google-Attributes: gid103376,public,usenet X-Google-Language: ENGLISH,ASCII-7-bit Path: g2news1.google.com!news1.google.com!news.glorb.com!news.tele.dk!feed118.news.tele.dk!news.tele.dk!small.news.tele.dk!lnewsinpeer00.lnd.ops.eu.uu.net!emea.uu.net!peer-uk.news.demon.net!kibo.news.demon.net!news.demon.co.uk!demon!not-for-mail From: Simon Wright Newsgroups: comp.lang.ada Subject: Re: contracted exceptions Date: Sat, 09 Jun 2007 22:04:24 +0100 Organization: Pushface Message-ID: References: <1181165630.012508.55290@i38g2000prf.googlegroups.com> <19fxsxv1god43$.1pqq8vgfu2itn$.dlg@40tude.net> <1it2vtizha2fi$.jxnoaxmm9sop$.dlg@40tude.net> <12vqux55uf5rn.1u5enj1mh0ubk$.dlg@40tude.net> NNTP-Posting-Host: pogner.demon.co.uk Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: news.demon.co.uk 1181423064 19862 62.49.19.209 (9 Jun 2007 21:04:24 GMT) X-Complaints-To: abuse@demon.net NNTP-Posting-Date: Sat, 9 Jun 2007 21:04:24 +0000 (UTC) Cancel-Lock: sha1:kSdSDOoXH60vXHV07neltS0Qd30= User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.0.95 (darwin) Xref: g2news1.google.com comp.lang.ada:16140 Date: 2007-06-09T22:04:24+01:00 List-Id: "Dmitry A. Kazakov" writes: > On Sat, 09 Jun 2007 13:32:59 +0100, Simon Wright wrote: >> Not a lot .. an exception is raised because some assertion made by >> the designer/implementer of the library concerned has turned out to >> be false (the value will be in this range; the file will be open; >> the file is a valid XML document ...). > > In Ariane case the physical value was in range but assertion failed. I thought it was a constraint check? I was trying to make the point that some restraints on program legality can be made in the language by defining constrained types, others you're stuck with hand-coded checks: pragma Assert ({correct calling sequence}, "bad calling sequence"); or if you prefer if not {correct calling sequence} then raise Use_Error; end if; All much of a muchness in terms of trying to make sure that the program is correct and is used correctly. > I don't think that failed run-time assertions should be converted > into exceptions. Among many reasons, one is that this would break > exception contracts: > > procedure Foo -- I don't aise Baz > begin > pragma Assert (); -- I raise Baz when not I had forgotten the context of this discussion, I was talking about Ada :-) Also, this check is about a precondition, if the caller violates the precondition she has no right to expect me not to raise unheralded exceptions! > The contract would be a lie. Another reason is that you could not > handle Baz, because that would change the program behavior with and > without assertions checked. IMO run-time assertions is an utterly > wrong idea. As I said before, I see little difference between assertions & predefined language checks in terms of where they should be used. Clearly you shouldn't use an assertion where the thing being checked is legitimate failure behaviour! pragma Assert (not Vessel_On_Firing_Range); Start_Test_Missile_Firing; Of course you can suppress (some) language-defined checks, but then you get undefined bahaviour at run time if the error condition happens. Is it worse to get unexpected exceptions or to compute with out-of-range data? Best of course to prove that the error can't happen. --S