From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00
	autolearn=unavailable autolearn_force=no version=3.4.4
Path: 
 eternal-september.org!reader01.eternal-september.org!reader02.eternal-september.org!news.eternal-september.org!mx02.eternal-september.org!feeder.eternal-september.org!gandalf.srv.welterde.de!news.jacob-sparre.dk!loke.jacob-sparre.dk!pnx.dk!.POSTED!not-for-mail
From: "Randy Brukardt" <randy@rrsoftware.com>
Newsgroups: comp.lang.ada
Subject: Re: How to get nice with GNAT?
Date: Mon, 1 Dec 2014 16:25:28 -0600
Organization: Jacob Sparre Andersen Research & Innovation
Message-ID: <m5ipsq$gn9$1@loke.gir.dk>
References: <m52urp$9nc$1@loke.gir.dk> <lyh9xm3lkk.fsf@pushface.org>
 <969708583438656051.436159nonlegitur-futureapps.invalid@reader80.eternal-september.org>
 <lyd28a2z3i.fsf@pushface.org> <m54f3d$luu$1@dont-email.me>
 <g70ue0kjz9qi$.1b2fj6sqtjbez$.dlg@40tude.net> <m55gk8$r2l$1@loke.gir.dk>
 <0d085a5a-d4ac-4506-ae5f-8da685f39004@googlegroups.com>
 <1ukyfvaqgkwo1.6ngfx1v21twz$.dlg@40tude.net>
 <f7201e21-5b20-4849-b44b-c0be1d37a97f@googlegroups.com>
 <1g5ttpzi8eywc$.1gluj9evlmeus.dlg@40tude.net>
NNTP-Posting-Host: rrsoftware.com
X-Trace: loke.gir.dk 1417472730 17129 24.196.82.226 (1 Dec 2014 22:25:30 GMT)
X-Complaints-To: news@jacob-sparre.dk
NNTP-Posting-Date: Mon, 1 Dec 2014 22:25:30 +0000 (UTC)
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.5931
X-RFC2646: Format=Flowed; Original
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.6157
Xref: news.eternal-september.org comp.lang.ada:23816
Date: 2014-12-01T16:25:28-06:00
List-Id: <comp.lang.ada>

"Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de> wrote in message 
news:1g5ttpzi8eywc$.1gluj9evlmeus.dlg@40tude.net...
...
> The idea that all/most/some bugs should somehow manifest their wrong
> behavior in exceptions is dubious.

Fascinating. I'd say the reverse: that almost all bugs quickly manifest 
themselves in an exception (at least in well-designed Ada code). For 
instance, I tend to make off-by-one errors in index calculations. Such 
errors almost always result in a Constraint_Error when the index is used. 
Similarly, in Janus/Ada, we've sometimes passed the wrong entity to a 
subprogram; that almost always shows up as a Constraint_Error detecting the 
use of a non-existent variant. (If a routine expects a symboltable pointer 
to an object, and gets a package, the components it needs aren't going to be 
there.)

Indeed, the recent history of Ada includes more and more ways to specify 
what is expected/needed for a parameter/object/component. Null exclusions 
(Ada 2005), preconditions, and predicates (Ada 2012) are all ways to more 
closely tell the compiler what is intended.

The next step, IMHO, is to include exception contracts that effectively 
require exceptions not to occur. If they in fact do occur, then the program 
is wrong and will be rejected by the compiler. That means that "unexpected" 
Constraint_Errors will be detected statically and thus the manifestation of 
many bugs can be detected -- thus eliminating the bugs at the source.

Of course, once that next step is taken (and I mean in the context of the 
full Ada language, not just some simple subset like SPARK), then you'll 
probably be right. But that's still some distance in the future.

                                                              Randy.