Re: Build-in-place semantics? (Was: Ada design bug or GNAT bug?)

comp.lang.ada
 help / color / mirror / Atom feed

From: "Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de>
Subject: Re: Build-in-place semantics?  (Was: Ada design bug or GNAT bug?)
Date: Sun, 5 Jul 2015 09:10:02 +0200
Date: 2015-07-05T09:10:02+02:00	[thread overview]
Message-ID: <p3bqcfamrv4u$.1hljafkfcljnw.dlg@40tude.net> (raw)
In-Reply-To: mn9unk$uvg$1@loke.gir.dk

On Sat, 4 Jul 2015 19:45:39 -0500, Randy Brukardt wrote:

> "Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de> wrote in message 
> news:xtm95y6tqdo6$.1tfgl96oattey$.dlg@40tude.net...
>> On Sat, 04 Jul 2015 13:02:26 +0200, Jacob Sparre Andersen wrote:
>>
>>> Randy Brukardt wrote:
>>>
>>>> Probably not, build-in-place semantics isn't practical for all
>>>> non-limited types (think normal assignment, can't build-in-place
>>>> because if an exception occurs the original value has to be intact).
>>>
>>> A very sensible requirement, but wouldn't it be nice ...
>>
>> In my view it is not.
>>
>> Assignment is a syntax sugar of a primitive operation.
>>
>> If an operation propagates an exception there is no obligation on mutable
>> parameters except than type invariants (and post-conditions bound to the
>> exception).
>>
>> Compare it to a procedure with an in-out parameter.
> 
> A procedure with an in-out parameter shouldn't clobber the parameters on an 
> exception, either.

Yes. It must respect the type invariant.

> (Consider what happens for a by-copy parameter, of any 
> mode, when an exception is raised.) By-reference parameter passing 
> introduces the problem, and one could easily argue that it is the bug in the 
> language design (introduced for efficiency), not the difference in 
> requirements for assignment.

by-copy vs. by-reference is an implementation detail. The contract must
define the parameter state in the case of an exception. Since Ada lacks
exception contracts there is no way to do this.

But it is not the language's business define or imply such contracts.

> Also note that no parameter will be partially modified by a procedure unless 
> the procedure is actually written to do that. That's under the control of 
> the programmer. If the language allowed clobbering part of an object during 
> a failed assignment, no recovery would be possible (the object would be 
> "abnormal" and could never be used again until it is reinitialized -- that's 
> what happens for abort).

PL/1 exception model? No, recovery is easier if you do not rely on that.
You would just roll back the context until the latest safe state.

> That would make a lot of things hard to guarantee 
> short of using SPARK to prove exception absence.

It would make things easier if there were proper contracts on parameters of
all operations, assignment included.

--
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de

next prev parent reply	other threads:[~2015-07-05  7:10 UTC|newest]

Thread overview: 46+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-06-20 18:55 Ada design bug or GNAT bug? Dmitry A. Kazakov
2015-06-21  2:42 ` Randy Brukardt
2015-06-21  6:47   ` Dmitry A. Kazakov
2015-06-22 17:39     ` Randy Brukardt
2015-06-22 18:16       ` Dmitry A. Kazakov
2015-06-23 11:00         ` G.B.
2015-06-23 14:27           ` Dmitry A. Kazakov
2015-06-23 11:45         ` G.B.
2015-06-23 14:30           ` Dmitry A. Kazakov
2015-07-02 22:22         ` Randy Brukardt
2015-07-03  8:02           ` Dmitry A. Kazakov
2015-07-03 17:33             ` Randy Brukardt
2015-07-03 21:34               ` Dmitry A. Kazakov
2015-07-04  3:11                 ` Randy Brukardt
2015-07-04 12:14                   ` Dmitry A. Kazakov
2015-07-05  0:53                     ` Randy Brukardt
2015-06-22 18:27       ` Shark8
2015-06-23 11:51         ` vincent.diemunsch
2015-06-23 19:55           ` Shark8
2015-06-23 13:06         ` vincent.diemunsch
2015-06-23 14:30           ` David Botton
2015-06-23 15:57             ` Niklas Holsti
2015-06-23 16:01               ` G.B.
2015-06-23 18:05               ` David Botton
2015-06-23 19:38               ` David Botton
2015-06-23 14:38           ` Dmitry A. Kazakov
2015-06-23 16:57             ` Vincent
2015-06-23 17:15               ` Dmitry A. Kazakov
2015-06-23 19:14                 ` vincent.diemunsch
2015-06-23 19:33                   ` Dmitry A. Kazakov
2015-06-23 17:42           ` Jeffrey R. Carter
2015-07-02 22:06           ` Randy Brukardt
2015-07-04  1:52             ` Shark8
2015-07-04  3:24               ` Randy Brukardt
2015-07-04 11:02                 ` Build-in-place semantics? (Was: Ada design bug or GNAT bug?) Jacob Sparre Andersen
2015-07-04 12:15                   ` Dmitry A. Kazakov
2015-07-05  0:45                     ` Randy Brukardt
2015-07-05  7:10                       ` Dmitry A. Kazakov [this message]
2015-07-05  0:40                   ` Randy Brukardt
2015-07-04 14:05                 ` Ada design bug or GNAT bug? Bob Duff
2015-07-04  7:46               ` Simon Wright
2015-07-04 12:00                 ` Björn Lundin
2015-07-05  0:48                   ` Randy Brukardt
2015-07-06 12:37             ` Vincent
2015-07-06 20:05               ` Randy Brukardt
2015-07-07  8:06               ` Dmitry A. Kazakov

replies disabled

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox