From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-0.3 required=5.0 tests=BAYES_00, REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4 Path: eternal-september.org!reader01.eternal-september.org!reader02.eternal-september.org!news.eternal-september.org!mx02.eternal-september.org!feeder.eternal-september.org!aioe.org!.POSTED!not-for-mail From: "Dmitry A. Kazakov" Newsgroups: comp.lang.ada Subject: Re: Build-in-place semantics? (Was: Ada design bug or GNAT bug?) Date: Sun, 5 Jul 2015 09:10:02 +0200 Organization: cbb software GmbH Message-ID: References: <4lrj5zz2u2z.u8x9cf7xzic6.dlg@40tude.net> <58f64fa9-7d0b-44dd-870c-77d9afcb82c4@googlegroups.com> <4228c0ea-837d-42a0-b2a8-a98d8d30f820@googlegroups.com> <87bnfsfanx.fsf_-_@adaheads.sparre-andersen.dk> Reply-To: mailbox@dmitry-kazakov.de NNTP-Posting-Host: evoS9sCOdnHjo0GRLLMU1Q.user.speranza.aioe.org Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Complaints-To: abuse@aioe.org User-Agent: 40tude_Dialog/2.0.15.1 X-Notice: Filtered by postfilter v. 0.8.2 Xref: news.eternal-september.org comp.lang.ada:26619 Date: 2015-07-05T09:10:02+02:00 List-Id: On Sat, 4 Jul 2015 19:45:39 -0500, Randy Brukardt wrote: > "Dmitry A. Kazakov" wrote in message > news:xtm95y6tqdo6$.1tfgl96oattey$.dlg@40tude.net... >> On Sat, 04 Jul 2015 13:02:26 +0200, Jacob Sparre Andersen wrote: >> >>> Randy Brukardt wrote: >>> >>>> Probably not, build-in-place semantics isn't practical for all >>>> non-limited types (think normal assignment, can't build-in-place >>>> because if an exception occurs the original value has to be intact). >>> >>> A very sensible requirement, but wouldn't it be nice ... >> >> In my view it is not. >> >> Assignment is a syntax sugar of a primitive operation. >> >> If an operation propagates an exception there is no obligation on mutable >> parameters except than type invariants (and post-conditions bound to the >> exception). >> >> Compare it to a procedure with an in-out parameter. > > A procedure with an in-out parameter shouldn't clobber the parameters on an > exception, either. Yes. It must respect the type invariant. > (Consider what happens for a by-copy parameter, of any > mode, when an exception is raised.) By-reference parameter passing > introduces the problem, and one could easily argue that it is the bug in the > language design (introduced for efficiency), not the difference in > requirements for assignment. by-copy vs. by-reference is an implementation detail. The contract must define the parameter state in the case of an exception. Since Ada lacks exception contracts there is no way to do this. But it is not the language's business define or imply such contracts. > Also note that no parameter will be partially modified by a procedure unless > the procedure is actually written to do that. That's under the control of > the programmer. If the language allowed clobbering part of an object during > a failed assignment, no recovery would be possible (the object would be > "abnormal" and could never be used again until it is reinitialized -- that's > what happens for abort). PL/1 exception model? No, recovery is easier if you do not rely on that. You would just roll back the context until the latest safe state. > That would make a lot of things hard to guarantee > short of using SPARK to prove exception absence. It would make things easier if there were proper contracts on parameters of all operations, assignment included. -- Regards, Dmitry A. Kazakov http://www.dmitry-kazakov.de