From: "Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de>
Subject: Re: Problems with SPARK 2015 and XMLAda
Date: Fri, 21 Aug 2015 09:30:46 +0200
Date: 2015-08-21T09:30:46+02:00 [thread overview]
Message-ID: <puak04qc3k8o$.1epetyorakzeg$.dlg@40tude.net> (raw)
In-Reply-To: alpine.DEB.2.20.1508210804480.22981@debian
On Fri, 21 Aug 2015 08:26:53 +0200, Stefan.Lucks@uni-weimar.de wrote:
> On Thu, 20 Aug 2015, Randy Brukardt wrote:
>
>> SPARK forces such errors to be reported as error codes, and that's pure
>> evil.
>
> There are two cases against error codes, a strong one and a weak one.
>
> The strong case that programmers just tend to forget handling them, or
> even intentionally ignore them. This is why error codes are evil.
>
> But this is a non-issue for SPARK: If the postconditions of a subprogramm
> allow error codes, the caller cannot ignore the error and still prove its
> own postconditions (at least for any sort of useful postconditions).
>
> The weak case is about readability. It is a reason why error codes are
> bad, but not quite evil. And it actually is an issue for SPARK:
>
> Source code with well-used exception handlers at the bottom of a block are
> often better readable than programs where the error-handlers are
> distributed across the source code, with an error handler after every
> program call returning an error code.
No, it is not about readability or dangers of not testing the return code.
The main reason is that exceptions indicate states which usually cannot be
handled on the caller's context. (All other applications, e.g. to indicate
bugs are illegitimate)
Whatever the code is, unless indicating "success", some callers cannot do
anything with that and should pass it to their callers and maybe to the
caller's caller and so on.
The idea of exception is that the caller *cannot continue* when the callee
detected an exceptional state.
Since the callee shall not know its callers, which is one of the major
software design principles, there is no way how return code could be a
substitute to exception. You must rework the design and contaminate the
code of all callers up the calling chain until continuation were logically
possible.
Another reason is distributed overhead of testing return codes. Modern
compilers and processors have zero exception overhead when no exception
raised. Exceptions, when used properly, are rare, thus programs using
exceptions could be far more efficient.
--
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de
next prev parent reply other threads:[~2015-08-21 7:30 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-08-19 15:58 Problems with SPARK 2015 and XMLAda Serge Robyns
2015-08-19 20:21 ` Simon Wright
2015-08-19 21:22 ` Serge Robyns
2015-08-20 7:10 ` Jacob Sparre Andersen
2015-08-20 10:06 ` Mark Lorenzen
2015-08-20 16:38 ` Shark8
2015-08-20 18:42 ` Peter Chapin
2015-08-20 19:13 ` Jeffrey R. Carter
2015-08-20 20:00 ` Serge Robyns
2015-08-20 20:36 ` Randy Brukardt
2015-08-20 23:21 ` Shark8
2015-08-21 6:26 ` Stefan.Lucks
2015-08-21 7:30 ` Dmitry A. Kazakov [this message]
2015-08-21 8:19 ` Stefan.Lucks
2015-08-21 9:37 ` Dmitry A. Kazakov
2015-08-21 10:09 ` G.B.
2015-08-21 11:56 ` Dmitry A. Kazakov
2015-08-21 13:46 ` G.B.
2015-08-21 14:45 ` brbarkstrom
2015-08-21 15:34 ` Dmitry A. Kazakov
2015-08-21 23:44 ` Bob Duff
2015-08-22 6:22 ` Dmitry A. Kazakov
2015-08-21 10:43 ` Stefan.Lucks
2015-08-21 12:35 ` Dmitry A. Kazakov
2015-08-24 21:32 ` Randy Brukardt
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox