From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
	autolearn_force=no version=3.4.4
X-Google-Thread: 103376,7d3cb5920e882220
X-Google-Attributes: gid103376,public,usenet
X-Google-Language: ENGLISH,ASCII-7-bit
Path: 
 g2news1.google.com!news3.google.com!out01b.usenetserver.com!news.usenetserver.com!in04.usenetserver.com!news.usenetserver.com!in03.usenetserver.com!news.usenetserver.com!pc02.usenetserver.com!news.flashnewsgroups.com-b7.4zTQh5tI3A!not-for-mail
Newsgroups: comp.lang.ada
Subject: Re: Contracted exceptions for Ada
References: 
 <5947aa62-2547-4fbb-bc46-1111b4a0dcc9@x69g2000hsx.googlegroups.com>
 <KoSdnYQKWIUB9cXanZ2dnUVZ_oytnZ2d@comcast.com>
  <uvkiadiwrfh2.wi288ebeq18y.dlg@40tude.net> <fjd2t9$hkg$1@jacob-sparre.dk>
  <7m9wkymyi5h7.1235e72is9mp9.dlg@40tude.net>
  <uodd0b217.fsf@stephe-leake.org>
  <12dud1fg1b0s5.137rtqpvn9f15.dlg@40tude.net>
From: Stephen Leake <stephen_leake@stephe-leake.org>
Date: Tue, 11 Dec 2007 03:10:36 -0500
Message-ID: <uwsrlircz.fsf@stephe-leake.org>
User-Agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/22.1 (windows-nt)
Cancel-Lock: sha1:yJeIsmZoei/oz8sJeI0Hc6yyx/8=
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Complaints-To: abuse@flashnewsgroups.com
Organization: FlashNewsgroups.com
X-Trace: 710e6475e45f8e05e48ed12884
Xref: g2news1.google.com comp.lang.ada:18889
Date: 2007-12-11T03:10:36-05:00
List-Id: <comp.lang.ada>

"Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de> writes:

> On Sun, 09 Dec 2007 05:22:44 -0500, Stephen Leake wrote:
>
>> "Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de> writes:
>> 
>>> On Fri, 7 Dec 2007 21:30:05 -0600, Randy Brukardt wrote:
>>>
>>>> Another one is what to do if a contract is violated. The obvious answer of
>>>> raising Program_Error doesn't do anything other than lose information about
>>>> an exception, so that isn't very satisfying.
>>>
>>> Yes, in my view exception contracts have to be static. 
>> 
>> The only way to statically enforce exception contracts is to use SPARK
>> Ada (http://www.praxis-his.com/sparkada/). SPARK Ada does do exactly
>> that (among other things); it also signficantly restricts the Ada
>> language to a manageable subset.
>
> (I doubt that limitations of SPARK are caused by contracted exceptions. 

Correct. The limitations are introduced to make static analysis
tractable with the current state of the art.

> It just does right what Ada didn't.

I wouldn't go that far. As time goes on, more of Ada is permitted in
Spark, because the static analysis technology, and the computers it
runs on, gets better.

>> So if you like exception contracts, use SPARK Ada.
>> 
>> If you like all the things SPARK Ada leaves out (I don't have the
>> current list handy; it doesn't seem to be on the web site), use
>> standard Ada.
>
> This does not answer the questions, which are two:
>
> 1. Are contracted exceptions any good?

Yes, for high integrity systems.

> 2. Can Ada have them?

No, because it is too hard to do the static analysis to enforce the contracts.

-- 
-- Stephe