From: "Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de>
Subject: Re: Structured exception information
Date: Thu, 18 Jan 2007 10:55:20 +0100
Date: 2007-01-18T10:55:20+01:00 [thread overview]
Message-ID: <vqdjmgk3akqr.1mkjxu3kj9k6.dlg@40tude.net> (raw)
In-Reply-To: x2urh.309672$FQ1.158886@attbi_s71
On Wed, 17 Jan 2007 18:38:21 GMT, Jeffrey Carter wrote:
> Dmitry A. Kazakov wrote:
>>
>> I doubt that others could or should be called preconditions.
>
>> The point is that violated preconditions are non-states and cannot be
>> handled at all. Provided, that one understands precondition as a method of
>> proving program correctness. Otherwise, it is something else.
>
> It's clear that you're locked into the concept of a precondition as part
> of correctness proofs. In that context, yes, you statically prove that
> preconditions are met, and do not need to dynamically test them. This is
> the case with SPARK, for example.
I think that stress on compile-time checks is to some extent misleading. In
my view, the issue is not "when", but "who" performs the checks.
Correctness checks cannot be performed by the same program. In the case of
static checks, it is just so that the compiler program P2 checks my program
P1. If I wished to check my program at run-time, I should have a run-time
checker P3. For that matter, it could well be a part of Ada run-time
library, provided it were good insulated from my P1. But in all cases, when
P2 or P3 detects that P1 is incorrect (not Ada), then P1 cannot be
continued. The checker is free to start some third (Ada) program, though.
For this reason exception propagation in P1 were fundamentally flawed. We
cannot pretend that P1 has any scope which wasn't spoiled by the bug.
> In general, though, preconditions are a useful tool for documenting SW,
> especially SW that will be used by people other than the developer. It's
> a useful way of communicating to the client what he needs to ensure in
> order for the SW to function normally (this condition must be true), and
> the consequences of failing to do so (this exception is raised).
To me this is a contract: x/y yields a mathematically correct result or
else it propagates an exception when, for example, y=0. I.e. it is legal to
write 1/0 and the precondition is True.
If the precondition were y/=0, then 1/0 would be illegal and nothing could
be done about it.
> Ideally, you'd use the same syntax for both uses of preconditions.
I think is a difficult question. The languages of P1 (my program) and of P2
(a checker of) could be sufficiently different, by necessity. On the other
hand, Ada compilers are written in Ada... In any case there should be a
clear visual distinction between the contracts and the things checking the
contracts. The latter are optional (=have the semantics outside P1) the
former are not (=have the semantics of P1).
--
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de
next prev parent reply other threads:[~2007-01-18 9:55 UTC|newest]
Thread overview: 181+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-01-15 13:44 Structured exception information Maciej Sobczak
2007-01-15 17:17 ` claude.simon
2007-01-16 9:04 ` Maciej Sobczak
2007-01-16 22:39 ` Randy Brukardt
2007-01-15 17:28 ` Robert A Duff
2007-01-15 18:29 ` Georg Bauhaus
2007-01-15 19:44 ` Dmitry A. Kazakov
2007-01-15 20:06 ` Georg Bauhaus
2007-01-15 21:56 ` Randy Brukardt
2007-01-15 22:32 ` Robert A Duff
2007-01-16 18:36 ` Ray Blaak
2007-01-16 19:18 ` C# versus Ada (was: Structured exception information) Georg Bauhaus
2007-01-16 23:29 ` C# versus Ada Markus E Leypold
2007-01-18 10:22 ` Dmitry A. Kazakov
2007-01-17 18:14 ` C# versus Ada (was: Structured exception information) Ray Blaak
2007-01-16 23:27 ` Structured exception information Markus E Leypold
2007-01-17 7:28 ` Martin Krischik
2007-01-16 22:36 ` Randy Brukardt
2007-01-17 16:12 ` Bob Spooner
2007-01-17 23:42 ` Randy Brukardt
2007-01-16 9:11 ` Dmitry A. Kazakov
2007-01-16 10:45 ` Maciej Sobczak
2007-01-16 13:26 ` Dmitry A. Kazakov
2007-01-16 14:44 ` Maciej Sobczak
2007-01-16 15:15 ` Dmitry A. Kazakov
2007-01-16 17:50 ` Jeffrey Carter
2007-01-16 18:31 ` Dmitry A. Kazakov
2007-01-16 22:52 ` Randy Brukardt
2007-01-17 8:58 ` Dmitry A. Kazakov
2007-01-17 18:38 ` Jeffrey Carter
2007-01-17 23:18 ` Randy Brukardt
2007-01-17 23:46 ` Robert A Duff
2007-01-18 6:34 ` Jeffrey Carter
2007-01-19 7:34 ` Randy Brukardt
2007-01-19 13:52 ` Dmitry A. Kazakov
2007-01-19 18:57 ` Jeffrey Carter
2007-01-19 19:57 ` Robert A Duff
2007-01-20 20:59 ` Jeffrey Carter
2007-01-18 9:55 ` Dmitry A. Kazakov [this message]
2007-01-18 18:28 ` Jeffrey Carter
2007-01-17 23:36 ` Randy Brukardt
2007-01-18 10:16 ` Dmitry A. Kazakov
2007-01-15 22:19 ` Robert A Duff
2007-01-16 13:12 ` Georg Bauhaus
2007-01-15 22:42 ` Adam Beneschan
2007-01-15 23:22 ` Robert A Duff
2007-01-16 6:03 ` tmoran
2007-01-16 13:30 ` Stephen Leake
2007-01-16 14:33 ` Maciej Sobczak
2007-01-16 14:45 ` Georg Bauhaus
2007-01-16 17:54 ` Jeffrey Carter
2007-01-16 22:55 ` Randy Brukardt
2007-01-17 12:10 ` Stephen Leake
2007-01-17 14:05 ` Maciej Sobczak
2007-01-19 9:47 ` Stephen Leake
2007-01-19 11:03 ` Dmitry A. Kazakov
2007-01-20 15:04 ` Stephen Leake
2007-01-21 10:40 ` Dmitry A. Kazakov
2007-01-23 7:28 ` Stephen Leake
2007-01-23 14:21 ` Dmitry A. Kazakov
2007-01-25 2:39 ` Stephen Leake
2007-01-19 13:36 ` Maciej Sobczak
2007-01-20 15:33 ` Stephen Leake
2007-01-20 16:33 ` Robert A Duff
2007-01-21 22:42 ` Stephen Leake
2007-01-21 23:45 ` Robert A Duff
2007-01-22 9:14 ` Maciej Sobczak
2007-01-23 7:33 ` Stephen Leake
2007-01-23 15:07 ` Robert A Duff
2007-01-23 15:54 ` Maciej Sobczak
2007-01-23 17:10 ` Robert A Duff
2007-01-23 23:59 ` Randy Brukardt
2007-01-22 9:28 ` Maciej Sobczak
2007-01-23 9:46 ` Stephen Leake
2007-01-23 14:18 ` Maciej Sobczak
2007-01-25 2:32 ` Stephen Leake
2007-01-25 8:53 ` Maciej Sobczak
2007-01-26 9:35 ` Stephen Leake
2007-01-26 11:16 ` Markus E Leypold
2007-01-26 13:46 ` Georg Bauhaus
2007-01-27 18:17 ` Stephen Leake
2007-01-28 12:38 ` Simon Wright
2007-01-28 12:39 ` Simon Wright
2007-01-28 13:18 ` Stephen Leake
2007-01-28 15:44 ` Georg Bauhaus
2007-01-28 21:48 ` Ray Blaak
2007-01-28 18:50 ` Georg Bauhaus
2007-01-30 2:15 ` Stephen Leake
2007-01-31 18:58 ` Georg Bauhaus
2007-02-01 12:20 ` Stephen Leake
2007-02-01 14:17 ` Georg Bauhaus
2007-01-25 21:52 ` Randy Brukardt
2007-01-24 0:10 ` Randy Brukardt
2007-01-24 14:17 ` Wasteful internationalization (Was: Structured exception information) Alex R. Mosteo
2007-01-24 14:49 ` Dmitry A. Kazakov
2007-01-24 23:48 ` Wasteful internationalization Björn Persson
2007-01-25 9:45 ` Markus E Leypold
2007-01-24 21:03 ` Wasteful internationalization (Was: Structured exception information) Randy Brukardt
2007-01-25 11:17 ` Alex R. Mosteo
2007-01-25 21:37 ` Wasteful internationalization Björn Persson
2007-01-25 21:57 ` Wasteful internationalization (Was: Structured exception information) Randy Brukardt
2007-01-26 9:13 ` Dmitry A. Kazakov
2007-01-26 12:12 ` Georg Bauhaus
2007-01-27 4:09 ` Randy Brukardt
2007-01-27 17:15 ` Wasteful internationalization Stephen Leake
2007-01-27 20:44 ` Markus E Leypold
2007-01-28 0:09 ` Björn Persson
2007-01-28 1:08 ` Björn Persson
2007-01-28 15:21 ` Markus E Leypold
2007-01-29 1:23 ` Larry Kilgallen
2007-01-29 19:02 ` Björn Persson
2007-01-29 20:19 ` Larry Kilgallen
2007-02-01 6:23 ` Simon Wright
2007-02-03 0:48 ` Björn Persson
2007-02-03 1:04 ` Adam Beneschan
2007-02-03 11:52 ` Larry Kilgallen
2007-02-03 2:36 ` Markus E Leypold
2007-02-03 2:37 ` Markus E Leypold
2007-02-03 19:59 ` Björn Persson
2007-02-03 20:16 ` Markus E Leypold
2007-02-05 19:26 ` Björn Persson
2007-02-04 4:51 ` Alexander E. Kopilovich
2007-02-05 19:27 ` Björn Persson
2007-02-06 1:32 ` Randy Brukardt
2007-02-06 1:54 ` Markus E Leypold
2007-02-07 1:55 ` Björn Persson
2007-02-07 2:20 ` Markus E Leypold
2007-02-12 1:33 ` Björn Persson
2007-02-12 8:16 ` Franz Kruse
2007-02-12 9:20 ` Not at all wasteful internationalization Martin Krischik
2007-02-12 11:08 ` Georg Bauhaus
2007-02-12 13:02 ` Martin Krischik
2007-02-07 20:39 ` Wasteful internationalization Randy Brukardt
2007-02-08 13:33 ` Stephen Leake
2007-02-12 2:42 ` Björn Persson
2007-02-06 11:01 ` Peter Hermann
2007-02-06 19:02 ` OT: Flash (was: Re: Wasteful internationalization) Jeffrey R. Carter
2007-02-06 19:40 ` OT: Flash Markus E Leypold
2007-02-03 11:51 ` Wasteful internationalization Larry Kilgallen
2007-01-29 18:54 ` Björn Persson
2007-01-29 19:03 ` Markus E Leypold
2007-01-30 17:46 ` Georg Bauhaus
2007-01-30 19:37 ` Markus E Leypold
2007-01-30 20:43 ` Georg Bauhaus
2007-01-30 20:50 ` Georg Bauhaus
2007-01-30 21:54 ` Markus E Leypold
2007-01-31 11:26 ` Alex R. Mosteo
2007-01-31 15:17 ` Markus E Leypold
2007-02-03 0:49 ` Björn Persson
2007-02-03 16:05 ` Alex R. Mosteo
2007-02-03 0:48 ` Björn Persson
2007-02-01 12:08 ` Stephen Leake
2007-02-03 0:49 ` Björn Persson
2007-02-03 9:46 ` Dmitry A. Kazakov
2007-02-03 18:48 ` Stephen Leake
2007-02-03 20:27 ` Björn Persson
2007-01-30 2:20 ` Stephen Leake
2007-01-30 10:01 ` Wasteful internationalization (Was: Structured exception information) Harald Korneliussen
2007-01-19 15:45 ` Structured exception information Robert A Duff
2007-01-20 16:08 ` Stephen Leake
2007-01-20 21:59 ` Robert A Duff
2007-01-19 18:14 ` Ray Blaak
2007-01-19 20:07 ` Robert A Duff
2007-01-20 16:16 ` Stephen Leake
2007-01-20 21:20 ` Ray Blaak
2007-01-21 22:34 ` Stephen Leake
2007-01-20 22:07 ` Robert A Duff
2007-01-21 10:45 ` Dmitry A. Kazakov
2007-01-21 23:51 ` Robert A Duff
2007-01-22 14:39 ` Dmitry A. Kazakov
2007-01-22 19:02 ` Robert A Duff
2007-01-23 14:23 ` Dmitry A. Kazakov
2007-01-29 1:30 ` Brian May
2007-01-16 13:30 ` Structured exception information (task, ANEX E) Martin Krischik
2007-01-16 23:07 ` Randy Brukardt
2007-01-19 16:01 ` Robert A Duff
2007-01-22 7:17 ` Martin Krischik
2007-01-22 19:40 ` Robert A Duff
2007-01-16 15:48 ` Structured exception information Alex R. Mosteo
2007-01-16 18:07 ` Jeffrey Carter
2007-01-17 6:38 ` Duncan Sands
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox