From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Thread: 103376,7d3cb5920e882220 X-Google-Attributes: gid103376,public,usenet X-Google-Language: ENGLISH,ASCII-7-bit Path: g2news1.google.com!news1.google.com!news.glorb.com!newscon02.news.prodigy.net!prodigy.net!newsfeed-00.mathworks.com!nntp.TheWorld.com!not-for-mail From: Robert A Duff Newsgroups: comp.lang.ada Subject: Re: Exceptions Date: Thu, 13 Dec 2007 14:58:09 -0500 Organization: The World Public Access UNIX, Brookline, MA Message-ID: References: <5947aa62-2547-4fbb-bc46-1111b4a0dcc9@x69g2000hsx.googlegroups.com> <475c6ed8$0$13111$9b4e6d93@newsspool2.arcor-online.net> <1kxk3hlfa25dw$.fl2wvbn0tpbg$.dlg@40tude.net> NNTP-Posting-Host: shell01.theworld.com Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: pcls4.std.com 1197575902 29023 192.74.137.71 (13 Dec 2007 19:58:22 GMT) X-Complaints-To: abuse@TheWorld.com NNTP-Posting-Date: Thu, 13 Dec 2007 19:58:22 +0000 (UTC) User-Agent: Gnus/5.1008 (Gnus v5.10.8) Emacs/21.3 (irix) Cancel-Lock: sha1:KdSzD8W1EZ9XWkqP03PXmHYM8vQ= Xref: g2news1.google.com comp.lang.ada:18930 Date: 2007-12-13T14:58:09-05:00 List-Id: "Randy Brukardt" writes: > I don't buy the supposed need for two kinds of exceptions. Maybe "kind" is the wrong term. I think you want to be able to say, "X can be raised by anything in this scope (including child packages)". X might be Storage_Error, for example. In fact, that should be the default for Storage_Error -- there's no point in saying "This can raise S_E" on every procedure in the program! In any case, if you have checked exceptions, then you definitely need unchecked ones. That is, you need some way to say, "This cannot happen, and I know that, and in this case I [think I] am smarter than the compiler." >... It seems to me to > be an implicit recognition of the fact that the contracts aren't > sufficiently useful for many kinds of subprograms. I think it would be > better to fix the capability of the contracts (if that's possible) than to > define a trivial way to avoid them. > > Once you have unchecked exceptions, the contract really doesn't tell you > anything interesting (since it is the propagation of predefined exceptions > that usually lead to bugs; only the rare case where the predefined exception > is caught will tell you anything at all). Moreover, the temptation is > overwhelming to use the unchecked kind everywhere, because it is less hassle > and the checked kind doesn't buy that much anyway (it doesn't guarentee that > all exceptions are handled, but only the rare few that are declared > checked). OK, I think you've convinced me, at least in the context of Ada, and probably Java. I think Constraint_Error needs to be a checked exception -- otherwise, you miss a lot of bugs. But pretty-much anything can raise C_E in Ada. The solution must lie in having pre/post conditions and invariants, and a fairly powerful way of checking them statically. That's far from the existing Ada. Clearly, if: for I in A'Range loop ... A(I) ... and: while X /= null loop ... X.all ... require a handler for Constraint_Error, or a declaration that this procedure can propagate it, then the feature is not terribly useful. What I really want is something like SPARK, but with much less restriction on features that can be used. > It's much like the accessibility rules in Ada. They're immensely > complicated, yet their original primary goal is completely ignored. I've > never yet found an Ada program where I could use 'Access on an object; I > don't even bother trying anymore. So why have all of that complication? > (Yes, I know its useful for subprograms and tagged types, and we can't avoid > it there.) - Bob