From: Robert A Duff <bobduff@shell01.TheWorld.com>
Subject: Re: contracted exceptions
Date: Sat, 09 Jun 2007 16:43:08 -0400
Date: 2007-06-09T16:43:08-04:00 [thread overview]
Message-ID: <wcck5uckgf7.fsf@shell01.TheWorld.com> (raw)
In-Reply-To: 1svme16jhnvn9$.j4urjfrb9d2i$.dlg@40tude.net
"Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de> writes:
> On Sat, 09 Jun 2007 14:04:23 -0400, Robert A Duff wrote:
>
>> I can think of lots of rules that are not perfect, but are at least
>> superior to the existing rule of silently ignoring the exception.
>>
>> The simplest would be to terminate the entire program immediately.
>> And print an error message on systems where that makes sense.
>> Ada has no way to terminate the whole program (i.e. call "exit"),
>> but it should.
>
> Terminate the parent task and that should become equivalent to "exit".
Only if the parent task is the environment task.
>> Or just print an error message.
>>
>> Or raise Program_Error in the parent task at the point where that task
>> awaits its dependents. Option: abort all the siblings as well.
>>
>> Or put the task to sleep, so the parent waits forever (and the
>> programmer has to debug a "deadlock").
>
> Maybe a sort of rendezvous on the predefined entry point with the parent
> task?
Maybe. Will you let me define entries of the environment task? ;-)
>... When the parent task accepts it, the exception is propagated out of
> the point of rendezvous in the parent, while the offending task finally
> rests in peace. When the parent task does not have this entry, then it
> (with all its children) is terminated. The process continues until
> rendezvous accepted or else death of the main task.
Hmm. I guess the important thing is that the RM should define this
situation (exception propagation reaches the end of the task body) as an
error. That would encourage implementations to print error messages,
and debuggers to take control in such situations.
Nothing prevents an implementation from printing an error message in
this situation already -- but it's not encouraged by the RM, any more
than encouraging the impl to print an error every time you assign 42 to
a variable.
>> My solution: allow the programmer to declare that certain regions of
>> code cannot run out of memory. The compiler must reserve enough memory
>> (and if can't, then raise S_E before entering that region). Of course,
>> what you can do in such a region is implementation dependent.
>
> Contracted exceptions? Let the user declare a subprogram with the contract
> of no Storage_Error. Then the compiler checks that code and if it cannot
> generate it in a way that would reserve all necessary memory before
> entering the body, it would refuse to compile it.
The implementation can always calculate (at link time) a worst-case
amount of stack space that might be needed. The worst case might be the
size of the address space in some cases (recursion, X:String:=..., etc).
But the implementation cannot know statically whether that space will
be available at run time, unless the entire program has that property
(see SPARK).
- Bob
next prev parent reply other threads:[~2007-06-09 20:43 UTC|newest]
Thread overview: 69+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-06-06 21:33 Reconsidering assignment Maciej Sobczak
2007-06-06 22:52 ` Ray Blaak
2007-06-07 7:15 ` Maciej Sobczak
2007-06-07 16:34 ` Ray Blaak
2007-06-07 7:10 ` Stefan Lucks
2007-06-07 7:32 ` Maciej Sobczak
2007-06-07 11:11 ` Stefan Lucks
2007-06-07 16:28 ` Ray Blaak
2007-06-07 9:27 ` Dmitry A. Kazakov
2007-06-07 16:54 ` contracted exceptions (was Re: Reconsidering assignment) Ray Blaak
2007-06-07 20:04 ` contracted exceptions Robert A Duff
2007-06-07 21:11 ` Ray Blaak
2007-06-07 23:44 ` Robert A Duff
2007-06-08 2:19 ` Randy Brukardt
2007-06-08 7:39 ` Dmitry A. Kazakov
2007-06-08 8:53 ` Ray Blaak
2007-06-08 12:08 ` Dmitry A. Kazakov
2007-06-08 17:31 ` Ray Blaak
2007-06-08 18:00 ` Dmitry A. Kazakov
2007-06-08 18:20 ` Georg Bauhaus
2007-06-08 18:56 ` Dmitry A. Kazakov
2007-06-08 19:15 ` Simon Wright
2007-06-09 0:14 ` Randy Brukardt
2007-06-09 2:44 ` Larry Kilgallen
2007-06-09 8:21 ` Dmitry A. Kazakov
2007-06-09 12:32 ` Simon Wright
2007-06-09 18:38 ` Dmitry A. Kazakov
2007-06-09 21:04 ` Simon Wright
2007-06-10 9:21 ` Dmitry A. Kazakov
2007-06-10 11:49 ` Simon Wright
2007-06-10 15:20 ` Dmitry A. Kazakov
2007-06-11 4:13 ` Ray Blaak
2007-06-11 7:58 ` Dmitry A. Kazakov
2007-06-11 17:06 ` Ray Blaak
2007-06-11 19:57 ` Dmitry A. Kazakov
2007-06-10 18:14 ` Georg Bauhaus
2007-06-10 18:12 ` Georg Bauhaus
2007-06-11 7:55 ` Dmitry A. Kazakov
2007-06-11 14:15 ` Bob Spooner
2007-06-11 15:14 ` Georg Bauhaus
2007-06-11 15:20 ` (see below)
2007-06-11 16:39 ` Georg Bauhaus
2007-06-11 19:50 ` Simon Wright
2007-06-08 11:26 ` Martin Krischik
2007-06-08 12:02 ` Robert A Duff
2007-06-08 11:22 ` contracted exceptions (was Re: Reconsidering assignment) Martin Krischik
2007-06-08 17:44 ` Ray Blaak
2007-06-08 12:10 ` contracted exceptions Robert A Duff
2007-06-08 15:56 ` Stefan Lucks
2007-06-08 20:27 ` Pascal Obry
2007-06-09 0:19 ` Randy Brukardt
2007-06-09 18:04 ` Robert A Duff
2007-06-09 18:37 ` Dmitry A. Kazakov
2007-06-09 20:43 ` Robert A Duff [this message]
2007-06-10 9:21 ` Dmitry A. Kazakov
2007-06-11 19:18 ` Randy Brukardt
2007-06-12 6:55 ` Jean-Pierre Rosen
2007-06-08 17:40 ` Ray Blaak
2007-06-09 18:14 ` Robert A Duff
2007-06-08 19:18 ` Simon Wright
2007-06-09 22:37 ` Reconsidering assignment Maciej Sobczak
2007-06-10 9:21 ` Dmitry A. Kazakov
2007-06-11 9:04 ` Maciej Sobczak
2007-06-11 13:09 ` Dmitry A. Kazakov
2007-06-11 18:57 ` Randy Brukardt
2007-06-11 21:12 ` Maciej Sobczak
2007-06-12 8:31 ` Dmitry A. Kazakov
2007-06-12 9:31 ` Georg Bauhaus
2007-06-12 10:03 ` Dmitry A. Kazakov
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox