From: Robert A Duff <bobduff@shell01.TheWorld.com>
Subject: Re: contracted exceptions
Date: Sat, 09 Jun 2007 14:04:23 -0400
Date: 2007-06-09T14:04:23-04:00 [thread overview]
Message-ID: <wccodjp3syg.fsf@shell01.TheWorld.com> (raw)
In-Reply-To: f4crj3$n0a$1@jacob-sparre.dk
"Randy Brukardt" <randy@rrsoftware.com> writes:
> "Pascal Obry" <pascal@obry.net> wrote in message
> news:4669BBBB.8040806@obry.net...
>> Stefan Lucks a �crit :
>> > If a task fails to handle an exception raised somewhere inside, the task
>> > silently dies -- without notifying anyone. Enforcing the subprograms
>> > used by the task to precisely specify "this subprogram might raise these
>> > exceptions and none else" would help a lot ...
>>
>> That's really different. And think about it, since a task is mapped to a
>> thread which comes with its own stack... who could possibly handle this
>> exception ?
>
> And more importantly, where would it be raised? If it was raised in the
> parent task, that could happen anywhere, which would be a design nightmare
> (a different nightmare than the current one, anyway).
I can think of lots of rules that are not perfect, but are at least
superior to the existing rule of silently ignoring the exception.
The simplest would be to terminate the entire program immediately.
And print an error message on systems where that makes sense.
Ada has no way to terminate the whole program (i.e. call "exit"),
but it should.
Or just print an error message.
Or raise Program_Error in the parent task at the point where that task
awaits its dependents. Option: abort all the siblings as well.
Or put the task to sleep, so the parent waits forever (and the
programmer has to debug a "deadlock").
>> And note that in Ada 2005 you can use Ada.Task_Termination to register
>> termination notifications.
>
> It's unfortunate that the default isn't to notify someone, however.
Right. Ada.Task_Termination is another way, and the default should be
to raise alarms of some sort.
>...Worse,
> this interface might not work in out-of-memory circumstances (one of the
> most common reasons for task failure, at least in Janus/Ada programs where
> the default stack size is rather small).
Right, out-of-memory is a difficult issue. I don't know of any language
that solves it well. You might think you could do:
task body T is
begin
declare
...
begin
...
exception
when others =>
...
end;
end T;
and carefully prove that the handler code cannot raise any exceptions
itself. But you can't prove the absense of Storage_Error in Ada.
My solution: allow the programmer to declare that certain regions of
code cannot run out of memory. The compiler must reserve enough memory
(and if can't, then raise S_E before entering that region). Of course,
what you can do in such a region is implementation dependent.
This would make life difficult for compilers that generate C,
or any other target language that doesn't have sufficient control
over memory use. :-(
- Bob
next prev parent reply other threads:[~2007-06-09 18:04 UTC|newest]
Thread overview: 69+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-06-06 21:33 Reconsidering assignment Maciej Sobczak
2007-06-06 22:52 ` Ray Blaak
2007-06-07 7:15 ` Maciej Sobczak
2007-06-07 16:34 ` Ray Blaak
2007-06-07 7:10 ` Stefan Lucks
2007-06-07 7:32 ` Maciej Sobczak
2007-06-07 11:11 ` Stefan Lucks
2007-06-07 16:28 ` Ray Blaak
2007-06-07 9:27 ` Dmitry A. Kazakov
2007-06-07 16:54 ` contracted exceptions (was Re: Reconsidering assignment) Ray Blaak
2007-06-07 20:04 ` contracted exceptions Robert A Duff
2007-06-07 21:11 ` Ray Blaak
2007-06-07 23:44 ` Robert A Duff
2007-06-08 2:19 ` Randy Brukardt
2007-06-08 7:39 ` Dmitry A. Kazakov
2007-06-08 8:53 ` Ray Blaak
2007-06-08 12:08 ` Dmitry A. Kazakov
2007-06-08 17:31 ` Ray Blaak
2007-06-08 18:00 ` Dmitry A. Kazakov
2007-06-08 18:20 ` Georg Bauhaus
2007-06-08 18:56 ` Dmitry A. Kazakov
2007-06-08 19:15 ` Simon Wright
2007-06-09 0:14 ` Randy Brukardt
2007-06-09 2:44 ` Larry Kilgallen
2007-06-09 8:21 ` Dmitry A. Kazakov
2007-06-09 12:32 ` Simon Wright
2007-06-09 18:38 ` Dmitry A. Kazakov
2007-06-09 21:04 ` Simon Wright
2007-06-10 9:21 ` Dmitry A. Kazakov
2007-06-10 11:49 ` Simon Wright
2007-06-10 15:20 ` Dmitry A. Kazakov
2007-06-11 4:13 ` Ray Blaak
2007-06-11 7:58 ` Dmitry A. Kazakov
2007-06-11 17:06 ` Ray Blaak
2007-06-11 19:57 ` Dmitry A. Kazakov
2007-06-10 18:14 ` Georg Bauhaus
2007-06-10 18:12 ` Georg Bauhaus
2007-06-11 7:55 ` Dmitry A. Kazakov
2007-06-11 14:15 ` Bob Spooner
2007-06-11 15:14 ` Georg Bauhaus
2007-06-11 15:20 ` (see below)
2007-06-11 16:39 ` Georg Bauhaus
2007-06-11 19:50 ` Simon Wright
2007-06-08 11:26 ` Martin Krischik
2007-06-08 12:02 ` Robert A Duff
2007-06-08 11:22 ` contracted exceptions (was Re: Reconsidering assignment) Martin Krischik
2007-06-08 17:44 ` Ray Blaak
2007-06-08 12:10 ` contracted exceptions Robert A Duff
2007-06-08 15:56 ` Stefan Lucks
2007-06-08 20:27 ` Pascal Obry
2007-06-09 0:19 ` Randy Brukardt
2007-06-09 18:04 ` Robert A Duff [this message]
2007-06-09 18:37 ` Dmitry A. Kazakov
2007-06-09 20:43 ` Robert A Duff
2007-06-10 9:21 ` Dmitry A. Kazakov
2007-06-11 19:18 ` Randy Brukardt
2007-06-12 6:55 ` Jean-Pierre Rosen
2007-06-08 17:40 ` Ray Blaak
2007-06-09 18:14 ` Robert A Duff
2007-06-08 19:18 ` Simon Wright
2007-06-09 22:37 ` Reconsidering assignment Maciej Sobczak
2007-06-10 9:21 ` Dmitry A. Kazakov
2007-06-11 9:04 ` Maciej Sobczak
2007-06-11 13:09 ` Dmitry A. Kazakov
2007-06-11 18:57 ` Randy Brukardt
2007-06-11 21:12 ` Maciej Sobczak
2007-06-12 8:31 ` Dmitry A. Kazakov
2007-06-12 9:31 ` Georg Bauhaus
2007-06-12 10:03 ` Dmitry A. Kazakov
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox