From: Adam Beneschan on
On Nov 18, 11:21 am, "Dmitry A. Kazakov" <mail...(a)dmitry-kazakov.de>
wrote:

> Returning to the case where we do not want cross combinations. I thought
> about it and came to the conclusion that this is single dispatch (tags are
> synchronous). I think we should approach this differently.

OK, this makes a lot of sense---the kind of thing I'm thinking of does
seem a lot more related to "single dispatch" than to the sort of
multiple dispatch in your earlier example involving a Printer and
Contents. I haven't yet looked over the rest of your idea carefully
yet... But at least I think we understand each other now.

-- Adam
From: Robert A Duff on
Adam Beneschan <adam(a)irvine.com> writes:

> On Nov 18, 6:11�pm, Robert A Duff <bobd...(a)shell01.TheWorld.com>
> wrote:
>
>> My objection to run-time accessibility checks is that you can't pin the
>> blame on a particular line of code:
>>
>> � � procedure P (X : access T);
>>
>> P either stores the access value in a long-lived global data structure
>> (in which case P(Local'Access) is a bad idea in clients)
>> or P does not do that
>> (in which case P(Local'Access) is just fine).
>> The author of P knows which one is the case,
>> but has no way (other than comments) to communicate this to
>> the author of the client.
>> I've never seen a case where P decides at run time which it is.
>
> Since I'm too lazy to look, I'm hoping you know this off the top of
> your head: is there anything in the AI's about preconditions that
> would allow something to be caught when P is called rather than later
> in the body of P? I thought there were also some proposed attributes
> that could test accessibility levels.

Such things have been discussed. We're probably going to have
preconditions, and I seem to recall discussing some way to query the
necessary accessibility-level info.

But I think perhaps the best solution is to use a named access type,
or an 'in out' parameter, in most cases. Functions are going to allow
'in out' parameters (probably), so the need for access parameters
is much diminished.

- Bob

From: Randy Brukardt on
"Robert A Duff" <bobduff(a)shell01.TheWorld.com> wrote in message
news:wcctywq1ezh.fsf(a)shell01.TheWorld.com...
> Adam Beneschan <adam(a)irvine.com> writes:
....
>> Since I'm too lazy to look, I'm hoping you know this off the top of
>> your head: is there anything in the AI's about preconditions that
>> would allow something to be caught when P is called rather than later
>> in the body of P? I thought there were also some proposed attributes
>> that could test accessibility levels.
>
> Such things have been discussed. We're probably going to have
> preconditions, and I seem to recall discussing some way to query the
> necessary accessibility-level info.

Memberships most likely will be extended to include accessibility checks.
But I can't off-hand figure out how that could be used to do a library-level
accessibility check short of declaring a named library-level access type to
use in the membership. In that case, you probably should have just used the
named type in the parameter in the first place and need no precondition (at
least for that).

Randy.


From: Randy Brukardt on
"Dmitry A. Kazakov" <mailbox(a)dmitry-kazakov.de> wrote in message
news:1iipp3bn16fe2.yqa1gz1ru17a$.dlg(a)40tude.net...
> On Wed, 18 Nov 2009 18:27:42 -0600, Randy Brukardt wrote:
>
>> "Dmitry A. Kazakov" <mailbox(a)dmitry-kazakov.de> wrote in message
>> news:1wtsriaxu0s4s$.ikwnnz5teukp$.dlg(a)40tude.net...
>> ...
>>>> OK, I don't understand this. First, I don't understand what about
>>>> accessibility checks was a disaster;
>>>
>>> Because they are the major contributor to hours spent on debugging
>>> unhandled exceptions.
>>
>> That seems odd to me. I rather *like* getting unhandled exceptions,
>> because
>> it is almost always easy to see what the problem is from the exception
>> name
>> and the traceback.
>
> Only theoretically. Practically, the existing handlers of "legal"
> exceptions get perplexed, the stack gets wound up causing a cascade of
> exceptions in Finalize's.

That might be true in general, but definitely not in this case: a handler
for Program_Error is *always* wrong (unless it is a global handler for *any*
exception), as Program_Error always represents a program bug. So I don't see
how "existing" handlers can be confused.

It is necessary to treat all Adjust and Finalize routines like task bodies
in that they need a "when others" handler -- otherwise the exceptions are
sucked up and you get completely lost. Our programming standard requires
such handlers (generally, they output Exception_Information to the logging
facility - and almost every significant Ada system needs some sort of
logging facility).

....
> The difference is that for string bound there is a way to do it safe and
> for 'Access there is none (and I also agree with Robert's response.)

Well, Ada 2012 (or whatever it will be called) should help that out by
giving you a way to compare accessibilites (via memberships). So at least
you will be able to make checks to avoid the problem. Better than nothing,
but still not ideal. The better way to avoid the problem is to never, ever
use anonymous access types. (Named access types have checks that are always
made at compile-time for most compilers -- but not Janus/Ada, because of
generic sharing.)

Randy.


From: Dmitry A. Kazakov on
On Thu, 19 Nov 2009 17:54:40 -0600, Randy Brukardt wrote:

> "Dmitry A. Kazakov" <mailbox(a)dmitry-kazakov.de> wrote in message
> news:1iipp3bn16fe2.yqa1gz1ru17a$.dlg(a)40tude.net...
>> On Wed, 18 Nov 2009 18:27:42 -0600, Randy Brukardt wrote:
>>
>>> "Dmitry A. Kazakov" <mailbox(a)dmitry-kazakov.de> wrote in message
>>> news:1wtsriaxu0s4s$.ikwnnz5teukp$.dlg(a)40tude.net...
>>> ...
>>>>> OK, I don't understand this. First, I don't understand what about
>>>>> accessibility checks was a disaster;
>>>>
>>>> Because they are the major contributor to hours spent on debugging
>>>> unhandled exceptions.
>>>
>>> That seems odd to me. I rather *like* getting unhandled exceptions, because
>>> it is almost always easy to see what the problem is from the exception name
>>> and the traceback.
>>
>> Only theoretically. Practically, the existing handlers of "legal"
>> exceptions get perplexed, the stack gets wound up causing a cascade of
>> exceptions in Finalize's.
>
> That might be true in general, but definitely not in this case: a handler
> for Program_Error is *always* wrong (unless it is a global handler for *any*
> exception), as Program_Error always represents a program bug. So I don't see
> how "existing" handlers can be confused.

exception
when Error : others =>
some cleanup -- This usually becomes a problem
raise;

> It is necessary to treat all Adjust and Finalize routines like task bodies
> in that they need a "when others" handler -- otherwise the exceptions are
> sucked up and you get completely lost. Our programming standard requires
> such handlers (generally, they output Exception_Information to the logging
> facility - and almost every significant Ada system needs some sort of
> logging facility).

Yes, but this does not help. Upon exception propagation (Constraint_Error),
you get some objects finalized. This in turn causes a snowball of
exceptions in finalized objects, because no design is robust to hold any
error at any place. In the end you have a huge log of meaningless messages,
which only complicate debugging. Sometimes I which Ada had "halt at once"
statement which would stop all tasks and hold any I/O.

But of course the proper solution would be contracted exceptions.

>> The difference is that for string bound there is a way to do it safe and
>> for 'Access there is none (and I also agree with Robert's response.)
>
> Well, Ada 2012 (or whatever it will be called) should help that out by
> giving you a way to compare accessibilites (via memberships). So at least
> you will be able to make checks to avoid the problem. Better than nothing,
> but still not ideal. The better way to avoid the problem is to never, ever
> use anonymous access types. (Named access types have checks that are always
> made at compile-time for most compilers -- but not Janus/Ada, because of
> generic sharing.)

The problem is not bound to only anonymous types. It also appears when you
convert access types. The source type (or both) might be a formal generic
parameter, so you cannot statically ensure that a "local" pointer is
converted no a "less local" one. Pool specific pointers need to be
converted though one target object is derived from another. Here everything
is broken: generic contract, meaningless conversion, meaningless check,
meaningless exception.

--
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de