Next: Error Handling and Recovery, Up: Defensive Design [Contents][Index]
Dezyne does not have an exception mechanism like other languages. An
exception mechanism is designed to prevent accidentally ignoring missed
pre- or post-conditions. Instead, in Dezyne the interfaces establish
these restrictions by means of verification (See Formal Verification). So where traditional programming languages must handle
protocol violations using an exception mechanism at runtime, Dezyne
prevents them using the static verification checks8. Interfaces in Dezyne are inherently complete with respect to
their event alphabet. The generated code will accept every
trigger
but give an illegal
response.
The illegal response is mapped to std::abort ()
in C++
.
Note that for a fully verified Dezyne system, operated by clients that
adhere to the interface specifications, it is impossible for an
illegal
response to be triggered. In other words, when an
illegal
is triggered, it means that some non-Dezyne code is
violating a protocol (interface specification).
This is not
unlike languages that use static type analysis and checking (such as
C++
and Haskell
) versus languages that check types at
runtime