Re: Float conversion

["Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de>]

On Fri, 30 Jul 2010 06:14:49 -0700 (PDT), Phil Clayton wrote:

> Certainly ill-advised, but it can be difficult to know when this
> difference matters.

I think it could when intervals were used as keys in some sorted map. I
learnt a couple of quite painful lessons when used keys (not intervals
though), which appeared ordered to me, but in reality "<" was not
transitive.

> This gives me the perfect excuse to wheel out one
> of my favourite examples.  It's a great example that I keep coming
> back to for many reasons.
> 
> We want a 3-way min function (for integers or reals) that gives
> 
>   Y = min {A, B, C}
> 
> and we are given
> 
>   if A < B and A < C
>   then
>     Y := A;
>   elsif B < C and B < A
>   then
>     Y := B;
>   else
>     Y := C;
>   end if;
> 
> The justification given is
> 
>   if A is smallest, set Y to A
>   else if B is smallest, set Y to B
>   else C is smallest so set Y to C

A great example. I think every programmer wrote something like above at
least once.

[...]

> I often bring this example up to motivate the use of formal methods as
> it is particularly difficult to find the error through testing,
> especially when A, B and C are real types.

Absolutely. Same happens when a poor "<" is used for sorting. It is very
difficult to detect the problem through blind testing. The thing is so
nasty that it can easily pass a branch coverage test.

People overestimate the power of testing, because they often have a mental
model where the behavior is monotonic. They test for the extremes and
consider the rest granted. Your example shows how wrong this presumption is
already in apparently "trivial" cases.

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de