From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-0.3 required=5.0 tests=BAYES_00, REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4 X-Google-Thread: 103376,9b4538cfeb0c3576 X-Google-NewGroupId: yes X-Google-Attributes: gida07f3367d7,domainid0,public,usenet X-Google-Language: ENGLISH,ASCII-7-bit Path: g2news1.google.com!news3.google.com!feeder1-2.proxad.net!proxad.net!feeder2-2.proxad.net!newsfeed.arcor.de!newsspool3.arcor-online.net!news.arcor.de.POSTED!not-for-mail From: "Dmitry A. Kazakov" Subject: Re: Float conversion Newsgroups: comp.lang.ada User-Agent: 40tude_Dialog/2.0.15.1 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Reply-To: mailbox@dmitry-kazakov.de Organization: cbb software GmbH References: <9e669a3b-1013-4bd1-b372-5f7dfa46d083@f42g2000yqn.googlegroups.com> <1q5zc0ais535h$.1jqwfxhj9cflc$.dlg@40tude.net> <4c519968$0$6893$9b4e6d93@newsspool2.arcor-online.net> <1d1txn4x3r5xn.1trm4gx9n87gm$.dlg@40tude.net> <1jo4xj7cntwy1$.1ntf9smcka8vf$.dlg@40tude.net> <1d617940-d138-4b8c-a321-ed23b47431b8@x21g2000yqa.googlegroups.com> <1naf3ekl5k916$.f7ugc92galdz$.dlg@40tude.net> Date: Fri, 30 Jul 2010 16:34:03 +0200 Message-ID: <1cw2fli9ghz3v$.19tgtbe83nchl.dlg@40tude.net> NNTP-Posting-Date: 30 Jul 2010 16:34:03 CEST NNTP-Posting-Host: b98b3dd8.newsspool1.arcor-online.net X-Trace: DXC=e@??aiNZX:aPKPPVf;4hUjic==]BZ:afn4Fo<]lROoRa<`=YMgDjhgbkkLKTNdlU2f[6LHn;2LCVn7enW;^6ZC`d\`mfM[68DCcc`aaA2ZW@Wj X-Complaints-To: usenet-abuse@arcor.de Xref: g2news1.google.com comp.lang.ada:12723 Date: 2010-07-30T16:34:03+02:00 List-Id: On Fri, 30 Jul 2010 06:14:49 -0700 (PDT), Phil Clayton wrote: > Certainly ill-advised, but it can be difficult to know when this > difference matters. I think it could when intervals were used as keys in some sorted map. I learnt a couple of quite painful lessons when used keys (not intervals though), which appeared ordered to me, but in reality "<" was not transitive. > This gives me the perfect excuse to wheel out one > of my favourite examples. It's a great example that I keep coming > back to for many reasons. > > We want a 3-way min function (for integers or reals) that gives > > Y = min {A, B, C} > > and we are given > > if A < B and A < C > then > Y := A; > elsif B < C and B < A > then > Y := B; > else > Y := C; > end if; > > The justification given is > > if A is smallest, set Y to A > else if B is smallest, set Y to B > else C is smallest so set Y to C A great example. I think every programmer wrote something like above at least once. [...] > I often bring this example up to motivate the use of formal methods as > it is particularly difficult to find the error through testing, > especially when A, B and C are real types. Absolutely. Same happens when a poor "<" is used for sorting. It is very difficult to detect the problem through blind testing. The thing is so nasty that it can easily pass a branch coverage test. People overestimate the power of testing, because they often have a mental model where the behavior is monotonic. They test for the extremes and consider the rest granted. Your example shows how wrong this presumption is already in apparently "trivial" cases. -- Regards, Dmitry A. Kazakov http://www.dmitry-kazakov.de