From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: fac41,9a0ff0bffdf63657 X-Google-Attributes: gidfac41,public X-Google-Thread: 103376,4b06f8f15f01a568 X-Google-Attributes: gid103376,public X-Google-Thread: f43e6,9a0ff0bffdf63657 X-Google-Attributes: gidf43e6,public X-Google-Thread: 1108a1,9a0ff0bffdf63657 X-Google-Attributes: gid1108a1,public From: Tim McDermott Subject: Re: Software landmines (loops) Date: 1998/09/08 Message-ID: <35F5B529.6DC6A59A@draper.com>#1/1 X-Deja-AN: 389192831 Content-Transfer-Encoding: 7bit References: <35f51e53.48044143@ <35EEF597.A1119EF4@draper.com> Content-Type: text/plain; charset=us-ascii Organization: CSDL-DC Mime-Version: 1.0 Newsgroups: comp.lang.eiffel,comp.object,comp.software-eng,comp.lang.ada Date: 1998-09-08T00:00:00+00:00 List-Id: Matthew Heaney wrote: > Tim McDermott writes: > > > I guess the moral of the story is that this stuff really is hard, even at 3 > > terms. > > Yes! That's the point I was trying make too. > > Although I can reason about a disjunction with two or three terms, I > still prefer a loop predicate with just one term. > > By separating the array iteration from the item comparison, I can reason > about the two different termination conditions independently. So > instead of one (larger) problem with two terms, I have two (smaller) > problems, with one term each. Since I wrote that bit about this being hard, I reallized that the difficulty arose from Partick Doyle and I talking about different things that looked similar enough to confuse me for a while. He was talking about logical fromulae; I was talking about textual forms. Leaving all that aside, evaluting a 3-proposition predicate requires the evaluation of the 3 propositions (neglecting short-circuiting) and applying 2 operators. Evaluating a 2-proposition predicate involves evaluation of 2 propostitions and applying 1 operator. It looks like the delta is 1 proposition evaluation and 1 operator application. Not a big deal IMO. > By separating the array iteration from the item comparison, I can reason > about the two different termination conditions independently. So > instead of one (larger) problem with two terms, I have two (smaller) > problems, with one term each. But here you are assuming that the termination conditions are disjoint! In the general case they are not. Have you never had the experience of writing something of the form while (A) { if (B) return b; ... if (C) return c; ... if (D) return d; } only to discover some time later that A&!B&!C (the path predicate of the if(D) statement forces the value of D? Worse yet, that the evaluation of the loop predicate interacts with the evaluation of the if predicates. My experience tells me that distributing complexity is a Bad Idea. That is not to say that I always use se/se. But I know that se/se is better form, and I have a real good idea of the risks of multiple return coding.