* [Q] To initialise or not. @ 1996-04-25 0:00 JP Thornley 1996-04-26 0:00 ` Ken Garlington ` (4 more replies) 0 siblings, 5 replies; 14+ messages in thread From: JP Thornley @ 1996-04-25 0:00 UTC (permalink / raw) We are currently looking at revision of the Ada coding standards (probably based closely on the Ada Quality and Style Guidelines as advised elsewhere). However the issue of whether or not to require all scalar objects to be initialised has generated a substantial discussion without yet reaching a clear conclusion. The Ada Quality and Style Guidelines are silent on this issue, so I would be interested in what other Ada users have found and what recommendations they would make. Briefly, the argument for initialising everything is predictability of operation (by avoiding a read of an uninitialised value). The argument against is that giving everything an initial value obscures the fact that some objects *should* be initialised (and the initial value has some significance) and other initialisations are there simply to follow the rule (and the value has no particular significance). (Note that some projects will be using Ada 83 for some time yet, so pragma Normalize_Scalars isn't an option). Thanks in advance. Phil Thornley -- ------------------------------------------------------------------------ | JP Thornley EMail jpt@diphi.demon.co.uk | ------------------------------------------------------------------------ ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [Q] To initialise or not. 1996-04-25 0:00 [Q] To initialise or not JP Thornley @ 1996-04-26 0:00 ` Ken Garlington 1996-04-26 0:00 ` Robert A Duff 1996-04-27 0:00 ` Robert Dewar 1996-04-26 0:00 ` Robert I. Eachus ` (3 subsequent siblings) 4 siblings, 2 replies; 14+ messages in thread From: Ken Garlington @ 1996-04-26 0:00 UTC (permalink / raw) JP Thornley wrote: > > However the issue of whether or not to require all scalar objects to be > initialised has generated a substantial discussion without yet reaching > a clear conclusion. The Ada Quality and Style Guidelines are silent on > this issue, so I would be interested in what other Ada users have found > and what recommendations they would make. Section 5.9.6 of the Ada 95 Quality and Style Guide does discuss initialization issues. Some of the recommendations there are also applicable to Ada 83. > (Note that some projects will be using Ada 83 for some time yet, so > pragma Normalize_Scalars isn't an option). Actually, Normalize_Scalars cannot be used to ensure that objects are initialized before use; in fact, it definitely cannot be used to ensure objects have _valid_ values before use! ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [Q] To initialise or not. 1996-04-26 0:00 ` Ken Garlington @ 1996-04-26 0:00 ` Robert A Duff 1996-04-27 0:00 ` Robert Dewar 1 sibling, 0 replies; 14+ messages in thread From: Robert A Duff @ 1996-04-26 0:00 UTC (permalink / raw) In article <3180CF00.17D5@lmtas.lmco.com>, Ken Garlington <garlingtonke@lmtas.lmco.com> wrote: >Actually, Normalize_Scalars cannot be used to ensure that objects are >initialized before use; in fact, it definitely cannot be used to ensure >objects have _valid_ values before use! True, but it ensures the same sort of predictability that the "always explicitly initialize" rule does. Hopefully, you get a run-time error with Normalize_Scalars. Better than nothing ;-). - Bob ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [Q] To initialise or not. 1996-04-26 0:00 ` Ken Garlington 1996-04-26 0:00 ` Robert A Duff @ 1996-04-27 0:00 ` Robert Dewar 1996-04-27 0:00 ` Robert A Duff 1 sibling, 1 reply; 14+ messages in thread From: Robert Dewar @ 1996-04-27 0:00 UTC (permalink / raw) Ken Garlington said "Actually, Normalize_Scalars cannot be used to ensure that objects are initialized before use; in fact, it definitely cannot be used to ensure objects have _valid_ values before use!" That's half wrong and half right. The first half is wrong, NS definitely causes all scalars to be initialized before use. The second half is right, it is (deliberately) not the case that NS requires valid values. The whole idea is to guarantee predictability by initializing everything to a known and consistent value, WITHOUT necessarily providing a valid value on which the proram could (incorrectly) depend. ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [Q] To initialise or not. 1996-04-27 0:00 ` Robert Dewar @ 1996-04-27 0:00 ` Robert A Duff 0 siblings, 0 replies; 14+ messages in thread From: Robert A Duff @ 1996-04-27 0:00 UTC (permalink / raw) In article <dewar.830583555@schonberg>, Robert Dewar <dewar@cs.nyu.edu> wrote: >The whole idea is to guarantee predictability by initializing everything >to a known and consistent value, WITHOUT necessarily providing a valid >value on which the proram could (incorrectly) depend. Right. In fact, the compiler is *supposed* to initialize to an *invalid* value, whenever possible, in order to cause an exception. The reason this is not *required* is that some types don't have any invalid values. For example, type Integer likely uses up all the available bits for representing valid values, and we didn't want to require the compiler to store an extra bit in those cases. Requiring that would complicate the compiler, cause inefficiency, and cause trouble when interfacing to other languages. Another example: in a packed array of Booleans, you get one bit per component, which doesn't leave any extra bits for invalid values. A stand-alone Boolean variable, on the other hand, will probably get 8 bits, or 32 bits, so pragma Normalize_Scalars will cause "X: Boolean;" to be initialized to some bit pattern that represents neither True nor False. - Bob ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [Q] To initialise or not. 1996-04-25 0:00 [Q] To initialise or not JP Thornley 1996-04-26 0:00 ` Ken Garlington @ 1996-04-26 0:00 ` Robert I. Eachus 1996-04-26 0:00 ` Ken Garlington ` (2 subsequent siblings) 4 siblings, 0 replies; 14+ messages in thread From: Robert I. Eachus @ 1996-04-26 0:00 UTC (permalink / raw) In article <484274071wnr@diphi.demon.co.uk> JP Thornley <jpt@diphi.demon.co.uk> writes: > ...However the issue of whether or not to require all scalar > objects to be initialised has generated a substantial discussion > without yet reaching a clear conclusion... > Briefly, the argument for initialising everything is > predictability of operation (by avoiding a read of an > uninitialised value). The argument against is that giving > everything an initial value obscures the fact that some objects > *should* be initialised (and the initial value has some > significance) and other initialisations are there simply to follow > the rule (and the value has no particular significance). And if you put in a junk initial value, you override the detection of potentially erroneous uses by the compiler! Compilers can't catch all cases of use of uninitialized variables, but there are several that do pretty well. Require meaningful initial values where possible, and leave it at that. The alternative is to use lots of declare blocks to put meaningful initial values on variables, which can then be declared closer to first use. I have never found this to be a good alternative. Although in Ada it is an occasionally necessary for non-scalars. -- Robert I. Eachus with Standard_Disclaimer; use Standard_Disclaimer; function Message (Text: in Clever_Ideas) return Better_Ideas is... ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [Q] To initialise or not. 1996-04-25 0:00 [Q] To initialise or not JP Thornley 1996-04-26 0:00 ` Ken Garlington 1996-04-26 0:00 ` Robert I. Eachus @ 1996-04-26 0:00 ` Ken Garlington 1996-04-26 0:00 ` Theodore E. Dennison 1996-04-27 0:00 ` Robert Dewar 4 siblings, 0 replies; 14+ messages in thread From: Ken Garlington @ 1996-04-26 0:00 UTC (permalink / raw) JP Thornley wrote: > > However the issue of whether or not to require all scalar objects to be > initialised has generated a substantial discussion without yet reaching > a clear conclusion. The Ada Quality and Style Guidelines are silent on > this issue, so I would be interested in what other Ada users have found > and what recommendations they would make. Section 5.9.6 of the Ada 95 Quality and Style Guide does discuss initialization issues. Some of the recommendations there are also applicable to Ada 83. > (Note that some projects will be using Ada 83 for some time yet, so > pragma Normalize_Scalars isn't an option). Actually, Normalize_Scalars cannot be used to ensure that objects are initialized before use; in fact, it definitely cannot be used to ensure objects have _valid_ values before use! ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [Q] To initialise or not. 1996-04-25 0:00 [Q] To initialise or not JP Thornley ` (2 preceding siblings ...) 1996-04-26 0:00 ` Ken Garlington @ 1996-04-26 0:00 ` Theodore E. Dennison 1996-04-26 0:00 ` Robert A Duff 1996-04-27 0:00 ` Robert Dewar 4 siblings, 1 reply; 14+ messages in thread From: Theodore E. Dennison @ 1996-04-26 0:00 UTC (permalink / raw) JP Thornley wrote: > > We are currently looking at revision of the Ada coding standards > (probably based closely on the Ada Quality and Style Guidelines as > advised elsewhere). > > However the issue of whether or not to require all scalar objects to be > initialised has generated a substantial discussion without yet reaching > a clear conclusion. The Ada Quality and Style Guidelines are silent on > this issue, so I would be interested in what other Ada users have found > and what recommendations they would make. I suspect it is silent on this issue, because the Ada (83) LRM is NOT silent on the issue. Section 3.2.1(18) reads: "The execution of a program is erroneous if it attempts to evaluate a scalar variable with an undefined value." In pracitice you don't even need to throw words like "erronious" around, because a program that reads from an uninitialized variable generally won't work. I don't see the overriding need to write a procedure to forbid every possible erronious practice. But if you do, I'd just phrase it to forbid the situation above- "The program shall not attempt to evaluate a scalar variable that has not been initialized". -- T.E.D. | Work - mailto:dennison@escmail.orl.mmc.com | | Home - mailto:dennison@iag.net | | URL - http://www.iag.net/~dennison | ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [Q] To initialise or not. 1996-04-26 0:00 ` Theodore E. Dennison @ 1996-04-26 0:00 ` Robert A Duff 1996-04-27 0:00 ` Thorsten Behrens 0 siblings, 1 reply; 14+ messages in thread From: Robert A Duff @ 1996-04-26 0:00 UTC (permalink / raw) In article <318109B1.3B54AFBF@escmail.orl.mmc.com>, Theodore E. Dennison <dennison@escmail.orl.mmc.com> wrote: >I suspect it is silent on this issue, because the Ada (83) LRM is >NOT silent on the issue. Section 3.2.1(18) reads: >"The execution of a program is erroneous if it attempts to evaluate a > scalar variable with an undefined value." Yes, but how do you ensure that your program is not erroneous in this way? One way, which the earlier poster is asking about, is to have a rule that all variables will be explicitly initialized on the declaration. The question is: does this coding convention help or hurt? On the one hand, it prevents the erroneous cases. On the other hand, it causes variables to be initialized to bogus values, and what *would* have been an erroneous read of an uninitialized variable, is, instead, a read of a wrong value from that variable. My personal coding convention is to *not* initialize variables if I know they will be properly initialized later. E.g.: declare X: Integer; begin if ... then X := 12; else X := 13; end if; ... -- some reads of X In the above, I would *not* write "X: Integer := 0;". The problem is, of course, that if you make a mistake, the program will do who-knows-what. But I still think it makes the code more readable to avoid that bogus initial value of 0. I would very much like to see compilers check these cases at run time. I was going to suggest pragma Initialize_Scalars, but the original poster said Ada 95 features are out of the question. As an aside, I always write ":= null;" when I want to *rely* on the initial value of a pointer, even though I know that pointers are always default-initialized to null. - Bob ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [Q] To initialise or not. 1996-04-26 0:00 ` Robert A Duff @ 1996-04-27 0:00 ` Thorsten Behrens 1996-04-28 0:00 ` Robert Dewar ` (2 more replies) 0 siblings, 3 replies; 14+ messages in thread From: Thorsten Behrens @ 1996-04-27 0:00 UTC (permalink / raw) Captain, bei Sternzeit Fri, 26 Apr 1996 18:55:28 GMT empfingen wir folgende Nachricht von Robert A Duff: >... > My personal coding convention is to *not* initialize variables if I know > they will be properly initialized later. E.g.: > > declare > X: Integer; > begin > if ... then > X := 12; > else > X := 13; > end if; > ... -- some reads of X > > In the above, I would *not* write "X: Integer := 0;". This initialization would indeed make no sense. But in the example above (and in many similar cases) you could have used: declare X : INTEGER := 12; -- 'X' is initialized to 12 here because ... -- It will be changed to '13' under the following circumstances ... -- in the code piece following. begin if not ... then X := 13; end if; ... -- some reads of 'X' Of course, you would have to write some additional comment. But may be this adds some details to your source some other people reading it may need to get a deeper understanding (of course not in this simple example). I tend to give all my declarations some initial value (if possible) _and_ an initial comment (giving a shorter or longer text about its usage and the background of this variable). In my eyes this saves me from having non-initialized variables (causing errors which are sometimes nasty to find) and it saves people reviewing my sources from wasting too much time to guess what I was thinking when "inventing" a variable (normally, I would not use a variable called 'X', but instead would have called it 'Some_Meaningful_Name'). BTW, a former colleague of mine called me a 'secretary' when he found too many comments in my source code. That the other side of the medal. >... > I would very much like to see compilers check these cases at run time. You could use some kind of software review tools for this. ----------------------------------------------------------------------------- - Thorsten Behrens /// Voice : +49 421 351252 - - Buddestr. 39 \\\/// e-mail: thorsten.behrens@dorunth.hb.north.de - - 28215 Bremen \XX/ - ----------------------------------------------------------------------------- - aka Aggli 'if it moves, kill it' the Fist - ----------------------------------------------------------------------------- ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [Q] To initialise or not. 1996-04-27 0:00 ` Thorsten Behrens @ 1996-04-28 0:00 ` Robert Dewar 1996-04-30 0:00 ` mjp 1996-05-02 0:00 ` Bob Gilbert 2 siblings, 0 replies; 14+ messages in thread From: Robert Dewar @ 1996-04-28 0:00 UTC (permalink / raw) Thorsten says " declare X : INTEGER := 12; -- 'X' is initialized to 12 here because ... -- It will be changed to '13' under the following circumstances ... -- in the code piece following. begin if not ... then X := 13;" recommending that all variables be initialized. I am not sure I like this. Now you replae the possible error of not initializing a variable with using a junk value (here using a 12 when a 12 is not intended). Furthermore, messing around with conditions and putting not's in front of them seems to me to be undesirable. I am not saying that this is never a good idea, but personally I prefer not to initialize variables unless it makes obvious good sense to do so. By the way, I see this as totally unrelated to the issue of choosing good names for variables and properly docuenting declarations. Interesting that some programmer would be scornful of this (using the word secretary, presumably NOT not in a complimentary sense). Sounds like that is a programmer who I would NOT want working on my projects. All programmers should be secretaries :-) ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [Q] To initialise or not. 1996-04-27 0:00 ` Thorsten Behrens 1996-04-28 0:00 ` Robert Dewar @ 1996-04-30 0:00 ` mjp 1996-05-02 0:00 ` Bob Gilbert 2 siblings, 0 replies; 14+ messages in thread From: mjp @ 1996-04-30 0:00 UTC (permalink / raw) "Thorsten Behrens" <thorsten.behrens@dorunth.hb.north.de> writes: >I tend to give all my declarations some initial value (if possible) _and_ >an initial comment (giving a shorter or longer text about its usage and >the background of this variable). In my eyes this saves me from having >non-initialized variables (causing errors which are sometimes nasty to >find) and it saves people reviewing my sources from wasting too much time >to guess what I was thinking when "inventing" a variable (normally, I would >not use a variable called 'X', but instead would have called it >'Some_Meaningful_Name'). I think what to do depends on the strenght of your compiler. Ideally, the hardware would have store both a value, and a bit indicating whether the value was valid (initialised) or not. If this hardware support is not provided, hopefully, your compiler will do a dataflow analysis and flag "used but not set" variables, even this can fail in things like loops or assignments in conditionals. I always prefer to force a detectable error so for instance I would tend to initialise to an absurd value. E.g. for a divisor variable, I would initialise to 0 in the declarations, that way if it is used before set it will cause a divide by zero exception. Of course not all operations will cause such obvious errors and in other cases I would tend to use such an out of bounds value that you would at least see the error in the output and go looking for it. The really insidious errors are the ones that don't look like a problem, i.e. appear plausable. Michael -- On Australia is prohibited from redistributing this document in any way Dr Michael Pilling Phone: +61 8 259 7017 DSTO ITD/SE 171 Labs Fax: +61 8 259 5589 PO Box 1500, Salisbury SA 5108, Australia Michael.Pilling@dsto.defence.gov.au ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [Q] To initialise or not. 1996-04-27 0:00 ` Thorsten Behrens 1996-04-28 0:00 ` Robert Dewar 1996-04-30 0:00 ` mjp @ 1996-05-02 0:00 ` Bob Gilbert 2 siblings, 0 replies; 14+ messages in thread From: Bob Gilbert @ 1996-05-02 0:00 UTC (permalink / raw) In article <75602294@dorunth.hb.north.de>, "Thorsten Behrens" <thorsten.behrens@dorunth.hb.north.de> writes: > Captain, bei Sternzeit Fri, 26 Apr 1996 18:55:28 GMT empfingen wir folgende > Nachricht von Robert A Duff: > > > In the above, I would *not* write "X: Integer := 0;". > > This initialization would indeed make no sense. But in the example above > (and in many similar cases) you could have used: > > declare > X : INTEGER > := 12; > -- 'X' is initialized to 12 here because ... > -- It will be changed to '13' under the following circumstances ... > -- in the code piece following. > begin > if not ... then > X := 13; > end if; > ... -- some reads of 'X' You could get fully carried away and do something like: function Init_X(Condition : BOOLEAN) return INTEGER is type VALUES_LIST is array (BOOLEAN) of INTEGER; Init_Values : constant VALUES_LIST := (False => 13, True => 12); begin return Init_Values(Condition); end Init_X; declare X : INTEGER := Init_X(<condition>); begin ... -- some reads of 'X' -Bob ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [Q] To initialise or not. 1996-04-25 0:00 [Q] To initialise or not JP Thornley ` (3 preceding siblings ...) 1996-04-26 0:00 ` Theodore E. Dennison @ 1996-04-27 0:00 ` Robert Dewar 4 siblings, 0 replies; 14+ messages in thread From: Robert Dewar @ 1996-04-27 0:00 UTC (permalink / raw) "Briefly, the argument for initialising everything is predictability of operation (by avoiding a read of an uninitialised value). The argument against is that giving everything an initial value obscures the fact that some objects *should* be initialised (and the initial value has some significance) and other initialisations are there simply to follow the rule (and the value has no particular significance)." It is a shame to damage the readability and maintainability of code by providing junk initializations. The desire for predictability is however reasonable. There is no good solution in Ada 83. Really pragma Normalize_Scalars is the only satsifactory answer here. ^ permalink raw reply [flat|nested] 14+ messages in thread
end of thread, other threads:[~1996-05-02 0:00 UTC | newest] Thread overview: 14+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 1996-04-25 0:00 [Q] To initialise or not JP Thornley 1996-04-26 0:00 ` Ken Garlington 1996-04-26 0:00 ` Robert A Duff 1996-04-27 0:00 ` Robert Dewar 1996-04-27 0:00 ` Robert A Duff 1996-04-26 0:00 ` Robert I. Eachus 1996-04-26 0:00 ` Ken Garlington 1996-04-26 0:00 ` Theodore E. Dennison 1996-04-26 0:00 ` Robert A Duff 1996-04-27 0:00 ` Thorsten Behrens 1996-04-28 0:00 ` Robert Dewar 1996-04-30 0:00 ` mjp 1996-05-02 0:00 ` Bob Gilbert 1996-04-27 0:00 ` Robert Dewar
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox