Re: Float conversion

[Stephen Leake <stephen_leake@stephe-leake.org>]

Robert A Duff <bobduff@shell01.TheWorld.com> writes:

> Stephen Leake <stephen_leake@stephe-leake.org> writes:
>
>> Phil Clayton <phil.clayton@lineone.net> writes:
>>
>>> On Jul 31, 4:12 pm, Stephen Leake <stephen_le...@stephe-leake.org>
>>> wrote:
>>>> Clearly to cover all cases, you
>>>> need A < B, A = B, A > B, A < C, etc.
>>>
>>> You make it sound easy...
>>
>> It is easy! This is a very small program; exhaustive testing is
>> appropriate. 
>
> I wouldn't call that "exhaustive".  To me, exhaustive testing means
> testing every possible input.  There are far more than 9.

Yes, that's true.

> You seem to be using some sort of coverage metric, not exhaustive
> testing.

Yes.

>> According to the code, there are three important edge cases for each
>> pair: A < B, A = B, A > B
>
> I don't understand that.  Phil Clayton's example was:
>
>   if A < B and A < C
>   then
>     Y := A;
>   elsif B < C and B < A
>   then
>     Y := B;
>   else
>     Y := C;
>   end if;
>
> (Interesting example, by the way!)

I was talking about my rewrite, which got rid of the 'and' operators to
make things clearer.

> And why not A=B-epsilon?

That's one appropriate test case for A < B, along with A = B - 1.0.

> By the way, putting:
>
>     pragma Assert (C < B and C < A);
>
> after "else" might have made the bug clearer.  Or might not.

That's a good idea.

>> What are you verifying, if not a specification?
>
> You can't formally verify specifications.  You can (sometimes) formally
> verify that the code matches a specification.

That's what I meant; the verification process is meaningless without a
specification. 

-- 
-- Stephe