From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Thread: 103376,9b4538cfeb0c3576 X-Google-NewGroupId: yes X-Google-Attributes: gida07f3367d7,domainid0,public,usenet X-Google-Language: ENGLISH,UTF8 Path: g2news1.google.com!news2.google.com!npeer02.iad.highwinds-media.com!news.highwinds-media.com!feed-me.highwinds-media.com!post02.iad.highwinds-media.com!news.flashnewsgroups.com-b7.4zTQh5tI3A!not-for-mail From: Stephen Leake Newsgroups: comp.lang.ada Subject: Re: Float conversion References: <9e669a3b-1013-4bd1-b372-5f7dfa46d083@f42g2000yqn.googlegroups.com> <1q5zc0ais535h$.1jqwfxhj9cflc$.dlg@40tude.net> <4c519968$0$6893$9b4e6d93@newsspool2.arcor-online.net> <1d1txn4x3r5xn.1trm4gx9n87gm$.dlg@40tude.net> <1jo4xj7cntwy1$.1ntf9smcka8vf$.dlg@40tude.net> <1d617940-d138-4b8c-a321-ed23b47431b8@x21g2000yqa.googlegroups.com> <1naf3ekl5k916$.f7ugc92galdz$.dlg@40tude.net> <82y6cru1lp.fsf@stephe-leake.org> <77ee8883-ab9f-42c7-94d5-3d85cdc19693@i28g2000yqa.googlegroups.com> <82pqxyu9bw.fsf@stephe-leake.org> Date: Thu, 05 Aug 2010 08:05:07 -0400 Message-ID: <82vd7ps1sc.fsf@stephe-leake.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.1 (windows-nt) Cancel-Lock: sha1:bTYOPqU5NetxZFbfGCGkMJ9t3tM= MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Complaints-To: abuse@flashnewsgroups.com Organization: FlashNewsgroups.com X-Trace: e4d594c5aa8ebe029e66116334 Xref: g2news1.google.com comp.lang.ada:12875 Date: 2010-08-05T08:05:07-04:00 List-Id: Robert A Duff writes: > Stephen Leake writes: > >> Phil Clayton writes: >> >>> On Jul 31, 4:12 pm, Stephen Leake >>> wrote: >>>> Clearly to cover all cases, you >>>> need A < B, A = B, A > B, A < C, etc. >>> >>> You make it sound easy... >> >> It is easy! This is a very small program; exhaustive testing is >> appropriate. > > I wouldn't call that "exhaustive". To me, exhaustive testing means > testing every possible input. There are far more than 9. Yes, that's true. > You seem to be using some sort of coverage metric, not exhaustive > testing. Yes. >> According to the code, there are three important edge cases for each >> pair: A < B, A = B, A > B > > I don't understand that. Phil Clayton's example was: > > if A < B and A < C > then > Y := A; > elsif B < C and B < A > then > Y := B; > else > Y := C; > end if; > > (Interesting example, by the way!) I was talking about my rewrite, which got rid of the 'and' operators to make things clearer. > And why not A=B-epsilon? That's one appropriate test case for A < B, along with A = B - 1.0. > By the way, putting: > > pragma Assert (C < B and C < A); > > after "else" might have made the bug clearer. Or might not. That's a good idea. >> What are you verifying, if not a specification? > > You can't formally verify specifications. You can (sometimes) formally > verify that the code matches a specification. That's what I meant; the verification process is meaningless without a specification. -- -- Stephe