From: brad@terminus.umd.edu (Brad Balfour)
Subject: Re: Pre-condition vs. Post-condition
Date: 22 Mar 91 15:18:13 GMT [thread overview]
Message-ID: <8309@umd5.umd.edu> (raw)
In-Reply-To: jls.669368339@rutabaga
In article <jls.669368339@rutabaga>
jls@rutabaga.Rational.COM (Jim Showalter) writes:
>>procedure pop(s: stack)
>>begin
>> if(not empty(s)) then
>> -- pop the stack
>> else
>> raise underflow
>>end pop;
>>procedure pop(s: stack)
>>begin
>> stack.top := stack.top - 1;
>> exception
>> when Constraint_Error => raise underflow
>>end pop;
>Note that in the second case the procedure is faster, since it doesn't
>have to do the check first. Not only is it faster, it is safer, since
>without using tasks you cannot guarantee that between the time you
>checked and the time you popped it hadn't been popped elsewhere. For
>both of these reasons, I'd say the second version is far better than
>the first version, and that the original poster's thesis that exceptions
>should be used rarely if ever has been contradicted by the very examples
>provided to support his/her case!
It should be kept in mind, however, that the first example will always
produce correct results (except in the presence of tasks where it should
be replaced with a concurrent component), but that the second example breaks
in the presence of a "pragma supress". However, on most compilers, it is
not necessary to change the code to get this effect. Instead, all one has
to do is add a switch to the compiler run to turn off the constraint checks.
Then, push will trash memory randomly and pop will return garbage rather
than raise underlfow.
Also, the second example is not safe in the presence of multiple tasks.
It is possible for a second thread of control to be changing the contents of
the stack at the same time as the first so that between the read of
stack.top and the computation of the -1 and then the assignment there
are plenty of opportunities of the push to change (and write to) stack.top.
It is a mistake to assume that the line "stack.top := stack.top - 1;" is a
single atomic assignment.
Brad Balfour
EVB Software Engineering, Inc.
brad@terminus.umd.edu
next prev parent reply other threads:[~1991-03-22 15:18 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
1991-03-15 3:57 Pre-condition vs. Post-condition Chris M. Little
1991-03-15 19:07 ` Michael Feldman
1991-03-17 12:26 ` George C. Harrison, Norfolk State University
1991-03-18 15:04 ` Joe Hollingsworth
1991-03-18 19:51 ` Marlene M. Eckert
1991-03-19 19:07 ` Michael Feldman
1991-03-21 3:01 ` Jim Showalter
1991-03-21 16:34 ` Exception usage design issues (was: Pre-condition vs. Post-condition) John Goodenough
1991-03-21 18:40 ` Pre-condition vs. Post-condition Michael Feldman
1991-03-19 20:38 ` Charles H. Sampson
1991-03-21 3:06 ` Jim Showalter
1991-03-19 21:07 ` Jim Showalter
1991-03-19 7:38 ` Jim Showalter
1991-03-19 14:46 ` Joe Hollingsworth
1991-03-21 2:46 ` Jim Showalter
1991-03-21 5:12 ` Explicit vs implicit checks (was Pre-condition vs. Post-condition) Scott Carter
1991-03-22 15:18 ` Brad Balfour [this message]
1991-03-19 18:17 ` Pre-condition vs. Post-condition Mike Gilbert
-- strict thread matches above, loose matches on Subject: below --
1991-03-18 15:47 "Norman H. Cohen"
1991-03-24 21:23 stt
1991-03-25 16:00 ` Arthur Evans
1991-03-25 17:05 ` Michael Feldman
1991-03-26 4:31 ` Jim Showalter
1991-03-26 10:21 ` Richard A. O'Keefe
1991-03-26 16:44 ` Michael Feldman
1991-03-26 22:03 ` Richard A. O'Keefe
1991-03-26 23:36 ` Michael Feldman
1991-03-27 21:34 ` Jim Showalter
1991-03-28 2:54 ` Michael Feldman
1991-03-29 3:28 ` Jim Showalter
1991-03-27 3:12 ` Jim Showalter
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox