From: "Nick Roberts" <nickroberts@adaos.worldonline.co.uk>
Subject: Re: A case where Ada defaults to unsafe?
Date: Sat, 5 Jan 2002 00:08:10 -0000
Date: 2002-01-05T00:08:10+00:00 [thread overview]
Message-ID: <a15j7p$ogtku$1@ID-25716.news.dfncis.de> (raw)
In-Reply-To: 3C35FE2A.9020802@mail.com
"Hyman Rosen" <hyrosen@mail.com> wrote in message
news:3C35FE2A.9020802@mail.com...
> ...
> On the other hand, "and" and "and then" perform the same
> logical operation. To use "and", the programmer must make
> a decision that the order of evaluation of the operands
> doesn't matter.
Quite correct.
> If he is wrong, he has introduced a subtle bug.
Not necessarily subtle (but it could be).
> If he is right, he has gained nothing over using "and then".
Wrong, and I hope you can follow my explanation. I think it's quite
important!
Correct use of "and" or "or" is indeed an implicit assertion that the order
of evaluation of the operands will not affect the result. It is often
important that these operators are used (instead of the short-circuit forms)
when they can be, specifically so as to make this implicit assertion; it may
not matter to the compiler, but it could matter to the programmer
(revisiting the code). It could matter because it could very well affect
that programmer's reasoning when modifying the code. Perhaps the following
example will illustrate.
Original code:
if Fire_Alarm(Engine) and Gearbox_Alarm(Engine) then -- A
Activate_Extinguisher(Engine,Trickle_Mode);
end if;
if Gearbox_Alarm(Engine) then -- B
Display.Activate(Gearbox_Alert(Engine));
end if;
Supposing a programmer comes back to this code, having been told to do her
best to make indications code precede actions code. She might make the
following change:
if Gearbox_Alarm(Engine) then -- B
Display.Activate(Gearbox_Alert(Engine));
end if;
if Fire_Alarm(Engine) and Gearbox_Alarm(Engine) then -- A
Activate_Extinguisher(Engine,Trickle_Mode);
end if;
based on the simple deduction that since the call to Gearbox_Alarm could be
made before the call to Fire_Alarm in line A, she can assume that Fire_Alarm
does not need to be called before Gearbox_Alarm, and that it is therefore
safe to move the call the Gearbox_Alarm in line B to precede the call to
Fire_Alarm in line A.
If line A had contained "and then" instead of "and", she would not have been
able to make this deduction, and may have not made an improvement to the
code (which just might save a pilot's life one day).
In conclusion, I would humbly suggest that it is extremely important for
student programmers to be taught to use the different forms of Boolean
operator correctly!
NB: The very thought of flight systems being programmed in C++ scares the
willies out of me. God help us all. (Maybe the JSF will actually work ;-)
--
Best wishes,
Nick Roberts
next prev parent reply other threads:[~2002-01-05 0:08 UTC|newest]
Thread overview: 127+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-01-03 20:29 A case where Ada defaults to unsafe? Hyman Rosen
2002-01-03 20:38 ` Darren New
2002-01-03 21:36 ` Hyman Rosen
2002-01-04 14:29 ` Wes Groleau
2002-01-03 21:27 ` James Rogers
2002-01-03 21:32 ` Frank J. Lhota
2002-01-03 21:51 ` Hyman Rosen
2002-01-03 22:22 ` Ted Dennison
2002-01-03 23:07 ` Hyman Rosen
2002-01-03 23:38 ` Nick Williams
2002-01-04 0:15 ` Florian Weimer
2002-01-04 7:40 ` Preben Randhol
2002-01-04 14:39 ` Wes Groleau
2002-01-04 15:16 ` Ted Dennison
2002-01-04 3:35 ` Eric Merritt
2002-01-04 14:39 ` Robert A Duff
2002-01-04 14:27 ` Robert A Duff
2002-01-04 15:39 ` Larry Kilgallen
2002-01-04 15:57 ` Ted Dennison
2002-01-04 16:05 ` Ted Dennison
2002-01-10 21:22 ` Robert A Duff
2002-01-11 9:14 ` Dmitry A. Kazakov
2002-01-04 16:19 ` Brian Rogoff
2002-01-04 16:31 ` Ted Dennison
2002-01-08 20:55 ` Mark Lundquist
2002-01-16 0:14 ` Matthew Heaney
2002-01-16 20:19 ` Robert A Duff
2002-01-10 21:29 ` Robert A Duff
2002-01-11 9:25 ` Dmitry A. Kazakov
2002-01-19 0:35 ` Brian Rogoff
2002-01-19 14:15 ` Robert A Duff
2002-01-19 23:10 ` Brian Rogoff
2002-01-04 16:29 ` Robert Dewar
2002-01-04 17:32 ` Hyman Rosen
2002-01-04 18:50 ` Matthew Heaney
2002-01-04 18:56 ` Darren New
2002-01-04 19:10 ` Hyman Rosen
2002-01-04 20:08 ` Matthew Heaney
2002-01-04 20:14 ` Ted Dennison
2002-01-04 20:20 ` Hyman Rosen
2002-01-04 21:16 ` Larry Kilgallen
2002-01-04 21:33 ` Ted Dennison
2002-01-07 15:39 ` Hyman Rosen
2002-01-07 16:06 ` Ted Dennison
2002-01-07 16:50 ` Larry Kilgallen
2002-01-07 17:18 ` Hyman Rosen
2002-01-07 17:26 ` Pat Rogers
2002-01-07 18:12 ` Hyman Rosen
2002-01-07 18:40 ` FGD
2002-01-07 20:04 ` Pat Rogers
2002-01-05 0:08 ` Nick Roberts [this message]
2002-01-05 10:57 ` Simon Wright
2002-01-08 23:27 ` Nick Roberts
2002-01-09 9:58 ` Stuart Palin
2002-01-09 11:11 ` Nick Roberts
2002-01-10 20:32 ` Robert A Duff
2002-01-11 9:45 ` Stuart Palin
2002-01-11 13:32 ` Robert A Duff
2002-01-11 20:26 ` Literate Programming [was: A case where ...] Nick Roberts
2002-01-12 16:37 ` Georg Bauhaus
2002-01-13 14:46 ` Nick Roberts
2002-01-14 14:17 ` Eric Merritt
2002-01-14 23:20 ` Nick Roberts
2002-01-15 18:54 ` Eric Merritt
2002-01-14 14:34 ` Stephen Leake
2002-01-14 13:14 ` A case where Ada defaults to unsafe? Stuart Palin
2002-01-14 14:38 ` Preben Randhol
2002-01-16 6:00 ` Simon Wright
2002-01-17 3:04 ` David Starner
2002-01-17 15:08 ` Georg Bauhaus
2002-01-17 20:25 ` Simon Wright
2002-01-17 9:56 ` Stuart Palin
[not found] ` <3 <3C469FE6.B2C67ED6@baesystems.com>
2002-01-17 20:32 ` Simon Wright
2002-01-14 14:35 ` Preben Randhol
2002-01-14 16:36 ` Robert A Duff
2002-01-12 12:27 ` Simon Wright
2002-01-05 0:32 ` Robert Dewar
2002-01-14 16:09 ` Matthieu Moy
2002-01-20 8:59 ` Hyman Rosen
2002-01-20 19:13 ` Jim Rogers
2002-01-20 21:19 ` Ray Blaak
2002-01-03 22:07 ` Ted Dennison
2002-01-04 17:12 ` Preben Randhol
2002-01-04 17:21 ` Jean-Marc Bourguet
2002-01-04 18:54 ` Ted Dennison
2002-01-04 3:17 ` Larry Kilgallen
2002-01-04 8:27 ` Thierry Lelegard
2002-01-04 8:39 ` tmoran
2002-01-04 9:03 ` Thierry Lelegard
2002-01-04 14:43 ` Wes Groleau
2002-01-04 15:45 ` Ted Dennison
2002-01-04 16:37 ` Wes Groleau
2002-01-04 16:56 ` Ted Dennison
2002-01-04 11:51 ` Larry Kilgallen
2002-01-04 12:41 ` M. A. Alves
2002-01-04 15:42 ` Ted Dennison
2002-01-04 17:16 ` Hyman Rosen
2002-01-04 19:12 ` Ted Dennison
2002-01-04 23:36 ` Matthew Woodcraft
2002-01-05 15:00 ` Steve Doiel
2002-01-10 20:49 ` Robert A Duff
-- strict thread matches above, loose matches on Subject: below --
2002-01-03 23:18 Gautier Write-only-address
2002-01-03 23:26 Gautier Write-only-address
2002-01-03 23:54 ` Larry Hazel
2002-01-04 14:33 ` Robert A Duff
2002-01-05 12:47 Gautier Write-only-address
2002-01-07 16:24 ` Ted Dennison
2002-01-07 18:17 ` FGD
2002-01-07 18:21 ` Hyman Rosen
2002-01-07 20:26 ` Matthew Woodcraft
2002-01-07 21:16 ` Hyman Rosen
2002-01-13 8:23 ` Hyman Rosen
2002-01-13 9:06 ` Preben Randhol
2002-01-13 10:41 ` Larry Kilgallen
2002-01-14 5:47 ` Hyman Rosen
2002-01-14 12:41 ` Georg Bauhaus
2002-01-13 18:21 ` Michal Nowak
2002-01-14 1:29 ` Ted Dennison
2002-01-14 14:36 ` Ted Dennison
2002-01-14 22:43 ` Michal Nowak
2002-01-10 20:47 ` Robert A Duff
2002-01-10 23:37 ` Preben Randhol
2002-01-11 1:31 ` Robert A Duff
2002-01-11 20:32 ` Nick Roberts
2002-01-11 16:47 ` Hyman Rosen
2002-01-07 16:45 Gautier Write-only-address
2002-01-07 19:33 ` Ted Dennison
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox