From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,25aa3c7e1b59f7b5 X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2002-01-04 17:00:43 PST Path: archiver1.google.com!news1.google.com!newsfeed.stanford.edu!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!newsfeed00.sul.t-online.de!newsfeed01.sul.t-online.de!t-online.de!fu-berlin.de!uni-berlin.de!ppp-1-139.cvx6.telinco.NET!not-for-mail From: "Nick Roberts" Newsgroups: comp.lang.ada Subject: Re: A case where Ada defaults to unsafe? Date: Sat, 5 Jan 2002 00:08:10 -0000 Message-ID: References: <3C34BF2C.6030500@mail.com> <3C34D252.4070307@mail.com> <5ee5b646.0201040829.18db8001@posting.google.com> <3C35E733.6030603@mail.com> <3C35FE2A.9020802@mail.com> NNTP-Posting-Host: ppp-1-139.cvx6.telinco.net (212.1.156.139) X-Trace: fu-berlin.de 1010192442 25720478 212.1.156.139 (16 [25716]) X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Xref: archiver1.google.com comp.lang.ada:18574 Date: 2002-01-05T00:08:10+00:00 List-Id: "Hyman Rosen" wrote in message news:3C35FE2A.9020802@mail.com... > ... > On the other hand, "and" and "and then" perform the same > logical operation. To use "and", the programmer must make > a decision that the order of evaluation of the operands > doesn't matter. Quite correct. > If he is wrong, he has introduced a subtle bug. Not necessarily subtle (but it could be). > If he is right, he has gained nothing over using "and then". Wrong, and I hope you can follow my explanation. I think it's quite important! Correct use of "and" or "or" is indeed an implicit assertion that the order of evaluation of the operands will not affect the result. It is often important that these operators are used (instead of the short-circuit forms) when they can be, specifically so as to make this implicit assertion; it may not matter to the compiler, but it could matter to the programmer (revisiting the code). It could matter because it could very well affect that programmer's reasoning when modifying the code. Perhaps the following example will illustrate. Original code: if Fire_Alarm(Engine) and Gearbox_Alarm(Engine) then -- A Activate_Extinguisher(Engine,Trickle_Mode); end if; if Gearbox_Alarm(Engine) then -- B Display.Activate(Gearbox_Alert(Engine)); end if; Supposing a programmer comes back to this code, having been told to do her best to make indications code precede actions code. She might make the following change: if Gearbox_Alarm(Engine) then -- B Display.Activate(Gearbox_Alert(Engine)); end if; if Fire_Alarm(Engine) and Gearbox_Alarm(Engine) then -- A Activate_Extinguisher(Engine,Trickle_Mode); end if; based on the simple deduction that since the call to Gearbox_Alarm could be made before the call to Fire_Alarm in line A, she can assume that Fire_Alarm does not need to be called before Gearbox_Alarm, and that it is therefore safe to move the call the Gearbox_Alarm in line B to precede the call to Fire_Alarm in line A. If line A had contained "and then" instead of "and", she would not have been able to make this deduction, and may have not made an improvement to the code (which just might save a pilot's life one day). In conclusion, I would humbly suggest that it is extremely important for student programmers to be taught to use the different forms of Boolean operator correctly! NB: The very thought of flight systems being programmed in C++ scares the willies out of me. God help us all. (Maybe the JSF will actually work ;-) -- Best wishes, Nick Roberts