From: mheaney@ni.net (Matthew Heaney)
Subject: Re: Building blocks (Was: Design By Contract)
Date: 1997/10/02
Date: 1997-10-02T00:00:00+00:00 [thread overview]
Message-ID: <mheaney-ya023680000210972237020001@news.ni.net> (raw)
In-Reply-To: EHG0o5.K03.0.-s@inmet.camb.inmet.com
In article <EHG0o5.K03.0.-s@inmet.camb.inmet.com>,
stt@houdini.camb.inmet.com (Tucker Taft) wrote:
>Robert A Duff (bobduff@world.std.com) wrote:
>
>: ...
>: By the way, speaking of negative logic, what do people think about
>: negative logic in "if" statements? I tend to try to reduce the number
>: of "not"s in the code. But other people tend to use some other
>: heuristic, such as "do the normal case first" or "do unusual case
>: first".
>
>FWIW, one of my heuristics is if one case is much shorter than the other,
>do the shorter case first, as it is easier to see what is happening.
>When you see something like:
>
> ... 200 lines
> else
> Do_Something;
> end if;
That about sums it up for me too. I like to handle the special cases right
up in front. That often means checking preconditions that aren't
expressable in Ada syntax (hint, hint). I would have implemented Tuck's
example as
if not P then
Do_Something;
return;
end if;
...200 lines
One of the benefits of this approach is that it removes a level of nesting.
A simple example of a precondition check is a stack pop. Instead of
procedure Pop (Stack : in out Bounded_Stack) is
begin
if Stack.Top /= 0 then
Stack.Top := Stack.Top - 1;
else
raise Stack_Empty;
end if;
end;
I would do this as
procedure Pop (Stack : in out Bounded_Stack) is
begin
if Stack.Top = 0 then
raise Stack_Empty;
end if;
Stack.Top := Stack.Top - 1;
end;
This is what I meant by "check preconditions at top of subprogram." Get
the special cases out of the way. Of course, you can also let Ada do the
check for you. If the Top component is of type Natural, then
procedure Pop (Stack : in out Bounded_Stack) is
begin
Stack.Top := Stack.Top - 1;
exception
when Constraint_Error =>
raise Stack_Empty;
end;
You have to be careful with this style, though; do too much in the
exception handler and you can get burned by RM 11.6 subtleties.
Of course, it would be really cool if I could declare Pop as
procedure Pop (Stack : in out Root_Stack)
precondition
Not_Empty: Length (Stack) > 0;
end Pop;
and then Ada could check the precondition for me.
David Luckham wrote a paper (and a whole annotation language) describing
exception annotations, something like:
procedure Pop (Stack : in out Root_Stack)
exception
when Length (Stack) = 0 => raise Stack_Empty;
end Pop;
Maybe we can look into this for the next language update, hmmmm?
--------------------------------------------------------------------
Matthew Heaney
Software Development Consultant
<mailto:matthew_heaney@acm.org>
(818) 985-1271
next prev parent reply other threads:[~1997-10-02 0:00 UTC|newest]
Thread overview: 74+ messages / expand[flat|nested] mbox.gz Atom feed top
1997-09-09 0:00 Building blocks (Was: Design By Contract) Marc Wachowitz
1997-09-15 0:00 ` Joachim Durchholz
1997-09-17 0:00 ` Paul Johnson
1997-09-18 0:00 ` Robert Dewar
1997-09-18 0:00 ` Stephen Leake
1997-09-18 0:00 ` W. Wesley Groleau x4923
1997-09-21 0:00 ` Matthew Heaney
1997-09-18 0:00 ` Mark L. Fussell
1997-09-19 0:00 ` Jon S Anthony
1997-09-23 0:00 ` Mark L. Fussell
1997-09-19 0:00 ` Robert A Duff
1997-09-20 0:00 ` Joachim Durchholz
1997-09-22 0:00 ` Matthew Heaney
1997-09-23 0:00 ` Joachim Durchholz
1997-09-23 0:00 ` Veli-Pekka Nousiainen
1997-10-03 0:00 ` Robert I. Eachus
1997-10-04 0:00 ` Paul Johnson
1997-10-14 0:00 ` Robert I. Eachus
1997-09-23 0:00 ` Jon S Anthony
1997-09-24 0:00 ` Alan E & Carmel J Brain
1997-09-25 0:00 ` Anonymous
1997-09-30 0:00 ` Alan E & Carmel J Brain
1997-09-30 0:00 ` Matthew Heaney
1997-09-30 0:00 ` Neil Wilson
1997-09-30 0:00 ` Stephen Leake
1997-09-30 0:00 ` W. Wesley Groleau x4923
1997-09-30 0:00 ` Matthew Heaney
1997-10-01 0:00 ` Alan E & Carmel J Brain
1997-10-01 0:00 ` Anonymous
1997-10-01 0:00 ` Joachim Durchholz
1997-10-01 0:00 ` Paul M Gover
1997-10-04 0:00 ` Paul Johnson
1997-10-04 0:00 ` Matthew Heaney
1997-10-15 0:00 ` Paul Johnson
1997-10-15 0:00 ` Matthew Heaney
1997-10-16 0:00 ` Joachim Durchholz
1997-10-17 0:00 ` Robert I. Eachus
1997-10-16 0:00 ` Joachim Durchholz
1997-10-22 0:00 ` Reimer Behrends
1997-10-02 0:00 ` Robert A Duff
1997-10-02 0:00 ` Tucker Taft
1997-10-02 0:00 ` Matthew Heaney [this message]
1997-10-03 0:00 ` Stephen Leake
1997-10-04 0:00 ` Matthew Heaney
1997-10-07 0:00 ` Robert A Duff
1997-09-24 0:00 ` Richard A. O'Keefe
[not found] ` <11861963wnr@eiffel.demon.co.uk>
1997-09-19 0:00 ` Mark L. Fussell
1997-09-18 0:00 ` Jon S Anthony
-- strict thread matches above, loose matches on Subject: below --
1997-09-11 0:00 Robert Dewar
1997-09-09 0:00 Marc Wachowitz
1997-09-02 0:00 Design By Contract Jon S Anthony
[not found] ` <JSA.97Sep3201329@alexandria.organon.com>
1997-09-04 0:00 ` Paul Johnson
[not found] ` <5un58u$9ih$1@gonzo.sun3.iaf.nl>
1997-09-06 0:00 ` Building blocks (Was: Design By Contract) Joachim Durchholz
1997-09-08 0:00 ` Paul Johnson
1997-09-08 0:00 ` Brian Rogoff
1997-09-09 0:00 ` Veli-Pekka Nousiainen
1997-09-09 0:00 ` Jon S Anthony
1997-09-09 0:00 ` Veli-Pekka Nousiainen
1997-09-09 0:00 ` Matthew Heaney
1997-09-09 0:00 ` W. Wesley Groleau x4923
1997-09-10 0:00 ` Robert A Duff
1997-09-12 0:00 ` Jon S Anthony
1997-09-09 0:00 ` Brian Rogoff
1997-09-10 0:00 ` Robert Dewar
1997-09-12 0:00 ` Paul Johnson
1997-09-14 0:00 ` Robert Dewar
1997-09-14 0:00 ` Robert Dewar
1997-09-15 0:00 ` John G. Volan
1997-09-14 0:00 ` Robert Dewar
1997-09-12 0:00 ` Jon S Anthony
1997-09-12 0:00 ` Robert Dewar
1997-09-16 0:00 ` Brian Rogoff
1997-09-10 0:00 ` Paul Johnson
1997-09-10 0:00 ` Darren New
1997-09-10 0:00 ` Matthew Heaney
1997-09-09 0:00 ` W. Wesley Groleau x4923
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox