Re: Building blocks (Was: Design By Contract)

[mheaney@ni.net (Matthew Heaney)]

In article <34316EC3.5B62@dynamite.com.au>, aebrain@dynamite.com.au wrote:


>> 2. Using while instead of loop/exit (ref. Ichbiah, Barnes, & Firth, "Ada
>> Launch," 1980 Dec 10, videotape, on why while was included in the
>> language).
>
>I'd defend this one on style grounds, and believe the matter is
>religious. I have no access to this video. Any other sources? BTW
>perfectly willing to believe I'm wrong, I just want to know why...

Yes, it's quite wrong to use a flag to terminate a while loop, instead of
just using exit with a loop.  The idiom is, use an exit when the
termination depends on what you read, eg

loop

   <read some data>

   exit when <the data has some special value>

   <process the data>

end loop;

The classic example is, read some integers until the user types in the value 0:

loop

   Read (N);
   exit when N = 0;

   <process N>

end loop;

Scannars are written this way: you leave the current state when you've read
something outside what you're scanning right now:

Scan_Integer:
loop

   Read (C);
   exit when C not in '0' .. '9';
 
   <process this digit>

end loop Scan_Integer;


No, this is not a moral issue.  It is a simple fact about what
problem-solving strategies are best for human programmers.  That the exit
technique is a better "cognitive fit" was demonstrated empirically in

Cognitive Strategies and Looping Constructs: An Empirical Study
Elliot Soloway et al
CACM Nov 83 Vol 26 Number 11, p. 853-860.

From the abstract:
...Our results indicate that subjects overwhelmingly prefered a
READ/PROCESS strategy over a PROCESS/READ strategy.  When writing a simple
looping program, those using the loop .. leave .. again construct were more
often correct than those using  the standard Pascal loop constructs.

Here's another excerpt from an older textbook:

<Greater flexibility in choosing program structures is possible if one can
"exit" from a program segment "prematurely" -- that is, if one can
terminate the execution of a certain segment of program before its normal
completion.  In the case of a DO group this means being able to terminate
one particular iteration of the body [mjh: something you can't do in Ada,
but can in C using "continue"], or terminate the execution of the entire DO
group [mjh: "exit" in Ada or "break" in C].  In PL/I this type of exit must
be accomplished by a "conditional branch.">

-- from An Introduction to Programming, Richard Conway and David Gries

In a recent thread on this list, we debated why Ada requires you for
declare something before its use.  The design philosophy of Ada - as
explained in the video and to me privately by Jean Ichbiah - is that the
programmer's understanding of something should only depend on what has come
before.  He shouldn't have to read ahead.  What he needs to know to
apprehend the program text only depends on the text he's already read.

Your example is a classic example of how NOT to write loop, by setting a
flag to false to force a while loop to terminate. The problem is that the
reader of your code has to read THE ENTIRE BODY OF THE LOOP, after you've
set the flag to false, to determine whether you set the flag because you
want to terminate the loop right now, and whether there's more work to be
done, prior to the actual end of the loop.  The flag is AMBIGUOUS.

If you reach a point where you need to terminate the loop, then terminate
the loop, right now.  Don't set a flag, execute the rest of the body, test
the flag, to terminate the loop.  Just terminate the loop.

If you want to go from point A to point B, then go directly from point A to
point B.  Why go from A to C to D then to B?  Especially as that may
confuse the person trying to follow you.

You can make the argument "this is just my style," but the whole underlying
philosophy of Ada is that program text gets read by other human
programmers, not just by the human who wrote it originally, and we should
do as much to facilitate their understanding as possible.  This means
presenting information in a manner best suited for the human reader, not
just the compiler.

So your "style" may be the source of obfuscation and ambiguity that CONFUSE
human readers of your programs.  You don't live on an island.  We all need
to always think about the programmer playing detective who's trying to
figure out what we've written.  Always ask yourself as you're writing code,
What can I do to make it easy for someone reading this?  This is especially
true when you have a choice about how to do something, and either way will
work; it's called the Principle of Least Astonishment.

When you reach a loop termination point, tell the human programmer reading
your code, directly and unambiguously, that you want to terminate the loop,
by using an exit.

A loop exit is a big huge sign that tells the person reading your code that
THE LOOP IS TERMINATING NOW.  Nothing unambiguous about that.  No more text
to try to figure out.  All very simple, which is precisely what we want.

One more point.  Among the colorful landscape of programming languages, Ada
is a very conservative language.  If a construct were so pernicious that it
made writing correct programs difficult, or made the apprehension of
program text difficult, then it wouldn't be in the language, now would it? 
A bunch of guys with PhDs in computer science from all over the planet
voted unaminously to make 
Ada an international programming language standard.  And _they_ all decided
that exiting from a loop was OK.

There's nothing extra to you need to do to make Ada programming safe,
because it comes that way right out of the box.

--------------------------------------------------------------------
Matthew Heaney
Software Development Consultant
<mailto:matthew_heaney@acm.org>
(818) 985-1271