From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: f43e6,9a0ff0bffdf63657 X-Google-Attributes: gidf43e6,public X-Google-Thread: 103376,4b06f8f15f01a568 X-Google-Attributes: gid103376,public X-Google-Thread: fac41,9a0ff0bffdf63657 X-Google-Attributes: gidfac41,public X-Google-Thread: 1108a1,9a0ff0bffdf63657 X-Google-Attributes: gid1108a1,public From: Richard Melvin Subject: Re: Software landmines (loops) Date: 1998/09/02 Message-ID: #1/1 X-Deja-AN: 387288632 X-NNTP-Posting-Host: radm.demon.co.uk:194.222.155.111 References: <6sf4gl$hb6@flatland.dimensional.com> <6siqo0$hiv@flatland.dimensional.com> X-Complaints-To: abuse@demon.net X-Trace: news.demon.co.uk 904775810 nnrp-05:3862 NO-IDENT radm.demon.co.uk:194.222.155.111 Organization: n/a MIME-Version: 1.0 Newsgroups: comp.lang.eiffel,comp.object,comp.software-eng,comp.lang.ada Date: 1998-09-02T00:00:00+00:00 List-Id: In article <6siqo0$hiv@flatland.dimensional.com>, Jim Cochrane writes > from > i := 1 > invariant > -- for_all j member_of {1..i - 1} it_holds > -- Current @ j = other @ j > until > i > count or Current @ i /= other @ i > loop > i := i + 1 > end > check > (i - 1 /= count) implies (Current @ i /= other @ i) > count = other.count > end > Result := i - 1 = count I'm not a fan of this line - if I was to translate it it into english, it would come out as something like 'which exit path did I take from the loop?'. In order to work this out, you have to reverse-engineer the loop. To me, i is an implementation detail of the loop - referring to it outside the loop almost seems to break encapsulation. Perhaps it would work better with more descriptive variable names? Perhaps numTested and numFoundEqual? (Although that makes the -1 problematic). -- Richard Melvin