From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
	autolearn_force=no version=3.4.4
X-Google-Thread: 103376,93a8020cc980d113
X-Google-Attributes: gid103376,public
X-Google-Language: ENGLISH,ASCII-7-bit
From: Brian May <bam@snoopy.apana.org.au>
Newsgroups: comp.lang.ada
Subject: Re: What is wrong with Ada?
References: <1176150704.130880.248080@l77g2000hsb.googlegroups.com>
	<zyBSh.44138$oV.14776@attbi_s21> <461B52A6.20102@obry.net>
	<awirc4gv13.fsf@hod.lan.m-e-leypold.de> <461BA892.3090002@obry.net>
	<yeabxgnsrj.fsf@hod.lan.m-e-leypold.de>
	<82dgve.spf.ln@hunter.axlog.fr>
	<1176226291.589741.257600@q75g2000hsh.googlegroups.com>
	<4eaive.6p9.ln@hunter.axlog.fr> <sa4ps6apjb7.fsf@margay.local>
	<wccwt0ho2fc.fsf@shell01.TheWorld.com>
Date: Fri, 13 Apr 2007 10:10:04 +1000
Message-ID: <sa4wt0h5e3n.fsf@margay.local>
User-Agent: Gnus/5.110006 (No Gnus v0.6) XEmacs/21.4.19 (linux)
Cancel-Lock: sha1:4xdoLW1/oOXmmO1vmnYJxZ+vtOM=
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
NNTP-Posting-Host: snoopy.microcomaustralia.com.au
X-Trace: quokka.wn.com.au 1176422963 202.173.153.89 (13 Apr 2007 08:09:23
 +0800)
X-Complaints-To: abuse@westnet.com.au
Path: 
 g2news1.google.com!news1.google.com!news.glorb.com!quokka.wn.com.au!not-for-mail
Xref: g2news1.google.com comp.lang.ada:14970
Date: 2007-04-13T10:10:04+10:00
List-Id: <comp.lang.ada>

>>>>> "Robert" == Robert A Duff <Robert> writes:

    Robert> There is no way to be sure the code is bug free!  Not in
    Robert> any language.  Not using testing, nor any other method
    Robert> (including so-called proof of correctness).

The problem I have had in the past is code along the lines of:

rc = do_step_1(...);
if (!rc) {
   report_error("step 1 failed");
   return FALSE;
}

rc = do_step_2(...);
if (!rc) {
   report_error("step 2 failed");
   return FALSE;
}

rc = do_step_3(...);
if (!rc) {
   report_error("step 3 failed");
   return FALSE;
}

rc = do_step_4(...);
if (!rc) {
   report_error("step 4 failed");
   return FALSE;
}

...

(Yes, exceptions would also help to a limited extent; this code was
PHP4 which didn't support exceptions).

Running automatic tests might not be possible. For example, if the
steps involve creating a TCP connection. Maybe you could deliberately
bring the network down before running the test, but this may produce
the error in step 1 (this could be looking resolving a DNS name), not
step 2 (establishing the connection), step 3 (sending data), or step 4
(receiving expected response).

As a result, the code is properly tested, using manual techniques. The
first time.

Eventually, over time the code evolves. Maybe somebody does a search
and replace for /error/message/ and accidently changes one of those
report_error to report_message in the process, without noticing it. Or
maybe somebody decides that report_error needs another parameter, but
forgets to change the references in this file.

The result is that previously good code suddenly becomes bad with no
warning, it appears to work fine, and as far as I can tell it would be
difficult to test unless you have a compiler that will these issues
up.

All the cases I have had and can remember where good code becomes bad
like this are issues that any compiler could pick up on easily.

(another technique I use is to use a revision control system, and
review the changes I have made before committing them - this isn't
guaranteed but sometimes I do pick up changes I didn't intend to
commit).
-- 
Brian May <bam@snoopy.apana.org.au>