Re: AW: Translating an embedded C algorithm

[Stephen Leake <stephen_leake@stephe-leake.org>]

Ludovic Brenta <ludovic@ludovic-brenta.org> writes:

> Markus E Leypold writes:
>> Ludovic Brenta <ludovic@ludovic-brenta.org> writes:
>>> Right, and there would be no need for a silly INVALID_TEMPERATURE.
>>> What *is* an invalid temperature anyway?  One that needs crutches?
>>> One that is excused from military service? And why would you ever
>>> return an invalid temperature to your caller? etc. etc.
>>
>> | >> --| Temperature in �C x 10. INVALID_TEMPERATURE if out of range.
>>
>> If the sensor is out of order or the temperature leaves the range
>> where it functions properly?
>>
>> :-). 
>
> My point it this: if the sensor is out of order, then there is no
> known temperature; not a known "invalid" temperature.  The proper way
> to handle that in Ada is with an exception, not a special value of
> type Degrees_C.

In a real-time system that is tolerant of hardware failures, every
hardware measurement should be accompanied by some sort of quality
flag. In this case, a boolean would do; Temperature_Valid.

The point is that when hardware failures are expected, they are best
handled by normal data, not exceptions.

Using a special value of Temperature to represent hardware failure is
an example of in-band signaling; using a separate quality flag is
out-of-band signaling. Out-of-band is a bit more complicated, but
much more robust.


This example program is far too small to show the crucial differences
between C and Ada.

-- 
-- Stephe