Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

Ovid (2709)

Ovid
  (email not shown publicly)
http://publius-ovidius.livejournal.com/
AOL IM: ovidperl (Add Buddy, Send Message)

Stuff with the Perl Foundation. A couple of patches in the Perl core. A few CPAN modules. That about sums it up.

Journal of Ovid (2709)

Sunday October 19, 2008
08:02 AM

Zero Defect Code in Ada and Perl 6

[ #37699 ]

I was reading a blog entry about zero defect code and saw the following horrible Ada code (with a strange mix of constants, hard-coded values, and what resembles an off-by-one error):

   subtype LogFileIndexT is LogFileCountT range 1 .. MaxNumberLogFiles;
   subtype FileNameI is Positive range 1 .. 16;
   subtype FileNameT is String(FileNameI);
   type LogFileNamesT is array (LogFileIndexT) of FileNameT;
   LogFileNames : constant LogFileNamesT :=
     LogFileNamesT'(  1 => "./Log/File01.log",
                      2 => "./Log/File02.log",
                      3 => "./Log/File03.log",
                      4 => "./Log/File04.log",
                      5 => "./Log/File05.log",
                      6 => "./Log/File06.log",
                      7 => "./Log/File07.log",
                      8 => "./Log/File08.log",
                      9 => "./Log/File09.log",
                     10 => "./Log/File10.log",
                     11 => "./Log/File11.log",
                     12 => "./Log/File12.log",
                     13 => "./Log/File13.log",
                     14 => "./Log/File14.log",
                     15 => "./Log/File15.log",
                     16 => "./Log/File16.log",
                     17 => "./Log/File17.log"
                     );

Now I suppose, under the hood, that this might offer some sort of static benefit (memory allocation?), but here's that code in Perl 6 (as best as I can tell):

sub logFileName ( Int $n where { 0 < $_ <= 17 } ) {
    return sprintf "./Log/File%02d.log", $n;
}

say logFileName($_) for 1 .. 17;

We get a runtime exception instead of a compile time exception if the argument is out of bounds, but it seems pretty clear. The author, however, tried to translate it to Java and failed to preserve functionality:

static String logFileName(int n) {
        Formatter f = new Formatter();
        return f.format("./Log/File%02d.log", n).toString();
}

Yup. We're going to love Perl 6.

Note that you can also write the Perl 6 code as:

sub logFileName ( Int $n where { $^N > 0 and $^N <= 17 } ) {
    return "./Log/File%02d.log".sprinf($n);
}

say logFileName($_) for 1 .. 17;

TIMTOWTDI still rules.

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.
  • I think it should be kept in mind that the purpose of this code is that is should be correct according to specification in a safety critical system. As such correctness is more important than the code being easy to maintain etc. Using static code makes more compiler checks possible and correct proofs easier, but in this case the code probably got uglier (but I don't know any Ada so it is hard to say for me)

    For better explanations see the comments to the original article.

    • Many of the comments were interesting and I assume that my ignorance of Ada and the requirements are the reason why I am not understanding why this code is good. I would be surprised to hear that the NSA is touting bad code as good code, but then, I really don't know enough about them (who does?) to say. If the US Military had put this out instead of the NSA, I'd be far more likely to believe that it's bad.

      As for the Perl 6 code, I do think that the function is amenable to static compile-time analysis, bu

  • To start with, Ada indexes arrays starting with 1. Yes, I know that is ugly and weird (*cough* FORTRAN *cough*), but that is most certainly not an off-by-one error.

    Next, neither your p6 code or the java code addresses the line:

    subtype LogFileIndexT is LogFileCountT range 1 .. MaxNumberLogFiles;

    Granted there are some missing values here, specifically LogFileCountT and MaxNumberLogFiles. But these two help to define a range of acceptable indices for the LogFileNamesT array type.

    Now to the really bad as

    • And what people miss is that while this sort of safety is a must when lives are on the line, it is prohibitively costly to achieve in, say, one-liners.

      But programmers like to view the world in black&white.

    • Stevan, thanks for all of the background information here. It's nice to get a different perspective on things.

    • 16 is the magic number, even in ADA there is 2-complement HW.
      index 1-17, count=16

      I also deal with security relevant hard real-time code. We mostly use graphical environments there, Matlab Simulink, the deal with the additional complexity.

      There the checks are mostly runtime, not compile time! "Compile time" checks are done by the graphical environment, where boxes simply cannot be connected, or invalid parameters cannot be entered.