Go-To-and-structured.. - Department of Electrical Engineering

advertisement
COSC3311 – Software Design
Gotos, Breaks and Structured
Programming
Department of Computer Science, York University
Slides based on Object Oriented Software Construction
2016-03-22 3:24 AM
0
What’s wrong with `break’
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Subject: AT& T Bug
Date: Fri Jan 19 12: 18: 33 1990
This is the bug that caused the AT& T breakdown the other day:
In the switching software (written in C),
there was a long do . . . while construct,
which contained a switch statement,
which contained an if clause,
which contained a break,
which was intended for the if clause,
but instead broke from the switch.
 A missing “break” statement brought down the entire longdistance telephone network in the North Eastern US,
resulting in millions of dollars of damage!
Department of Computer Science, York University
Slides based on Object Oriented Software Construction
2016-03-22 3:24 AM
1
Statement from Bertrand Meyer
 eiffel_sofware@groups.yahoo (Feb 2004)
 “I assume the question about "powerful weapons"
refers to the break / continue control structures of
C and Java.
 BM’s response follows on the next few pages:
Department of Computer Science, York University
Slides based on Object Oriented Software Construction
2016-03-22 3:24 AM
2
Structured vs. Spaghetti programs
 Thirty five years ago, Edsger Dijkstra, followed by others,
made a powerful case against using control structures other
than the one-entry, one-exit blocks that came to be
known as "the control structures of structured
programming". They are, with a few complements, the
control structures of Eiffel: sequence (implicit most of the
time since you may omit the semicolon), if-then-else,
inspect, loop, routine.
 They are all one-entry, one-exit, meaning you can read
the code sequentially and don't have to turn yourself
into a computer and apply operational reasoning of the
style "if when executing this instruction I'm coming
from here it will satisfy this property, but if I am
coming from there it will satisfy that other property,
so in both cases ... it will be true that ... maybe ...
wait a minute... etc.
Department of Computer Science, York University
Slides based on Object Oriented Software Construction
2016-03-22 3:24 AM
3
Linear inspection of loops
 Some people view "break" and "continue" as milder forms
of the goto that do not raise the same problems.
 But in fact these forms are just as bad.
 Note in particular that what makes it possible really to
understand a loop is the notion of loop invariant: a
property that is ensured by the initialization, and maintained
by every iteration. The invariant is like an approximation
of the loop's goal (e.g. if we want to compute the maximum
of a structure -- the final goal -- the invariant states
that Result is the maximum *of the elements seen so far*).
Combined with the loop exit condition (in the example,
"we've now seen all elements") it allows the program reader
to check, through a simple inspection of the loop text,
that the loop is doing its job. The loop variant plays a
complementary role by telling us which decreasing quantity
guarantees that the loop will terminate.
Department of Computer Science, York University
Slides based on Object Oriented Software Construction
2016-03-22 3:24 AM
4
Reason statically not dynamically
 The key point is to be able to reason about a
program statically, i.e. by associating properties
with its text as given, rather than operationally,
i.e. by trying to mimic its execution within your
head.
 Computers are there to execute programs;
humans can't really do it effectively for any nontrivial examples. The one-entry, one-exit structure
helps us do something at which we are much
better: static reasoning based on the simple rules
of logic.
Department of Computer Science, York University
Slides based on Object Oriented Software Construction
2016-03-22 3:24 AM
5
Dijkstra
 In practice it is not surprising that if you have
been used to goto-prone languages you will find it
a bit hard at first to stick to the one-entry, oneexit discipline. I am sure that if you try earnestly
to overcome what initially seems like a hurdle you
will very quickly find that your programming style
improves, that the control structure of your
program becomes simpler, and that your programs
become more readable and maintainable.
 You can find Dijkstra's original paper at
http://www.acm.org/classics/oct95/
Department of Computer Science, York University
Slides based on Object Oriented Software Construction
2016-03-22 3:24 AM
6
C and Java
 It's too bad the designers of C and Java did not
heed its advice. I assume they had their reasons -probably they were afraid to lose programmers
who weren't ready to learn about structured
programming.
 In the case of Eiffel, the goal of helping people
write high-quality programs -- easy to debug, easy
to extend, easy to reuse -- was deemed more
important.
Department of Computer Science, York University
Slides based on Object Oriented Software Construction
2016-03-22 3:24 AM
7
Exceptions and rescue clauses


To make the discussion complete it's necessary to mention
that branching out of the innards of a control structure
*is* necessary in one special case: when you realize,
deep into the computation, that due to some unforeseen
condition you are unable to carry out the algorithm as
expected.
This is why there are exceptions. But in the
Eiffel approach exceptions don't function like goto
instructions: they trigger a different algorithm,
a "rescue" clause, which tries to patch things up
if at all possible. The rescue clause itself is a
one-entry, one-exit structure. (C++/Java exceptions
are also not gotos, but they are based on a different view.)
I hope that this clarifies the reasoning behind
Eiffel's control structures, and that you'll soon
stop regretting the absent "weapons" -- weapons of the
kind that too often turn back to hit those who
fired them.
With best regards,
-- Bertrand Meyer
Department of Computer Science, York University
Slides based on Object Oriented Software Construction
2016-03-22 3:24 AM
8
Error Removal & Code inspections
 Facts and Fallacies of SE, Robert Glass, 2003
 Fact 31: Error removal is the most time
consuming phase of the lifecycle
 Fact 37: Rigorous code inspections are the
closest we have to a silver bullet – inspections
can catch and remove 60-90% of errors.
 Despite this, code inspections are rarely used
(vendors don’t make money from it; gruelling
hard mind-intensive work)
 Is it easier to write or read programs?
 Current metric: 100 LOC/hour plus breaks
Department of Computer Science, York University
Slides based on Object Oriented Software Construction
2016-03-22 3:24 AM
9
Error Removal techniques
 Contracts
 Tests (automated ETester tests are very useful)
 Code inspections
 Both contracts and tests are also forms of
specifications.
 To do a good code inspection, you need a good
specification, which you need to check the
implementation.
 Structured programming significantly enhances
code comprehension and therefore code
inspections.
Department of Computer Science, York University
Slides based on Object Oriented Software Construction
2016-03-22 3:24 AM
10
Download