Re: [vox-tech] loop never exits!

2010-04-22 Thread Brian Lavender
On Thu, Apr 22, 2010 at 09:15:10AM -0700, Brian Lavender wrote:
> On Thu, Apr 22, 2010 at 09:03:23AM -0500, Chanoch (Ken) Bloom wrote:
> > 
> > The following idiom must be used instead:
> > 
> > int* iterator=thearray+itssize;
> > while( iterator-- > thearray){
> >   /* do something with the iterator. */
> > }
> > 
> 
> Very nice. If we had a "Hoare" karma point, I would definitely
> think that this deserves one. 
> 
> Trivia question. 
> 
> What is the link between Charles Hoare and Bertrand Meyer?

Thanks to everyone for their help on this thread. The input certainly
has been helpful and if anything has been a catalyst to consider various
aspects of my code and programming. I am once again one step closer to
finishing my MS Project, assuming the project will eventually terminate!

So, Bertrand Meyer developed Design by Contract, or perhaps coined the
term. It is one of the foundations of Eiffel. 

And, Tony Hoare developed Hoare Logic which can be defined by the
triple {P} C {Q} where P is the set of preconditions,  Q is the set of
postconditions, and C is the set of commands. Using Axioms and inference
rules, one can prove his code correct. This of course proves partial
correctness. For total correctness, one needs to prove termination. So,
the link is that the precondition is {P} in Eiffel and {Q} is the post
condition. 

I took Formal Methods with Dr. Cui Zhang last semester at Sac State,
so this stuff is fresh in my head, assuming I got it right.

brian
-- 
Brian Lavender
http://www.brie.com/brian/

"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."

Professor C. A. R. Hoare
The 1980 Turing award lecture
___
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech


Re: [vox-tech] loop never exits!

2010-04-22 Thread Brian Lavender
On Wed, Apr 21, 2010 at 11:43:49PM +0700, Robert Parker wrote:
> On Wed, Apr 21, 2010 at 11:37 PM, Brian Lavender  wrote:
> > I told the compiler to go through a loop while a certain expression
> > evaluates to true. When the expression evalates to false, the loop
> > should terminate. If I had provided no expression, or I had provided
> > true, or some value that would always evaluate to true, then I would
> > expect the compiler to do as I tell it.
> >
> > I have provided an expression for the loop to terminate that could
> > evaluate to false, yet will never evaluate to false.
> >
> > This determination can be done through static analysis. Hence,
> > I am still convinced that the compiler should issue a warning. Yet,
> > I am still looking for a contradiction to my theory.
> 
> If you are using an open source compiler just download the source and
> rewrite it so that it does what you want instead of just continuing to
> complain about it.

You know, I usually do preliminary research before I start a project.
Assuming that I wanted to implement this fix, I would at least research
a bit. I have never dug into gcc, but someday I will or at least I will
do some work with bison, antlr, or other language development, so don't
underestimate me!

Someone else was thinking along the same line as me and thinks
this is fair warning. I just needed to turn on extra warning flags! In
either case, using "i > -1" or "i >= 0" is detectable by gcc. 

br...@davostro:~/school/Project/practice$ make test_loop
cc -Wextra -Wall -Wtype-limitstest_loop.c   -o test_loop
test_loop.c: In function 'main':
test_loop.c:8: warning: comparison between signed and unsigned integer 
expressions


br...@davostro:~/school/Project/practice$ make test_loop
cc -Wextra -Wall -Wtype-limitstest_loop.c   -o test_loop
test_loop.c: In function 'main':
test_loop.c:8: warning: comparison of unsigned expression >= 0 is always true


-- 
Brian Lavender
http://www.brie.com/brian/

"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."

Professor C. A. R. Hoare
The 1980 Turing award lecture
___
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech


Re: [vox-tech] loop never exits!

2010-04-22 Thread Brian Lavender
On Thu, Apr 22, 2010 at 09:03:23AM -0500, Chanoch (Ken) Bloom wrote:
> 
> The following idiom must be used instead:
> 
> int* iterator=thearray+itssize;
> while( iterator-- > thearray){
>   /* do something with the iterator. */
> }
> 

Very nice. If we had a "Hoare" karma point, I would definitely
think that this deserves one. 

Trivia question. 

What is the link between Charles Hoare and Bertrand Meyer?

brian
-- 
Brian Lavender
http://www.brie.com/brian/

"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."

Professor C. A. R. Hoare
The 1980 Turing award lecture
___
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech


Re: [vox-tech] loop never exits!

2010-04-22 Thread Chanoch (Ken) Bloom
On Wed, 2010-04-21 at 19:20 -0700, Matthew Van Gundy wrote:
> On 4/21/10 3:26 PM, Jeff Newmiller wrote:
> >> There are many ways to skin a cat, here's one:
> >>
> >> void reverse(int forward[], int backward[], unsigned int n) {
> >>unsigned i = n;
> >>while(i-->  0) {
> >>  backward[n-i-1] = forward[i];
> >>}
> >> }
> >
> > This reverses and then re-reverses it.
> 
> Nope, just reverses it once.  I'll admit, it isn't an idiomatic 
> construction, but it uses an unsigned index that counts down to reverse 
> an array since that's what Brian seemed to be after.

The most idiomatic construction in C for writing an iterator is to use
pointer arithmetic. i.e.

int* thearray;
size_t itssize;

for(int* iterator=thearray; iterator=thearray;--iterator){
  /* do something with the iterator */
}

The following idiom must be used instead:

int* iterator=thearray+itssize;
while( iterator-- > thearray){
  /* do something with the iterator. */
}

The asymmetry you're noticing with unsigned int indices is a similar
problem.

___
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech


Re: [vox-tech] loop never exits!

2010-04-22 Thread Brian Lavender
On Wed, Apr 21, 2010 at 08:16:48PM -0700, Brian Lavender wrote:
> On Wed, Apr 21, 2010 at 07:20:26PM -0700, Matthew Van Gundy wrote:
> > On 4/21/10 3:26 PM, Jeff Newmiller wrote:
> > >> There are many ways to skin a cat, here's one:
> > >>
> > >> void reverse(int forward[], int backward[], unsigned int n) {
> > >>unsigned i = n;
> > >>while(i-->  0) {
> > >>  backward[n-i-1] = forward[i];
> > >>}
> > >> }
> > >
> > > This reverses and then re-reverses it.
> > 
> > Nope, just reverses it once.  I'll admit, it isn't an idiomatic 
> > construction, but it uses an unsigned index that counts down to reverse 
> > an array since that's what Brian seemed to be after.
> 
> I just want the equivalent to a reverse iterator. I think using a signed
> index value is the way to go. Then, put an invariant condition on the
> index, so that it is never negative for accessing an element in the array.
> 
> For my program, I am using Gnome's glib's GPtrArray which doens't have an
> iterator feature. I didn't expect that it would. I just used a regular
> array for my posts not to confuse the problem.
> 
> for ( i = NUM_ELEMENTS -1 ; i > 0; i--)
>   // access each element

That of course won't get all the elements. I actually meant to say.

for ( i = NUM_ELEMENTS ; i > 0; i--)
   // access each element

Ugh.

-- 
Brian Lavender
http://www.brie.com/brian/

"For every complex problem there is an answer that is clear, simple, and wrong."
- H. L. Mencken 
___
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech


Re: [vox-tech] loop never exits!

2010-04-21 Thread Brian Lavender
On Wed, Apr 21, 2010 at 07:20:26PM -0700, Matthew Van Gundy wrote:
> On 4/21/10 3:26 PM, Jeff Newmiller wrote:
> >> There are many ways to skin a cat, here's one:
> >>
> >> void reverse(int forward[], int backward[], unsigned int n) {
> >>unsigned i = n;
> >>while(i-->  0) {
> >>  backward[n-i-1] = forward[i];
> >>}
> >> }
> >
> > This reverses and then re-reverses it.
> 
> Nope, just reverses it once.  I'll admit, it isn't an idiomatic 
> construction, but it uses an unsigned index that counts down to reverse 
> an array since that's what Brian seemed to be after.

I just want the equivalent to a reverse iterator. I think using a signed
index value is the way to go. Then, put an invariant condition on the
index, so that it is never negative for accessing an element in the array.

For my program, I am using Gnome's glib's GPtrArray which doens't have an
iterator feature. I didn't expect that it would. I just used a regular
array for my posts not to confuse the problem.

for ( i = NUM_ELEMENTS -1 ; i > 0; i--)
  // access each element

-- 
Brian Lavender
http://www.brie.com/brian/

"For every complex problem there is an answer that is clear, simple, and wrong."
- H. L. Mencken 
___
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech


Re: [vox-tech] loop never exits!

2010-04-21 Thread Matthew Van Gundy
On 4/21/10 3:26 PM, Jeff Newmiller wrote:
>> There are many ways to skin a cat, here's one:
>>
>> void reverse(int forward[], int backward[], unsigned int n) {
>>unsigned i = n;
>>while(i-->  0) {
>>  backward[n-i-1] = forward[i];
>>}
>> }
>
> This reverses and then re-reverses it.

Nope, just reverses it once.  I'll admit, it isn't an idiomatic 
construction, but it uses an unsigned index that counts down to reverse 
an array since that's what Brian seemed to be after.
___
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech


Re: [vox-tech] loop never exits!

2010-04-21 Thread Jeff Newmiller
On Wed, 21 Apr 2010, Matthew Van Gundy wrote:

> On 4/21/10 1:05 PM, Brian Lavender wrote:
>> Well, it seems to me that to reverse a array in C, you are going to have
>> to use a counter and decrement it. And, since C uses zero indexed
>> arrays, it certainly seems to leave me in a quandry whether to use
>> signed or unsigned. We know that an array index should always be zero or
>> greater. Yet, if we use a simple for loop, one has to test for an exit
>> condition. So, what's the solution??? Is it just make the index value
>> "i" signed?
>
> There are many ways to skin a cat, here's one:
>
> void reverse(int forward[], int backward[], unsigned int n) {
>   unsigned i = n;
>   while(i-- > 0) {
> backward[n-i-1] = forward[i];
>   }
> }

This reverses and then re-reverses it.

Two comments:

a) I believe Standard C calls for the use of "int" as the index of arrays, 
and leaves it to the compiler to determine whether that should be "signed 
int" or "unsigned int".  I am not familiar with any compilers that use 
"unsigned int" when "int" is specified (and I suspect it would break a lot 
of code).

This means that when you use an unsigned int there is a conversion to int 
before the index is used. If the value of your unsigned int is greater 
than MAX_INT, then your results are undefined according to Standard C, so 
you should go with the flow and use "int" for indexing arrays.

b) In C, conventional indexed for loops do not stop until the index has 
exited the range of index values that you intend to use in the loop. That 
means there has to be at least one valid index value that falls outside 
your range of interest (as you have discovered for this specific type of 
index counter). If you wish to construct a loop that does not exhibit this 
behavior, you can use a do{}while() loop that ends on the last value used.

---
Jeff NewmillerThe .   .  Go Live...
DCN:Basics: ##.#.   ##.#.  Live Go...
   Live:   OO#.. Dead: OO#..  Playing
Research Engineer (Solar/BatteriesO.O#.   #.O#.  with
/Software/Embedded Controllers)   .OO#.   .OO#.  rocks...2k
---
___
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech


Re: [vox-tech] loop never exits!

2010-04-21 Thread Matthew Van Gundy
On 4/21/10 1:05 PM, Brian Lavender wrote:
> Well, it seems to me that to reverse a array in C, you are going to have
> to use a counter and decrement it. And, since C uses zero indexed
> arrays, it certainly seems to leave me in a quandry whether to use
> signed or unsigned. We know that an array index should always be zero or
> greater. Yet, if we use a simple for loop, one has to test for an exit
> condition. So, what's the solution??? Is it just make the index value
> "i" signed?

There are many ways to skin a cat, here's one:

void reverse(int forward[], int backward[], unsigned int n) {
   unsigned i = n;
   while(i-- > 0) {
 backward[n-i-1] = forward[i];
   }
}
___
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech


Re: [vox-tech] loop never exits!

2010-04-21 Thread Brian Lavender
Well, it seems to me that to reverse a array in C, you are going to have
to use a counter and decrement it. And, since C uses zero indexed
arrays, it certainly seems to leave me in a quandry whether to use
signed or unsigned. We know that an array index should always be zero or
greater. Yet, if we use a simple for loop, one has to test for an exit
condition. So, what's the solution??? Is it just make the index value
"i" signed?

Below is some Pascal code that goes in reverse. You can see, the reverse
loop is much cleaner and easier to understand using the following for
loop to go in reverse. 

for count := MaxIndex downto 1 do
begin
  // reference array elements here
end;

Is there a way to do this in C that is so clear? I believe that Pascal
even has a flag to tell if your array index is out bounds. I am not sure
how to enable that though.

I found this article. I haven't read it yet, but it certainly appears
interesting.

http://www.doc.ic.ac.uk/~phjk/BoundsChecking.html


program hello;

{$mode objfpc}{$H+}

uses
  {$IFDEF UNIX}{$IFDEF UseCThreads}
  cthreads,
  {$ENDIF}{$ENDIF}
  Classes,
  sysutils
  { you can add units after this };

{$IFDEF WINDOWS}{$R hello.rc}{$ENDIF}

const MaxIndex = 5;
type
Index = 1 .. MaxIndex;
MyArray1 = array[Index] of integer;

var
   count: Integer;
   nums: MyArray1;

begin
  nums[1] := 12;
  nums[2] := 24;
  nums[3] := 36;
  nums[4] := 48;
  nums[5] := 60;

  writeln('The elements in reverse order');

  for count := MaxIndex downto 1 do
  begin
writeln(Format('element %d is %d',[Count, nums[Count]]) );
  end;

  readln;

end.

On Wed, Apr 21, 2010 at 12:20:14PM -0700, Jeff Newmiler wrote:
> This desire for compiler warnings that DWIM rather than DWIS have been around 
> for a long time, and the usual reply from the compiler coders has been along 
> the lines of "go run lint if you need help interpreting your legal code".
> 
> Given your use of unsigned variables, replacing "i >=0" with "1" is exactly 
> what optimizers are supposed to do., because writing code more verbosely than 
> necessary is a documentation decision that only the programmer can make. 
> 
> Brian Lavender  wrote:
> 
> >I told the compiler to go through a loop while a certain expression
> >evaluates to true. When the expression evalates to false, the loop
> >should terminate. If I had provided no expression, or I had provided
> >true, or some value that would always evaluate to true, then I would
> >expect the compiler to do as I tell it.
> >
> >I have provided an expression for the loop to terminate that could
> >evaluate to false, yet will never evaluate to false.
> >
> >This determination can be done through static analysis. Hence,
> >I am still convinced that the compiler should issue a warning. Yet,
> >I am still looking for a contradiction to my theory.
> >
> >
> >
> >
> >On Tue, Apr 20, 2010 at 08:30:42PM -0700, Matthew Holland wrote:
> >> It's not the compiler's job to tell you what you want, it's your job
> >> to tell it!  The -Wall flag doesn't mean, "warn me about every
> >> possible stupid construct I can come up with."
> >> 
> >> In all seriousness, if you don't get over using a "greater than or
> >> equal" construct for loop termination, you're going to be in a world
> >> of hurt if STL containers ever cross your transom.  Just don't do
> >> that, and everything will be fine.
> >> 
> >> Matt
> >> 
> >> On Tue, Apr 20, 2010 at 7:44 PM, Brian Lavender  wrote:
> >> > On Tue, Apr 20, 2010 at 06:54:33PM -0700, Bill Broadley wrote:
> >> >> On 04/20/2010 06:37 PM, Brian Lavender wrote:
> >> >> > Our new guy (forget his name, doh!) and I figured out the problem with
> >> >> > my loop that would count down, but not terminate. Turns out I was 
> >> >> > using
> >> >> > an unsigned integer for my counter in my for loop and it is always
> >> >> > greater than zero (Example 1).
> >> >>
> >> >> No, it's not always greater than zero.  Your test says i>=0 so if it's
> >> >> greater than or equal to zero it continues.  Seems like you want i>0.
> >> >
> >> > Sorry, I meant to say it's always greater than or equal than zero. zero
> >> > minus 1 is 4294967295 (0x) on a 32 bit machine. It can never go
> >> > negative because it is unsigned and the loop will never terminate. Thus,
> >> > I am thinking that the compiler could catch this due to the fact that i
> >> > is unsigned. I wanted to print out the reverse of an array.
> >> >
> >> > If you run the following, the loop will never terminate.
> >> >
> >> > #include 
> >> >
> >> > int main() {
> >> >  int a[] = {5,6,8,3,4};
> >> >  unsigned int i;
> >> >
> >> >
> >> >  for (i= (sizeof(a) -1)/sizeof(int) ; i >= 0; i--) {
> >> >    printf("%d\n",a[i]);
> >> >  }
> >> >
> >> >  return 0;
> >> > }
> >> >
> >> >>
> >> >> > Funny thing is that -Wall didn't catch this. Seems that -Wall could
> >> >> > catch this assuming that we want to loop to terminate. Any thoughts?
> >> >>
> >> >> Seems strange, but legal to do what you wanted.
> >> >>
> >> >> > Say 

Re: [vox-tech] loop never exits!

2010-04-21 Thread Jeff Newmiler
This desire for compiler warnings that DWIM rather than DWIS have been around 
for a long time, and the usual reply from the compiler coders has been along 
the lines of "go run lint if you need help interpreting your legal code".

Given your use of unsigned variables, replacing "i >=0" with "1" is exactly 
what optimizers are supposed to do., because writing code more verbosely than 
necessary is a documentation decision that only the programmer can make. 

Brian Lavender  wrote:

>I told the compiler to go through a loop while a certain expression
>evaluates to true. When the expression evalates to false, the loop
>should terminate. If I had provided no expression, or I had provided
>true, or some value that would always evaluate to true, then I would
>expect the compiler to do as I tell it.
>
>I have provided an expression for the loop to terminate that could
>evaluate to false, yet will never evaluate to false.
>
>This determination can be done through static analysis. Hence,
>I am still convinced that the compiler should issue a warning. Yet,
>I am still looking for a contradiction to my theory.
>
>
>
>
>On Tue, Apr 20, 2010 at 08:30:42PM -0700, Matthew Holland wrote:
>> It's not the compiler's job to tell you what you want, it's your job
>> to tell it!  The -Wall flag doesn't mean, "warn me about every
>> possible stupid construct I can come up with."
>> 
>> In all seriousness, if you don't get over using a "greater than or
>> equal" construct for loop termination, you're going to be in a world
>> of hurt if STL containers ever cross your transom.  Just don't do
>> that, and everything will be fine.
>> 
>> Matt
>> 
>> On Tue, Apr 20, 2010 at 7:44 PM, Brian Lavender  wrote:
>> > On Tue, Apr 20, 2010 at 06:54:33PM -0700, Bill Broadley wrote:
>> >> On 04/20/2010 06:37 PM, Brian Lavender wrote:
>> >> > Our new guy (forget his name, doh!) and I figured out the problem with
>> >> > my loop that would count down, but not terminate. Turns out I was using
>> >> > an unsigned integer for my counter in my for loop and it is always
>> >> > greater than zero (Example 1).
>> >>
>> >> No, it's not always greater than zero.  Your test says i>=0 so if it's
>> >> greater than or equal to zero it continues.  Seems like you want i>0.
>> >
>> > Sorry, I meant to say it's always greater than or equal than zero. zero
>> > minus 1 is 4294967295 (0x) on a 32 bit machine. It can never go
>> > negative because it is unsigned and the loop will never terminate. Thus,
>> > I am thinking that the compiler could catch this due to the fact that i
>> > is unsigned. I wanted to print out the reverse of an array.
>> >
>> > If you run the following, the loop will never terminate.
>> >
>> > #include 
>> >
>> > int main() {
>> >  int a[] = {5,6,8,3,4};
>> >  unsigned int i;
>> >
>> >
>> >  for (i= (sizeof(a) -1)/sizeof(int) ; i >= 0; i--) {
>> >    printf("%d\n",a[i]);
>> >  }
>> >
>> >  return 0;
>> > }
>> >
>> >>
>> >> > Funny thing is that -Wall didn't catch this. Seems that -Wall could
>> >> > catch this assuming that we want to loop to terminate. Any thoughts?
>> >>
>> >> Seems strange, but legal to do what you wanted.
>> >>
>> >> > Say the compiler gave a warning, would that mess up the "for (;;)"
>> >> > construct shown in Example 2?
>> >> >
>> >> > brian
>> >> >
>> >> > // Example 1
>> >> > // Loop never terminates
>> >> > #include
>> >> >
>> >> > int main() {
>> >> >    unsigned int i, num=50;
>> >> >
>> >> >
>> >> >    for (i= num ; i>= 0; i--) {
>> >> >      printf("%u\n",i);
>> >> >    }
>> >> >
>> >> >    return 0;
>> >> > }
>> >> >
>> >> > // Example 2
>> >> > // Purposely never terminates
>> >> > #include
>> >> >
>> >> > int main() {
>> >> >    for (;;) {
>> >> >      printf("Hello forever\n");
>> >> >     }
>> >> >     return 0;
>> >> > }
>> >
>> >
>> >
>> > --
>> > Brian Lavender
>> > http://www.brie.com/brian/
>> >
>> > "For every complex problem there is an answer that is clear, simple, and 
>> > wrong."
>> > - H. L. Mencken
>> > ___
>> > vox-tech mailing list
>> > vox-tech@lists.lugod.org
>> > http://lists.lugod.org/mailman/listinfo/vox-tech
>> >
>> ___
>> vox-tech mailing list
>> vox-tech@lists.lugod.org
>> http://lists.lugod.org/mailman/listinfo/vox-tech
>
>-- 
>Brian Lavender
>http://www.brie.com/brian/
>
>"For every complex problem there is an answer that is clear, simple, and 
>wrong."
>- H. L. Mencken 
>___
>vox-tech mailing list
>vox-tech@lists.lugod.org
>http://lists.lugod.org/mailman/listinfo/vox-tech
___
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech


Re: [vox-tech] loop never exits!

2010-04-21 Thread Brian Lavender
On Wed, Apr 21, 2010 at 10:19:34AM -0700, Harold Lee wrote:
> I've used static analysis tools before, and they find many many more
> bugs than compilers do.
> 
> http://en.wikipedia.org/wiki/List_of_tools_for_static_code_analysis
> 
> They list tools for Python, Perl, PHP and JavaScript, proving that
> dynamic languages can be safe too. These tools go much farther than a
> type system by following the data flow in and out of functions.
> 
> http://stackoverflow.com/questions/141498/what-open-source-c-static-analysis-tools-are-available
> 
> It looks like the OSS splint program would find that infinite loop -
> see the example here:
> http://en.wikipedia.org/wiki/Splint_%28programming_tool%29

splint certainly provides useful output. I changed my code around so
that the boundary condition would be -1 and use greater than. As splint
warns, 0 could be confusing.

I rant splint on both. In the case of the boundary condition -1 
(Version 2), it warns that I am using two different types in my 
compare. Very nice. 

brian


// Version 1. Compare to zero
#include 

int main() {
  int a[] = {5,6,8,3,4};
  unsigned int i;


  // Compares to 0 
  for (i= (sizeof(a) -1)/sizeof(int) ; i >= 0; i--) {
printf("%d\n",a[i]);
  }

  return 0;
}

br...@lamaquina:~/school/Project/practice$ splint test_loop.c
Splint 3.1.2 --- 03 May 2009

test_loop.c: (in function main)
test_loop.c:8:8: Assignment of arbitrary unsigned integral type to unsigned
int: i = (sizeof((a)) - 1) / sizeof(int)
  To ignore type qualifiers in type comparisons use +ignorequals.
test_loop.c:8:40: Comparison of unsigned value involving zero: i >= 0
  An unsigned value is used in a comparison with zero in a way that is either a
  bug or confusing. (Use -unsignedcompare to inhibit warning)

Finished checking --- 2 code warnings



// Version 2
#include 

int main() {
  int a[] = {5,6,8,3,4};
  unsigned int i;


  // Version 2. Compare to -1 
  for (i= (sizeof(a) -1)/sizeof(int) ; i > -1; i--) {
printf("%d\n",a[i]);
  }

  return 0;
}

br...@lamaquina:~/school/Project/practice$ splint test_loop.c
Splint 3.1.2 --- 03 May 2009

test_loop.c: (in function main)
test_loop.c:8:8: Assignment of arbitrary unsigned integral type to unsigned
int: i = (sizeof((a)) - 1) / sizeof(int)
  To ignore type qualifiers in type comparisons use +ignorequals.
test_loop.c:8:40: Operands of > have incompatible types (unsigned int, int):
 i > -1
  To ignore signs in type comparisons use +ignoresigns

Finished checking --- 2 code warnings

-- 
Brian Lavender
http://www.brie.com/brian/

"For every complex problem there is an answer that is clear, simple, and wrong."
- H. L. Mencken 
___
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech


Re: [vox-tech] loop never exits!

2010-04-21 Thread Harold Lee
I've used static analysis tools before, and they find many many more
bugs than compilers do.

http://en.wikipedia.org/wiki/List_of_tools_for_static_code_analysis

They list tools for Python, Perl, PHP and JavaScript, proving that
dynamic languages can be safe too. These tools go much farther than a
type system by following the data flow in and out of functions.

http://stackoverflow.com/questions/141498/what-open-source-c-static-analysis-tools-are-available

It looks like the OSS splint program would find that infinite loop -
see the example here:
http://en.wikipedia.org/wiki/Splint_%28programming_tool%29

Harold
___
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech


Re: [vox-tech] loop never exits!

2010-04-21 Thread Robert Parker
On Wed, Apr 21, 2010 at 11:37 PM, Brian Lavender  wrote:
> I told the compiler to go through a loop while a certain expression
> evaluates to true. When the expression evalates to false, the loop
> should terminate. If I had provided no expression, or I had provided
> true, or some value that would always evaluate to true, then I would
> expect the compiler to do as I tell it.
>
> I have provided an expression for the loop to terminate that could
> evaluate to false, yet will never evaluate to false.
>
> This determination can be done through static analysis. Hence,
> I am still convinced that the compiler should issue a warning. Yet,
> I am still looking for a contradiction to my theory.

If you are using an open source compiler just download the source and
rewrite it so that it does what you want instead of just continuing to
complain about it.

-- 
Politician: That which will happily sacrifice your interests including
your life if need be in pursuit of its pipe dreams.
___
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech


Re: [vox-tech] loop never exits!

2010-04-21 Thread Matthew Holland
But you did provide an expression that always evaluates to true.  The
fact that it wasn't obvious to you that this was the case doesn't mean
that the compiler should warn you about it.

On Wed, Apr 21, 2010 at 9:37 AM, Brian Lavender  wrote:
> I told the compiler to go through a loop while a certain expression
> evaluates to true. When the expression evalates to false, the loop
> should terminate. If I had provided no expression, or I had provided
> true, or some value that would always evaluate to true, then I would
> expect the compiler to do as I tell it.
>
> I have provided an expression for the loop to terminate that could
> evaluate to false, yet will never evaluate to false.
>
> This determination can be done through static analysis. Hence,
> I am still convinced that the compiler should issue a warning. Yet,
> I am still looking for a contradiction to my theory.
>
>
>
>
> On Tue, Apr 20, 2010 at 08:30:42PM -0700, Matthew Holland wrote:
>> It's not the compiler's job to tell you what you want, it's your job
>> to tell it!  The -Wall flag doesn't mean, "warn me about every
>> possible stupid construct I can come up with."
>>
>> In all seriousness, if you don't get over using a "greater than or
>> equal" construct for loop termination, you're going to be in a world
>> of hurt if STL containers ever cross your transom.  Just don't do
>> that, and everything will be fine.
>>
>> Matt
>>
>> On Tue, Apr 20, 2010 at 7:44 PM, Brian Lavender  wrote:
>> > On Tue, Apr 20, 2010 at 06:54:33PM -0700, Bill Broadley wrote:
>> >> On 04/20/2010 06:37 PM, Brian Lavender wrote:
>> >> > Our new guy (forget his name, doh!) and I figured out the problem with
>> >> > my loop that would count down, but not terminate. Turns out I was using
>> >> > an unsigned integer for my counter in my for loop and it is always
>> >> > greater than zero (Example 1).
>> >>
>> >> No, it's not always greater than zero.  Your test says i>=0 so if it's
>> >> greater than or equal to zero it continues.  Seems like you want i>0.
>> >
>> > Sorry, I meant to say it's always greater than or equal than zero. zero
>> > minus 1 is 4294967295 (0x) on a 32 bit machine. It can never go
>> > negative because it is unsigned and the loop will never terminate. Thus,
>> > I am thinking that the compiler could catch this due to the fact that i
>> > is unsigned. I wanted to print out the reverse of an array.
>> >
>> > If you run the following, the loop will never terminate.
>> >
>> > #include 
>> >
>> > int main() {
>> >  int a[] = {5,6,8,3,4};
>> >  unsigned int i;
>> >
>> >
>> >  for (i= (sizeof(a) -1)/sizeof(int) ; i >= 0; i--) {
>> >    printf("%d\n",a[i]);
>> >  }
>> >
>> >  return 0;
>> > }
>> >
>> >>
>> >> > Funny thing is that -Wall didn't catch this. Seems that -Wall could
>> >> > catch this assuming that we want to loop to terminate. Any thoughts?
>> >>
>> >> Seems strange, but legal to do what you wanted.
>> >>
>> >> > Say the compiler gave a warning, would that mess up the "for (;;)"
>> >> > construct shown in Example 2?
>> >> >
>> >> > brian
>> >> >
>> >> > // Example 1
>> >> > // Loop never terminates
>> >> > #include
>> >> >
>> >> > int main() {
>> >> >    unsigned int i, num=50;
>> >> >
>> >> >
>> >> >    for (i= num ; i>= 0; i--) {
>> >> >      printf("%u\n",i);
>> >> >    }
>> >> >
>> >> >    return 0;
>> >> > }
>> >> >
>> >> > // Example 2
>> >> > // Purposely never terminates
>> >> > #include
>> >> >
>> >> > int main() {
>> >> >    for (;;) {
>> >> >      printf("Hello forever\n");
>> >> >     }
>> >> >     return 0;
>> >> > }
>> >
>> >
>> >
>> > --
>> > Brian Lavender
>> > http://www.brie.com/brian/
>> >
>> > "For every complex problem there is an answer that is clear, simple, and 
>> > wrong."
>> > - H. L. Mencken
>> > ___
>> > vox-tech mailing list
>> > vox-tech@lists.lugod.org
>> > http://lists.lugod.org/mailman/listinfo/vox-tech
>> >
>> ___
>> vox-tech mailing list
>> vox-tech@lists.lugod.org
>> http://lists.lugod.org/mailman/listinfo/vox-tech
>
> --
> Brian Lavender
> http://www.brie.com/brian/
>
> "For every complex problem there is an answer that is clear, simple, and 
> wrong."
> - H. L. Mencken
> ___
> vox-tech mailing list
> vox-tech@lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox-tech
>
___
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech


Re: [vox-tech] loop never exits!

2010-04-21 Thread Brian Lavender
I told the compiler to go through a loop while a certain expression
evaluates to true. When the expression evalates to false, the loop
should terminate. If I had provided no expression, or I had provided
true, or some value that would always evaluate to true, then I would
expect the compiler to do as I tell it.

I have provided an expression for the loop to terminate that could
evaluate to false, yet will never evaluate to false.

This determination can be done through static analysis. Hence,
I am still convinced that the compiler should issue a warning. Yet,
I am still looking for a contradiction to my theory.




On Tue, Apr 20, 2010 at 08:30:42PM -0700, Matthew Holland wrote:
> It's not the compiler's job to tell you what you want, it's your job
> to tell it!  The -Wall flag doesn't mean, "warn me about every
> possible stupid construct I can come up with."
> 
> In all seriousness, if you don't get over using a "greater than or
> equal" construct for loop termination, you're going to be in a world
> of hurt if STL containers ever cross your transom.  Just don't do
> that, and everything will be fine.
> 
> Matt
> 
> On Tue, Apr 20, 2010 at 7:44 PM, Brian Lavender  wrote:
> > On Tue, Apr 20, 2010 at 06:54:33PM -0700, Bill Broadley wrote:
> >> On 04/20/2010 06:37 PM, Brian Lavender wrote:
> >> > Our new guy (forget his name, doh!) and I figured out the problem with
> >> > my loop that would count down, but not terminate. Turns out I was using
> >> > an unsigned integer for my counter in my for loop and it is always
> >> > greater than zero (Example 1).
> >>
> >> No, it's not always greater than zero.  Your test says i>=0 so if it's
> >> greater than or equal to zero it continues.  Seems like you want i>0.
> >
> > Sorry, I meant to say it's always greater than or equal than zero. zero
> > minus 1 is 4294967295 (0x) on a 32 bit machine. It can never go
> > negative because it is unsigned and the loop will never terminate. Thus,
> > I am thinking that the compiler could catch this due to the fact that i
> > is unsigned. I wanted to print out the reverse of an array.
> >
> > If you run the following, the loop will never terminate.
> >
> > #include 
> >
> > int main() {
> >  int a[] = {5,6,8,3,4};
> >  unsigned int i;
> >
> >
> >  for (i= (sizeof(a) -1)/sizeof(int) ; i >= 0; i--) {
> >    printf("%d\n",a[i]);
> >  }
> >
> >  return 0;
> > }
> >
> >>
> >> > Funny thing is that -Wall didn't catch this. Seems that -Wall could
> >> > catch this assuming that we want to loop to terminate. Any thoughts?
> >>
> >> Seems strange, but legal to do what you wanted.
> >>
> >> > Say the compiler gave a warning, would that mess up the "for (;;)"
> >> > construct shown in Example 2?
> >> >
> >> > brian
> >> >
> >> > // Example 1
> >> > // Loop never terminates
> >> > #include
> >> >
> >> > int main() {
> >> >    unsigned int i, num=50;
> >> >
> >> >
> >> >    for (i= num ; i>= 0; i--) {
> >> >      printf("%u\n",i);
> >> >    }
> >> >
> >> >    return 0;
> >> > }
> >> >
> >> > // Example 2
> >> > // Purposely never terminates
> >> > #include
> >> >
> >> > int main() {
> >> >    for (;;) {
> >> >      printf("Hello forever\n");
> >> >     }
> >> >     return 0;
> >> > }
> >
> >
> >
> > --
> > Brian Lavender
> > http://www.brie.com/brian/
> >
> > "For every complex problem there is an answer that is clear, simple, and 
> > wrong."
> > - H. L. Mencken
> > ___
> > vox-tech mailing list
> > vox-tech@lists.lugod.org
> > http://lists.lugod.org/mailman/listinfo/vox-tech
> >
> ___
> vox-tech mailing list
> vox-tech@lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox-tech

-- 
Brian Lavender
http://www.brie.com/brian/

"For every complex problem there is an answer that is clear, simple, and wrong."
- H. L. Mencken 
___
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech


Re: [vox-tech] loop never exits!

2010-04-20 Thread Matthew Holland
It's not the compiler's job to tell you what you want, it's your job
to tell it!  The -Wall flag doesn't mean, "warn me about every
possible stupid construct I can come up with."

In all seriousness, if you don't get over using a "greater than or
equal" construct for loop termination, you're going to be in a world
of hurt if STL containers ever cross your transom.  Just don't do
that, and everything will be fine.

Matt

On Tue, Apr 20, 2010 at 7:44 PM, Brian Lavender  wrote:
> On Tue, Apr 20, 2010 at 06:54:33PM -0700, Bill Broadley wrote:
>> On 04/20/2010 06:37 PM, Brian Lavender wrote:
>> > Our new guy (forget his name, doh!) and I figured out the problem with
>> > my loop that would count down, but not terminate. Turns out I was using
>> > an unsigned integer for my counter in my for loop and it is always
>> > greater than zero (Example 1).
>>
>> No, it's not always greater than zero.  Your test says i>=0 so if it's
>> greater than or equal to zero it continues.  Seems like you want i>0.
>
> Sorry, I meant to say it's always greater than or equal than zero. zero
> minus 1 is 4294967295 (0x) on a 32 bit machine. It can never go
> negative because it is unsigned and the loop will never terminate. Thus,
> I am thinking that the compiler could catch this due to the fact that i
> is unsigned. I wanted to print out the reverse of an array.
>
> If you run the following, the loop will never terminate.
>
> #include 
>
> int main() {
>  int a[] = {5,6,8,3,4};
>  unsigned int i;
>
>
>  for (i= (sizeof(a) -1)/sizeof(int) ; i >= 0; i--) {
>    printf("%d\n",a[i]);
>  }
>
>  return 0;
> }
>
>>
>> > Funny thing is that -Wall didn't catch this. Seems that -Wall could
>> > catch this assuming that we want to loop to terminate. Any thoughts?
>>
>> Seems strange, but legal to do what you wanted.
>>
>> > Say the compiler gave a warning, would that mess up the "for (;;)"
>> > construct shown in Example 2?
>> >
>> > brian
>> >
>> > // Example 1
>> > // Loop never terminates
>> > #include
>> >
>> > int main() {
>> >    unsigned int i, num=50;
>> >
>> >
>> >    for (i= num ; i>= 0; i--) {
>> >      printf("%u\n",i);
>> >    }
>> >
>> >    return 0;
>> > }
>> >
>> > // Example 2
>> > // Purposely never terminates
>> > #include
>> >
>> > int main() {
>> >    for (;;) {
>> >      printf("Hello forever\n");
>> >     }
>> >     return 0;
>> > }
>
>
>
> --
> Brian Lavender
> http://www.brie.com/brian/
>
> "For every complex problem there is an answer that is clear, simple, and 
> wrong."
> - H. L. Mencken
> ___
> vox-tech mailing list
> vox-tech@lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox-tech
>
___
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech


Re: [vox-tech] loop never exits!

2010-04-20 Thread Jeff Newmiler
Actually, it is likely that the compiler did notice, and optimized your 
unsigned comparison away completely, effectively leaving a true infinite loop 
in the machine code.

Brian Lavender  wrote:

>On Tue, Apr 20, 2010 at 06:54:33PM -0700, Bill Broadley wrote:
>> On 04/20/2010 06:37 PM, Brian Lavender wrote:
>> > Our new guy (forget his name, doh!) and I figured out the problem with
>> > my loop that would count down, but not terminate. Turns out I was using
>> > an unsigned integer for my counter in my for loop and it is always
>> > greater than zero (Example 1).
>> 
>> No, it's not always greater than zero.  Your test says i>=0 so if it's 
>> greater than or equal to zero it continues.  Seems like you want i>0.
>
>Sorry, I meant to say it's always greater than or equal than zero. zero
>minus 1 is 4294967295 (0x) on a 32 bit machine. It can never go
>negative because it is unsigned and the loop will never terminate. Thus,
>I am thinking that the compiler could catch this due to the fact that i
>is unsigned. I wanted to print out the reverse of an array. 
>
>If you run the following, the loop will never terminate.
>
>#include 
>
>int main() {
>  int a[] = {5,6,8,3,4};
>  unsigned int i;
>
>
>  for (i= (sizeof(a) -1)/sizeof(int) ; i >= 0; i--) {
>printf("%d\n",a[i]);
>  }
>
>  return 0;
>}
>
>> 
>> > Funny thing is that -Wall didn't catch this. Seems that -Wall could
>> > catch this assuming that we want to loop to terminate. Any thoughts?
>> 
>> Seems strange, but legal to do what you wanted.
>> 
>> > Say the compiler gave a warning, would that mess up the "for (;;)"
>> > construct shown in Example 2?
>> >
>> > brian
>> >
>> > // Example 1
>> > // Loop never terminates
>> > #include
>> >
>> > int main() {
>> >unsigned int i, num=50;
>> >
>> >
>> >for (i= num ; i>= 0; i--) {
>> >  printf("%u\n",i);
>> >}
>> >
>> >return 0;
>> > }
>> >
>> > // Example 2
>> > // Purposely never terminates
>> > #include
>> >
>> > int main() {
>> >for (;;) {
>> >  printf("Hello forever\n");
>> > }
>> > return 0;
>> > }
>
>
>
>-- 
>Brian Lavender
>http://www.brie.com/brian/
>
>"For every complex problem there is an answer that is clear, simple, and 
>wrong."
>- H. L. Mencken 
>___
>vox-tech mailing list
>vox-tech@lists.lugod.org
>http://lists.lugod.org/mailman/listinfo/vox-tech
___
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech


Re: [vox-tech] loop never exits!

2010-04-20 Thread Matthew Van Gundy
On 4/20/10 7:44 PM, Brian Lavender wrote:
> Thus, I am thinking that the compiler could catch this due to the
> fact that i is unsigned. I wanted to print out the reverse of an
> array.

The problem with this is two-fold.  First, writing a loop that may never 
terminate isn't necessarily a bug -- consider any daemon process. 
Second, determining whether or not a loop terminates is, in general, 
undecidable.  Therefore, it is fundamentally impossible to create a 
compiler that could make this determination for all possible programs.

... back to dreaming that computers knew what I wanted, rather than what 
I've instructed them to do...

Matt
___
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech


Re: [vox-tech] loop never exits!

2010-04-20 Thread Brian Lavender
On Tue, Apr 20, 2010 at 06:54:33PM -0700, Bill Broadley wrote:
> On 04/20/2010 06:37 PM, Brian Lavender wrote:
> > Our new guy (forget his name, doh!) and I figured out the problem with
> > my loop that would count down, but not terminate. Turns out I was using
> > an unsigned integer for my counter in my for loop and it is always
> > greater than zero (Example 1).
> 
> No, it's not always greater than zero.  Your test says i>=0 so if it's 
> greater than or equal to zero it continues.  Seems like you want i>0.

Sorry, I meant to say it's always greater than or equal than zero. zero
minus 1 is 4294967295 (0x) on a 32 bit machine. It can never go
negative because it is unsigned and the loop will never terminate. Thus,
I am thinking that the compiler could catch this due to the fact that i
is unsigned. I wanted to print out the reverse of an array. 

If you run the following, the loop will never terminate.

#include 

int main() {
  int a[] = {5,6,8,3,4};
  unsigned int i;


  for (i= (sizeof(a) -1)/sizeof(int) ; i >= 0; i--) {
printf("%d\n",a[i]);
  }

  return 0;
}

> 
> > Funny thing is that -Wall didn't catch this. Seems that -Wall could
> > catch this assuming that we want to loop to terminate. Any thoughts?
> 
> Seems strange, but legal to do what you wanted.
> 
> > Say the compiler gave a warning, would that mess up the "for (;;)"
> > construct shown in Example 2?
> >
> > brian
> >
> > // Example 1
> > // Loop never terminates
> > #include
> >
> > int main() {
> >unsigned int i, num=50;
> >
> >
> >for (i= num ; i>= 0; i--) {
> >  printf("%u\n",i);
> >}
> >
> >return 0;
> > }
> >
> > // Example 2
> > // Purposely never terminates
> > #include
> >
> > int main() {
> >for (;;) {
> >  printf("Hello forever\n");
> > }
> > return 0;
> > }



-- 
Brian Lavender
http://www.brie.com/brian/

"For every complex problem there is an answer that is clear, simple, and wrong."
- H. L. Mencken 
___
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech


Re: [vox-tech] loop never exits!

2010-04-20 Thread Bill Broadley
On 04/20/2010 06:37 PM, Brian Lavender wrote:
> Our new guy (forget his name, doh!) and I figured out the problem with
> my loop that would count down, but not terminate. Turns out I was using
> an unsigned integer for my counter in my for loop and it is always
> greater than zero (Example 1).

No, it's not always greater than zero.  Your test says i>=0 so if it's 
greater than or equal to zero it continues.  Seems like you want i>0.

> Funny thing is that -Wall didn't catch this. Seems that -Wall could
> catch this assuming that we want to loop to terminate. Any thoughts?

Seems strange, but legal to do what you wanted.

> Say the compiler gave a warning, would that mess up the "for (;;)"
> construct shown in Example 2?
>
> brian
>
> // Example 1
> // Loop never terminates
> #include
>
> int main() {
>unsigned int i, num=50;
>
>
>for (i= num ; i>= 0; i--) {
>  printf("%u\n",i);
>}
>
>return 0;
> }
>
> // Example 2
> // Purposely never terminates
> #include
>
> int main() {
>for (;;) {
>  printf("Hello forever\n");
> }
> return 0;
> }

___
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech