Newsgroups: comp.lang.scheme Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!caen!news.cs.indiana.edu!hieb@heston.cs.indiana.edu From: Robert Hieb Subject: Re: Fixing the order of evaluation. Minimizing the unexpected. Message-ID: <1991Apr10.173308.4035@news.cs.indiana.edu> Organization: Computer Science, Indiana University References: <9104101634.AA24470@garlic.Stanford.EDU> Date: Wed, 10 Apr 91 17:32:51 EST mkatz@garlic.stanford.EDU (Morris Katz) writes: > ((lambda (a b) -X-) -A- -B-) = ((lambda (b a) -X-) -B- -A-). > [1] But, in an imperative language, it *already* isn't; never mind the > lambda's, the arguments have to be evaluated in *some* order, and different > orders may may a difference. So [1] is a lost cause. >Not true! If argument evaluation order is unspecified then only an incorrect >program will file to meet property [1] Not not true! I find no such stipulation in R^3.99RS. It simply says that the order of evaluation of the operator and operand expressions of a procedure call is unspecified. So, for instance, assuming a pseudo-random number generator, ((lambda (a b) (cons a b)) (random) (random)) may be perfectly "correct" without being equivalent to ((lambda (b a) (cons a b)) (random) (random)) Presumably one does not care exactly what one gets for "a" and "b." Yet one might still wish to get the same thing when one runs the program on different Scheme systems, or different versions of the same Scheme system. In the end, the strongest argument for complete language specification is verification by testing, rather than verification by proof. If one is trying to prove a program is correct by more or less formal methods, one can start by establishing that the program doesn't rely on unspecified behavior. Then one can proceed with a simpler proof that doesn't take into account argument evaluation order, or other such unpleasant realities. However, such techniques are finally unsatisfactory, no matter how formal. There is no reason to assume that a proof will be simpler than a program, after all. One must prove the proof, prove that the program is implemented as specified, etc. And do so again each time the program is modified. There is no substitute for testing a program. The confidence attained by testing is proportional to the completeness of the language specification. I guess no one will ever want to use Scheme to control airplanes or power plants so we don't have to worry about that...