Path: utzoo!attcan!uunet!husc6!rutgers!njin!princeton!phoenix!pucc!EGNILGES
From: EGNILGES@pucc.Princeton.EDU (Ed Nilges)
Newsgroups: comp.software-eng
Subject: Re: Soft-Eng digest v5n20
Message-ID: <5731@pucc.Princeton.EDU>
Date: 25 Jul 88 17:30:55 GMT
References: <8807242334.AA17883@mitre.arpa>
Reply-To: EGNILGES@pucc.Princeton.EDU
Organization: Princeton University, NJ
Lines: 60
Disclaimer: Author bears full responsibility for contents of this article

IN Soft-Eng digest v5n20 , PAAAAAR%CALSTATE.BITNET@cunyvm.cuny.edu
writes:
>
>
>There are other kinds of comments.
>Many text books and papers state that you should
>write *assertions* which state what you want to be true at that
>point in the program.  These are harder to write (almost impossible)
>but are helpful for (1) proving that the current level does what it is supposed
>to and (2) specifying what each step needs to have do at the next level of
>refinement.
>        There are about 5 people world wide who use assertions in this way
>        and they all earn their cash by writing books about programming not by
>        programming...
>        :-)
 
 
The attitude evidenced by this posting is one of the reasons why software
continues to be late and hard to maintain.  Assertions are only
impossible to write when the software has not been designed in
a structured and modular fashion.
 
The Microsoft C compiler provides the following function in its run
time library:
 
     #include <assert.h>
 
     void assert(expression)
 
     "The assert routine prints a diagnostic message and terminates
      the calling process if expression is false (0)."
 
I am using assert() in developing a largescale system for a client.  If
the preprocessor symbol DEBUG is on, the asserts are generated.  Here
is a typical use:
 
a1_getparms(a1_ArgCount, a1_ArgValue)
     int a1_ArgCount;
     char **a1_ArgValue;
     .
     .
     .
     #if DEBUG
         assert( a1_ArgCount>=0 && a1_ArgValue!=NULL && *a1_ArgValue!=NULL );
     #endif
 
 
My assertions do not PROVE my software correct...any more than the designers
of the Golden Gate Bridge (reference 2) could PROVE mathematically that
the GG Bridge would stay up and be beautiful to boot.  I don't feel that
it is possible to PROVE software correct.  But I am not loth to try
whatever tools are available to move the software towards correctness.
 
REFERENCES
 
1.  Microsoft Corporation, Microsoft C Compiler for the MS-DOS Operating
    System: Run-Time Library Reference, p. 104.  1986...release 4.x.
 
2.  John van der Zee, The GATE:The True Story of the Design and Construc-
    tion of the Golden Gate Bridge.  New York, 1986: Simon and Schuster.