www.digitalmars.com         C & C++   DMDScript  

digitalmars.D.announce - Patterns of Human Error - my presentation at the DC ACM

reply Walter Bright <newshound2 digitalmars.com> writes:
The slides: http://www.slideshare.net/dcacm/patterns-of-human-error

A review: 
http://computopics.dcacm.org/2011/05/04/review-dcacm-patterns-of-human-error-with-walter-bright/

Anyone want to reddit this?
May 05 2011
next sibling parent reply Andrei Alexandrescu <SeeWebsiteForEmail erdani.org> writes:
On 5/5/11 9:04 PM, Walter Bright wrote:
 The slides: http://www.slideshare.net/dcacm/patterns-of-human-error

 A review:
 http://computopics.dcacm.org/2011/05/04/review-dcacm-patterns-of-human-error-with-walter-bright/


 Anyone want to reddit this?

http://www.reddit.com/r/programming/comments/h5ehu/patterns_of_human_errors_link_to_slides_in_the/ Andrei
May 05 2011
next sibling parent reply Andrei Alexandrescu <SeeWebsiteForEmail erdani.org> writes:
On 5/5/11 10:18 PM, Andrei Alexandrescu wrote:
 On 5/5/11 9:04 PM, Walter Bright wrote:
 The slides: http://www.slideshare.net/dcacm/patterns-of-human-error

 A review:
 http://computopics.dcacm.org/2011/05/04/review-dcacm-patterns-of-human-error-with-walter-bright/



 Anyone want to reddit this?

http://www.reddit.com/r/programming/comments/h5ehu/patterns_of_human_errors_link_to_slides_in_the/ Andrei

Unfortunately the post has been junked. I wrote a polite message to the moderators, you all may want to do the same. Thanks, Andrei
May 06 2011
parent "Nick Sabalausky" <a a.a> writes:
"Andrei Alexandrescu" <SeeWebsiteForEmail erdani.org> wrote in message 
news:iq0eqf$l03$1 digitalmars.com...
 On 5/5/11 10:18 PM, Andrei Alexandrescu wrote:
 On 5/5/11 9:04 PM, Walter Bright wrote:
 The slides: http://www.slideshare.net/dcacm/patterns-of-human-error

 A review:
 http://computopics.dcacm.org/2011/05/04/review-dcacm-patterns-of-human-error-with-walter-bright/



 Anyone want to reddit this?

http://www.reddit.com/r/programming/comments/h5ehu/patterns_of_human_errors_link_to_slides_in_the/ Andrei

Unfortunately the post has been junked. I wrote a polite message to the moderators, you all may want to do the same.

Is there anything reddit doesn't auto-flag as junk?
May 06 2011
prev sibling parent Florian Weimer <fw deneb.enyo.de> writes:
* Nick Sabalausky:

 Is there anything reddit doesn't auto-flag as junk?

Perhaps content that is actually viewable and accessible?
May 07 2011
prev sibling next sibling parent Lutger Blijdestijn <lutger.blijdestijn gmail.com> writes:
Nice slides, very simple and elegant. 

This reminds me of when I started with D. I found a lot of these 'details' 
unload quite some burden I had with C++ and made programming that much more 
enjoyable.
May 06 2011
prev sibling next sibling parent reply bearophile <bearophileHUGS lycos.com> writes:
Walter:

 The slides: http://www.slideshare.net/dcacm/patterns-of-human-error

Nice. Please put your PDFs everywhere but Slideshare. I'd love a simple link to just the PDF, thank you very much (Slideshare requires Flash, JavaScript, other things, and the flash viever doesn't allow me copy&paste of URLs like that joelonsoftware.com one or snippets that I have to copy manually here). ----------------- - 9V battery: it has keyd connectors *and* inverting its polarity often doesn't lead to large damages (you may damage the curcuit in some cases). This means that a car batter has to be designed *safer* than a 9V battery because an error often causes more damages than in 9V batteries. -----------------
 Simple fix: make l suffix illegal. No more possibility of this error. End of
story.

This is exactly the solution used by JSF-AV. They use a pre-compiler that generates a "compile" error if you use "l" as suffix (and maybe even if you use it as variable name). So they aren't using normal C++. -----------------
 int i = 1_000_000;

A downside of the current implementation is visible here: long i = 1_000_000_00_000L; The underscores are not enforced every 3 (or 4 on hex/binary literals) digits. But in practice this has not caused me troubles, so far. -----------------
 Error Patterns Eliminated [Slide 32]

It's a very nice slide :-) -----------------
 i should be size_t [Slide 31]

Something related to this has caused me a not immediately visible bug in D, this is the original correct function: double[][] matgen(int n) { double[][] a; double tmp = 1.0 / n / n; a.length = n; for (int i = 0; i < n; ++i) a[i].length = n; for (int i = 0; i < n; ++i) for (int j = 0; j < n; ++j) a[i][j] = tmp * (i - j) * (i + j); return a; } Second "improved" version: double[][] matgen(int n) { double tmp = 1.0 / n / n; auto a = new double[][](n, n); foreach (i, row; a) foreach (j, ref x; row) x = tmp * (i - j) * (i + j); return a; } Problem: (i - j) gives a wrong result because i and j are now unsigned. See some of the discussion: http://www.digitalmars.com/webnews/newsgroups.php?art_group=digitalmars.D.learn&article_id=26563 http://www.digitalmars.com/webnews/newsgroups.php?art_group=digitalmars.D.learn&article_id=26587 http://www.digitalmars.com/webnews/newsgroups.php?art_group=digitalmars.D.learn&article_id=26629 -----------------
 Uninitialized memory [Slide 41]

This compiles with no errors, but maybe you meant heap memory: safe void main() { int x = void; } -----------------
 Validated data: validated!(T) [Slide 46]

I don't remember/know what this is. Thank you for all this stuff you give us for free, people used to pay for such texts. -----------------
 http://www.joelonsoftware.com/articles/wrong.html

From the blog post:
All strings that come from the user must be stored in variables (or database
columns) with a name starting with the prefix "us" (for Unsafe String). All
strings that have been HTML encoded or which came from a known-safe location
must be stored in variables with a name starting with the prefix "s" (for Safe
string).

A better solution: http://blog.moertel.com/articles/2006/10/18/a-type-based-solution-to-the-strings-problem Bye, bearophile
May 06 2011
next sibling parent bearophile <bearophileHUGS lycos.com> writes:
Andrej Mitrovic:

 I guess that further drives the point though. :)

Yup .I didn't see it. Bye, bearophile
May 06 2011
prev sibling next sibling parent reply Walter Bright <newshound2 digitalmars.com> writes:
On 5/6/2011 8:13 AM, Andrej Mitrovic wrote:
 Is that a typo on page 31?

 "<= should be ="

 maybe<= should be<

 I guess that further drives the point though. :)

You're right. Good catch.
May 06 2011
parent reply Brad Roberts <braddr slice-2.puremagic.com> writes:
On Fri, 6 May 2011, Walter Bright wrote:

 On 5/6/2011 8:13 AM, Andrej Mitrovic wrote:
 Is that a typo on page 31?
 
 "<= should be ="
 
 maybe<= should be<
 
 I guess that further drives the point though. :)

You're right. Good catch.

That was the first error I caught.. since I've seen you use it as a common error and reason to use foreach() style loops before.
May 06 2011
parent reply Walter Bright <newshound2 digitalmars.com> writes:
On 5/6/2011 1:46 PM, Brad Roberts wrote:
 That was the first error I caught.. since I've seen you use it as a common
 error and reason to use foreach() style loops before.

Interestingly, nobody saw all 5 bugs.
May 06 2011
parent reply bearophile <bearophileHUGS lycos.com> writes:
Walter:

 Interestingly, nobody saw all 5 bugs.

A good C lint has caught three of them, plus gives an extra suggestion: 8 for (i = 0; i <= dim; i++); diy.c 8 Warning 574: Signed-unsigned mix with relational diy.c 8 Info 737: Loss of sign in promotion from int to unsigned int diy.c 8 Info 722: Suspicious use of ; 14 } diy.c 14 Warning 533: function 'find(long *, unsigned int, long)' should return a value (see line 6) diy.c 14 Info 818: Pointer parameter 'array' (line 6) could be declared as pointing to const Bye, bearophile
May 06 2011
next sibling parent reply bearophile <bearophileHUGS lycos.com> writes:
Walter:

 Interestingly, nobody saw all 5 bugs.

You show this as a bug: typedef long T; But did you meant to write this? typedef long long T; With this change the C lint finds this bug too. Bye, bearophile
May 06 2011
parent Kagamin <spam here.lot> writes:
Andrej Mitrovic Wrote:

 I still giggle at the "long long" name. Good thing there are no floats
 floats and char chars.

`long` is not a type, it's a modifier and - accidentally - a shortcut for `long int`. `long long` is a shortcut for `long long int`. `short` is a shortcut for `short int`. `signed` is a shortcut for `signed int`.
May 11 2011
prev sibling parent Walter Bright <newshound2 digitalmars.com> writes:
On 5/6/2011 3:50 PM, bearophile wrote:
 Walter:

 Interestingly, nobody saw all 5 bugs.

A good C lint has caught three of them,

C lint is not standard C. That's just the trouble with 3rd party tools. They: 1. are not part of the language 2. have wildly varying effectiveness and quality 3. have no standardized behavior 4. get out of sync with compiler & language changes 5. tend to have installation issues like all 3rd party add-on tools do 6. tend to not be available on the same platforms the language is on 7. are not routinely used For real progress to be made, the *language* must be improved.
May 06 2011
prev sibling parent Andrej Mitrovic <andrej.mitrovich gmail.com> writes:
I still giggle at the "long long" name. Good thing there are no floats
floats and char chars.
May 06 2011
prev sibling parent Andrej Mitrovic <andrej.mitrovich gmail.com> writes:
Is that a typo on page 31?

"<= should be ="

maybe <= should be <

I guess that further drives the point though. :)
May 06 2011