Well, that's bad code. The point of coding in state machines, or at
least thinking in them, is that all possible cases are accounted for.
Sometimes you don't see the one that will get you. The only remaining
thread executing correctly maintained the watchdog timer. The main
program counter on a memory mapped register architecture had found
itself in ROM due to an electrical glitch. Another wierd one the RTI
instruction of a certain CPU didn't always do what it said on the tin.
Balanced loop paths are a lot easier to check for correctness. I was a
fan of Nassi Schniedermann diagrams once upon a time. Modern tools
would probably make them usuable today.
http://en.wikipedia.org/wiki/Nassi-Shneiderman_diagram
C doesn't encourage subroutines that have multiple entry and multiple
exit points. Pity.
It allows a bit too much jumping around to be healthy. And dropping
through in switch case statements.
I's occurred to me, more than once, that C was invented to run on a
PDP-11, and that a $400 Dell has 10,000 times the memory and a
thousand times the speed of an 11. So why doesn't somebody invent a
language (and a methodology) that produces/forces reliable code and
requires less debugging, and does rudimentary stuff like data and code
separation, at some expense in runtime resources?
It doesn't even need any expense of runtime resources. Any of the
strongly typed languages are capable of rigidly enforcing disciplined
engineering practices. Although some like Ada designed by committee
became so large and bloated that safety critical work tends to be done
in a verified and validated subset. The sad thing is you can still
write unmaintainable code in any language - you just have to try
harder in some of them.
McCabes CCI index provides a useful sanity check on the code
complexity. Basically if something is too complicated and like
spagetti then it will almost certainly harbour undetected bugs.
Nicklaus Wirths Modula-2 from ETH Zurich was about the simplest
minimalist strongly type language. There are static analysis tools for
it that can find certain classes of bugs without executing the code.
http://freepages.modula2.org/downl.html
A sort of Pascal with independent module compilation and rigidly
enforcable version checking. Logitech (the same one as is now famous
for popularising the mouse) were the original distributors of the ETH
M2 PC compiler which at the time came with an overlay manager, runtime
and post-mortem debugger that had features still not surpassed by
modern PC tools. Code generator was crude and archaic but then all PC
compilers were like that in the 80's. Provided you kept the the linker
map you could find the failing line of code and see events leading up
to failure.
Z & VDM have tried to do the same thing for formal software
specifications, with some success. But commercially code hacked out of
the solid and a ship it and be damned policy has unfortunately become
the norm
Regards,
Martin Brown
