(j3.2006) (SC22WG5.3930) Two requirements for critical software at JPL

Craig Dedo craig
Wed Jan 28 19:53:47 EST 2009

	I believe that asserts as part of the base language would be very
useful and highly desirable.  There are two ways I can think of right away
to be able to turn them on or off at will.
	1.  Use CoCo or another pre-processor.
	2.  Use some kind of prefix in front of the assert that could be
interpreted as a comment and then turn the assert on or off using a compiler
option.  Perhaps J3 and WG5 could standardize a prefix that would be used
for all ISO-defined optional statements.  

	FWIW, I believe that a good choice would be "!ISO", for
"International Standards Organization", for a number of reasons.  
	1.  I believe that this prefix is not used by any Fortran processor
or pre-processor.
	2.  It is along the lines of other prefixes defined by existing
Fortran compilers and also by third-party products such as HPF.
	3.  If a Fortran compiler has not yet been updated to include the
ISO-defined optional statements, !ISO statements will appear as comments and
be safely ignored.  Thus, the use of !ISO for a prefix will not break
existing programs.

	I strongly suspect that it is way too late in the development
process of Fortran 2008 to include it in the current draft.  Would J3 and
WG5 be willing to pursue this idea as a TR? What other development options
are there?   What do others think of this idea?

Craig Dedo
17130 W. Burleigh Place
P. O. Box 423                Voice Phone:  (262) 783-5869
Brookfield, WI   53008-0423  Fax Phone:    (262) 783-5928
USA                          Mobile Phone:  (414) 412-5869
E-mail:  <cdedo at wi.rr.com> or <craig at ctdedo.com>

> -----Original Message-----
> From: j3-bounces at j3-fortran.org [mailto:j3-bounces at j3-fortran.org] On
> Behalf Of Bill Long
> Sent: Wednesday, January 28, 2009 18:01
> To: Van.Snyder at jpl.nasa.gov; fortran standards email list for J3
> Cc: sc22wg5
> Subject: Re: (j3.2006) (SC22WG5.3930) Two requirements for critical
> software at JPL
> Van Snyder wrote:
> > I have just gotten a document frou the JPL Laboratory for Reliable
> > Software, specifying coding requirements and recommendations to
> increase
> > the reliability of critical software in C.  Most of these are to work
> > around defects in C, but two (which are requirements, not
> > recommendations) are germane to Fortran development:
> >
> > 1.  Declare data objects at smallest possible level of scope.
> >
> > We've added the BLOCK construct.  The facility it provides to
> > encapsulate declarations in a region smaller than a scoping unit
> would
> > more likely be used if a specification part were allowed in every
> > <block>, not just a BLOCK construct.
> >
> > 2.  Use static and dynamic assertions as sanity checks.
> >
> > These were on the J3 list in 2005, but didn't make it to WG5.
> >
> > One of the justifications for this requirement was a study reported
> in
> > http://research.microsoft.com/apps/pubs/default.aspx?id=70290
> > ("Assessing the relationship between software assertions and code
> > quality").  The abstract remarks "... with an increase in the
> assertion
> > density in a file there is a statistically significant decrease in
> fault
> > density. Further, the usage of software assertions in these
> components
> > found a large percentage of the faults in the bug database."
> >
> >
> But then the "Lessons Learned" conclusion to the paper remarks "We
> believe enforcing the use of assertions would not work well."
> We have recently added features to Fortran that we now have to document
> with comments along the lines of "this feature is supported by the
> compiler because it is in the language spec, but we strongly recommend
> that it not be used in actual codes"  because of disastrous performance
> implications.  I hesitate to add more such features.
> I would note that our compiler (as a C program itself) contains an
> enormous number of asserts.  They help in pinpointing bugs closer to
> the
> point where something went wrong (as opposed to much farther down the
> execution sequence when the consequences of the bug manifest as a fatal
> error).  As such they are useful.  We also get complaints that the
> compiler is slow.  For a compiler that's not horribly serious.  For
> production Fortran code poor performance is a non-starter.  Different
> environments and different objectives.  At a minimum, if we wanted
> asserts in Fortran, there would have to be a simple way to make them
> appear to be comments to the compiler.  (Basically the old "D" lines.)
> Cheers,
> Bill
> --
> Bill Long                                   longb at cray.com
> Fortran Technical Support    &              voice: 651-605-9024
> Bioinformatics Software Development         fax:   651-605-9142
> Cray Inc., 1340 Mendota Heights Rd., Mendota Heights, MN, 55120
> _______________________________________________
> J3 mailing list
> J3 at j3-fortran.org
> http://j3-fortran.org/mailman/listinfo/j3

More information about the J3 mailing list