SERVING THE QUANTITATIVE FINANCE COMMUNITY

 
User avatar
Cuchulainn
Topic Author
Posts: 62410
Joined: July 16th, 2004, 7:38 am
Location: Amsterdam
Contact:

Simpl Black Code that is not robust: quiz and structural solution

March 25th, 2015, 11:19 am

We has this discussion here a few years. This code is not the most advanced (esp for n(), N()) but's that not the point really. The point is that for certain input you can get nasty resuts.1. What are the issues?2. How to define a correct and robust contract between client (e.g. in main()) and supplier?hint: no ruies/contract have been defined anywhere.... what can we expect ...
Last edited by Cuchulainn on March 24th, 2015, 11:00 pm, edited 1 time in total.
 
User avatar
Traden4Alpha
Posts: 23951
Joined: September 20th, 2002, 8:30 pm

Simpl Black Code that is not robust: quiz and structural solution

March 25th, 2015, 11:52 am

N() assumes the negation of x is a positive number which is untrue for NaN-like values -- N() can go into an infinite loop (recursion is dangerous!).Perhaps the simplest solution is a more restrictive datatype on y that explicitly constrains y to non-negative values.Perhaps the better solution is a development environment that back-traces all functions that are not valid on ALL possible values of each input datatype and ensures that either the client or the supplier does the requisite range checking.
 
User avatar
Cuchulainn
Topic Author
Posts: 62410
Joined: July 16th, 2004, 7:38 am
Location: Amsterdam
Contact:

Simpl Black Code that is not robust: quiz and structural solution

March 25th, 2015, 11:55 am

QuoteOriginally posted by: Traden4AlphaN() assumes the negation of x is a positive number which is untrue for NaN-like values -- N() can go into an infinite loop (recursion is dangerous!).Perhaps the simplest solution is a more restrictive datatype on y that explicitly constrains y to non-negative values.Perhaps the better solution is a development environment that back-traces all functions that are not valid on ALL possible values of each input datatype and ensures that either the client or the supplier does the requisite range checking.Indeed! That's what happened and it was a silent NaN (an incorrect answer, no run-time crash...)Quiz: solve in C++, really Again, what is the contract? Quoteensures that either the client or the supplier does the requisite range checkingIndeed. How? 2 scenarios. The infinite recursion is not caused by N() but by its input up the chain?
Last edited by Cuchulainn on March 24th, 2015, 11:00 pm, edited 1 time in total.
 
User avatar
Traden4Alpha
Posts: 23951
Joined: September 20th, 2002, 8:30 pm

Simpl Black Code that is not robust: quiz and structural solution

March 25th, 2015, 12:18 pm

Regrettably, I'm not a C++ expert. But I do remember working on a system in which we created two versions of frequently-called functions, one that did input-checking inside the function and the other that assumed/required the caller to ensure the inputs were valid.The bigger issue is in defining the boundaries around the system and the interface between the unreliable value-unsafe part of the world (those idiot clients that call stuff with bad inputs) and the value-safe internals in which the inputs have been pre-validated. Of course, if one moves input checking outside of the function, then it becomes a nasty maintenance issue in which changes in a function that change the valid range of inputs necessitate changes to all the calling code to propagate the change in input range to the pre-call checking/validation code.
 
User avatar
Cuchulainn
Topic Author
Posts: 62410
Joined: July 16th, 2004, 7:38 am
Location: Amsterdam
Contact:

Simpl Black Code that is not robust: quiz and structural solution

March 25th, 2015, 12:41 pm

QuoteOriginally posted by: Traden4AlphaRegrettably, I'm not a C++ expert. But I do remember working on a system in which we created two versions of frequently-called functions, one that did input-checking inside the function and the other that assumed/required the caller to ensure the inputs were valid.The bigger issue is in defining the boundaries around the system and the interface between the unreliable value-unsafe part of the world (those idiot clients that call stuff with bad inputs) and the value-safe internals in which the inputs have been pre-validated. Of course, if one moves input checking outside of the function, then it becomes a nasty maintenance issue in which changes in a function that change the valid range of inputs necessitate changes to all the calling code to propagate the change in input range to the pre-call checking/validation code.No problem. I'll take these specs and get back.
 
User avatar
Traden4Alpha
Posts: 23951
Joined: September 20th, 2002, 8:30 pm

Simpl Black Code that is not robust: quiz and structural solution

March 25th, 2015, 2:00 pm

QuoteOriginally posted by: CuchulainnQuoteOriginally posted by: Traden4AlphaRegrettably, I'm not a C++ expert. But I do remember working on a system in which we created two versions of frequently-called functions, one that did input-checking inside the function and the other that assumed/required the caller to ensure the inputs were valid.The bigger issue is in defining the boundaries around the system and the interface between the unreliable value-unsafe part of the world (those idiot clients that call stuff with bad inputs) and the value-safe internals in which the inputs have been pre-validated. Of course, if one moves input checking outside of the function, then it becomes a nasty maintenance issue in which changes in a function that change the valid range of inputs necessitate changes to all the calling code to propagate the change in input range to the pre-call checking/validation code.No problem. I'll take these specs and get back.P.S. You'll need to check the validity of these inputs! ;-)
 
User avatar
Cuchulainn
Topic Author
Posts: 62410
Joined: July 16th, 2004, 7:38 am
Location: Amsterdam
Contact:

Simpl Black Code that is not robust: quiz and structural solution

March 25th, 2015, 3:56 pm

QuoteP.S. You'll need to check the validity of these inputs! ;-)Who is 'you'? Supplier or client.
 
User avatar
Cuchulainn
Topic Author
Posts: 62410
Joined: July 16th, 2004, 7:38 am
Location: Amsterdam
Contact:

Simpl Black Code that is not robust: quiz and structural solution

March 25th, 2015, 3:59 pm

QuoteThis is a type of C++ policy version that Polter mentioned, .. the user can pick which version he wants -there is no truth-... you can forward the validator reference to sub-calls.That is a way. But you have modified the signature of my function. So a solution to a slightly different problem.. The specifications have been changed.Specifically, BS returns a double and your code returns essentially two values. Don't CS call that side-effects? What happens if the user 1) no validation policy checks and 2) calls BS(y) with y < 0? Crash, _yes_? (1)I think you are saying "Customers is always right" and that is not always (never!) so.But I think the validators are the preconditions that should be defined by the supplier. Supplier cannot take risks. Conclusion: code is not clear on the contract, it has errors leading to defects and faults based on assumption/case (1) above. If your code example is representative you are saying that clients may choose policies? _yes_?Maybe I misunderstand the intent of the example.
Last edited by Cuchulainn on March 24th, 2015, 11:00 pm, edited 1 time in total.
 
User avatar
Polter
Posts: 2526
Joined: April 29th, 2008, 4:55 pm

Simpl Black Code that is not robust: quiz and structural solution

March 25th, 2015, 4:19 pm

QuoteBS returns a `double`One could arguably interpret the above as the shall-never-fail guarantee in the implicit contract.One could weaken this stated guarantee by changing the signature to return an `optional<double>`: "Class template optional is a wrapper for representing 'optional' (or 'nullable') objects who may not (yet) contain a valid value. Optional objects offer full value semantics; they are good for passing by value and usage inside STL containers. This is a header-only library." // http://boost.org/libs/optionalIn this way, we're explicitly documenting the fact that the returned value may not be valid.// Separate TS: http://en.cppreference.com/w/cpp/experi ... tionalThis is akin to Haskell's `Maybe`; for instance, consider the `safeLog` example in the following: http://en.wikibooks.org/wiki/Haskell/Un ... nads/Maybe Edit: see also the "Maybe and safety" section of the above.
Last edited by Polter on March 24th, 2015, 11:00 pm, edited 1 time in total.
 
User avatar
Cuchulainn
Topic Author
Posts: 62410
Joined: July 16th, 2004, 7:38 am
Location: Amsterdam
Contact:

Simpl Black Code that is not robust: quiz and structural solution

March 25th, 2015, 4:24 pm

Of course, Polter but we are talking about another related problem, not the original one.
 
User avatar
Polter
Posts: 2526
Joined: April 29th, 2008, 4:55 pm

Simpl Black Code that is not robust: quiz and structural solution

March 25th, 2015, 4:53 pm

Looking at When to use Optional, class template expected seems like another interesting solution (more specific: returns the reason of failure).Examples from the proposal:
Last edited by Polter on March 24th, 2015, 11:00 pm, edited 1 time in total.
 
User avatar
Cuchulainn
Topic Author
Posts: 62410
Joined: July 16th, 2004, 7:38 am
Location: Amsterdam
Contact:

Simpl Black Code that is not robust: quiz and structural solution

March 25th, 2015, 5:02 pm

QuoteOriginally posted by: PolterLooking at When to use Optional, class template expected seems like another interesting solution (more specific: returns the reason of failure).Examples from the proposal:It is interesting indeed!What about std::tuple<double, errno> as return type (and no side effects)?
 
User avatar
Traden4Alpha
Posts: 23951
Joined: September 20th, 2002, 8:30 pm

Simpl Black Code that is not robust: quiz and structural solution

March 25th, 2015, 5:42 pm

QuoteOriginally posted by: CuchulainnQuoteThis is a type of C++ policy version that Polter mentioned, .. the user can pick which version he wants -there is no truth-... you can forward the validator reference to sub-calls.That is a way. But you have modified the signature of my function. So a solution to a slightly different problem.. The specifications have been changed.Specifically, BS returns a double and your code returns essentially two values. Don't CS call that side-effects? What happens if the user 1) no validation policy checks and 2) calls BS(y) with y < 0? Crash, _yes_? (1)I think you are saying "Customers is always right" and that is not always (never!) so.But I think the validators are the preconditions that should be defined by the supplier. Supplier cannot take risks. Conclusion: code is not clear on the contract, it has errors leading to defects and faults based on assumption/case (1) above. If your code example is representative you are saying that clients may choose policies? _yes_?Maybe I misunderstand the intent of the example.Perhaps the signature of your code SHOULD be changed. One general policy would be that any code that accepts a double MUST gracefully accept all possible values of double. If the code presumes pre-validated inputs (i.e., a subset of doubles), then the signature would reflect that.The other issue is whether "safety" should be handled at run-time or compile-time. Perhaps some versions of the code should be idiot-proof with all the requisite validation built in albeit with some runtime performance penalty. But other bare-bones versions of the code are for "professionals only" and assume that that the caller has prevalidated any inputs either by prechecking the input or by proving that the calling code can never generate an out-of-range value.Does one give a Husqvarna to a child?
 
User avatar
Cuchulainn
Topic Author
Posts: 62410
Joined: July 16th, 2004, 7:38 am
Location: Amsterdam
Contact:

Simpl Black Code that is not robust: quiz and structural solution

March 25th, 2015, 6:22 pm

QuoteDoes one give a Husqvarna to a child?Trust no one.What happens if the user 1) no validation policy checks and 2) calls BS(y) with y < 0? Crash, _yes_? (1) QuotePerhaps the signature of your code SHOULD be changed.No. You're kidding. Think of the consequences of your statement. You are changing the problem to fit your solution.
Last edited by Cuchulainn on March 24th, 2015, 11:00 pm, edited 1 time in total.
ABOUT WILMOTT

PW by JB

Wilmott.com has been "Serving the Quantitative Finance Community" since 2001. Continued...


Twitter LinkedIn Instagram

JOBS BOARD

JOBS BOARD

Looking for a quant job, risk, algo trading,...? Browse jobs here...


GZIP: On