From: dewar@cs.nyu.edu (Robert Dewar)
Subject: Re: Run-time checking and speed
Date: 12 Jan 1995 09:13:31 -0500
Date: 1995-01-12T09:13:31-05:00 [thread overview]
Message-ID: <3f3deb$4us@gnat.cs.nyu.edu> (raw)
In-Reply-To: 3f0prq$3bq@theopolis.orl.mmc.com
T.E.D. says
"As for constraint checks, try to leave them in until your product is
THOROUGHLY debugged. They are worth their weight in gold during the
debugging phase."
I would be stronger, I would say leave them in for the production code.
Knuth once said that removing checks for the production code is like
using life-jackets for training outings, and then leaving them at home
for the final trans-atlantic sailing on the grounds that they add too
much weight.
Of course in some cases, the delivered code does not run fast enough, and
you have to cut corners to meet processing efficiency requirements, and in
this situation you may have to abandon the checks, but do this only when
you have to, not as a matter of course. I have seen too many Ada environments
in which the assumption is that checks will be turned off for production code.
The penalty of run time checks can run anywhere from 5-50% depending on the
code. Enthusiastic vendors will tell you that it is never more than 10%, but
that depends very much on your code and it may be higher. But suppose that
it is 20%. It is amazing how many programs really don't care about 20%, and
it is often the case that next months version of the processor chip will make
up the 20% anyway.
Don't get me wrong, I quite appreciate that there are situations, particulary
embedded situations with critical deadlines running on junk old hardware,
where processing deadlines are indeed very pushed, and there may be some
general applications where speed is pushed (a one day weather forcasing
program that takes 2 days to run is not much use to anyone :-)
So I quite appreciate that checks must be turned off in some cases, I just
argue that this should not be the default assumption.
Another situation where it is quite appropriate to turn off run time checks
is in verified safety critical code where part of the verification ensures
that the checks are not needed. You have to be *very* sure of your
verification technology to depend on this!
next prev parent reply other threads:[~1995-01-12 14:13 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
1995-01-10 22:20 Run-time checking and speed Tony Leavitt
1995-01-12 1:14 ` Roger Labbe
1995-01-13 12:09 ` Philip Brashear
[not found] ` <3f0prq$3bq@theopolis.orl.mmc.com>
1995-01-12 14:13 ` Robert Dewar [this message]
1995-01-13 1:49 ` Doug Smith
1995-01-13 15:29 ` Norman H. Cohen
1995-01-13 15:21 ` Norman H. Cohen
[not found] ` <3fa2pk$kbi@felix.seas.gwu.edu>
[not found] ` <EACHUS.95Jan17151835@spectre.mitre.org>
[not found] ` <3fjhrj$9b3@oahu.cs.ucla.edu>
1995-01-20 5:11 ` Robert Dewar
1995-01-23 16:43 ` Mats Weber
1995-01-24 19:25 ` Robert Dewar
1995-01-22 18:43 ` Michael Feldman
1995-01-23 23:38 ` Robert Dewar
1995-01-26 16:14 ` Kent Mitchell
1995-01-28 6:03 ` Robert Dewar
[not found] ` <3gbr4f$p4b@theopolis.orl.mmc.com>
1995-01-29 13:00 ` Robert Dewar
1995-01-30 19:21 ` Garlington KE
1995-01-12 15:11 ` Norman H. Cohen
-- strict thread matches above, loose matches on Subject: below --
1995-01-12 15:54 Keith Arthurs
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox