←back to thread

The C++ standard for the F-35 Fighter Jet [video]

(www.youtube.com)
327 points AareyBaba | 5 comments | 07 Dec 25 18:07 UTC | HN request time: 0.713s | source
Show context
time4tea ◴[07 Dec 25 19:31 UTC] No.46184345[source]
a = a; // misra

Actual code i have seen with my own eyes. (Not in F-35 code)

Its a way to avoid removing an unused parameter from a method. Unused parameters are disallowed, but this is fine?

I am sceptical that these coding standards make for good code!

replies(11): >>46184442 #>>46184460 #>>46184571 #>>46185232 #>>46185373 #>>46186276 #>>46186377 #>>46186457 #>>46186510 #>>46186705 #>>46189488 #
tialaramex ◴[07 Dec 25 21:32 UTC] No.46185373[source]
Studies have looked at MISRA, I'm not aware of any for the JSF guidelines. For MISRA there's a mix, some of the rules seem to be effective (fewer defects in compliant software), some are the opposite (code which obeys these rules is more likely to have defects) and some were irrelevant.

Notably this document is from 2005. So that's after C++ was standardized but before their second bite of that particular cherry and twenty years before its author, Bjarne Stroustrup suddenly decides after years of insisting that C++ dialects are a terrible idea and will never be endorsed by the language committee, that in fact dialects (now named "profiles") are the magic ingredient to fix the festering problems with the language.

While Laurie's video is fun, I too am sceptical about the value of style guides, which is what these are. "TABS shall be avoided" or "Letters in function names shall be lowercase" isn't because somebody's aeroplane fell out of the sky - it's due to using a style Bjarne doesn't like.

replies(3): >>46185961 #>>46186729 #>>46190376 #
platinumrad ◴[08 Dec 25 00:00 UTC] No.46186729[source]
The "good" rules are like "don't write off the end of an array", and the bad ones are like "no early returns" or "variable names must not be longer than 6 characters". 95% of the "good" rules are basically just longer ways of saying "don't invoke undefined behavior".
replies(2): >>46188461 #>>46190952 #
bboygravity ◴[08 Dec 25 04:46 UTC] No.46188461[source]
Why is "no early returns" not a good rule?

I do early returns in code I write, but ONLY because everybody seems to do it. I prefer stuff to be in predictable places: variables at the top, return at the end. Simpler? Delphi/Pascal style.

replies(6): >>46188976 #>>46189208 #>>46189367 #>>46189520 #>>46189549 #>>46193709 #
1. mrgaro ◴[08 Dec 25 07:21 UTC] No.46189367[source]
I remember having this argument with my professor at the school, who insisted that a function should have only one "return" clause at the very end. Even as I tried, I could not get him to explain why this would be valuable and how does this produce better code, so I'm interested on hearing your take on this?
replies(1): >>46192859 #
2. superxpro12 ◴[08 Dec 25 14:51 UTC] No.46192859[source]
It helps prevent bugs with state. The apple login bypass bug comes to mind.

Basically, you have code in an "if" statement, and if you return early in that if statement, you might have code that you needed to run, but didnt.

Forcing devs to only "return once" encourages the dev to think through any stateful code that may be left in an intermediate state.

In practice, at my shop, we permit early returns for trivial things at the top of a function, otherwise only one return at the bottom. That seems to be the best of both worlds for this particular rule.

replies(3): >>46193704 #>>46196436 #>>46202067 #
3. SideburnsOfDoom ◴[08 Dec 25 15:51 UTC] No.46193704[source]
> The apple login bypass bug comes to mind.

I think you're talking about this "goto fail" bug?

https://teamscale.com/blog/en/news/blog/gotofail

> In practice, at my shop, we permit early returns for trivial things

Are you also writing C or similar? If so, then this rule is relevant.

In modern languages, there are language constructs to aid the cleanup on exit, such as using(resource) {} or try {} finally {} It really does depend on if these conveniences are available or not.

For the rest of us, the opposite of "no early return" is to choose early return only sometime - in cases where results in better code, e.g. shorter, less indented and unlikely to cause issues due to failure to cleanup on exit. And avoid it where it might be problematic. In other words, to taste.

> Kent Beck, Martin Fowler, and co-authors have argued in their refactoring books that nested conditionals may be harder to understand than a certain type of flatter structure using multiple exits predicated by guard clauses. Their 2009 book flatly states that "one exit point is really not a useful rule. Clarity is the key principle: If the method is clearer with one exit point, use one exit point; otherwise don’t".

https://en.wikipedia.org/wiki/Structured_programming#Early_e...

this thinking is quite different to say, 25 years earlier than that, and IMHO the programming language constructs available play a big role.

4. Symmetry ◴[08 Dec 25 19:19 UTC] No.46196436[source]
The rule of thumb I use is to only have one return after modifying state that will persist outside the function call.
5. mrgaro ◴[09 Dec 25 07:03 UTC] No.46202067[source]
Thank you!