From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Thread: 103376,703c4f68db81387d X-Google-Thread: 109fba,703c4f68db81387d X-Google-Thread: 115aec,703c4f68db81387d X-Google-Thread: f43e6,703c4f68db81387d X-Google-Attributes: gid103376,gid109fba,gid115aec,gidf43e6,public X-Google-Language: ENGLISH,ASCII-7-bit Path: g2news1.google.com!news4.google.com!news3.google.com!news.glorb.com!blackbush.cw.net!cw.net!newsfeed01.sul.t-online.de!newsfeed00.sul.t-online.de!t-online.de!tsicnews.teliasonera.com!news.otenet.gr!news.grnet.gr!newsfd02.forthnet.gr!not-for-mail From: Ioannis Vranos Newsgroups: comp.lang.ada,comp.lang.c++,comp.realtime,comp.software-eng Subject: Re: [OT] Re: Teaching new tricks to an old dog (C++ -->Ada) Date: Sat, 05 Mar 2005 21:48:56 +0200 Organization: FORTHnet S.A., Atthidon 4, GR-17671 Kalithea, Greece, Tel: +30 2109559000, Fax: +30 2109559333, url: http://www.forthnet.gr Message-ID: <1110052142.832650@athnrd02> References: <4229bad9$0$1019$afc38c87@news.optusnet.com.au> <1110032222.447846.167060@g14g2000cwa.googlegroups.com> <871xau9nlh.fsf@insalien.org> <3SjWd.103128$Vf.3969241@news000.worldonline.dk> <87r7iu85lf.fsf@insalien.org> NNTP-Posting-Host: athnrd02.forthnet.gr Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Trace: athprx02.forthnet.gr 1110052142 22664 193.92.150.73 (5 Mar 2005 19:49:02 GMT) X-Complaints-To: abuse@forthnet.gr NNTP-Posting-Date: Sat, 5 Mar 2005 19:49:02 +0000 (UTC) User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en In-Reply-To: <87r7iu85lf.fsf@insalien.org> Cache-Post-Path: newsfd02!unknown@ppp36-adsl-149.ath.forthnet.gr Xref: g2news1.google.com comp.lang.ada:8662 comp.lang.c++:44200 comp.realtime:946 comp.software-eng:4477 Date: 2005-03-05T21:48:56+02:00 List-Id: Ludovic Brenta wrote: > Generally speaking, the very fact that you feel an urge to distinguish > between "C++" and "modern C++" is an indication that C++ is a poor > language containing many unsafe features, some of which you obligingly > enumerated above. By contrast, there is no distinction between "Ada" > and "modern Ada". Ada is safe by design, from the ground up. With Ada aside (I find no reason why one should not learn it), C++ is a powerful and systems programming language, and power implies painful low level details. However it also provides all major high level facilities, and if you stick in high level programming it is very safe, while it maintains the maximum space and run-time efficiency principle. For example consider using std::string for strings, std::vector for arrays etc. > Now for one specific example, I wrote a buffer overflow in a C++ > library a few years ago, and it took me and two other people 3 days to > find it. The fix was, of course, trivial once the bug was found. As > it turned out, this particular bug would have been impossible to write > in Ada. I can't post the code, as it is proprietary and I don't have > it at hand anyway, but the gist of it is that, in Ada, loop variables > (a) are constants and (b) do not exist outside of the loop: > > procedure Proc (A : in String) is > begin > for J in A'Range loop > J := J + 4; -- illegal, J is constant inside the loop > end loop; > Do_Womething_With (J); -- illegal, J no longer exists > end Proc; Yes but this limits flexibility. > Also notice that, in Ada, the "for" statement declares the loop > variable automatically. That's not a big deal. > > The bug in the C++ library was that I was mistakenly reusing the loop > variable after the loop, instead of the intended variable. Of course, > the loop variable was an index pointing after the end of the buffer. It looks like the code was not ISO C++ compliant. > > Some other features that make Ada inherently safer than C++ are: > > * assignment is not an operator; it is an operation which does not > return a value. Thus, bugs like "if (something = 0)" cannot exist. > > * case statements (Ada's equivalent of a switch in C++) are required > to handle all possible cases. Thus it is impossible to forget one. > And, of course, there is no "break;" crap in Ada. > > * conditions cannot mix "and" and "or" without parentheses. Thus > there is no possibility that the programmer make wrong assumptions > about precedence of operators or order of evaluation. > > * the type system, when used appropriately, makes it possible for the > compiler to find semantic errors in addition to just syntax errors. > For example, you can declare that Numers_Of_Apples and > Numers_Of_Oranges cannot be mixed. This is not possible with C++'s > typedef. > > * conversions from floating point to integer types involve rounding. > The rounding is precisely and deterministically defined by the ISO > standard for the Ada language. Similarly, floating-point and > fixed-point types can be declared with known, deterministic, > guaranteed precision. > > * pointer types cannot be converted to one another. You cannot > convert a pointer-to-String to a pointer-to-random-object. > > * accessibility rules are rather complex, but they are designed to > minimise the chance of mistakes. Basically, the scope of a pointer > type must be included in the scope of the pointed-to type. This > makes many mistakes impossible, such as returning a pointer to an > object which no longer exists. > > * when the compiler cannot check some code statically, it inserts > run-time checks which are guaranteed to catch all errors by raising > exceptions. In C++ you must code these checks by hand, and of > course at some point you'll forget one crucial check which will cost > you days in debugging. In general, we cannot compare the two languages because they have different design ideals. C++ supports 4 paradigms. Each paradigm is supported well with maximum run-time/space *efficiency*. At the same time it leaves no room for a lower level language except of assembly. On the other hand I do not know ADAs ideals (for example I do not think it supports the generic programming paradigm - templates), but I suspect they are to be an easy (restricted to easy parts), safe (not letting you do low level operations), application development language, which is OK for usual application development. -- Ioannis Vranos http://www23.brinkster.com/noicys