From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Thread: 103376,703c4f68db81387d X-Google-Thread: 109fba,703c4f68db81387d X-Google-Thread: 115aec,703c4f68db81387d X-Google-Thread: f43e6,703c4f68db81387d X-Google-Attributes: gid103376,gid109fba,gid115aec,gidf43e6,public X-Google-Language: ENGLISH,ASCII-7-bit Path: g2news1.google.com!postnews.google.com!l41g2000cwc.googlegroups.com!not-for-mail From: "Jerry Coffin" Newsgroups: comp.lang.ada,comp.lang.c++,comp.realtime,comp.software-eng Subject: Re: Teaching new tricks to an old dog (C++ -->Ada) Date: 7 Mar 2005 22:53:36 -0800 Organization: http://groups.google.com Message-ID: <1110264816.858853.54020@l41g2000cwc.googlegroups.com> References: <4229bad9$0$1019$afc38c87@news.optusnet.com.au> <1110032222.447846.167060@g14g2000cwa.googlegroups.com> <871xau9nlh.fsf@insalien.org> <3SjWd.103128$Vf.3969241@news000.worldonline.dk> <87r7iu85lf.fsf@insalien.org> <87is4598pm.fsf@insalien.org> <1110054476.533590@athnrd02> <1110059861.560004@athnrd02> <87wtsl7jts.fsf@insalien.org> NNTP-Posting-Host: 70.33.25.135 Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" X-Trace: posting.google.com 1110264821 9554 127.0.0.1 (8 Mar 2005 06:53:41 GMT) X-Complaints-To: groups-abuse@google.com NNTP-Posting-Date: Tue, 8 Mar 2005 06:53:41 +0000 (UTC) User-Agent: G2/0.2 Complaints-To: groups-abuse@google.com Injection-Info: l41g2000cwc.googlegroups.com; posting-host=70.33.25.135; posting-account=mZiOqwwAAAC5YZsJDHJLeReHGPXV5ENp Xref: g2news1.google.com comp.lang.ada:8842 comp.lang.c++:44563 comp.realtime:1054 comp.software-eng:4603 Date: 2005-03-07T22:53:36-08:00 List-Id: Ludovic Brenta wrote: [ ... ] > Yes, assembly is the most powerful and flexible language. That's why > all compilers emit assembler. Not so -- machine language is clearly more flexible than asembly language (especially on machines where an operation can be encoded in more than one way). Not all compilers emit assemly language output either. "Powerful" is meaningless WRT a langauge unless you define what you mean by it in considerably more detail than I've seen thus far in this thread (or any other, for that matter). As an aside: an "assembler" is a program that takes input in "assembly language" and produces an object file as output. Calling the language "assembler" is roughly equivalent to referring to Ada as "compiler" -- wrong, and to anybody who isn't entirely clueless about the subject at hand, downright stupid. I realize that for years IBM (among others) abused the (English) language by referring to the language as "assembler", but please avoid their mistake. [ ... ] > Here, Ada makes it explicit that unsafe programming is taking place. > First, Obj must be declared as "aliased", which means that two or > more paths can access it. In our case, Obj and Obj_As_String are > the two paths. This is another of Ada's nice safety-related > features. Since aliasing must be made explicit, the reader of the > program knows up front whether or not aliasing takes place. The > reader of a C++ program has no such knowledge. Nonsense -- in C++ you use a reinterpret_cast, which is equally explicit about what's being done. If somebody reading C++ doesn't recognize what a reinterpret_cast means, then he simply doesn't know C++. > Also, the writer of the program must > think twice, and understand the consequences if they make an object > aliased. Anybody who uses a reinterpet_cast without a second (and third) thought simply isn't a programmer, and of he wrote Ada instead, it'd still be garbage. > Secondly, the representation clause for Obj_As_String ("for > Obj_As_String'Address use ...") says exactly what is happening. Anybody who thinks that (for example): unsigned char *a = reinterpret_cast(&x); doesn't state exactly what it happening, simply doesn't know C++. Any language (programming or otherwise) is foreign to those who don't know that language. It may well be that you don't realize what it means, and that's perfectly fine -- but assuming it must be inexact because you don't know exactly what it means is considerably less fine. > I could make the code less verbose by using use clauses, similar to > "using namespace std" which you seem fond of. In avionics, our > coding standards forbid that because we want everything to be > explicit. A poor idea. Just for example, consider writing a generic sorting function. It needs to swap items that it's sorting. In well-written C++, this will often be done with a using clause. Specifically, if the type of items has provided its own specialized version of swap, then my sorting functino should use that, but otherwise it should use std::swap to swap them. If I try to specify whatever_type::swap(x,y), then compilation will fail if the type has not provided a swap function. Conversely, if I specify std::swap(x,y), then the specialized swap function won't be used for those types that provide one. The solution is something like: using namespace std; template void sort // ... // ... swap(x,y); and now, thanks to Koenig lookup, this will refer to a swap specifically for the type of x and y if there is one, but will use the swap in the standard library for those (many) types that don't provide special swapping code. [ ... ] > > Someone who places much hopes on the language to protect him from > > his mistakes, probably ADA is better than C++ on this. > > Hear, hear! Actually, having used both (as well as Verilog and VHDL, which are based fairly close on C and Ada respectively) I'm not particularly convinced this is true. Personally, I think the _vast_ majority of the safety of Ada is an illusion. In the end, code that works well is a product of a good programming doing his job well, NOT of a particular language. Now, it's certainly true that people can (and frequently do) cite statistics showing that code written in Ada has fewer bugs, etc., as proving that the language is safer. Even assuming the citations are correct (which I'm not sure is true, but for the moment, let's assume they are), they don't necessarily prove that -- or much of anything else, for that matter. The problem is that the reputation of a language tends to become a self-fulfilling prophecy. Managers who are running safety critical projects often choose Ada because they "know" it's safer -- and then run their projects in ways that would assure solid results, regardless of implementation language. Likewise, programmers who are strongly attracted toward disciplined software engineering, will often be attracted to Ada because it has that reputation (and to an extent, that "feeling" as well). At the opposite extreme, the managers who are most interested in pushing a product out the door in minimal time and don't mind bugs, rarely choose Ada -- and run their projects in ways that would produce buggy products regardless of language. Likewise, the "cowboy" programmers never learn Ada at all -- as soon as they learn of its reputation, they avoid it like the plague. As such, showing causation (rather than mere correlation) becomes essentially impossible at best -- and here in the real world, the truth could even be exactly the opposite of what the statistics "prove." Then again, all of the above should probably be taken with a large grain of salt. That wouldn't necessary if what I'd been consuming for the last couple of hours was salt, but thanks to Warren Winiarski, that wasn't the case... :-) -- Later, Jerry. The universe is a figment of its own imagination.