From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Thread: 103376,703c4f68db81387d X-Google-Thread: 109fba,703c4f68db81387d X-Google-Thread: 115aec,703c4f68db81387d X-Google-Thread: f43e6,703c4f68db81387d X-Google-Attributes: gid103376,gid109fba,gid115aec,gidf43e6,public X-Google-Language: ENGLISH,ASCII-7-bit Path: g2news1.google.com!postnews.google.com!z14g2000cwz.googlegroups.com!not-for-mail From: "Jerry Coffin" Newsgroups: comp.lang.ada,comp.lang.c++,comp.realtime,comp.software-eng Subject: Re: Teaching new tricks to an old dog (C++ -->Ada) Date: 9 Mar 2005 16:12:34 -0800 Organization: http://groups.google.com Message-ID: <1110413554.100026.174630@z14g2000cwz.googlegroups.com> References: <4229bad9$0$1019$afc38c87@news.optusnet.com.au> <1110032222.447846.167060@g14g2000cwa.googlegroups.com> <871xau9nlh.fsf@insalien.org> <3SjWd.103128$Vf.3969241@news000.worldonline.dk> <87r7iu85lf.fsf@insalien.org> <87is4598pm.fsf@insalien.org> <1110054476.533590@athnrd02> <1110059861.560004@athnrd02> <87wtsl7jts.fsf@insalien.org> <1110264816.858853.54020@l41g2000cwc.googlegroups.com> <1110336185.044049.21920@l41g2000cwc.googlegroups.com> <87wtsgfo7l.fsf@insalien.org> <1110408804.335616.161030@g14g2000cwa.googlegroups.com> <87oedsfm8g.fsf@insalien.org> NNTP-Posting-Host: 165.236.235.120 Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" X-Trace: posting.google.com 1110413559 5602 127.0.0.1 (10 Mar 2005 00:12:39 GMT) X-Complaints-To: groups-abuse@google.com NNTP-Posting-Date: Thu, 10 Mar 2005 00:12:39 +0000 (UTC) User-Agent: G2/0.2 Complaints-To: groups-abuse@google.com Injection-Info: z14g2000cwz.googlegroups.com; posting-host=165.236.235.120; posting-account=mZiOqwwAAAC5YZsJDHJLeReHGPXV5ENp Xref: g2news1.google.com comp.lang.ada:8987 comp.lang.c++:44880 comp.realtime:1164 comp.software-eng:4721 Date: 2005-03-09T16:12:34-08:00 List-Id: Ludovic Brenta wrote: > You seem to have mastered techniques to read faster than light :) Do you believe that the document was unavailable before you posted the link to it? In fairness, I'm not sure I'd read this exact version previously though, so when I have a bit more time, I'll probably reread it more carefully. Having Ada in the title doesn't _necessarily_ rule out its containing useful information. :-) [ ... ] > The document does not assume any tools to exist; it does not even > mandate the use of any tools. Sorry -- I probably should have said "techniques" rather than "tools", though I _hope_ anybody using these techniques uses tools to do so -- I'm reasonably certain that on any more than a truly trivial system, doing the job by hand would be exceptionally error prone. In any case, the "problem" with aliasing isn't in safety per se, but in verification. Better verification techniques might eliminate the problem. Likewise, it should be added that these techniques have problems with a number of other perfectly valid and legitimate types of programming that are not necessarily unsafe either. > All it says is that aliasing makes > "information flow analysis" and "symbolic execution" difficult. In > other words, it makes it more difficult to prove the correctness of > software. And provability of software is the single most important > concern in safety-critical applications. I doubt that, but if it really was true, Ada should almost certainly be avoided as well -- pure functional programming makes verification _considerably_ easier (and only in part because eliminating assignments eliminates the issue of aliasing). > In other application domains, of course, aliasing is not so frowned > upon. But this thread is about safety and, as others like Ioannis > have noted, safty does have a cost, e.g. in terms of flexibility. I don't agree that safety necessarily has to have a cost in flexibility. Certainly if Ada was the only way to achieve safety, the cost would be extreme, but I remain convinced there are other ways. In fact, much of language design is a matter of not merely balancing the two (which Ada does reasonably well) but of finding real solutions that allow flexibility without losing safety. Unfortunately, when Ada was being designed, the two seem to have been seen as direct tradeoffs, where increasing one necessarily reduced the other. In some cases, it looks to me like flexibility was constricted on the simple assumption that doing so _must_ improve safety, even if nobody knew how. -- Later, Jerry. The universe is a figment of its own imagination.