From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-0.9 required=5.0 tests=BAYES_00,FORGED_GMAIL_RCVD, FREEMAIL_FROM autolearn=no autolearn_force=no version=3.4.4 X-Google-Thread: 103376,21960280f1d61e84 X-Google-Attributes: gid103376,public X-Google-Language: ENGLISH,ASCII-7-bit Path: g2news2.google.com!postnews.google.com!s48g2000cws.googlegroups.com!not-for-mail From: "Harald Korneliussen" Newsgroups: comp.lang.ada Subject: Re: How come Ada isn't more popular? Date: 25 Jan 2007 23:16:10 -0800 Organization: http://groups.google.com Message-ID: <1169795770.615567.64860@s48g2000cws.googlegroups.com> References: <1169531612.200010.153120@38g2000cwa.googlegroups.com> <20070123211651.c0d43695.tero.koskinen@iki.fi> <87zm89tpk7.fsf@ludovic-brenta.org> <4q4pqgmdwo.fsf@hod.lan.m-e-leypold.de> <1169719988.972296.121430@a75g2000cwd.googlegroups.com> <4iauh.1157694$084.1040745@attbi_s22> NNTP-Posting-Host: 213.184.192.82 Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" X-Trace: posting.google.com 1169795786 11176 127.0.0.1 (26 Jan 2007 07:16:26 GMT) X-Complaints-To: groups-abuse@google.com NNTP-Posting-Date: Fri, 26 Jan 2007 07:16:26 +0000 (UTC) In-Reply-To: <4iauh.1157694$084.1040745@attbi_s22> User-Agent: G2/1.0 X-HTTP-UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; nb-NO; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1,gzip(gfe),gzip(gfe) Complaints-To: groups-abuse@google.com Injection-Info: s48g2000cws.googlegroups.com; posting-host=213.184.192.82; posting-account=5vUApw0AAADF5Kx_4-L9ZPdL9lZywYoQ Xref: g2news2.google.com comp.lang.ada:8586 Date: 2007-01-25T23:16:10-08:00 List-Id: On 25 Jan, 23:36, "Jeffrey R. Carter" wrote: > The only safe use of C is as a target language for code generators (such > as the SofCheck Ada -> C compiler). The continuing creation of > buffer-overflow errors in C shows that, in practice, it is impossible > for humans to create safe C. > Not to promote C myself, but there exist tools which may be useful. Run-time checking such as can be achieved with profilers and malloc-replacements don't cut it, IMO, since they only find errors in the most trodden paths of the program. Static analysers, like the one promoted by Coverity, now there's something valuable. Aslo, annotation-based analyzers like splint can probably make programs as safe as Ada if the developers actually take the time to use them. Another interesting approach is that taken by CCured, of transforming C programs by classifying pointers according to usage, and then inserting run-time checks to guarantee no access violations of memory corruption. These are interesting, practical approaches for those of us who have to maintain C code. The downside is that the further your program strays from ansi C (not to say into C++!), the less tools are available.