From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Thread: 103376,c9d5fc258548b22a X-Google-NewGroupId: yes X-Google-Attributes: gida07f3367d7,domainid0,public,usenet X-Google-Language: ENGLISH,ASCII Path: g2news1.google.com!postnews.google.com!x1g2000yqb.googlegroups.com!not-for-mail From: Ludovic Brenta Newsgroups: comp.lang.ada Subject: Re: How do I write directly to a memory address? Date: Tue, 8 Feb 2011 01:58:43 -0800 (PST) Organization: http://groups.google.com Message-ID: <1fb3ce45-ffcc-4c1c-8f76-d151975c8425@x1g2000yqb.googlegroups.com> References: <67063a5b-f588-45ea-bf22-ca4ba0196ee6@l11g2000yqb.googlegroups.com> <05a3673e-fb97-449c-94ed-1139eb085c32@x1g2000yqb.googlegroups.com> <8r86vgFc3uU1@mid.individual.net> <19fh1chm74f9.11cws0j5bckze.dlg@40tude.net> <4d4ff70e$0$6886$9b4e6d93@newsspool2.arcor-online.net> <737a6396-72bd-4a1e-8895-7d50f287960e@d28g2000yqc.googlegroups.com> <4d5008a5$0$6879$9b4e6d93@newsspool2.arcor-online.net> <4d5031fe$0$6765$9b4e6d93@newsspool3.arcor-online.net> <1f229967-d3cf-42b6-8087-c97ee08652f3@i40g2000yqh.googlegroups.com> <4d5110ea$0$7669$9b4e6d93@newsspool1.arcor-online.net> NNTP-Posting-Host: 153.98.68.197 Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Trace: posting.google.com 1297159123 16141 127.0.0.1 (8 Feb 2011 09:58:43 GMT) X-Complaints-To: groups-abuse@google.com NNTP-Posting-Date: Tue, 8 Feb 2011 09:58:43 +0000 (UTC) Complaints-To: groups-abuse@google.com Injection-Info: x1g2000yqb.googlegroups.com; posting-host=153.98.68.197; posting-account=pcLQNgkAAAD9TrXkhkIgiY6-MDtJjIlC User-Agent: G2/1.0 X-HTTP-UserAgent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.6) Gecko/2009012111 Red Hat/3.0.6-1.el5 Firefox/3.0.6,gzip(gfe) Xref: g2news1.google.com comp.lang.ada:16969 Date: 2011-02-08T01:58:43-08:00 List-Id: Georg Bauhaus wrote: > On 2/8/11 9:04 AM, Ludovic Brenta wrote: >>> Ease of implementation when pushing parameters? > >>> void foo(int countdown) >>> { >>> =A0 =A0while (--countdown) { >>> =A0 =A0 =A0fputc('.', stdout); >>> =A0 =A0} >>> =A0 =A0fputc('\n', stdout); >>> } > >> That's what I meant by "variants of premature optimization". =A0If all >> parameters were const, as in Ada, the programmer would simply declare >> a local variable, like in Ada. =A0And the bug I was talking about would >> become blatantly obvious. > > As I said, maybe that was easier to implement for the > C language and compiler makers. Yes. This is the root cause why C is so bad for everyone else. > You'd have to demonstrate that an Ada procedure, needing > an extra loop variable, will produce the same code. > (Hopefully, it does not!) Hopefully, it does, except for the precondition check that Countdown >=3D 0. >> BTW, like I said, *every* time I look at C code, I see a bug. In your >> case, foo has undefined behavior if countdown is negative. > > We are playing Monopoly, aren't we. =A0You won't be winning a > single C programmer with this style of non-framed single > issue logic triggered only by stupid misuse of a perfectly > working solution. I don't know what you mean with Monopoly but, if I were trying to win over C programmers, I'd be on comp.lang.c right now. And this is *not* "stupid misuse of a perfectly working solution", it is strict interpretation of the explicit contract that you yourself had provided: the function "foo" accepts a *signed* integer as its parameter. The "stupid misuse" is yours; you should have used "unsigned int" to express your contract, and then accounted for the possibility that the parameter could be zero. > As Hyman said, there are tons of well working C programs out there, > very likely using some int i, plus increment or decrement. And the majority of these tons of "working" programs were broken the instant GCC started to optimize overflows away. > Well, there is a related CVE every other week, but (a) there > aren't equally many Ada programs, (b) if programmers don't know > what INT_MAX + 1 is, they shouldn't be programming in C, and Ah that's a good one. It is perfectly true. It is well known that C was created only for perfect programmers who never make mistakes. But these programmers, if they exist, do not need C; they can simply "cat > a.out", can't they? > (c) by single case logic, Ada's type system has not prevented > deaths in Ariane 5 anyway. Huh? -- Ludovic Brenta.