Re: Have you ever had a bug caused by...

[mjsilva697@earthlink.net (Mike Silva)]

David Bolen <db3l@fitlinxx.com> wrote in message news:<usncbuz01.fsf@ctwd0143.fitlinxx.com>...
> mjsilva697@earthlink.net (Mike Silva) writes:
> 
> > While discussing (er, pushing) Ada with some C-coding co-workers today
> > I asked a question to which I knew the answer (always the best kind!):
> >  "Have you ever had a bug caused by accessing off the end of an
> > array?"  Well, of course, they all had to say yes.  Then I started
> > thinking of other bugs that they would have to admit to, and which
> > wouldn't occur in Ada.  Nothing new here (Ada prevents many bugs...),
> > but I thought it would be fun and useful to develop a group list as an
> > Ada advocacy tool.  For example:
> 
> I'm curious as to how Ada _prevents_ such bugs.  Are you saying that
> no Ada programmer has ever had a bug caused by walking off the end of
> an array either?
> 
> I'll buy that Ada will catch that error more quickly than in C, and
> probably help isolate the problem more quickly.  And even that by
> using attributes such as Range, Low and High that you can write more
> robust code to avoid the issue (which is no small benefit).  But given
> that you can still compute indices and then attempt to dereference
> based on those computations, there has to be the occasional bug that
> is introduced through the use of indices that overflow the array.
> 
> And that's different from saying "wouldn't occur in Ada" ... there's a
> difference between better handling of the bug, and not having the bug
> ever occur.  Or to put it another way, if I have a bug that creates
> this condition (or say, tries to set a value outside its range, as in
> another example), generating an exception - even if handled - still
> implies the bug exists.
> 
> Some of the suggested items appear to be language checks that are
> completely possible at compile time, for which I'd buy the "can't
> happen" argument.  But any issues that can occur at runtime and
> require runtime checks and exceptions don't, IMHO, prevent bugs, but
> simply act to make it easier to diagnose and manage them when they do
> occur.

You're right -- I was imprecise in my language, and Ada has enough
real advantages that it doesn't need hyperbole.  As you say, some
types of bugs are completely prevented, others should never happen
when using the proper idioms (such as the use of attributes), while
others are simply caught at a much earlier stage.  Each of these
outcomes is vastly preferable to one of those horrible "six degrees of
separation" bugs in C where it can take days or weeks to trace back
from discovered effect to root cause.

Mike