From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,6b6619eb9cada212 X-Google-Attributes: gid103376,public From: Chris Powell Subject: Re: Help me to chose between ADA 95 and C++ Date: 1999/12/15 Message-ID: <38575F3A.9B5B0F9B@rdel.co.uk>#1/1 X-Deja-AN: 560907312 Content-Transfer-Encoding: 7bit References: <01bf37fb$a91afb60$0564a8c0@IS-D2D04C.test> <829rbv$a8m$1@nntp6.atl.mindspring.net> <01bf3e32$0b9dc880$022a6282@dieppe> <385112AE.7E2CFA9@rdel.co.uk> <833d8i$sjf$1@nntp5.atl.mindspring.net> <38566835.B4A2D48@rdel.co.uk> X-Accept-Language: en Content-Type: text/plain; charset=us-ascii X-Complaints-To: postmaster@rdel.co.uk X-Trace: rdel.co.uk 945250126 19243 172.16.10.14 (15 Dec 1999 09:28:46 GMT) Organization: Blackbox Software UK Ltd Mime-Version: 1.0 NNTP-Posting-Date: 15 Dec 1999 09:28:46 GMT Newsgroups: comp.lang.ada Date: 1999-12-15T09:28:46+00:00 List-Id: Simon Wright wrote: > > Chris Powell writes: > > > Did the coding standard for the safety-critical software developed allow > > full use of Ada 95 constructs? My experience of safety-critical software > > is that while Ada is usually the chosen language, most of the Ada > > language features are disallowed. I worked on one project where > > constrained types were not allowed (because they are more likely to > > raise exceptions than unconstrained types), no packages (because data > > hiding limited testability) and certainly nothing as difficult to test > > as inheritance/polymorphism could be used. > > I can understand most of this, even if I don;t like it: indeed SPARK > Ada would probably not differ (speaking only as one who knows the name > of it): but not allowing constrained types! because they are "more > likely to raise exceptions than unconstrained types"!!!!! Isn't the > standard practice in SC software to PROVE that no exceptions will be > raised and THEN disable range checking? and wouldn't you expect it to > be easier to do the proof if you give the prover a helping hand by > using constrained types? I agree with you and found the whole thing quite frustrating. I tend to avoid safety critical work now... It always seemed like the decisions made about what we could and could not use were made by safety critical software experts, who were never programmers. Chris.