From: "Warren W. Gay VE3WWG" <ve3wwg@home.com>
Subject: Re: Proving Correctness (was Java Portability)
Date: Tue, 31 Jul 2001 04:40:26 GMT
Date: 2001-07-31T04:40:26+00:00 [thread overview]
Message-ID: <3B6636BA.96FD8348@home.com> (raw)
In-Reply-To: DF897.3617$ee.3921026@nnrp5.proxad.net
nicolas wrote:
> "Warren W. Gay VE3WWG" <ve3wwg@home.com> a �crit dans le message news:
> 3B619A6D.5DD6E782@home.com...
> > I'd like to offer a slightly different "analogy" :
> >
> > _flamesuit on_
> >
> > The shopper looks at the Ada car, and notices that it has seatbelts and
> > of course 4 doors on it. The programmer says, but I don't want to be
> > restrained from accessing the outdoors -- I go through drive-throughs
> > a lot..
> >
> > The shopper than goes down the street and settles on the C++ car
> > which does not have the restrictive seat belts, and of course,
> > _NO_ doors to get in the way ;-) The Java car has seatbelts, but
> > no doors...
> >
> > _flamesuit off_
>
> I wouldn't see good and easy to use debuggers, standard libraries, GUI, IDE
> coming with the compiler, etc ...
> as tools going against safety concerns ....
It's difficult for me to understand what the precise jist of your message
is here. One of the things you have meantioned here, suggest that you're
implying that YFL (your favourite language) provides a debugger, and so
that qualifies it to be just as safe as Ada. Am I reading too much into this?
This will be the only issue that I'll respond to here:
First of all, there are debuggers for Ada. The real issue however is more
along these lines, that an example might best highlight WRT safety :
Let's say your country has contracted two individuals to write a text based
chess program, that will compete in the global Chess Olympics (you are one
of the ones chosen and free to use YFL). The committee
is not sure what the implementation should be, but they want the
final implementation to be rock solid, and
to not only obey all the rules of play under all circumstances,
but it must not core dump.
Further, it must carry out an algorithm that
has been designed by your country's sharpest chess master.
So you write a text based chess game in YFL (your favourite
language, but not Ada), according to the committees requirements.
You write the code, and eventually go through several iterations
of testing in and out of YFD (your favourite debugger).
Now, another programmer uses Ada to accomplish the same task. He may well
use a debugger, but he might not need it. This largely depends upon the
skill of the programmer, of course, in any language. (This is just more
likely in Ada, but we can ignore this if it bothers you).
Now, both implementations are considered "complete" by their programmers,
and the sponsoring committee wants to have assurances from both, about
their correctness and readiness to carry out the chess match. The committee
must now choose which implementation to use. If the chosen implementation
should core dump, break a rule or fail performance wise, the country will
lose the match, with "egg on face." The chess master behind the software
chess algorithms will also lose face. Consequently, the committee is
eager to choose the best implementation (it is "mission critical").
The non-Ada person has to submit that his program is correct on the basis
of testing. But the sponsoring committee asks "but how can you be sure
that you've done enough testing?" You might answer "there are too many
possibilities to check.. I cannot check all possibilities, but my testing
was _extensive_."
You're basically expecting to have the committee accept your implementation
on the basis that you tested "extensively" (the qualifications of the two
programmers where judged equal at the start).
The Ada person has the same challenge. He answers the sponsoring committee
that "I have tested _extensively_ and found no faults". But he can add
that "I have also had the source code audited by Ada professionals. This
has been done over and above what the 'computer' has checked at compile
time, during the project's development <insert Ada strengths about
strong type checking, module [package] isolation etc. etc.>."
The bottom line here is that Ada provides much greater assurances about
software correctness, than any other language that I am aware of. It is
also quite easy to read, making it easy to audit. Auditing C/C++ is a
nightmare, and easily error prone for humans. Java is an improvement,
but still falls short.
In short, given that both implementations tested OK in front of the
committee, the committee chose to go with the Ada implementation. It's
not hard to see why.
The time is now past when people are concerned about efficiency. If it
is not already here, it will be here in a few more years as CPUs jump
another order of magnitude or so, forward in speed.
As software becomes bloated by another order of magnitude (which ususally
follows CPU speed), then we'll be even more concerned about software
reliability than ever before. We have built "towers of babel" on C/C++
frameworks. This is costly in security terms, and for reliability. If
we keep building "higher towers", we'll need more reliable footings
on which to build.
People abandoned assembly language for operating systems for the same
reasons. The time is coming when people will abondon C for operating
systems for "safer language".
Whether for applications or operating systems, I believe the time is
coming soon when people will be forced to look at Ada as an option
for building that next "big system". People are already scratching
their heads in this area. At some point, the light bulb will start
going on and a few more people will discover Ada. It is a language
that has already been designed to solve the problems that others are
looking for solutions in. It has the advantage that it has a lot
of experience, which is something that a designer of a new language
would be loath to throw away.
Some already have figured out, that Ada is a "good thing". More
will follow.
> Good luck if you want to convince Java or C++ programmers ... It could be a
> lot of fun, but I'm not sure they will even listen to you.
I was poking fun. I have to use C/C++ in my day job.
--
Warren W. Gay VE3WWG
http://members.home.net/ve3wwg
next prev parent reply other threads:[~2001-07-31 4:40 UTC|newest]
Thread overview: 198+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-07-20 16:50 An Ada IDE and discussions Beard, Frank
2001-07-20 19:19 ` Ted Dennison
2001-07-23 8:26 ` nicolas
2001-07-23 8:53 ` Java portability (was: An Ada IDE and discussions) Jean-Pierre Rosen
2001-07-23 9:32 ` Gerhard Häring
2001-07-23 11:26 ` Jean-Pierre Rosen
2001-07-24 18:59 ` Florian Weimer
2001-07-25 8:40 ` Jean-Pierre Rosen
2001-07-25 10:23 ` David C. Hoos, Sr.
2001-07-25 20:50 ` Florian Weimer
2001-07-26 8:07 ` Jean-Pierre Rosen
2001-07-23 9:48 ` nicolas
2001-07-23 11:23 ` Jean-Pierre Rosen
2001-07-23 12:07 ` nicolas
2001-07-23 13:57 ` Jean-Pierre Rosen
2001-07-23 16:55 ` Marc A. Criley
2001-07-24 9:26 ` nicolas
2001-07-24 12:19 ` Marc A. Criley
2001-07-24 13:10 ` nicolas
2001-07-24 20:30 ` Marc A. Criley
2001-07-25 7:56 ` nicolas
2001-07-26 13:20 ` Java portability Georg Bauhaus
2001-07-26 15:13 ` nicolas
2001-07-27 9:52 ` Georg Bauhaus
2001-07-27 10:22 ` nicolas
2001-07-27 14:17 ` Marin David Condic
2001-07-27 16:44 ` Warren W. Gay VE3WWG
2001-07-27 17:13 ` Marin David Condic
2001-07-27 20:09 ` Stefan Skoglund
2001-07-27 20:12 ` Straight Jackets Warren W. Gay VE3WWG
2001-07-30 8:12 ` Java portability nicolas
2001-07-31 4:40 ` Warren W. Gay VE3WWG [this message]
2001-07-31 8:12 ` Proving Correctness (was Java Portability) nicolas
2001-07-31 13:13 ` Marin David Condic
2001-07-31 14:40 ` nicolas
2001-08-02 9:52 ` Georg Bauhaus
2001-08-02 10:45 ` nicolas
2001-08-02 13:30 ` Marin David Condic
2001-08-02 14:30 ` nicolas
2001-08-02 15:49 ` Marin David Condic
2001-08-02 18:57 ` Georg Bauhaus
2001-08-02 20:27 ` Wes Groleau
2001-08-05 2:40 ` rob
2001-08-05 10:15 ` Pascal Obry
2001-08-02 8:44 ` Georg Bauhaus
2001-08-02 10:02 ` nicolas
2001-08-02 13:26 ` Jacob Sparre Andersen
2001-08-02 14:18 ` nicolas
2001-08-02 21:46 ` Georg Bauhaus
2001-08-03 8:12 ` nicolas
2001-08-03 13:18 ` Georg Bauhaus
2001-08-03 13:59 ` nicolas
2001-08-03 13:51 ` Marin David Condic
2001-08-03 14:54 ` Georg Bauhaus
2001-08-03 15:16 ` nicolas
2001-08-03 17:10 ` Georg Bauhaus
2001-08-06 8:52 ` nicolas
2001-08-06 9:39 ` Mike
2001-08-06 11:37 ` nicolas
2001-08-06 13:24 ` Pascal Obry
2001-08-06 14:30 ` nicolas
2001-08-06 15:38 ` Pascal Obry
2001-08-06 16:45 ` Stephen Leake
2001-08-07 0:14 ` Pascal Obry
2001-08-07 7:18 ` Ole-Hjalmar Kristensen
2001-08-07 17:43 ` Stephen Leake
2001-08-07 18:07 ` Marin David Condic
2001-08-08 10:15 ` Ole-Hjalmar Kristensen
2001-08-07 8:06 ` nicolas
2001-08-07 10:33 ` Pascal Obry
2001-08-07 11:12 ` nicolas
2001-08-07 8:44 ` nicolas
2001-08-07 22:12 ` Larry Elmore
2001-08-07 22:54 ` Marin David Condic
2001-08-08 7:45 ` nicolas
2001-08-11 23:17 ` Larry Elmore
2001-08-13 13:29 ` Marin David Condic
2001-08-08 8:01 ` nicolas
2001-08-11 23:49 ` Larry Elmore
2001-08-13 13:51 ` Marin David Condic
2001-08-08 10:22 ` Ole-Hjalmar Kristensen
2001-08-08 13:46 ` Marin David Condic
2001-08-08 14:25 ` Leif Roar Moldskred
2001-08-08 15:28 ` Marin David Condic
2001-08-08 18:03 ` tmoran
2001-08-09 12:29 ` Leif Roar Moldskred
2001-08-09 16:21 ` Marin David Condic
2001-08-09 7:12 ` Ole-Hjalmar Kristensen
2001-08-11 23:57 ` Larry Elmore
2001-08-06 14:43 ` nicolas
2001-08-06 15:37 ` Pascal Obry
2001-08-06 15:45 ` Marin David Condic
2001-08-07 7:20 ` Ole-Hjalmar Kristensen
2001-08-06 23:14 ` The pace of change (was Proving Correctness (was Java Portability)) Warren W. Gay VE3WWG
2001-08-09 17:44 ` Proving Correctness (was Java Portability) Stefan Skoglund
2001-08-06 15:41 ` Marin David Condic
2001-08-06 13:14 ` Pascal Obry
2001-08-06 14:16 ` nicolas
2001-08-06 15:45 ` Pascal Obry
2001-08-06 16:14 ` nicolas
2001-08-06 16:41 ` Stephen Leake
2001-08-07 8:11 ` nicolas
2001-08-07 10:47 ` Pascal Obry
2001-08-07 11:31 ` nicolas
2001-08-07 11:50 ` nicolas
2001-08-07 14:08 ` Marin David Condic
2001-08-07 19:19 ` David Starner
2001-08-07 20:56 ` tmoran
2001-08-07 22:32 ` Ed Falis
2001-08-09 21:20 ` Pascal Obry
2001-08-07 22:31 ` Marin David Condic
2001-08-08 5:24 ` David Starner
2001-08-08 14:34 ` Marin David Condic
2001-08-08 18:03 ` tmoran
2001-08-09 4:31 ` David Starner
2001-08-09 20:56 ` David Starner
2001-08-09 21:00 ` David Starner
2001-08-08 12:17 ` Georg Bauhaus
2001-08-08 14:54 ` Marin David Condic
2001-08-08 19:20 ` Georg Bauhaus
2001-08-08 19:49 ` Marin David Condic
2001-08-09 12:31 ` Georg Bauhaus
2001-08-09 17:34 ` Marin David Condic
2001-08-10 4:29 ` Simon Wright
2001-08-13 14:09 ` Georg Bauhaus
2001-08-13 14:26 ` Marin David Condic
2001-08-14 11:58 ` Georg Bauhaus
2001-08-13 19:38 ` Simon Wright
2001-08-07 20:56 ` Florian Weimer
2001-08-07 22:43 ` Marin David Condic
2001-09-05 15:33 ` Ted Dennison
2001-08-06 16:37 ` Stephen Leake
2001-08-06 17:44 ` tmoran
2001-08-07 8:31 ` nicolas
2001-08-07 9:06 ` Leif Roar Moldskred
2001-08-07 9:20 ` nicolas
2001-08-07 10:01 ` Leif Roar Moldskred
2001-08-07 10:29 ` nicolas
2001-08-07 10:54 ` Leif Roar Moldskred
2001-08-07 11:28 ` nicolas
2001-08-07 23:02 ` Larry Elmore
2001-08-08 8:37 ` nicolas
2001-08-12 0:22 ` Larry Elmore
2001-08-07 21:52 ` Ada Components " Lao Xiao Hai
2001-08-08 17:09 ` Brian Rogoff
2001-08-08 10:50 ` More Uniform Ada libraries (was: Proving Correctness) Larry Kilgallen
[not found] ` <y%Ob7.737$ep5.11352@news1.okOrganization: LJK Software <0TDoe8bALz3g@eisner.encompasserve.org>
2001-08-08 12:03 ` nicolas
2001-08-08 12:11 ` Larry Kilgallen
[not found] ` <y%Ob7.737$ep5.11352@news1.okOrganization: LJK Software <uiGL0WHzXluf@eisner.encompasserve.org>
2001-08-08 13:03 ` nicolas
2001-08-08 15:05 ` Marin David Condic
2001-08-08 15:51 ` nicolas
2001-08-08 18:03 ` tmoran
2001-08-08 19:16 ` Marin David Condic
2001-08-08 21:36 ` Stephen Leake
2001-08-09 7:47 ` nicolas
2001-08-10 15:44 ` Stephen Leake
2001-09-04 4:32 ` brentcarnellis
2001-09-04 4:36 ` Ed Falis
2001-09-05 0:01 ` Jeff Creem
2001-09-05 4:13 ` brentcarnellis
2001-09-05 13:13 ` Samuel T. Harris
2001-09-06 5:08 ` brentcarnellis
2001-09-06 13:29 ` Samuel T. Harris
2001-09-07 3:56 ` brentcarnellis
2001-09-07 12:45 ` Samuel T. Harris
2001-08-07 12:09 ` Proving Correctness (was Java Portability) Larry Kilgallen
2001-08-06 16:12 ` Darren New
2001-08-07 12:12 ` Georg Bauhaus
2001-08-07 12:26 ` nicolas
2001-08-07 12:37 ` nicolas
[not found] ` <9kelv1$riq$ <3B72CC18.F07195D1@ebox.tninet.se>
2001-08-12 6:34 ` Simon Wright
2001-08-04 4:14 ` Warren W. Gay VE3WWG
2001-08-03 13:43 ` Marin David Condic
2001-08-03 14:15 ` nicolas
2001-08-04 22:31 ` AG
2001-08-06 8:19 ` nicolas
2001-08-06 15:56 ` Marin David Condic
2001-08-03 16:02 ` Georg Bauhaus
2001-08-03 15:25 ` Larry Kilgallen
[not found] ` <9Organization: LJK Software <pLczjM8J5xm3@eisner.encompasserve.org>
2001-08-03 15:27 ` Marin David Condic
2001-08-01 18:49 ` Java portability John Doe
2001-08-02 4:38 ` Warren W. Gay VE3WWG
2001-07-27 19:44 ` Stefan Skoglund
2001-07-27 20:43 ` Marin David Condic
2001-07-28 1:04 ` Java portability (was: An Ada IDE and discussions) Lao Xiao Hai
2001-07-28 21:45 ` Stefan Skoglund
2001-07-26 13:19 ` Java portability Georg Bauhaus
2001-07-26 15:07 ` nicolas
2001-07-27 9:36 ` Georg Bauhaus
2001-07-27 9:56 ` nicolas
2001-07-27 13:06 ` Georg Bauhaus
[not found] ` <9jrcmm$mc0$1@aOrganization: LJK Software <Yjoj5DGkwoqg@eisner.encompasserve.org>
2001-07-27 11:43 ` nicolas
2001-07-27 12:02 ` Larry Kilgallen
2001-08-02 2:43 ` Robert Dewar
2001-08-02 13:18 ` Marc A. Criley
2001-08-02 8:03 ` Larry Kilgallen
2001-07-30 20:00 ` Java portability (was: An Ada IDE and discussions) Dave Adlam
2001-07-24 2:54 ` An Ada IDE and discussions Warren W. Gay VE3WWG
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox