Re: Ada Operating System

[Tucker Taft <stt@avercom.net>]

Marin David Condic wrote:
> 
> There's absolutely no getting around the fact that not all errors in
> programs are the kinds of things that can be caught by a compiler. Weak
> design, incorrect logic, failure to check all conditions, etc. are all
> things that no programming language can make up for with compile or runtime
> checks. I don't know that anyone here has ever contended that programming in
> Ada was going to result in error-free code.
> 
> I think the reasoning goes something like this: You can make logic errors in
> *any* programming language. You can make a whole slew of simple programming
> errors that are catchable by a compiler (what should we name these? "Coding
> Errors"? Let's call them that for the time being.) So if Ada allows you to
> make Logic Errors, but not Coding Errors and C/C++ lets you make both Logic
> *and* Coding errors, then it stands to reason that in general, programs will
> have fewer errors if written in Ada. I always use a spell-checker as an
> analogy. No spell-checker will stop me from saying stupid things - but it
> can help me catch the more mundane errors in what I write & thus reduce the
> overall error rate.

I would go a bit further than that.  It is true that Ada is very good at
catching "stupid" errors like leaving out a semicolon, misspelling an
identifier, swapping the order of parameters, indexing with the wrong
variable, etc.  But the surprising thing, once you start using a language
like Ada, is the number of "subtle" errors that it catches.  May favorite
analogy is that of trying to ski down a ski slope.  If there are is just
one (slalom) gate on the slope, pretty much anyone can make it through the gate
and down the slope.  However, once you get a few dozen gates, you have 
to have a "deeply correct" understanding of skiing to make it through
the "gauntlet," even though each gate is checking something "trivial."

In the same way, Ada throws up several "gates" on every line of the
program, both picky compile-time checks, and run-time checks for things
that can't be proved correct at compile-time.  The actual number of
checks performed compared to languages with a weaker typing model
is quite impressive when you start counting them.  All of these
checks are of the "mundane" variety, but the combination of them
all creates a gauntlet that, typically, only a "deeply consistent" 
program can satisfy.  The empirical evidence is that a program
written in a language with as many consistency checks as Ada, once
it makes it through the compile-time and run-time gauntlets, is much
closer to being "correct" than a program with a weaker gauntlet
to pass.  And the overall time required to bring a program to the
desired level of quality is significantly less because of these
gauntlets made up of "trivial" checks.

> BTW: I've had metrics on projects that bear this out. Its not just theory,
> but something measurable.
> 
> None of that means that an OS written in Ada is going to automagically be a
> better thing than Linux or Windows or anything else out on the market. It
> *can* be better, but it won't be just by virtue of the fact that it is
> written in Ada. I don't know that anyone here ever claimed it would be.
> 
> MDC
> 
> --
> Marin David Condic
> Senior Software Engineer
> Pace Micro Technology Americas    www.pacemicro.com
> Enabling the digital revolution
> e-Mail:    marin.condic@pacemicro.com
> Web:      http://www.mcondic.com/
> 
> "Hyman Rosen" <hyrosen@mail.com> wrote in message
> news:3C8C3C4E.9030703@mail.com...
> >
> > But this sort of thing isn't part of Ada, so if AdaOS will have it,
> > it will be because some decides to implement it. It then becomes
> > difficult to argue that the safety of AdaOS is due to the safety of
> > Ada.
> >

-- 
-Tucker Taft   stt@avercom.net   http://www.avercom.net
Chief Technology Officer, AverCom Corporation (A Titan Company) 
Bedford, MA  USA (AverCom was formerly the Commercial Division of AverStar:
http://www.averstar.com/~stt)