From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,85034d1ac78a66eb X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2002-03-18 08:18:32 PST Path: archiver1.google.com!news1.google.com!newsfeed.stanford.edu!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!cpk-news-hub1.bbnplanet.com!cambridge1-snf1.gtei.net!news.gtei.net!inmet!not-for-mail From: Tucker Taft Newsgroups: comp.lang.ada Subject: Re: Ada Operating System Date: Mon, 18 Mar 2002 11:18:26 -0500 Organization: AverCom Corp, a Titan company Message-ID: <3C961352.DE25ADF1@avercom.net> References: <3c77b476.322111671@news.cis.dfn.de> <3C88E0D1.89161C16@despammed.com> <3C8A3999.2000301@earthlink.net> <3C8B0191.3080705@mail.com> <3C8C3C4E.9030703@mail.com> NNTP-Posting-Host: 192.168.24.34 Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Trace: inmet2.burl.averstar.com 1016468281 29128 192.168.24.34 (18 Mar 2002 16:18:01 GMT) X-Complaints-To: usenet@inmet2.burl.averstar.com NNTP-Posting-Date: 18 Mar 2002 16:18:01 GMT X-Mailer: Mozilla 4.79 [en] (X11; U; SunOS 5.7 sun4u) X-Accept-Language: en Xref: archiver1.google.com comp.lang.ada:21410 Date: 2002-03-18T16:18:01+00:00 List-Id: Marin David Condic wrote: > > There's absolutely no getting around the fact that not all errors in > programs are the kinds of things that can be caught by a compiler. Weak > design, incorrect logic, failure to check all conditions, etc. are all > things that no programming language can make up for with compile or runtime > checks. I don't know that anyone here has ever contended that programming in > Ada was going to result in error-free code. > > I think the reasoning goes something like this: You can make logic errors in > *any* programming language. You can make a whole slew of simple programming > errors that are catchable by a compiler (what should we name these? "Coding > Errors"? Let's call them that for the time being.) So if Ada allows you to > make Logic Errors, but not Coding Errors and C/C++ lets you make both Logic > *and* Coding errors, then it stands to reason that in general, programs will > have fewer errors if written in Ada. I always use a spell-checker as an > analogy. No spell-checker will stop me from saying stupid things - but it > can help me catch the more mundane errors in what I write & thus reduce the > overall error rate. I would go a bit further than that. It is true that Ada is very good at catching "stupid" errors like leaving out a semicolon, misspelling an identifier, swapping the order of parameters, indexing with the wrong variable, etc. But the surprising thing, once you start using a language like Ada, is the number of "subtle" errors that it catches. May favorite analogy is that of trying to ski down a ski slope. If there are is just one (slalom) gate on the slope, pretty much anyone can make it through the gate and down the slope. However, once you get a few dozen gates, you have to have a "deeply correct" understanding of skiing to make it through the "gauntlet," even though each gate is checking something "trivial." In the same way, Ada throws up several "gates" on every line of the program, both picky compile-time checks, and run-time checks for things that can't be proved correct at compile-time. The actual number of checks performed compared to languages with a weaker typing model is quite impressive when you start counting them. All of these checks are of the "mundane" variety, but the combination of them all creates a gauntlet that, typically, only a "deeply consistent" program can satisfy. The empirical evidence is that a program written in a language with as many consistency checks as Ada, once it makes it through the compile-time and run-time gauntlets, is much closer to being "correct" than a program with a weaker gauntlet to pass. And the overall time required to bring a program to the desired level of quality is significantly less because of these gauntlets made up of "trivial" checks. > BTW: I've had metrics on projects that bear this out. Its not just theory, > but something measurable. > > None of that means that an OS written in Ada is going to automagically be a > better thing than Linux or Windows or anything else out on the market. It > *can* be better, but it won't be just by virtue of the fact that it is > written in Ada. I don't know that anyone here ever claimed it would be. > > MDC > > -- > Marin David Condic > Senior Software Engineer > Pace Micro Technology Americas www.pacemicro.com > Enabling the digital revolution > e-Mail: marin.condic@pacemicro.com > Web: http://www.mcondic.com/ > > "Hyman Rosen" wrote in message > news:3C8C3C4E.9030703@mail.com... > > > > But this sort of thing isn't part of Ada, so if AdaOS will have it, > > it will be because some decides to implement it. It then becomes > > difficult to argue that the safety of AdaOS is due to the safety of > > Ada. > > -- -Tucker Taft stt@avercom.net http://www.avercom.net Chief Technology Officer, AverCom Corporation (A Titan Company) Bedford, MA USA (AverCom was formerly the Commercial Division of AverStar: http://www.averstar.com/~stt)