From: Richard Riehle <richard@adaworks.com>
Subject: Re: Bye-bye Ada ?
Date: Tue, 04 Feb 2003 21:26:18 -0800
Date: 2003-02-05T05:16:54+00:00 [thread overview]
Message-ID: <3E40A07A.CD174746@adaworks.com> (raw)
In-Reply-To: 3NY_9.9226$x63.6255@nwrddc01.gnilink.net
Hyman Rosen wrote:
> Richard Riehle wrote:
> > I realize the Mr. H. Rosen will disagree with this viewpoint.
>
> On this day, I find it hard to summon much energy for a language war.
> I know *I* can write reasonably good software in C++. When we have
> errors, it's due to problems in logic, not problems in the language.
> But anyway, fine. Don't program in C++, do what you want.
Ah, and there's the issue. It is not that I want do program in Ada
instead
of something else. If I had my druthers, I'd probably use Smalltalk.
The
issue is not my preference, it is about choosing the correct tool for the
job to be done.
It is also not about whether someone who is an expert using a particular
set of tools can do the job better than someone who is not an expert.
During
a trip to Japan, I watched an expert in Japanese Joinery create the
components
for a Temple using only hand tools, his keen eye, and his many years of
experience. Each component fit together with a perfection few others
could achieve, even with more years of experience. This is an example
of craftsmanship that few could match.
In my view, C++ is too prone to errors, even when used by experienced
craftspersons. Those with the skill of the Japanese Joinery expert
cited
in the above paragraph are likely to produce defect-free code. We
cannot
depend on that level of expertise. It is rare. It is unpredictable. It
is
not easily confirmed. The more C++ code I see, and the more programmers
I see trying to use it, in particular, for weapon-systems, the more
concerned
I have become about the potential for failure due to unpredictable
behavior
in the resulting code. It is so easy to compile a C++ program that
behaves
strangely after executing for some unspecified period of time.
My preference for Ada is not made out of ignorance of the other options.
It is made because I have discovered that defect-free software is best
created when the creational tools assist in preventing defects. At
present, it is not a matter of _can_ we create defect-free software in
C++. We certainly can. It is, rather, what is the probability of the
code being defect-free in C++ and in Ada. In my view, there is
a greater likelihood of producing defect-free software in Ada than
in C++.
It is not only a matter of reducing defects. When I look at Ada and
then at C++, I realize that Ada provides other substantial benefits. In
Ada, used well, I achieve a greater level of traceability than I can
achieve in C++. Without resorting to embedded comments, I can
code in Ada so the meaning of each construct is intuitive, unambiguous,
and absolutely explicit, and do it more effectively than I can with
C++.
As I compare the two languages in terms of long-term maintenance,
it becomes clear, to me, that Ada supports this important goal far
better than C++. It is more readable long after being created. There
are far fewer little gotchas than I might expect in corresponding C++
code.
From where I sit, when making a decision about software that needs
to live a long time, must be maintained over a long time, must work
as predicted for a long time, it is clear that I must choose Ada over
C++. It is the responsible thing to do.
I don't know how well you know Ada. I do know C++ well enough
to realize that one can do some interesting and powerful designs
with it. We, you and I, do agree on the merits of the Alexandrescu
approach to using C++. However, even when choosing the valuable
design counsel from people such as Alexandrescu, Koenig, and Myers,
I still find the reliability gap, early in the development process, too
large to trust C++ for weapon systems -- systems that mean the
difference between life and death.
I don't care what language someone uses for run-of-the-mill software.
I might even choose C++ for that myself. In fact, I sometimes use
Visual C++ in my day-to-day programming. But I do care about
which language we choose when human safety is an issue. So far,
Ada seems to come closest to being the correct choice.
Richard Riehle
next prev parent reply other threads:[~2003-02-05 5:26 UTC|newest]
Thread overview: 84+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-01-31 16:19 Bye-bye Ada ? Wes Groleau
2003-01-31 17:22 ` chris.danx
2003-01-31 19:00 ` Wes Groleau
2003-02-01 14:29 ` Marin David Condic
2003-02-02 22:24 ` chris.danx
2003-02-03 13:20 ` Marin David Condic
2003-02-03 17:26 ` Richard Riehle
2003-02-04 13:22 ` Marin David Condic
2003-02-06 4:23 ` Richard Riehle
2003-02-06 13:03 ` Marin David Condic
2003-02-07 9:27 ` Ole-Hjalmar Kristensen
2003-02-07 12:37 ` Marin David Condic
2003-02-07 0:28 ` P S Norby
2003-02-07 3:33 ` Richard Riehle
2003-02-08 5:51 ` AG
2003-02-04 16:25 ` Robert C. Leif
2003-02-01 17:40 ` Alfred Hilscher
2003-02-01 18:51 ` Larry Kilgallen
2003-02-02 14:11 ` Alfred Hilscher
2003-02-01 19:54 ` Jan-Uwe Finck
2003-02-02 15:19 ` Steffen Huber
2003-02-02 15:17 ` Steffen Huber
2003-02-03 17:05 ` Alfred Hilscher
2003-02-03 17:48 ` Steffen Huber
2003-01-31 17:58 ` Hyman Rosen
2003-01-31 22:13 ` Preben Randhol
2003-02-01 23:25 ` Hyman Rosen
2003-02-01 14:34 ` Marin David Condic
2003-01-31 20:52 ` David Marceau
2003-02-01 7:16 ` John R. Strohm
2003-02-01 19:25 ` David Marceau
2003-02-01 20:13 ` Ada job opportunity posted at THALES in Ottawa Citizen Today David Marceau
2003-02-01 20:16 ` Bye-bye Ada ? Vinzent Hoefler
2003-01-31 22:17 ` Preben Randhol
2003-02-01 7:48 ` Richard Riehle
2003-02-01 23:31 ` Hyman Rosen
2003-02-03 17:25 ` Warren W. Gay VE3WWG
2003-02-03 17:49 ` Hyman Rosen
2003-02-04 0:19 ` Chad R. Meiners
2003-02-04 16:32 ` Hyman Rosen
2003-02-04 17:59 ` Warren W. Gay VE3WWG
2003-02-04 16:30 ` Frank J. Lhota
2003-02-04 16:41 ` Hyman Rosen
2003-02-04 16:54 ` Kevin Cline
2003-02-04 18:00 ` Warren W. Gay VE3WWG
2003-02-05 7:12 ` Karel Miklav
2003-02-05 5:26 ` Richard Riehle [this message]
2003-02-05 15:07 ` Hyman Rosen
2003-02-06 18:14 ` Bye-bye Ada ? (Ada95 Wholesale Changes?) Warren W. Gay VE3WWG
2003-02-06 18:51 ` Robert Spooner
2003-02-06 23:00 ` Jerry Petrey
2003-02-07 1:21 ` Jeffrey Carter
2003-02-07 3:53 ` Richard Riehle
2003-02-07 4:35 ` Hyman Rosen
2003-02-07 18:25 ` Richard Riehle
2003-02-08 5:51 ` Kevin Cline
2003-02-08 6:49 ` Richard Riehle
2003-02-09 11:47 ` Hyman Rosen
2003-02-10 5:20 ` Richard Riehle
2003-02-10 6:21 ` Hyman Rosen
2003-02-16 21:09 ` Richard Riehle
2003-02-20 3:53 ` Hyman Rosen
2003-02-12 19:04 ` Martin Krischik
2003-02-13 17:27 ` Hyman Rosen
2003-02-15 11:56 ` Martin Krischik
2003-02-20 4:08 ` Hyman Rosen
2003-02-23 13:37 ` Martin Krischik
2003-02-24 17:00 ` Hyman Rosen
2003-02-26 19:57 ` Martin Krischik
2003-02-15 15:43 ` Martin Krischik
2003-02-20 4:03 ` Hyman Rosen
2003-02-07 6:28 ` K
2003-02-07 6:58 ` Vinzent Hoefler
2003-02-07 7:17 ` K
2003-02-07 8:57 ` Ole-Hjalmar Kristensen
2003-02-07 9:22 ` Dmitry A. Kazakov
2003-02-01 14:24 ` Bye-bye Ada ? Marin David Condic
2003-02-02 9:51 ` Anders Wirzenius
2003-02-04 19:26 ` Jacob Sparre Andersen
-- strict thread matches above, loose matches on Subject: below --
2003-01-31 16:29 Beard, Frank Randolph CIV
2003-02-03 7:05 Grein, Christoph
2003-02-03 9:26 ` Preben Randhol
2003-02-04 12:03 Rick Morneau
2003-02-05 13:02 Rick Morneau
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox