From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-0.3 required=5.0 tests=BAYES_00, REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,e6a2e4a4c0d7d8a6 X-Google-Attributes: gid103376,public X-Google-Thread: 101deb,3488d9e5d292649f X-Google-Attributes: gid101deb,public X-Google-ArrivalTime: 2003-02-21 12:31:09 PST Path: archiver1.google.com!news1.google.com!newsfeed.stanford.edu!newsfeed.berkeley.edu!ucberkeley!beamish.news.atl.earthlink.net!guinness.news.atl.earthlink.net!news.atl.earthlink.net!stamper.news.atl.earthlink.net!harp.news.atl.earthlink.net!not-for-mail From: Richard Riehle Newsgroups: comp.lang.pl1,comp.lang.ada Subject: Re: status of PL/I as a viable language Date: Fri, 21 Feb 2003 12:41:23 -0800 Organization: AdaWorks Software Engineering Message-ID: <3E568EF3.A244212A@adaworks.com> References: <3E51908E.9CCA3412@adaworks.com> <8Gh4a.7455$_c6.743959@newsread2.prod.itd.earthlink.net> <3E51ABCE.5491B9A2@adaworks.com> <3E5273DE.2050206@cox.net> <3E531E6F.BDFB2599@adaworks.com> <3E546C45.4010406@cox.net> <3E54F926.441D5BB5@adaworks.com> <1045763933.848350@master.nyc.kbcfp.com> <42EA55F4BE83950E.F1DA277C2FDC157B.C804C1C52FE95D65@lp.airnews.net> <1045769690.126389@master.nyc.kbcfp.com> <1045839419.823502@master.nyc.kbcfp.com> Reply-To: richard@adaworks.com NNTP-Posting-Host: 3f.bb.a9.b3 Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Server-Date: 21 Feb 2003 20:31:08 GMT X-Mailer: Mozilla 4.7 [en] (Win98; I) X-Accept-Language: en Xref: archiver1.google.com comp.lang.pl1:4401 comp.lang.ada:34380 Date: 2003-02-21T20:31:08+00:00 List-Id: Hyman Rosen wrote: > Dmitry A. Kazakov wrote: > > Should it mean that an unability to create a perfect code (a thing I > > never saw) in one language excuses any design fault of another? > > Nope. I'm just objecting to "If it broke, and it's C++, it's the > language's fault. If it broke, and it's Ada, it's the programmer's > fault." Good point. We need to understand that there are limits to what can be accomplished by depending only on our tools. Ada has a lot to recommend it for high-integrity software. Other languages have a lot to recommend them. This started as a PL/I thread, and I have learned, more recently, of improvements in PL/I since I last used it. Even so, PL/I, for all its improvements, requires skilled programmers. Ada requires skilled programmers. C++ requires skilled programmers. My personal preference, based on my experience and current knowledge of competing languages continues to be Ada, for the kind of software (such as F-22) we have been discussing. However, I realize that a highly skilled C++ programmer, one who understands the built-in pitfalls of the language, and one who understands how to use smart-pointers, smart arrays, and lots of other useful C++ classes, can create reliable software. The same is probably true of a PL/I programmer, but I am not aware of PL/I being used for many safety-critical applications. Someone can help me on that, I suppose. The key to successful safety-critical software remains, good engineering. Most programmers have no engineering education, and all too often, they have insufficient mathematics. On systems such as the F-22, it is critical that the developers are engineering aware, and that they have strong mathematics. Yesterday, I particiapted in a discussion of requirements specifications where some of the participants thought it was enough to simply specify the mathematics needed for the application. The mathematics happened to involve relatively simple calculus. The eventual design of the algorithm was expected to be the job of the programmer. Of course, there would checking, inspection, and testing at some stage, but my point was that the algorithm should be specified in more detail and not left to the programmer. As long as we ignore the importance of engineering when developing safety-critical software, we are going to continue to make a mess of it, and no programming language will save us. Ada is like using a torque wrench. C++ is like using any convenient long-handled wrench. If the mechanic is careful and has a lot of experience, using that long-handled wrench, it will work just fine. In most cases, though, we might find the toque wrench a little more reliable. However, if we have no clue about the appropriate level of torque, cannot before-hand do the required computations, and have no idea what torque is, we are going to twist off the head of the bolt just as easily as the guy with the simple long-handled wrench. Richard Riehle