From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
	autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 103376,f948976d12c7ee33
X-Google-Attributes: gid103376,public
X-Google-ArrivalTime: 2003-06-30 09:03:02 PST
Path: 
 archiver1.google.com!news1.google.com!newsfeed.stanford.edu!cyclone.bc.net!news-in.mts.net!nf1.bellglobal.com!nf2.bellglobal.com!news20.bellglobal.com.POSTED!not-for-mail
Message-ID: <3F005D54.5090104@cogeco.ca>
From: "Warren W. Gay VE3WWG" <ve3wwg@cogeco.ca>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US;
 rv:1.0.2) Gecko/20030208 Netscape/7.02
X-Accept-Language: en-us, en
MIME-Version: 1.0
Newsgroups: comp.lang.ada
Subject: Re: Boeing and Dreamliner
References: <mailman.4.1056169754.352.comp.lang.ada@ada.eu.org>
 <zN9Ja.2184$N%6.569@nwrdny02.gnilink.net> <3EFC6FC2.B96DAEA4@adaworks.com>
 <1056731513.272294@master.nyc.kbcfp.com>
 <e2e5731a.0306271633.20140ba6@posting.google.com>
 <k2wLa.21663$N%6.3746@nwrdny02.gnilink.net> <3EFF2F6D.3793971@adaworks.com>
 <wdILa.23988$N%6.1953@nwrdny02.gnilink.net>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Date: Mon, 30 Jun 2003 11:55:00 -0400
NNTP-Posting-Host: 198.96.223.163
X-Complaints-To: abuse@sympatico.ca
X-Trace: news20.bellglobal.com 1056988500 198.96.223.163 (Mon,
 30 Jun 2003 11:55:00 EDT)
NNTP-Posting-Date: Mon, 30 Jun 2003 11:55:00 EDT
Organization: Bell Sympatico
Xref: archiver1.google.com comp.lang.ada:39935
Date: 2003-06-30T11:55:00-04:00
List-Id: <comp.lang.ada>

Hyman Rosen wrote:
> Richard Riehle wrote:
> 
>> And those issues directly support the folly of even thinking about using
>> C++ for this aircraft.
> 
> Unsurprisingly, I disagree. You're talking about a situation where every
> arithmetic operation in the code was carefully scrutinized. I'm sure that
> in the cases were protection was left in the Ariane 4 code it did not
> consist of allowing an Ada exception to be raised on overflow, but rather
> coding in such a way that a correct numeric result would be produced. I
> don't see why such scrutiny would not result in equally safe C++ code.

I would disagree with your position on the basis that even where code
is carefully scrutinized, within Ada you have the advantage of builtin
language features to check areas that you might neglect (while developing
and testing at least, prior to checks being turned off).

For example, where a short (16 bit integer) in C/C++ might hold the
value -32768, and be negated and assigned to a short result, this
operation might be undefined (I am not sure if any newer standard like
C99 addresses this). On some implementations at least, that result is
silently set to 0, which clearly is incorrect! In Ada, this cannot be
ignored without deliberately working around it (or turning the checks
off).

I would also suggest that there are probably better "proving tools"
available for Ada, than there are for C/C++. I don't have any direct
experience with these tools, but I am sure that others in this NG
can comment on that.

-- 
Warren W. Gay VE3WWG
http://home.cogeco.ca/~ve3wwg