Re: "Subtract C, add Ada"

[smize@Starbase.NeoSoft.COM (Samuel Mize)]

In article <3fdcoi$chn@miranda.gmrc.gecm.com>,
R.A.L Williams <bill@valiant> wrote:
>
>Robert Dewar wrote..
>> Bill comments that for his points 3. and 4.
>> 
>>   3. uninitialised pointer access
>>   4. pointer references to local variables in defunct procedures
>> 
>> "The syntax of Ada .. does not really address 3. or 4."
>> 
>> Taking point 3, it is impossible to have an uninitialized pointer in Ada,
>> all pointers are initialized to null, and any attempt to use a null pointer,
>> i.e. to dereference it, will cause a constraint error. Seems like pretty
>> complete protection to me.
>
>Yes, you're right, Ada *guarantees* a run time crash, in C/C++ it's just very
>likely. ...

The rest of your post suggests that you understand this, but I will
point it out for the less-versed souls reading this newsgroup:

Ada does not guarantee a run-time crash.  It guarantees that the
program will identify, and respond to, the error.  If you have
exception handlers properly in place, they can do some default
action; e.g., you can drop to a degraded mode.  In C/C++, you
can (1) dereference a bad value and merrily use it (2) write to
an arbitrary address (e.g., the OS or your instruction pointer),
creating phantom bugs in other code (3) seg error (core dump).

Even a well-designed C program can provide these exciting
opportunities, since the occasional human error is unavoidable,
not to mention hardware failures.

In Ada, you have to make the original error, *and* not provide
a fall-back in your exception handlers.  Only if you do both
will you get a run-time crash.  Otherwise, you will get a
run-time performance degradation.

>likely. It's still not a compile time check so you're relying on the
>quality of your run time environment to tie down where the problem
>occurs. ...

True.  Wish we could solve the problem of uninitialized variables,
'cause then we'd know how to solve undecidable problems.

>occurs. Of course, in embedded systems you don't want *any* exceptions,
>no matter how cleanly you handle them!

Sure you do, if there was a programmer error, or a hardware glitch,
or a bad memory location, etc.  These are the things you don't want.
Given that you can't eliminate those, oh *boy* do you want exceptions,
given the alternative (core dump at 30,000 feet -- how do I reboot
my F-16?!?!?!?)

>... I was just trying to point out that using Ada is no substitute
>for good engineering practice in design and coding.
>

Very true.  I'm pointing out that Ada provides tools for good
engineering practice that are not available in C/C++ .

>
>
>Bill Williams
>

Sam Mize - smize@starbase.neosoft.com