How do I write directly to a memory address?

How do I write directly to a memory address?

[Syntax Issues]

I am planning to start learning lower-level programming with ada,
however, I was unable to find a solid tutorial on writing directly to
a memory address or interfacing with assembly. Does anyone know where
I can find a reference to some tutorials/information? Below is an
example of code I would like to be able to implement.

...
unsigned int print(char *message, unsigned int line)
{
	char *vidmem = (char *) 0xb8000;
	unsigned int i= 0;

	i=(line*80*2);

	while(*message!=0) // 24h
	{
		vidmem[i]= *message;
		*message++;
		i++;
		vidmem[i]= 0x7;
		i++;
	};

	return(1);
};
...

Re: How do I write directly to a memory address?

[Georg Bauhaus]

On 2/3/11 6:52 AM, Syntax Issues wrote:
> I am planning to start learning lower-level programming with ada,
> however, I was unable to find a solid tutorial on writing directly to
> a memory address or interfacing with assembly. Does anyone know where
> I can find a reference to some tutorials/information? Below is an
> example of code I would like to be able to implement.

Keywords include the 'Address attribute, representations (LRM 13.3),
possibly address-to-access conversions, some details from Annex C;
many text books on Ada 95 and later will explain.  A compiler
will explain how it supports machine code insertions on a given
platform.

The tutorial "Accessing memory as a string" by Robert Dewar
might be useful.

The Ada archives should, I think, have examples of writing to
DOS's video buffer.

Re: How do I write directly to a memory address?

[Georg Bauhaus]

On 2/3/11 9:00 AM, Georg Bauhaus wrote:
> A compiler
I mean, a compiler's documentation  will explain how the compiler...
> will explain how it supports machine code insertions on a given
> platform.

Re: How do I write directly to a memory address?

[mockturtle]

> Below is an
> example of code I would like to be able to implement.
> 
> ...
> unsigned int print(char *message, unsigned int line)
> {
> 	char *vidmem = (char *) 0xb8000;
> 	unsigned int i= 0;
>

I do not have any experience about this part of Ada, but maybe I can give you a "pointer" to some bootstrapping information.  Maybe you could want to use an attribute representation  clause for Vidmem'Address (see Section 13.3 of the RM) . With some improvisation, I would write something like 

   type Vidmem_Array is array (natural range <>) of Character;
   Vidmem : Vidmem_Array (0 .. Max_Size);

   for Vidmem'Address use 16#000B_8000#;

Note that  with this approach you need to know the maximum size of your "buffer".  Otherwise, you could go through System.Address (see 13.7 and following of the RM).

As disclaimed above, I am not an expert on this, so maybe someone could want to integrate/correct/whatever the information above.

   
 
> 	i=(line*80*2);
> 
> 	while(*message!=0) // 24h
> 	{
> 		vidmem[i]= *message;
> 		*message++;
> 		i++;
> 		vidmem[i]= 0x7;
> 		i++;
> 	};
> 
> 	return(1);
> };
> ...

Re: How do I write directly to a memory address?

[Ludovic Brenta]

Syntax Issues wrote on comp.lang.ada:
> I am planning to start learning lower-level programming with ada,
> however, I was unable to find a solid tutorial on writing directly to
> a memory address or interfacing with assembly. Does anyone know where
> I can find a reference to some tutorials/information? Below is an
> example of code I would like to be able to implement.
>
> ...
> unsigned int print(char *message, unsigned int line)
> {
>         char *vidmem = (char *) 0xb8000;
>         unsigned int i= 0;
>
>         i=(line*80*2);
>
>         while(*message!=0) // 24h
>         {
>                 vidmem[i]= *message;
>                 *message++;

*Every* time I look at C code, I see a bug.
I think this is a bug; it should read "message++" since you want to
increment the pointer, not the pointed-to character.

>                 i++;
>                 vidmem[i]= 0x7;
>                 i++;
>         };
>
>         return(1);};
>
> ...

The proper way to achieve what you want is not to translate the
(buggy) C code into Ada; instead, use Ada to model the problem and
provide a clean abstraction.  In this case, the model is that the
video memory, located at some address, is a two-dimensional array of
cells; each cell contains a character and an attribute byte.

type Cell_T is record
   Char : Character;
   Attribute : Interfaces.Unsigned_8;
end record;
pragma Pack (Cell_T);

type Horiz_Coordinate_T is mod 80;
type Vert_Coordinate_T is mod 25;
type Console_T is array
  (Horiz_Coordinate_T, Vert_Coordinate_T) of Cell_T;
pragma Pack (Console_T);

Console : Console_T;
for Console'Address use 16#b8000#; -- the only low-level trick!

procedure Put (C            : in Character;
               Into_Console : in out Console_T;
               At_X         : in     Horiz_Coordinate_T;
               At_Y         : in     Vert_Coordinate_T) is
begin
   Into_Console (At_X, At_Y) :=
     (Char => C, Attribute => 16#7#);
end Put;


procedure Put (S            : in     String;
               Into_Console : in out Console_T;
               At_X         : in     Horiz_Coordinate_T;
               At_Y         : in     Vert_Coordinate_T) is
  X : Horiz_Coordinate_T := At_X;
  Y : Vert_Coordinate_T := At_Y;
begin
  for J in S'Range loop
    Put (C => S (J),
         Into_Console => Into_Console,
         At_X => X,
         At_Y => Y);
    X := X + 1; -- modular arithmetic: wraps around
    if X = 0 then
       Y := Y + 1; -- ditto
    end if;
  end loop;
end Put;

Hope this helps

--
Ludovic Brenta.

Re: How do I write directly to a memory address?

[Syntax Issues]

On Feb 3, 3:24 am, Ludovic Brenta <ludo...@ludovic-brenta.org> wrote:
> Syntax Issues wrote on comp.lang.ada:
>
>
>
>
>
>
>
>
>
> > I am planning to start learning lower-level programming with ada,
> > however, I was unable to find a solid tutorial on writing directly to
> > a memory address or interfacing with assembly. Does anyone know where
> > I can find a reference to some tutorials/information? Below is an
> > example of code I would like to be able to implement.
>
> > ...
> > unsigned int print(char *message, unsigned int line)
> > {
> >         char *vidmem = (char *) 0xb8000;
> >         unsigned int i= 0;
>
> >         i=(line*80*2);
>
> >         while(*message!=0) // 24h
> >         {
> >                 vidmem[i]= *message;
> >                 *message++;
>
> *Every* time I look at C code, I see a bug.
> I think this is a bug; it should read "message++" since you want to
> increment the pointer, not the pointed-to character.
>
> >                 i++;
> >                 vidmem[i]= 0x7;
> >                 i++;
> >         };
>
> >         return(1);};
>
> > ...
>
> The proper way to achieve what you want is not to translate the
> (buggy) C code into Ada; instead, use Ada to model the problem and
> provide a clean abstraction.  In this case, the model is that the
> video memory, located at some address, is a two-dimensional array of
> cells; each cell contains a character and an attribute byte.
>
> type Cell_T is record
>    Char : Character;
>    Attribute : Interfaces.Unsigned_8;
> end record;
> pragma Pack (Cell_T);
>
> type Horiz_Coordinate_T is mod 80;
> type Vert_Coordinate_T is mod 25;
> type Console_T is array
>   (Horiz_Coordinate_T, Vert_Coordinate_T) of Cell_T;
> pragma Pack (Console_T);
>
> Console : Console_T;
> for Console'Address use 16#b8000#; -- the only low-level trick!
>
> procedure Put (C            : in Character;
>                Into_Console : in out Console_T;
>                At_X         : in     Horiz_Coordinate_T;
>                At_Y         : in     Vert_Coordinate_T) is
> begin
>    Into_Console (At_X, At_Y) :=
>      (Char => C, Attribute => 16#7#);
> end Put;
>
> procedure Put (S            : in     String;
>                Into_Console : in out Console_T;
>                At_X         : in     Horiz_Coordinate_T;
>                At_Y         : in     Vert_Coordinate_T) is
>   X : Horiz_Coordinate_T := At_X;
>   Y : Vert_Coordinate_T := At_Y;
> begin
>   for J in S'Range loop
>     Put (C => S (J),
>          Into_Console => Into_Console,
>          At_X => X,
>          At_Y => Y);
>     X := X + 1; -- modular arithmetic: wraps around
>     if X = 0 then
>        Y := Y + 1; -- ditto
>     end if;
>   end loop;
> end Put;
>
> Hope this helps
>
> --
> Ludovic Brenta.

Excellent, this defiantly helps.

Re: How do I write directly to a memory address?

[Georg Bauhaus]

On 03.02.11 09:24, Ludovic Brenta wrote:

>> unsigned int print(char *message, unsigned int line)
>> {
>>         char *vidmem = (char *) 0xb8000;
>>         unsigned int i= 0;
>>
>>         i=(line*80*2);
>>
>>         while(*message!=0) // 24h
>>         {
>>                 vidmem[i]= *message;
>>                 *message++;
> 
> *Every* time I look at C code, I see a bug.
> I think this is a bug; it should read "message++" since you want to
> increment the pointer, not the pointed-to character.

This is not a bug, since postfix ++ has higher precedence than *.
Indeed, *t++ = *s++; is idiomatic C.

While the result of the * operation on the pre-incremented pointer
doesn't seem to have a visible effect in this program, it still might
be intended, the intention possibly being to read the contents of
(possibly volatile) location *message, ahead of time.  Who knows?
It might just as well be a c&p issue.

Re: How do I write directly to a memory address?

[John McCormick]

On Feb 2, 11:52 pm, Syntax Issues <syntax.iss...@gmail.com> wrote:
> I am planning to start learning lower-level programming with ada,
> however, I was unable to find a solid tutorial on writing directly to
> a memory address or interfacing with assembly. Does anyone know where
> I can find a reference to some tutorials/information? Below is an
> example of code I would like to be able to implement.

Warning self promotion follows:

Chapter 2 of the book "Building Parallel, Embedded, and Real-Time
Applications with Ada" by McCormick, Singhoff, and Hugues includes a
long section on low level programming with Ada.  It covers both memory
mapped and port I/O architectures.  We develop polling and interrupt
based device drivers.  Everything is done using high level Ada
abstractions for low level features.  It includes a small amount of
machine code insertion.  We just turned in the final page proofs and
expect to have hard oopy by April.  See http://www.cambridge.org/gb/knowledge/isbn/item5659578

John

Re: How do I write directly to a memory address?

[Jeffrey Carter]

On 02/03/2011 01:08 AM, mockturtle wrote:
>
> I do not have any experience about this part of Ada, but maybe I can give you
> a "pointer" to some bootstrapping information.  Maybe you could want to use
> an attribute representation  clause for Vidmem'Address (see Section 13.3 of
> the RM) . With some improvisation, I would write something like
>
> type Vidmem_Array is array (natural range<>) of Character; Vidmem :
> Vidmem_Array (0 .. Max_Size);
>
> for Vidmem'Address use 16#000B_8000#;

An address clause is the usual approach. If one is going to write to such 
memory, one probably doesn't care what the Ada runtime might do to initialize 
it, but if one is planning to read predefined information stored there, one 
probably wants to prevent any initialization through a pragma Import:

pragma Import (Ada, Vidmem);

System.Address is an implementation-defined type, and an address clause takes a 
value of that type. A universal integer may or may not be acceptable. Any such 
code is not portable.

Other possibilities include Ada.Storage_IO (ARM A.9) and 
System.Address_To_Access_Conversions (ARM 13.7.2). Masochists (such as those who 
use C-family languages by choice) might want to use address arithmetic, found in 
System.Storage_Elements (ARM 13.7.1).

Note that the quoted C code will happily read from memory not part of message 
and write to memory not part of vidmem; Ada will not.

-- 
Jeff Carter
"How'd you like to hide the egg and gurgitate
a few saucers of mocha java?"
Never Give a Sucker an Even Break
101

Re: How do I write directly to a memory address?

[Jeffrey Carter]

On 02/03/2011 01:24 AM, Ludovic Brenta wrote:
>
> *Every* time I look at C code, I see a bug.
> I think this is a bug; it should read "message++" since you want to
> increment the pointer, not the pointed-to character.

As others have explained, this is not an error, though the unused dereference is 
wasted effort. However, if message does not contain zero, this will happily read 
memory outside of message, and if the first zero encountered follows enough 
bytes, it will happily write memory outside of vidmem.

-- 
Jeff Carter
"How'd you like to hide the egg and gurgitate
a few saucers of mocha java?"
Never Give a Sucker an Even Break
101

Re: How do I write directly to a memory address?

[Florian Weimer]

* Ludovic Brenta:

> Console : Console_T;
> for Console'Address use 16#b8000#; -- the only low-level trick!

You should also add

  pragma Import (Ada, Console);

to suppress any initialization code.

Re: How do I write directly to a memory address?

[Ludovic Brenta]

Jeffrey Carter wrote:
>> *Every* time I look at C code, I see a bug.
>> I think this is a bug; it should read "message++" since you want to
>> increment the pointer, not the pointed-to character.
>
> As others have explained, this is not an error, though the unused dereference is
> wasted effort. However, if message does not contain zero, this will happily read
> memory outside of message, and if the first zero encountered follows enough
> bytes, it will happily write memory outside of vidmem.

OK, so my hunch was wrong; there was not one but two bugs in that
line.

Funny to see that my quickly-written, untested Ada code cannot
possibly have these bugs. Proper arrays prevent reading the
terminating null character since there isn't one; the modular types
for the indexes prevent writing outside the video buffer.  Once more,
praise the Lady :)

--
Ludovic Brenta.

Re: How do I write directly to a memory address?

[Ludovic Brenta]

Ludovic Brenta <ludo...@ludovic-brenta.org> wrote:
> Syntax Issues wrote on comp.lang.ada:
>> I am planning to start learning lower-level programming with ada,
>> however, I was unable to find a solid tutorial on writing directly to
>> a memory address or interfacing with assembly. Does anyone know where
>> I can find a reference to some tutorials/information? Below is an
>> example of code I would like to be able to implement.
>
>> ...
>> unsigned int print(char *message, unsigned int line)
>> {
>>         char *vidmem = (char *) 0xb8000;
>>         unsigned int i= 0;
>>
>>         i=(line*80*2);
>>
>>         while(*message!=0) // 24h

Did I mention that *every* time I look at C code I see a bug?
Sometimes, looking twice at the same code reveals two bugs! Here you
do not check that message != NULL; the condition should be:

           while (message && *message != 0)

>>         {
>>                 vidmem[i]= *message;
>>                 *message++;
>
> *Every* time I look at C code, I see a bug.
> I think this is a bug; it should read "message++" since you want to
> increment the pointer, not the pointed-to character.
>
>>                 i++;
>>                 vidmem[i]= 0x7;
>>                 i++;
>>         };
>>
>>         return(1);};

--
Ludovic Brenta.

Re: How do I write directly to a memory address?

[Georg Bauhaus]

On 2/4/11 10:24 AM, Ludovic Brenta wrote:

>>> unsigned int print(char *message, unsigned int line)
>>> {
>>>          char *vidmem = (char *) 0xb8000;
>>>          unsigned int i= 0;
>>>
>>>          i=(line*80*2);
>>>
>>>          while(*message!=0) // 24h
>
> Did I mention that *every* time I look at C code I see a bug?
> Sometimes, looking twice at the same code reveals two bugs! Here you
> do not check that message != NULL; the condition should be:
>
>             while (message&&  *message != 0)

I think you won't be convincing a C programmer by stipulating that
he has been stupid and passed a null pointer for message.
He hasn't, he has thought about his program.
And it won't help promote Ada to argue that the stupid misuse
of a C function is a property of C.  You are inventing contract
breaches that are equivalent to those in the style of Ariane 4/5.
Ada's type system and range checking has not prevented
programmers and engineers making a mistake.

E.g., you'd have to show a demonstration that, typically,
arrays with index subtype excluding 16 and then accessed
with value 16 have a suitable exception handler with them.
Or you'd end up talking about programmer competence, too,
and there we are, the C folks begging the question.

CVEs, as every real C programmer knows, are caused by stupid,
incompetent C programmers who should find a different occupation.

Re: How do I write directly to a memory address?

[Dmitry A. Kazakov]

On Fri, 04 Feb 2011 11:31:58 +0100, Georg Bauhaus wrote:

> On 2/4/11 10:24 AM, Ludovic Brenta wrote:
> 
>> Did I mention that *every* time I look at C code I see a bug?
>> Sometimes, looking twice at the same code reveals two bugs! Here you
>> do not check that message != NULL; the condition should be:
>>
>>             while (message&&  *message != 0)
> 
> I think you won't be convincing a C programmer by stipulating that
> he has been stupid and passed a null pointer for message.

It might help to convince him that C is not a simple language.

> He hasn't, he has thought about his program.

Important is not "if", but "what."

> And it won't help promote Ada to argue that the stupid misuse
> of a C function is a property of C.

It is not a misuse, it is how C is used, the state of the art.

> You are inventing contract
> breaches that are equivalent to those in the style of Ariane 4/5.
> Ada's type system and range checking has not prevented
> programmers and engineers making a mistake.

I love this kind of logic: if you cannot prevent cancer, why would you
check the car brakes?

> CVEs, as every real C programmer knows, are caused by stupid,
> incompetent C programmers who should find a different occupation.

Nope, the fact is that probably no programmer is competent to use C.

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 2/4/2011 4:24 AM, Ludovic Brenta wrote:
 > Did I mention that *every* time I look at C code I see a bug?
 > Sometimes, looking twice at the same code reveals two bugs! Here you
 > do not check that message != NULL; the condition should be:
>             while (message&&  *message != 0)

Did I mention that people who criticize C are like people
who criticize grammar? Every time they do so, their own
criticism contains errors.

You make two errors here. The first is to assume without
any actual knowledge that it is possible for the argument
to be a null pointer; it is likely that the contract for
this procedure requires that it not be. The second is that
you test for the pointer being null each time through the
loop rather than just once.

Re: How do I write directly to a memory address?

[Jeffrey Carter]

On 02/04/2011 03:31 AM, Georg Bauhaus wrote:
> On 2/4/11 10:24 AM, Ludovic Brenta wrote:
>>
>> while (message&& *message != 0)
>
> I think you won't be convincing a C programmer by stipulating that
> he has been stupid and passed a null pointer for message.
> He hasn't, he has thought about his program.

I'm not sure this check for null is useful, but I'm not sure this is a valid 
objection, either. message is incremented inside the loop. If the initial value 
isn't null, it's still possible for it to be incremented until it rolls over and 
becomes null. Of course, if that happens, it's a symptom of another error: 
message does not contain a terminator byte.

-- 
Jeff Carter
"In the frozen land of Nador they were forced to
eat Robin's minstrels, and there was much rejoicing."
Monty Python & the Holy Grail
70

Re: How do I write directly to a memory address?

[Dmitry A. Kazakov]

On Fri, 04 Feb 2011 11:00:18 -0500, Hyman Rosen wrote:

> Did I mention that people who criticize C are like people
> who criticize grammar? Every time they do so, their own
> criticism contains errors.

Right, because nobody really understands C, there is no way to reason about
C without running into errors.

> You make two errors here. The first is to assume without
> any actual knowledge that it is possible for the argument
> to be a null pointer; it is likely that the contract for
> this procedure requires that it not be. The second is that
> you test for the pointer being null each time through the
> loop rather than just once.

You just made the error of which you accused Ludovic. You assumed a
contract that the pointer cannot be modified within the loop, e.g. upon
video buffer modification.

Quality of a programming language is in great part about how close
different people could understand explicit and implied contracts when
reading the code.

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 2/4/2011 12:40 PM, Dmitry A. Kazakov wrote:
 > nobody really understands C, there is no way to reason about
 > C without running into errors.

C has an ISO standard which describes the language.

 > You just made the error of which you accused Ludovic. You assumed a
 > contract that the pointer cannot be modified within the loop, e.g. upon
 > video buffer modification.

The pointer *is* modified within the loop, by incrementation.
If that pointer were situated within the video buffer itself,
the program could behave very oddly indeed, but such behavior
would almost certainly by undefined by terms of the standard
and it's unlikely that it would be "saved" by adding a check
for nullity in each iteration.

You could achieve the same oddness in Ada in the same way, by
forcing the program to place a pointer in the video buffer. In
both languages, the pointer would never be there on its own.

 > Quality of a programming language is in great part about how close
 > different people could understand explicit and implied contracts when
 > reading the code.

The implicit contract of the subroutine is that it receives a
null-terminated string that's copied to a specified line of the
video buffer. It does no checking that the message is not null,
that the message is short enough, and that the line is within
range, so that needs to be done before the function is called.

Re: How do I write directly to a memory address?

[Shark8]

On Feb 4, 9:00 am, Hyman Rosen <hyro...@mail.com> wrote:
> You make two errors here. The first is to assume without
> any actual knowledge that it is possible for the argument
> to be a null pointer;

As presented it is not possible to determine IF it is not
possible to pass a null-pointer in; unlike Ada, C has no null
exclusion and so cannot guarantee from the contract-that-is-
the-parameter-list that to be the case -- He MUST reason it
from the code itself making the argument dependent on the
context in which it is used. {For example, it could be a part
contained in a header-file whose original using-program DID
have the impossibility of passing NULL, but if re-used then
it may be the case that there is no such guarantee.

> it is likely that the contract for
> this procedure requires that it not be. The second is that
> you test for the pointer being null each time through the
> loop rather than just once.

This is a deficiency, IMO, of C and somewhat even Pascal;
In Ada, even w/o null-exclusion, we would likely say:
Procedure Some_Procedure( Message : Access String ) is
begin
 if Message /= Null then
    Declare
       S : String Renames Message.All;
    Begin
       For Index in S'Range loop
          -- whatever processing and display
       End Loop;
    End;
 end if;
end Some_Procedure;

And within the procedure itself we capture the context which
would in the C-program and bind it directly to the procedure.
This becomes trivial with a not null access parameter.

Re: How do I write directly to a memory address?

[Adam Beneschan]

On Feb 4, 8:00 am, Hyman Rosen <hyro...@mail.com> wrote:

> Did I mention that people who criticize C are like people
> who criticize grammar? Every time they do so, their own
> criticism contains errors.

Shouldn't that be "their own criticisms contain errors"?

                        -- Adam

Re: How do I write directly to a memory address?

[John B. Matthews]

In article 
<04103609-e26f-438a-9a55-d0f255d65326@n36g2000pre.googlegroups.com>,
 Adam Beneschan <adam@irvine.com> wrote:

> On Feb 4, 8:00 am, Hyman Rosen <hyro...@mail.com> wrote:
> 
> > Did I mention that people who criticize C are like people
> > who criticize grammar? Every time they do so, their own
> > criticism contains errors.
> 
> Shouldn't that be "their own criticisms contain errors"?

As required by Muphry's law:

<http://en.wikipedia.org/wiki/Muphry's_law>

-- 
John B. Matthews
trashgod at gmail dot com
<http://sites.google.com/site/drjohnbmatthews>

Re: How do I write directly to a memory address?

[Randy Brukardt]

"Hyman Rosen" <hyrosen@mail.com> wrote in message 
news:4d4c477a$0$5229$882e7ee2@usenet-news.net...
...
> The implicit contract of the subroutine is

I think I see the cause of the disagreement: there is no such thing as an 
"implicit" contract. Either it is part of the explicit contract, or it 
doesn't exist and it has to be checked somehow -- because programmers are 
human and they *will* make mistakes or even be incompetent.

*Ada* is deficient in the ability to write proper contracts (improving this 
is a primary driving force behind Ada 2012, after all), C is even worse in 
this respect.

An implicit contract is the same as assuming something, and we all know what 
"assume" does: it makes an "a**" of "you"and "me". :-)

                        Randy.

Re: How do I write directly to a memory address?

[Pascal Obry]

Hyman,

> You make two errors here. The first is to assume without
> any actual knowledge that it is possible for the argument
> to be a null pointer; it is likely that the contract for
> this procedure requires that it not be.

I've read that a countless time. The problem is that it is not possible
to enforce a contract in C. I've seen many bugs just for that. At some
point a developer think about a contract and some time later this is
just forgotten (even if clearly written in comment, who read comments!)
and then a crash arise. Don't tell me you've never run into such situation.

Pascal.

-- 

--|------------------------------------------------------
--| Pascal Obry                           Team-Ada Member
--| 45, rue Gabriel Peri - 78114 Magny Les Hameaux FRANCE
--|------------------------------------------------------
--|    http://www.obry.net  -  http://v2p.fr.eu.org
--| "The best way to travel is by means of imagination"
--|
--| gpg --keyserver keys.gnupg.net --recv-key F949BD3B

Re: How do I write directly to a memory address?

[Simon Clubley]

On 2011-02-04, Ludovic Brenta <ludovic@ludovic-brenta.org> wrote:
> Ludovic Brenta <ludo...@ludovic-brenta.org> wrote:
>> Syntax Issues wrote on comp.lang.ada:
>>> ...
>>> unsigned int print(char *message, unsigned int line)
>>> {
>>> � � � � char *vidmem = (char *) 0xb8000;
>>> � � � � unsigned int i= 0;
>>>
>>> � � � � i=(line*80*2);
>>>
>>> � � � � while(*message!=0) // 24h
>
> Did I mention that *every* time I look at C code I see a bug?
> Sometimes, looking twice at the same code reveals two bugs! Here you
> do not check that message != NULL; the condition should be:
>
>            while (message && *message != 0)
>

That still isn't good enough unless you can guarantee that the compiler
generated code will not evaluate the second condition if the first condition
is false.

The reason is that this code will attempt to examine the contents of address
0 when message is null and on some operating systems page 0 is unmapped in
order to catch these kinds of bugs.

Simon.

-- 
Simon Clubley, clubley@remove_me.eisner.decus.org-Earth.UFP
Microsoft: Bringing you 1980s technology to a 21st century world

Re: How do I write directly to a memory address?

[Niklas Holsti]

Simon Clubley wrote:
> On 2011-02-04, Ludovic Brenta <ludovic@ludovic-brenta.org> wrote:
>> Ludovic Brenta <ludo...@ludovic-brenta.org> wrote:
>>> Syntax Issues wrote on comp.lang.ada:
>>>> ...
>>>> unsigned int print(char *message, unsigned int line)
>>>> {
>>>>         char *vidmem = (char *) 0xb8000;
>>>>         unsigned int i= 0;
>>>>
>>>>         i=(line*80*2);
>>>>
>>>>         while(*message!=0) // 24h
>> Did I mention that *every* time I look at C code I see a bug?
>> Sometimes, looking twice at the same code reveals two bugs! Here you
>> do not check that message != NULL; the condition should be:
>>
>>            while (message && *message != 0)
>>
> 
> That still isn't good enough unless you can guarantee that the compiler
> generated code will not evaluate the second condition if the first condition
> is false.

That is guaranteed in C. The C "&&" operator is short-circuiting and 
corresponds to the Ada "and then". The C99 standard says "If the first 
operand compares equal to 0, the second operand is not evaluated."

-- 
Niklas Holsti
Tidorum Ltd
niklas holsti tidorum fi
       .      @       .

Re: How do I write directly to a memory address?

[Simon Clubley]

On 2011-02-06, Niklas Holsti <niklas.holsti@tidorum.invalid> wrote:
> Simon Clubley wrote:
>> On 2011-02-04, Ludovic Brenta <ludovic@ludovic-brenta.org> wrote:
>>> Ludovic Brenta <ludo...@ludovic-brenta.org> wrote:
>>>> Syntax Issues wrote on comp.lang.ada:
>>>>> ...
>>>>> unsigned int print(char *message, unsigned int line)
>>>>> {
>>>>>         char *vidmem = (char *) 0xb8000;
>>>>>         unsigned int i= 0;
>>>>>
>>>>>         i=(line*80*2);
>>>>>
>>>>>         while(*message!=0) // 24h
>>> Did I mention that *every* time I look at C code I see a bug?
>>> Sometimes, looking twice at the same code reveals two bugs! Here you
>>> do not check that message != NULL; the condition should be:
>>>
>>>            while (message && *message != 0)
>>>
>> 
>> That still isn't good enough unless you can guarantee that the compiler
>> generated code will not evaluate the second condition if the first condition
>> is false.
>
> That is guaranteed in C. The C "&&" operator is short-circuiting and 
> corresponds to the Ada "and then". The C99 standard says "If the first 
> operand compares equal to 0, the second operand is not evaluated."
>

That's good to know.

However, I've used C compilers in the past when it wasn't true so I
developed a style of testing the not null condition first in a if
statement before going into the while condition.

I suspect I am not the first person whose current coding style reflects
lessons learnt from using older compilers while those problems have
subsequently been fixed in later standards. :-)

Simon.

-- 
Simon Clubley, clubley@remove_me.eisner.decus.org-Earth.UFP
Microsoft: Bringing you 1980s technology to a 21st century world

Re: How do I write directly to a memory address?

[Dmitry A. Kazakov]

On Sun, 6 Feb 2011 19:05:58 +0000 (UTC), Simon Clubley wrote:

> I suspect I am not the first person whose current coding style reflects
> lessons learnt from using older compilers while those problems have
> subsequently been fixed in later standards. :-)

The funniest C compiler I met was under Sys.V. It modified the format
string passed to printf. The string was actually restored when formatting
was done. Alas, the very same compiler stored string literals in the
read-only memory segment!

Immutable scalar arguments still ire mutable within C and C++ subprograms.
Great ideas never die...

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de

Re: How do I write directly to a memory address?

[Maciej Sobczak]

On Feb 6, 9:01 pm, "Dmitry A. Kazakov" <mail...@dmitry-kazakov.de>
wrote:

> Immutable scalar arguments still ire mutable within C and C++ subprograms.

Scalar arguments are passed by copy, so whether they are immutable or
mutable within the function is independent on their origin (and the
original is not affected by this in any way).

Unless, of course, you have meant something else.

--
Maciej Sobczak * http://www.inspirel.com

Re: How do I write directly to a memory address?

[Shark8]

On Feb 6, 2:27 pm, Maciej Sobczak <see.my.homep...@gmail.com> wrote:
> On Feb 6, 9:01 pm, "Dmitry A. Kazakov" <mail...@dmitry-kazakov.de>
> wrote:
>
> > Immutable scalar arguments still ire mutable within C and C++ subprograms.
>
> Scalar arguments are passed by copy, so whether they are immutable or
> mutable within the function is independent on their origin (and the
> original is not affected by this in any way).
>
> Unless, of course, you have meant something else.
>
> --
> Maciej Sobczak *http://www.inspirel.com

The scalar-argument that is passed when dealing with strings/arrays
[in C & C++]
is that of the address, IIRC. While that address is itself an
"immutable scalar" the
data pointed to is not so constrained and so may be 'mutated' thereby
enabling a
perceived-immutable to be altered. {The newer standards may [or may
not] have
addressed this issue: I seem to recall a "pointer to constant" idea
which would
[I believe] behave in the expected manner if it was passed as the
parameter.}

Re: How do I write directly to a memory address?

[Niklas Holsti]

Shark8 wrote:
> On Feb 6, 2:27 pm, Maciej Sobczak <see.my.homep...@gmail.com> wrote:
>> On Feb 6, 9:01 pm, "Dmitry A. Kazakov" <mail...@dmitry-kazakov.de>
>> wrote:
>>
>>> Immutable scalar arguments still ire mutable within C and C++ subprograms.
>> Scalar arguments are passed by copy, so whether they are immutable or
>> mutable within the function is independent on their origin (and the
>> original is not affected by this in any way).
>>
>> Unless, of course, you have meant something else.
> 
> The scalar-argument that is passed when dealing with strings/arrays
> [in C & C++] is that of the address, IIRC. While that address is
> itself an "immutable scalar" the data pointed to is not so constrained
> and so may be 'mutated' thereby enabling a perceived-immutable to be
> altered. {The newer standards may [or may not] have addressed this
> issue: I seem to recall a "pointer to constant" idea which would
> [I believe] behave in the expected manner if it was passed as the
> parameter.}

 From the C99 standard, section 6.7.5.1, "Pointer declarators":

   <quote>
   EXAMPLE The following pair of declarations demonstrates
   the difference between a "variable pointer to a constant
   value" and a "constant pointer to a variable value".

       const int *ptr_to_constant;
       int *const constant_ptr;

   The contents of any object pointed to by ptr_to_constant
   shall not be modified through that pointer, but
   ptr_to_constant itself may be changed to point to another
   object. Similarly, the contents of the int pointed to by
   constant_ptr may be modified, but constant_ptr itself shall
   always point to the same location.
   <end quote>

In the first case, the protection is not removed by pointer arithmetic 
or array indexing, so ptr_to_constant+8 is also a pointer to a constant 
int. The constraints can be removed by "casting away" the "constant" 
quality.

-- 
Niklas Holsti
Tidorum Ltd
niklas holsti tidorum fi
       .      @       .

Re: How do I write directly to a memory address?

[Shark8]

On Feb 6, 11:38 pm, Niklas Holsti <niklas.hol...@tidorum.invalid>
wrote:
> The constraints can be removed by "casting away" the "constant" quality.

If you can alter the constant via casting it is not truly a constant;
this is
regardless of what any standard says.* That is a HORRID idea, I for
one,
would NOT like it if my assertion "Denominator /= 0" suddenly became
"Denominator /= 3."

*In some languages a "constant" [rather literal] was a label/pointer
to the
location which held the value thereof and one could therefore "change
the
value of '4'" with some dirty-tricks/black-magic.

Re: How do I write directly to a memory address?

[Niklas Holsti]

Shark8 wrote:
> On Feb 6, 11:38 pm, Niklas Holsti <niklas.hol...@tidorum.invalid> 
> wrote:
>> The constraints can be removed by "casting away" the "constant"
>> quality.
> 
> If you can alter the constant via casting it is not truly a constant;
> this is regardless of what any standard says.* That is a HORRID
> idea, I for one, would NOT like it if my assertion "Denominator /= 0"
> suddenly became "Denominator /= 3."

This is just "unchecked programming", also possible in Ada using address 
clauses or address-to-access conversions. You get what you ask for. The 
C cast syntax (being similar to safe kinds of type conversions) makes it 
a bit hard to find such naughty tricks. The newer C++ standards have a 
wider choice of cast operators that make it easier, perhaps as easy as 
in Ada.

> *In some languages a "constant" [rather literal] was a label/pointer 
> to the location which held the value thereof and one could therefore
> "change the value of '4'" with some dirty-tricks/black-magic.

A former colleague of mine spent a considerable time debugging a FORTRAN 
IV program's wrong results before he found that a COMMON area contained, 
in order, a one-dimensional array and a variable that was supposed to 
hold the value of pi, as set up at program start. An assignment to the 
array with an index that was too large had changed "pi" to something 
else, with unfortunate consequences for later trigonometric calculations.

Unless your Ada program uses hardware (MMU) protection for its 
memory-resident constants you can change the "constants" through 
accesses that you get from address-to-access conversions.

-- 
Niklas Holsti
Tidorum Ltd
niklas holsti tidorum fi
       .      @       .

Re: How do I write directly to a memory address?

[Dmitry A. Kazakov]

On Sun, 6 Feb 2011 13:27:05 -0800 (PST), Maciej Sobczak wrote:

> On Feb 6, 9:01�pm, "Dmitry A. Kazakov" <mail...@dmitry-kazakov.de>
> wrote:
> 
>> Immutable scalar arguments still ire mutable within C and C++ subprograms.
> 
> Scalar arguments are passed by copy, so whether they are immutable or
> mutable within the function is independent on their origin (and the
> original is not affected by this in any way).

> Unless, of course, you have meant something else.

Exactly this. Passing mode (by copy vs. by reference) has nothing to do
with the mutability contract. Unchanged origin is no argument, because the
contract is broken [*].

Compare it to FORTRAN-IV. You can pass INTEGER*4 where REAL*4 is expected.
The original view (INTEGER*4) is not affected by the view within the
subprogram (REAL*4). Is it OK? No, lessons learned, we know this is not OK.

---------------------
* const T is not substitutable for T [almost everywhere].

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de

Re: How do I write directly to a memory address?

[Ludovic Brenta]

Dmitry A. Kazakov wrote:
> Immutable scalar arguments still ire mutable within C and C++ subprograms.
> Great ideas never die...

Agreed.  I recently found another bug in a C program that was caused
by changing the value of a "passed-by-copy" parameter.  Of course the
caller was unaffected but the algorithm inside the function was
broken.

In Ada, if you write:

procedure Foo (Arg : in Integer) is
begin
   Arg := 3;
end Foo;

you get a compile-time error.

void foo (int arg) { arg = 3; }

then it "works".  In the case I'm talking about, the assignment broke
an invariant inside the function, such that the function had bad side-
effects.

--
Ludovic Brenta.

Re: How do I write directly to a memory address?

[Maciej Sobczak]

On Feb 7, 9:38 am, "Dmitry A. Kazakov" <mail...@dmitry-kazakov.de>
wrote:

> > Scalar arguments are passed by copy, so whether they are immutable or
> > mutable within the function is independent on their origin (and the
> > original is not affected by this in any way).
> > Unless, of course, you have meant something else.
>
> Exactly this. Passing mode (by copy vs. by reference) has nothing to do
> with the mutability contract. Unchanged origin is no argument, because the
> contract is broken [*].

The contract is not broken. The function cannot modify the original
value that is passed by copy (this being the very nature of "copy")
and the caller cannot even reason about what happens behind the
signature.

For example:

void foo(int i);

and then:

int i = 5;
foo(i);

The i at the caller side cannot be modified and the caller is isolated
from foo's internals. For the sake of argument, foo might be even
written in... Ada.
And for the sake of argument you can assume that this:

void foo(int i)
{
    // implementation goes here
}

is equivalent to this:

procedure Foo (I : in Integer) is
   Local_Copy_Of_I : Integer := I;
begin
   --  implementation in terms of Local_Copy_Of_I goes here
end Foo;

So, no, the contract is not broken.

Unless, of course, you have meant something else.

--
Maciej Sobczak * http://www.inspirel.com

Re: How do I write directly to a memory address?

[Dmitry A. Kazakov]

On Mon, 7 Feb 2011 01:05:20 -0800 (PST), Maciej Sobczak wrote:

> On Feb 7, 9:38�am, "Dmitry A. Kazakov" <mail...@dmitry-kazakov.de>
> wrote:
> 
>>> Scalar arguments are passed by copy, so whether they are immutable or
>>> mutable within the function is independent on their origin (and the
>>> original is not affected by this in any way).
>>> Unless, of course, you have meant something else.
>>
>> Exactly this. Passing mode (by copy vs. by reference) has nothing to do
>> with the mutability contract. Unchanged origin is no argument, because the
>> contract is broken [*].
> 
> The contract is not broken. The function cannot modify the original
> value that is passed by copy (this being the very nature of "copy")
> and the caller cannot even reason about what happens behind the
> signature.

It is broken because const T is not substitutable for T. Mutators of the
type T are not operations of const T. q.e.d.

P.S. Contract is between two parties.

P.P.S. You may have a working program full of unstated, idiotic,
meaningless, broken contracts. This is how modern S/W industry works.

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de

Re: How do I write directly to a memory address?

[Simon Clubley]

On 2011-02-07, Niklas Holsti <niklas.holsti@tidorum.invalid> wrote:
> Shark8 wrote:
>> *In some languages a "constant" [rather literal] was a label/pointer 
>> to the location which held the value thereof and one could therefore
>> "change the value of '4'" with some dirty-tricks/black-magic.
>
> A former colleague of mine spent a considerable time debugging a FORTRAN 
> IV program's wrong results before he found that a COMMON area contained, 
> in order, a one-dimensional array and a variable that was supposed to 
> hold the value of pi, as set up at program start. An assignment to the 
> array with an index that was too large had changed "pi" to something 
> else, with unfortunate consequences for later trigonometric calculations.
>
> Unless your Ada program uses hardware (MMU) protection for its 
> memory-resident constants you can change the "constants" through 
> accesses that you get from address-to-access conversions.
>

I think the "change the value of 4" reference above is literally that and
does not mean changing a language accessible constant containing the value
of 4.

I made this mistake once with a old Fortran compiler when I was a student.

The constant would be placed into a memory location somewhere by the Fortran
compiler and then that memory location would be referenced at every point in
the code in which the literal value (the integer 4 in this example) was used
in a expression or a call to a subroutine.

In my case, I assigned (IIRC) to the calling argument within the subroutine
and the memory location containing the literal value (in this example, 4)
was changed. This meant that the value of 4 was changed for the rest of
the program.

I did not make this mistake a second time. :-)

Simon.

-- 
Simon Clubley, clubley@remove_me.eisner.decus.org-Earth.UFP
Microsoft: Bringing you 1980s technology to a 21st century world

Re: How do I write directly to a memory address?

[Simon Clubley]

On 2011-02-07, Simon Clubley <clubley@remove_me.eisner.decus.org-Earth.UFP> wrote:
>
> I think the "change the value of 4" reference above is literally that and
> does not mean changing a language accessible constant containing the value
> of 4.
>
> I made this mistake once with a old Fortran compiler when I was a student.
>
> The constant would be placed into a memory location somewhere by the Fortran
> compiler and then that memory location would be referenced at every point in
> the code in which the literal value (the integer 4 in this example) was used
> in a expression or a call to a subroutine.
>

I realised after posting, this was open to confusion by people who had not
encountered this before so a more detailed example follows. The word constant
above does not refer to a programmer defined constant, but a compiler defined
constant.

In the statement:

	c = (4 * i) + 2

the compiler would allocate memory locations containing the values 4 and 2.
These memory locations would then be used in the generated code whenever the
values of 2 or 4 were found. In other words, all access, including literals,
was by reference.

This was a long time ago however.

Simon.

-- 
Simon Clubley, clubley@remove_me.eisner.decus.org-Earth.UFP
Microsoft: Bringing you 1980s technology to a 21st century world

Re: How do I write directly to a memory address?

[Georg Bauhaus]

On 07.02.11 10:00, Ludovic Brenta wrote:

> In Ada, if you write:
> 
> procedure Foo (Arg : in Integer) is
> begin
>    Arg := 3;
> end Foo;
> 
> you get a compile-time error.
> 
> void foo (int arg) { arg = 3; }


In C, if you write

int foo(const int arg) {
  arg = 3;
}

you will get a compile time error.

If you write

int foo(const int* arg) {
  *arg = 3;
}

you will get a compile time error.

For further ammunition for Verdun style language comparisons,
see function Ada.Numerics.Discrete_Random.Random.

I think there are better arguments.

Re: How do I write directly to a memory address?

[Ludovic Brenta]

Georg Bauhaus wrote on comp.lang.ada:
> In C, if you write
>
> int foo(const int arg) { arg = 3; }
>
> you will get a compile time error.

I know. So? The point is that the "const" was absent in the function I
had to debug, and had been absent for about 15 years.  Also, not a lot
libX11 or Motif functions have "const" arguments.  This bad style had
a lot of influence on the programmers of 15 years ago whose code I
must now maintain.

In Ada, this bad style is simply not possible. In Ada, "in" really
means "in".

> If you write
>
> int foo(const int* arg) { *arg = 3; }
>
> you will get a compile time error.

I know but bugs are easier to detect because when reviewers see a
pointer argument, they know they have to look out for writes through
the pointer.  Even if the pointer is to a "const", since it is
trivially easy to defeat the const-ness.

> For further ammunition for Verdun style language comparisons,
> see function Ada.Numerics.Discrete_Random.Random.

What does that mean?

> I think there are better arguments.

No.  There was an old (because difficult to reproduce) bug.  I spent
time finding and correcting it.  This bug could not have happened in
Ada.  This argument is the only relevant one to me.

--
Ludovic Brenta.

Re: How do I write directly to a memory address?

[Georg Bauhaus]

On 07.02.11 14:56, Ludovic Brenta wrote:

> This bad style had
> a lot of influence on the programmers of 15 years ago whose code I
> must now maintain.

Exactly.  Style has, by hypothesis, a strong impact on on code
quality, since programming patterns and programming idioms are
passed on at every stage of becoming outdated.  Programmers will
copy idioms with little consideration, especially when idioms
have become associated with revered authors, first edition.
They are not updated.  They are also not updated because
compilers will not reject old code.


> In Ada, this bad style is simply not possible.

It sure is possible to write awful and dangerous Ada text, even
with the dangers hidden.  While this style is possible, Ada culture
is less tolerant. (Or, more skeptical of the "practical" programmer.)


> In Ada, "in" really means "in".

No, "in" is intended to mean "in".  There are two reasons that
this is not an unbreakable property. The first is demonstrated by
Ada.Numerics.Discrete_Random.Random.
But Random is the exception rather than the rule, Ada tradition
promotes the reverse effect of what C tradition promotes, I think:
by Ada's default, by the traditional idiom, "in" stands for "in".
(In the case of void safety, the language discussions include
comments bemoaning that we'll have to write "not null"
instead of marking the reverse case (may be null), thus underlining
the tradition.)

The second reason that "in" need not mean "in" is less brutal:
it is the possibility of write access to a parameter object
from within the function if the objects is also a global object.
(Global to the function).  (Whence Ada getting "in out" parameters
for functions is considered an act of honesty, if I understand
comment in ARG mail correctly.)  Again, this kind of access is
considered by style (and is also possible in C).


>> For further ammunition for Verdun style language comparisons,
>> see function Ada.Numerics.Discrete_Random.Random.
> 
> What does that mean?

It means that Ada function Ada.Numerics.Discrete_Random.Random
only works because it violates its "contract".  The parameter (a
generator object) is passed "in", but is modified. Its mutation
is one effect of calling function Random.


>> I think there are better arguments.
> 
> No.

Yes, and you have named them.  They seem to have a little less
to do with the language definitions, but rather with "encouragement"
to write your intentions properly.
(In at least one video (lecture? Ada UK?) Robert Dewar
has been emphasizing a cultural issue a few times).

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 2/5/2011 9:56 AM, Pascal Obry wrote:
> The problem is that it is not possible to enforce a contract in C.
 > I've seen many bugs just for that. At some point a developer think
 > about a contract and some time later this is just forgotten (even
 > if clearly written in comment, who read comments!) and then a crash
 > arise. Don't tell me you've never run into such situation.

I have. Nevertheless, there is an enormous amount of successfully
operating C code in existence, and such code is not sprinkled with
checks at every opportunity. I have a hunch that the urge to focus
on pointer-related errors is something that Ada programmers like to
do because it's a class of bugs to which Ada is generally immune,
and so they can scan C code for pointers and claim that unchecked
ones are all potential errors. But there are plenty of contracts
which cannot be enforced just by using the type system, and I venture
that most Ada code does not include checks for violations in every
context in which the contract is presumed to hold. And is Ada any
more immune than C to little Bobby Tables? (<http://xkcd.com/327/>)

Re: How do I write directly to a memory address?

[Dmitry A. Kazakov]

On Mon, 07 Feb 2011 15:58:44 +0100, Georg Bauhaus wrote:

> No, "in" is intended to mean "in".  There are two reasons that
> this is not an unbreakable property. The first is demonstrated by
> Ada.Numerics.Discrete_Random.Random.

This is a poor example, because random number is indeed immutable and has
no intrinsic state. A pseudo-random generator has state, but the thing it
models is stateless. In this sense there is no difference between integer
123 and the random number uniformly distributed on [0,1]. In both cases the
corresponding computational object might have state or not. E.g. literal
can be stored in the volatile memory. Whether such implementation detail
need to be exposed (to have Reset, for example), depends on many factors.
See also Ada.Calendar.Clock.

> It means that Ada function Ada.Numerics.Discrete_Random.Random
> only works because it violates its "contract".  The parameter (a
> generator object) is passed "in", but is modified. Its mutation
> is one effect of calling function Random.

Wrong. You might have an implementation of Random backed by the hardware in
which case Random would have no internal state whatsoever.
 
-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de

Re: How do I write directly to a memory address?

[Robert A Duff]

"Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de> writes:

> Wrong. You might have an implementation of Random backed by the hardware in
> which case Random would have no internal state whatsoever.

I don't think a truly random implementation of
Ada.Numerics. ... .Random would be correct,
because you're allowed to reset the state to a
previously-saved state, and replay they exact same sequence
of pseudo-random numbers.

It might be useful to have a truly-random function, but
it would have to be a different one.

- Bob

Re: How do I write directly to a memory address?

[Robert A Duff]

Hyman Rosen <hyrosen@mail.com> writes:

>...And is Ada any
> more immune than C to little Bobby Tables? (<http://xkcd.com/327/>)

Well, yeah, somewhat.  As I mentioned in another thread:

http://www.adacore.com/2010/03/22/gem-82/
http://www.adacore.com/2010/04/05/gem-83/

The second "gem" contains a reference to that very
same xkcd comic you mention above (which I found
highly amusing!).

Similar things could be done in C, but it's it's rather
more trouble.

- Bob

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 2/7/2011 11:24 AM, Robert A Duff wrote:
> Hyman Rosen<hyrosen@mail.com>  writes:
>
>> ...And is Ada any
>> more immune than C to little Bobby Tables? (<http://xkcd.com/327/>)
>
> Well, yeah, somewhat.  As I mentioned in another thread:
>
> http://www.adacore.com/2010/03/22/gem-82/
> http://www.adacore.com/2010/04/05/gem-83/
>
> The second "gem" contains a reference to that very
> same xkcd comic you mention above (which I found
> highly amusing!).
>
> Similar things could be done in C, but it's it's rather
> more trouble.

I don't think you've made your case. The gem says
     As long as this interface is used, no errors can result
     in improper input being interpreted as a command
but SQL injection problems occur because at some point,
a programmer fails to notice that there's an input that
needs to be subject to the check.

By the way, I think the gem is taking the wrong approach to
validation. There's no reason to reject strings with special
characters as invalid input. Building up SQL with user inputs
involves correctly quoting the inputs. When they're properly
quoted they can have embedded special characters and the SQL
will still be correct. Otherwise you subject users to annoying
restrictions such as not allowing those characters in their
passwords.

Re: How do I write directly to a memory address?

[Ludovic Brenta]

Georg Bauhaus wrote:
> Exactly.  Style has, by hypothesis, a strong impact on on code
> quality [...]

I would rephrase that as: style has, *in my experience*, a strong
impact on code quality.

>> In Ada, this bad style is simply not possible.
>
> It sure is possible to write awful and dangerous Ada text, even
> with the dangers hidden.  While this style is possible, Ada culture
> is less tolerant. (Or, more skeptical of the "practical" programmer.)

In Ada, it is pretty difficult to hide such dangers.  In the case I
was talking about, had the subprogram been written in Ada, the
programmer would have had to declare a copy of the "in" argument
explicitly or to make the argument "in out"; both would have made the
bug immediately obvious to any reviewer.  The reason why the bug
eluded so many people and survived 15 years was that reviewers failed
to see the assignment as the cause for the bug.  Perhaps because they
were tainted by Ada culture where, if you assign to an argument, this
necessarily means the argument is "in out".

You can always program dangerously in Ada but you have to be explicit
about it.

>>> For further ammunition for Verdun style language comparisons,
>>> see function Ada.Numerics.Discrete_Random.Random.
>
>> What does that mean?
>
> It means that Ada function Ada.Numerics.Discrete_Random.Random
> only works because it violates its "contract".  The parameter (a
> generator object) is passed "in", but is modified. Its mutation
> is one effect of calling function Random.

The generator is not modified; its associated (pointed-to) state is.
When reviewing a function that takes a pointer (or an object
containing a pointer), I expect and look for writes through the
pointer, so again the bug I was talking about would not have survived
a code review.

>>> I think there are better arguments.
>
>> No.
>
> Yes, and you have named them.  They seem to have a little less
> to do with the language definitions, but rather with "encouragement"
> to write your intentions properly.
> (In at least one video (lecture? Ada UK?) Robert Dewar
> has been emphasizing a cultural issue a few times).

Well, I came to wonder what intentions are conveyed by "void foo (int
arg)" and why modifying arg inside foo could be intentional.  Since I
came up with no convincing reason (the only reasons being variants of
premature optimization), I concluded that the possibility of "void foo
(int arg)" as opposed to "void foo (const int arg)" was a flaw in the
C language, that cost me a lot of effort.

--
Ludovic Brenta.

Re: How do I write directly to a memory address?

[Ludovic Brenta]

Hyman Rosen wrote on comp.lang.ada:
> On 2/7/2011 11:24 AM, Robert A Duff wrote:
>> Hyman Rosen<hyro...@mail.com>  writes:
>
>>> ...And is Ada any
>>> more immune than C to little Bobby Tables? (<http://xkcd.com/327/>)
>
>> Well, yeah, somewhat.  As I mentioned in another thread:
>
>>http://www.adacore.com/2010/03/22/gem-82/
>>http://www.adacore.com/2010/04/05/gem-83/
>
>> The second "gem" contains a reference to that very
>> same xkcd comic you mention above (which I found
>> highly amusing!).
>> Similar things could be done in C, but it's it's rather
>> more trouble.
>
> I don't think you've made your case. The gem says
>      As long as this interface is used, no errors can result
>      in improper input being interpreted as a command
> but SQL injection problems occur because at some point,
> a programmer fails to notice that there's an input that
> needs to be subject to the check.
>
> By the way, I think the gem is taking the wrong approach to
> validation. There's no reason to reject strings with special
> characters as invalid input. Building up SQL with user inputs
> involves correctly quoting the inputs. When they're properly
> quoted they can have embedded special characters and the SQL
> will still be correct. Otherwise you subject users to annoying
> restrictions such as not allowing those characters in their
> passwords.

I've always wondered what this "SQL sanitation" was all about.  Aren't
we supposed to pass all user input as bound parameters anyway?  That
even removes the need for quoting.

--
Ludovic Brenta.

Re: How do I write directly to a memory address?

[Dmitry A. Kazakov]

On Mon, 07 Feb 2011 11:14:29 -0500, Robert A Duff wrote:

> "Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de> writes:
> 
>> Wrong. You might have an implementation of Random backed by the hardware in
>> which case Random would have no internal state whatsoever.
> 
> I don't think a truly random implementation of
> Ada.Numerics. ... .Random would be correct,
> because you're allowed to reset the state to a
> previously-saved state, and replay they exact same sequence
> of pseudo-random numbers.
> 
> It might be useful to have a truly-random function, but
> it would have to be a different one.

You are right.

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de

Re: How do I write directly to a memory address?

[Georg Bauhaus]

On 07.02.11 17:54, Ludovic Brenta wrote:
> Georg Bauhaus wrote:
>> Exactly.  Style has, by hypothesis, a strong impact on on code
>> quality [...]
> 
> I would rephrase that as: style has, *in my experience*, a strong
> impact on code quality.

That's something from which to start an investigation.

> You can always program dangerously in Ada but you have to be explicit
> about it.

Yes.


> The generator is not modified; its associated (pointed-to) state is.

The state is "its" state; the LRM does not seem to mention
a pointer.  GNAT uses a limited record with no pointers in
it, but does refer to components through non-standard
'Unrestricted_Access inside the function.

GNAT: "
   --  The design of this spec is very awkward, as a result of Ada 95 not
   --  permitting in-out parameters for function formals (most naturally
   --  Generator values would be passed this way). "

I think it is fair to say that (a) Random modifies the generator's
state and that (b) the specification does not reflect that Random
acts as this state changing subprogram.




> Well, I came to wonder what intentions are conveyed by "void foo (int
> arg)" and why modifying arg inside foo could be intentional.  Since I
> came up with no convincing reason (the only reasons being variants of
> premature optimization), I concluded that the possibility of "void foo
> (int arg)" as opposed to "void foo (const int arg)" was a flaw in the
> C language, that cost me a lot of effort.

Ease of implementation when pushing parameters?


void foo(int countdown)
{
  while (--countdown) {
    fputc('.', stdout);
  }
  fputc('\n', stdout);
}

Re: How do I write directly to a memory address?

[Georg Bauhaus]

On 07.02.11 16:21, Dmitry A. Kazakov wrote:

>> It means that Ada function Ada.Numerics.Discrete_Random.Random
>> only works because it violates its "contract".  The parameter (a
>> generator object) is passed "in", but is modified. Its mutation
>> is one effect of calling function Random.
> 
> Wrong. You might have an implementation of Random backed by the hardware in
> which case Random would have no internal state whatsoever.

An implementation does not specify the language. By the language,
Random relies on the fact that whenever it is finished, it will
deliver the "next" value ("from its generator").  The state of a
Generator can be saved and restored, so the notion of its state
is meaningful in the abstract.
Since we are discussion the effects of subprogram specs on programmer
intuition, Random's parameter Gen being of mode "in" is at odds with
the usual meaning of "in".

Re: How do I write directly to a memory address?

[Jeffrey Carter]

On 02/07/2011 09:14 AM, Robert A Duff wrote:
>
> I don't think a truly random implementation of
> Ada.Numerics. ... .Random would be correct,
> because you're allowed to reset the state to a
> previously-saved state, and replay they exact same sequence
> of pseudo-random numbers.
>
> It might be useful to have a truly-random function, but
> it would have to be a different one.

I suppose you could save the sequence of values returned so far, and the state 
would be an index into that sequence.

-- 
Jeff Carter
"We burst our pimples at you."
Monty Python & the Holy Grail
16

Re: How do I write directly to a memory address?

[Simon Wright]

Georg Bauhaus <rm.dash-bauhaus@futureapps.de> writes:

> Since we are discussion the effects of subprogram specs on programmer
> intuition, Random's parameter Gen being of mode "in" is at odds with
> the usual meaning of "in".

Likewise Ada.Text_IO --

   procedure Set_Page_Length (File : File_Type; To : Count);

as a particularly "wrong" example. But see AI95-00057:
http://www.ada-auth.org/cgi-bin/cvsweb.cgi/ais/ai-00057.txt?rev=1.6
(practicality wins over purity).

Re: How do I write directly to a memory address?

[Dmitry A. Kazakov]

On Mon, 07 Feb 2011 19:10:12 +0100, Georg Bauhaus wrote:

> On 07.02.11 16:21, Dmitry A. Kazakov wrote:
> 
>>> It means that Ada function Ada.Numerics.Discrete_Random.Random
>>> only works because it violates its "contract".  The parameter (a
>>> generator object) is passed "in", but is modified. Its mutation
>>> is one effect of calling function Random.
>> 
>> Wrong. You might have an implementation of Random backed by the hardware in
>> which case Random would have no internal state whatsoever.
> 
> An implementation does not specify the language. By the language,
> Random relies on the fact that whenever it is finished, it will
> deliver the "next" value ("from its generator").  The state of a
> Generator can be saved and restored, so the notion of its state
> is meaningful in the abstract.

That is specific to the procedure Reset, which is not essential for random
number generation.

> Since we are discussion the effects of subprogram specs on programmer
> intuition, Random's parameter Gen being of mode "in" is at odds with
> the usual meaning of "in".

Not at all. It is Reset, which probably is. Random is perfectly OK.

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de

Re: How do I write directly to a memory address?

[Robert A Duff]

Jeffrey Carter <spam.jrcarter.not@spam.not.acm.org> writes:

> I suppose you could save the sequence of values returned so far, and the
> state would be an index into that sequence.

Good point.

I guess the state would be the whole sequence, plus
an index into it, or something like that.

- Bob

Re: How do I write directly to a memory address?

[Randy Brukardt]

"Simon Clubley" <clubley@remove_me.eisner.decus.org-Earth.UFP> wrote in 
message news:iiopbr$bs7$1@news.eternal-september.org...
...
> I realised after posting, this was open to confusion by people who had not
> encountered this before so a more detailed example follows. The word 
> constant
> above does not refer to a programmer defined constant, but a compiler 
> defined
> constant.

You mean a numeric literal (to use the Ada terms).

> In the statement:
>
> c = (4 * i) + 2
>
> the compiler would allocate memory locations containing the values 4 and 
> 2.
> These memory locations would then be used in the generated code whenever 
> the
> values of 2 or 4 were found. In other words, all access, including 
> literals,
> was by reference.
>
> This was a long time ago however.

Must have been. I remember hearing this story in college. And it supposely 
was old then. I've always thought of it as a sort of urban legend. But I 
suspect that it has more to do with the instruction set of the target 
machine. On the Intel architectures that I've worked on my entire working 
life, it wouldn't make sense to have a global memory location holding a 
literal (the literals can be folded into instructions at very little cost). 
But I can imagine cases where that wouldn't be true.

                                 Randy.

Re: How do I write directly to a memory address?

[Simon Wright]

Robert A Duff <bobduff@shell01.TheWorld.com> writes:

> Jeffrey Carter <spam.jrcarter.not@spam.not.acm.org> writes:
>
>> I suppose you could save the sequence of values returned so far, and
>> the state would be an index into that sequence.
>
> Good point.
>
> I guess the state would be the whole sequence, plus an index into it,
> or something like that.

I don't think this would meet A.5.2(28), "[...] All generators are
implicitly initialized to an unspecified state that does not vary from
one program execution to another[...]".

I suppose that (reverting to the current Numerics.Discrete_Random) means
"for the same compiler on the same architecture"? You could hardly
expect GCC 4.3.3 on PowerPC to produce the same output as GCC 4.6.0 on
x86_64. Or could it even mean "for executions of a specific build of a
specific program on a specific machine"?

Re: How do I write directly to a memory address?

[Maciej Sobczak]

On Feb 7, 10:24 am, "Dmitry A. Kazakov" <mail...@dmitry-kazakov.de>
wrote:

> > The contract is not broken. The function cannot modify the original
> > value that is passed by copy (this being the very nature of "copy")
> > and the caller cannot even reason about what happens behind the
> > signature.
>
> It is broken because const T is not substitutable for T. Mutators of the
> type T are not operations of const T. q.e.d.

q.e.d. what?

I have an impression that we are (again) in the mode where you bring
arbitrarily twisted definitions in order to prove your point.

What contract is broken?

Why do you want to substitute one type by another? These are not
generics, nor other type-dependent constructs, so type substitutions
are out of the picture.

Or (because I have no idea what is your point, so I'm guessing), you
can easily use const T to provide the actual value for the parameter
of T:

void foo(int i);

and then:

const int j = 7;
foo(j);

Type substitution does not happen here. The types interact by means of
initialization, but this interaction has nothing to do with
substitution.

So, no contract is broken. (q.e.d.?)

Unless, of course, you have meant something else.

--
Maciej Sobczak * http://www.inspirel.com

Re: How do I write directly to a memory address?

[Bill Findlay]

On 07/02/2011 21:54, in article iippmb$q45$1@munin.nbi.dk, "Randy Brukardt"
<randy@rrsoftware.com> wrote:

> I remember hearing this story in college. And it supposely was old then.
> I've always thought of it as a sort of urban legend.

I had to debug a FORTRAN 66 program (my own, sadly, written in 1967) that
was going astray in a statement of the form:

      IF (X) 101, 102, 103

The problem was that a previous call to a library subroutine, along the
lines of:

      CALL SOLVE(A, X, B, 0.0)

was updating the accuracy parameter 0.0 to the residual norm of the solution
(or some such accuracy indication), and this was making the implicit
comparison with 0.0 in the later IF statement go wrong.

-- 
Bill Findlay
with blueyonder.co.uk;
use  surname & forename;

Re: How do I write directly to a memory address?

[Adam Beneschan]

On Feb 7, 1:54 pm, "Randy Brukardt" <ra...@rrsoftware.com> wrote:
> "Simon Clubley" <clubley@remove_me.eisner.decus.org-Earth.UFP> wrote in
> messagenews:iiopbr$bs7$1@news.eternal-september.org...
> ...
>
> > I realised after posting, this was open to confusion by people who had not
> > encountered this before so a more detailed example follows. The word
> > constant
> > above does not refer to a programmer defined constant, but a compiler
> > defined
> > constant.
>
> You mean a numeric literal (to use the Ada terms).
>
> > In the statement:
>
> > c = (4 * i) + 2
>
> > the compiler would allocate memory locations containing the values 4 and
> > 2.
> > These memory locations would then be used in the generated code whenever
> > the
> > values of 2 or 4 were found. In other words, all access, including
> > literals,
> > was by reference.
>
> > This was a long time ago however.
>
> Must have been. I remember hearing this story in college. And it supposely
> was old then. I've always thought of it as a sort of urban legend. But I
> suspect that it has more to do with the instruction set of the target
> machine. On the Intel architectures that I've worked on my entire working
> life, it wouldn't make sense to have a global memory location holding a
> literal (the literals can be folded into instructions at very little cost).
> But I can imagine cases where that wouldn't be true.

I think C was originally designed for the PDP-11.  It's been ages
since I did anything with that processor, but my recollection is that
you could include a 16-bit numeric literal in an instruction.  It
would take up an extra word, but putting the literal somewhere else
and including the address in the instruction would also take up an
extra word, so you wouldn't save anything.  However, if the literal
needed to be 32 bits then I can imagine it might have made sense to
stick it in a global.

                           -- Adam

Re: How do I write directly to a memory address?

[Ludovic Brenta]

Georg Bauhaus wrote:
>> Well, I came to wonder what intentions are conveyed by "void foo (int
>> arg)" and why modifying arg inside foo could be intentional.  Since I
>> came up with no convincing reason (the only reasons being variants of
>> premature optimization), I concluded that the possibility of "void foo
>> (int arg)" as opposed to "void foo (const int arg)" was a flaw in the
>> C language, that cost me a lot of effort.
>
> Ease of implementation when pushing parameters?
>
> void foo(int countdown)
> {
>   while (--countdown) {
>     fputc('.', stdout);
>   }
>   fputc('\n', stdout);
> }

That's what I meant by "variants of premature optimization".  If all
parameters were const, as in Ada, the programmer would simply declare
a local variable, like in Ada.  And the bug I was talking about would
become blatantly obvious.

BTW, like I said, *every* time I look at C code, I see a bug. In your
case, foo has undefined behavior if countdown is negative.

Also, note how the Ada version of this function does not use a
variable at all; it uses a for loop inside of which K is constant. And
it does not have your bug:

procedure Foo (Countdown : in Natural) is
begin
   for K in 1 .. Countdown loop
      Put ('.');
   end loop;
   Next_Line;
end Foo;

So, "ease of implementation" is not a good reason.  The thing you
implemented "easily" had a bug.

--
Ludovic Brenta.

Re: How do I write directly to a memory address?

[Nasser M. Abbasi]

On 2/8/2011 12:04 AM, Ludovic Brenta wrote:
> Georg Bauhaus wrote:
>>> Well, I came to wonder what intentions are conveyed by "void foo (int
>>> arg)" and why modifying arg inside foo could be intentional.  Since I
>>> came up with no convincing reason (the only reasons being variants of
>>> premature optimization), I concluded that the possibility of "void foo
>>> (int arg)" as opposed to "void foo (const int arg)" was a flaw in the
>>> C language, that cost me a lot of effort.
>>
>> Ease of implementation when pushing parameters?
>>
>> void foo(int countdown)
>> {
>>    while (--countdown) {
>>      fputc('.', stdout);
>>    }
>>    fputc('\n', stdout);
>> }
>
>

>
> BTW, like I said, *every* time I look at C code,

This is funny, but I understand what you mean.

> I see a bug. In your
> case, foo has undefined behavior if countdown is negative.
>

If I remember my C, since "while" will keep running until its argument
becomes false, which in C means "zero", then this means if countdown is
negative the above code will keep decrementing countdown until it hits
-infinity? :) and the program will crash or do something else?
  
> Also, note how the Ada version of this function does not use a
> variable at all; it uses a for loop inside of which K is constant. And
> it does not have your bug:
>
> procedure Foo (Countdown : in Natural) is
> begin
>     for K in 1 .. Countdown loop
>        Put ('.');
>     end loop;
>     Next_Line;
> end Foo;
>
> So, "ease of implementation" is not a good reason.  The thing you
> implemented "easily" had a bug.
>
> --
> Ludovic Brenta.

Ada has so many nice things in it. I think its type system is one
of the best features of Ada.

--Nasser

Re: How do I write directly to a memory address?

[Ludovic Brenta]

Nasser M. Abbasi wrote on comp.lang.ada:
>> Georg Bauhaus wrote:
>>> void foo(int countdown)
>>> {
>>>    while (--countdown) {
>>>      fputc('.', stdout);
>>>    }
>>>    fputc('\n', stdout);
>>> }
>
>> BTW, like I said, *every* time I look at C code,
>
> This is funny, but I understand what you mean.
>
>> I see a bug. In your
>> case, foo has undefined behavior if countdown is negative.
>
> If I remember my C, since "while" will keep running until its argument
> becomes false, which in C means "zero", then this means if countdown is
> negative the above code will keep decrementing countdown until it hits
> -infinity? :) and the program will crash or do something else?

Actually, the bug also triggers if countdown == 0 upon entry into foo,
because of the *prefix* decrement operator.

The behavior is undefined by the language but most C programmers
assume that counter will wrap around.  In fact, when GCC 4.5
introduced aggressive optimizations based on the knowledge that
overflow semantics was undefined in C, a *lot* of existing programs
were suddenly broken. In fact, only their incorrect assumptions
("hidden contracts") were broken.  The damage was so severe that the
GCC folks had to demote this aggressive optimization to a non-default
compiler switch :(

--
Ludovic Brenta.

Re: How do I write directly to a memory address?

[Georg Bauhaus]

On 2/8/11 9:04 AM, Ludovic Brenta wrote:

>> void foo(int countdown)
>> {
>>    while (--countdown) {
>>      fputc('.', stdout);
>>    }
>>    fputc('\n', stdout);
>> }
>
> That's what I meant by "variants of premature optimization".

See why Ada cannot be efficient?  ;-)

Re: How do I write directly to a memory address?

[Georg Bauhaus]

On 2/8/11 9:04 AM, Ludovic Brenta wrote:

>> Ease of implementation when pushing parameters?
>>
>> void foo(int countdown)
>> {
>>    while (--countdown) {
>>      fputc('.', stdout);
>>    }
>>    fputc('\n', stdout);
>> }
>
> That's what I meant by "variants of premature optimization".  If all
> parameters were const, as in Ada, the programmer would simply declare
> a local variable, like in Ada.  And the bug I was talking about would
> become blatantly obvious.

As I said, maybe that was easier to implement for the
C language and compiler makers.

You'd have to demonstrate that an Ada procedure, needing
an extra loop variable, will produce the same code.
(Hopefully, it does not!)

> BTW, like I said, *every* time I look at C code, I see a bug. In your
> case, foo has undefined behavior if countdown is negative.

We are playing Monopoly, aren't we.  You won't be winning a
single C programmer with this style of non-framed single
issue logic triggered only by stupid misuse of a perfectly
working solution.

As Hyman said, there are tons of well working C programs out there,
very likely using some int i, plus increment or decrement.

Well, there is a related CVE every other week, but (a) there
aren't equally many Ada programs, (b) if programmers don't know
what INT_MAX + 1 is, they shouldn't be programming in C, and
(c) by single case logic, Ada's type system has not prevented
deaths in Ariane 5 anyway.

Re: How do I write directly to a memory address?

[Ludovic Brenta]

Georg Bauhaus wrote:
> On 2/8/11 9:04 AM, Ludovic Brenta wrote:
>>> Ease of implementation when pushing parameters?
>
>>> void foo(int countdown)
>>> {
>>>    while (--countdown) {
>>>      fputc('.', stdout);
>>>    }
>>>    fputc('\n', stdout);
>>> }
>
>> That's what I meant by "variants of premature optimization".  If all
>> parameters were const, as in Ada, the programmer would simply declare
>> a local variable, like in Ada.  And the bug I was talking about would
>> become blatantly obvious.
>
> As I said, maybe that was easier to implement for the
> C language and compiler makers.

Yes. This is the root cause why C is so bad for everyone else.

> You'd have to demonstrate that an Ada procedure, needing
> an extra loop variable, will produce the same code.
> (Hopefully, it does not!)

Hopefully, it does, except for the precondition check that Countdown
>= 0.

>> BTW, like I said, *every* time I look at C code, I see a bug. In your
>> case, foo has undefined behavior if countdown is negative.
>
> We are playing Monopoly, aren't we.  You won't be winning a
> single C programmer with this style of non-framed single
> issue logic triggered only by stupid misuse of a perfectly
> working solution.

I don't know what you mean with Monopoly but, if I were trying to win
over C programmers, I'd be on comp.lang.c right now.  And this is
*not* "stupid misuse of a perfectly working solution", it is strict
interpretation of the explicit contract that you yourself had
provided: the function "foo" accepts a *signed* integer as its
parameter.  The "stupid misuse" is yours; you should have used
"unsigned int" to express your contract, and then accounted for the
possibility that the parameter could be zero.

> As Hyman said, there are tons of well working C programs out there,
> very likely using some int i, plus increment or decrement.

And the majority of these tons of "working" programs were broken the
instant GCC started to optimize overflows away.

> Well, there is a related CVE every other week, but (a) there
> aren't equally many Ada programs, (b) if programmers don't know
> what INT_MAX + 1 is, they shouldn't be programming in C, and

Ah that's a good one. It is perfectly true.  It is well known that C
was created only for perfect programmers who never make mistakes.  But
these programmers, if they exist, do not need C; they can simply "cat
> a.out", can't they?

> (c) by single case logic, Ada's type system has not prevented
> deaths in Ariane 5 anyway.

Huh?

--
Ludovic Brenta.

Re: How do I write directly to a memory address?

[Georg Bauhaus]

On 2/8/11 10:58 AM, Ludovic Brenta wrote:

>> (c) by single case logic, Ada's type system has not prevented
>> deaths in Ariane 5 anyway.
>
> Huh?

You don't even know this?

Re: How do I write directly to a memory address?

[Ludovic Brenta]

Georg Bauhaus wrote on comp.lang.ada:
> On 2/8/11 10:58 AM, Ludovic Brenta wrote:
>>> (c) by single case logic, Ada's type system has not prevented
>>> deaths in Ariane 5 anyway.
>
>> Huh?
>
> You don't even know this?

The problem was the conscious decision not to re-test the Ariane 4
software against Ariane 5 due to the incorrect assumption that the
accelerations involved had not changed.  It had everything to do with
management and nothing with software engineering (in fact the software
engineers were denied the right to test the software against "secret"
Ariane 5 predicted trajectory data).

There were no deaths involved.

So: huh?

--
Ludovic Brenta.

Re: How do I write directly to a memory address?

[Georg Bauhaus]

On 2/8/11 9:04 AM, Ludovic Brenta wrote:
>  The thing you
> implemented "easily" had a bug.

No.  Stupid programmers can easily misuse foo() just as
Ada programmers can easily write violations of index
constraints.  Hopefully, they write exception handlers.
But wait.  If the handlers are just as smart as their
use of indexing variables... Isn't their ambition flawed
by a logical contradiction?  If the handlers are just
as good as the checked indexing...

Re: How do I write directly to a memory address?

[Georg Bauhaus]

On 2/8/11 9:04 AM, Ludovic Brenta wrote:

> BTW, like I said, *every* time I look at C code, I see a bug. In your
> case, foo has undefined behavior if countdown is negative.

You took the bait.   Fine.

Strict contracts in subprogram profiles. Ha!

void foo2(int jump)
   /* make sure jump % 2 == 0! */
{
    ...
}

Write that in Ada 2005 to demonstrate the glorious power of
your subtype constraints.  When was it that compilers will
support aspects reliably?

Re: How do I write directly to a memory address?

[Ludovic Brenta]

Georg Bauhaus wrote:
> On 2/8/11 9:04 AM, Ludovic Brenta wrote:
>>  The thing you implemented "easily" had a bug.
>
> No.  Stupid programmers can easily misuse foo() just as
> Ada programmers can easily write violations of index
> constraints.  Hopefully, they write exception handlers.
> But wait.  If the handlers are just as smart as their
> use of indexing variables... Isn't their ambition flawed
> by a logical contradiction?  If the handlers are just
> as good as the checked indexing...

No. Stupid programmers use "int" when they really mean "positive", and
they don't even explain that to users of their APIs.  Not even in
comments.  Then they say bugs are every one else's fault but theirs.

--
Ludovic Brenta.

Re: How do I write directly to a memory address?

[Nasser M. Abbasi]

On Feb 8, 2:03 am, Georg Bauhaus <rm-host.bauh...@maps.futureapps.de>
wrote:
> On 2/8/11 10:58 AM, Ludovic Brenta wrote:
>
> >> (c) by single case logic, Ada's type system has not prevented
> >> deaths in Ariane 5 anyway.
>
> > Huh?
>
> You don't even know this?

Hello;

From wiki:

http://en.wikipedia.org/wiki/Ariane_5_Flight_501

"Because of the different flight path, a data conversion from a 64-bit
floating point to 16-bit signed integer value caused a hardware
exception (more specifically, an arithmetic overflow, as the floating
point number had a value too large to be represented by a 16-bit
signed integer). Efficiency considerations had led to the disabling of
the software handler (in Ada code) for this error trap"

So, the problem was "disabling of the software handler".

So, it seems to me that Ada worked as expected? It DID detect the
overflow.

But someone has disabled run-time exception handler.

--Nasser

Re: How do I write directly to a memory address?

[Ludovic Brenta]

Georg Bauhaus wrote on comp.lang.ada:
> On 2/8/11 9:04 AM, Ludovic Brenta wrote:
>
>> BTW, like I said, *every* time I look at C code, I see a bug. In your
>> case, foo has undefined behavior if countdown is negative.
>
> You took the bait.   Fine.
>
> Strict contracts in subprogram profiles. Ha!
>
> void foo2(int jump)
>    /* make sure jump % 2 == 0! */
> {
>     ...
>
> }
>
> Write that in Ada 2005 to demonstrate the glorious power of
> your subtype constraints.  When was it that compilers will
> support aspects reliably?

Easy:

procedure Foo2 (Jump : in Natural);
-- Jumps by 2 * Jump

Thereby eliminating the very *possibility* that 2*jump can be odd!

--
Ludovic Brenta.

Re: How do I write directly to a memory address?

[Georg Bauhaus]

On 2/8/11 11:08 AM, Ludovic Brenta wrote:
> Georg Bauhaus wrote on comp.lang.ada:
>> On 2/8/11 10:58 AM, Ludovic Brenta wrote:
>>>> (c) by single case logic, Ada's type system has not prevented
>>>> deaths in Ariane 5 anyway.
>>
>>> Huh?
>>
>> You don't even know this?
>
> The problem was the conscious decision not to re-test the Ariane 4
> software against Ariane 5 ....
>
> There were no deaths involved.
>
> So: huh?

See?  You talk about C functions as if there was a general
case: C functions, plural.  Recurring bugs in them, causing
undefined behavior.  I made up the same thing for rocket flights
in general.  The generalizing argument is structurally equivalent!
Both arguments are pointless because people won't listen.
(Watch Sarah P. to see why arguing about foo(int undefined) is
pointless.)

There is a chance of human error (in C, in rockets).
Smart engineers don't make them (in C, in rockets).
C or Ada have had little to do with these  human
errors cause by the wrong assumptions
(about foo() and about Ariane 4 modules).

Here it is, again, my foo() vs Ariane 4/5:

    Construction made by a human, in C,
    knowing how it was going to be used.

    Construction made by a human, in Ada,
    knowing how it was going to be used.

In general, where is the difference?

Re: How do I write directly to a memory address?

[Georg Bauhaus]

On 2/8/11 11:14 AM, Ludovic Brenta wrote:
>   Then they say bugs are every one else's fault but theirs.

Exactly!

And they are right because it *is* everyone else fault
if they call a function they don't understand!
Because their programs do demonstrably work, and they
do so *because* they call their own functions as they
should be called.

Obviously.

Re: How do I write directly to a memory address?

[Georg Bauhaus]

On 2/8/11 11:16 AM, Ludovic Brenta wrote:

>> Strict contracts in subprogram profiles. Ha!
>>
>> void foo2(int jump)
>>     /* make sure jump % 2 == 0! */
>> {
>>      ...
>>
>> }
>>
>> Write that in Ada 2005 to demonstrate the glorious power of
>> your subtype constraints.  When was it that compilers will
>> support aspects reliably?
>
> Easy:
>
> procedure Foo2 (Jump : in Natural);
> -- Jumps by 2 * Jump
>
> Thereby eliminating the very *possibility* that 2*jump can be odd!

See how you couldn't provide a solution, but made up
a different case?   Now

   Foo2 (Jump => Natural'Last);

Re: How do I write directly to a memory address?

[Ludovic Brenta]

Georg Bauhaus wrote on comp.lang.ada:
> On 2/8/11 11:16 AM, Ludovic Brenta wrote:
>>> Strict contracts in subprogram profiles. Ha!
>
>>> void foo2(int jump)
>>>     /* make sure jump % 2 == 0! */
>>> {
>>>      ...
>>> }
>
>>> Write that in Ada 2005 to demonstrate the glorious power of
>>> your subtype constraints.  When was it that compilers will
>>> support aspects reliably?
>
>> Easy:
>
>> procedure Foo2 (Jump : in Natural);
>> -- Jumps by 2 * Jump
>
> > Thereby eliminating the very *possibility* that 2*jump can be odd!
>
> See how you couldn't provide a solution, but made up
> a different case?

No, I provided a proper contract that reflects the problem at hand
rather than your fragile solution.

   Now
>
>    Foo2 (Jump => Natural'Last);

procedure Foo2 (Jump : in Natural) is
begin
   if Jump <= Natural'Last / 2 then
      Baz (2 * Jump);
   else
      declare
         Half_Jump : constant Natural := Jump / 2;
         Remainder : constant Natural := Jump mod 2;
      begin
         Baz (2 * Half_Hump);
         Baz (2 * Half_Jump);
         if Remainder /= 0 then
            Baz (2 * Remainder);
         end if;
      end;
   end if;
end Foo2;

And that's assuming Long_Long_Integer is not wide enough for the
calculations.

--
Ludovic Brenta.

Re: How do I write directly to a memory address?

[Georg Bauhaus]

On 08.02.11 11:43, Ludovic Brenta wrote:
> Georg Bauhaus wrote on comp.lang.ada:
>> On 2/8/11 11:16 AM, Ludovic Brenta wrote:
>>>> Strict contracts in subprogram profiles. Ha!
>>
>>>> void foo2(int jump)
>>>>     /* make sure jump % 2 == 0! */
>>>> {
>>>>      ...
>>>> }

> procedure Foo2 (Jump : in Natural) is
> begin
>    if Jump <= Natural'Last / 2 then
>       Baz (2 * Jump);
>    else
>       declare
>          Half_Jump : constant Natural := Jump / 2;
>          Remainder : constant Natural := Jump mod 2;
>       begin
>          Baz (2 * Half_Hump);
>          Baz (2 * Half_Jump);
>          if Remainder /= 0 then
>             Baz (2 * Remainder);
>          end if;
>       end;
>    end if;
> end Foo2;
> 
> And that's assuming Long_Long_Integer is not wide enough for the
> calculations.


There is lots of assuming here.  The original "contract" read

void foo2(int jump)
     /* make sure jump % 2 == 0! */
{
   ...
}

(And int includes negative values.)  The idea could have
been that the least significant bit is not set.  Or the idea
could have been different.  The point is, neither language
provides the means of expressing the idea using types.

Not yet.

The knee jerk reaction of the Ada programmer is to invent
a different problem and its solution and show off.

It's counterproductive.

So, more specifically, define an integer subtype T whose values
do not include the values of the static constants A, B, and C,
assuming that each of A, B, and C will be members of a
proper subrange of T'Range.  Make sure that membership in T
can be checked at compile time.

Do the same for run-time values A, B, and C.

What I'd like to point out is that we need a better utility
function.  A function that properly measures program quality.
I imagine that type checking quality vs the type system's
flexibility of the respective languages form one variable
of the utility function.

Re: How do I write directly to a memory address?

[Simon Clubley]

On 2011-02-07, Randy Brukardt <randy@rrsoftware.com> wrote:
> "Simon Clubley" <clubley@remove_me.eisner.decus.org-Earth.UFP> wrote in 
> message news:iiopbr$bs7$1@news.eternal-september.org...
>
> You mean a numeric literal (to use the Ada terms).
>

Yes. I was in too much of a rush when I wrote the original posting.

>> In the statement:
>>
>> c = (4 * i) + 2
>>
>> the compiler would allocate memory locations containing the values 4 and 
>> 2.
>> These memory locations would then be used in the generated code whenever 
>> the
>> values of 2 or 4 were found. In other words, all access, including 
>> literals,
>> was by reference.
>>
>> This was a long time ago however.
>
> Must have been. I remember hearing this story in college. And it supposely 
> was old then. I've always thought of it as a sort of urban legend. But I 
> suspect that it has more to do with the instruction set of the target 
> machine. On the Intel architectures that I've worked on my entire working 
> life, it wouldn't make sense to have a global memory location holding a 
> literal (the literals can be folded into instructions at very little cost). 
> But I can imagine cases where that wouldn't be true.
>

As someone else has commented in another posting, something like this also
happened to them, but I can see how it might be considered a urban legend if
you have only used more mainstream hardware.

In my case, this was during the 1980's while I was still in the sixth form
(the US equivalent of the sixth form would be high school) and was taking
advanced (for the time :-)) programming classes at the local higher education
establishment as part of my sixth form education.

The miniframe which was installed there was a obscure miniframe from
Sperry/Unisys and not something mainstream like a PDP-11. The operating
system and compilers were quite limited even by the standards of what was
available in those days and given these other limitations, this global
sharing and allowed overwriting of literals by the generated compiler
code is not a surprise in hindsight.

Simon.

-- 
Simon Clubley, clubley@remove_me.eisner.decus.org-Earth.UFP
Microsoft: Bringing you 1980s technology to a 21st century world

Re: How do I write directly to a memory address?

[J-P. Rosen]

Le 07/02/2011 22:54, Randy Brukardt a �crit :
> Must have been. I remember hearing this story in college. And it supposely 
> was old then. I've always thought of it as a sort of urban legend. 
It is not. I was also bitten by this one when I was a student.

The key is that FORTRAN IV required all parameter passing to be by
reference. In a call like:
   CALL SP (4)
how do you pass "4" by reference? You have to create a variable. The
compiler was clever enough to create only one variable for each static
value. But inside SP, nothing prevented you from modifying the formal...

Fortunately, our machine had memory protection, and the compiler
generated those pseudo-variables in read-only memory. So you had a
memory access violation, which was easier to debug than when all 4's
were changed to 5's


-- 
---------------------------------------------------------
           J-P. Rosen (rosen@adalog.fr)
Adalog a d�m�nag� / Adalog has moved:
2 rue du Docteur Lombard, 92441 Issy-les-Moulineaux CEDEX
Tel: +33 1 45 29 21 52, Fax: +33 1 45 29 25 00

Re: How do I write directly to a memory address?

[Yannick Duchêne (Hibou57)]

Le Thu, 03 Feb 2011 09:00:24 +0100, Georg Bauhaus  
<rm-host.bauhaus@maps.futureapps.de> a écrit:
> The Ada archives should, I think, have examples of writing to
> DOS's video buffer.
Tiny note aside: B800:0000 or B8000 (as linear address), was not the DOS  
video buffer, this was the place where the VGA RAM was mapped to. If I am  
not wrong, this was not a DOS matter, but a VGA matter (may be depending  
on how the BIOS was setting up the adapter also).

-- 
Si les chats miaulent et font autant de vocalises bizarres, c’est pas pour  
les chiens.

“I am fluent in ASCII” [Warren 2010]

Re: How do I write directly to a memory address?

[Yannick Duchêne (Hibou57)]

Le Thu, 03 Feb 2011 09:08:50 +0100, mockturtle <framefritti@gmail.com> a  
écrit:

>> Below is an
>> example of code I would like to be able to implement.
>>
>> ...
>> unsigned int print(char *message, unsigned int line)
>> {
>> 	char *vidmem = (char *) 0xb8000;
>> 	unsigned int i= 0;
>>
>
> I do not have any experience about this part of Ada, but maybe I can  
> give you a "pointer" to some bootstrapping information.  Maybe you could  
> want to use an attribute representation  clause for Vidmem'Address (see  
> Section 13.3 of the RM) . With some improvisation, I would write  
> something like
>
>    type Vidmem_Array is array (natural range <>) of Character;
>    Vidmem : Vidmem_Array (0 .. Max_Size);
>
>    for Vidmem'Address use 16#000B_8000#;

There may be a real issue here. This was segment register = B800 and  
offset register = 0000, for the base address. Ada does not make any  
distinction about segment and offset. There should be something stated in  
the compiler's documentation, to know how it maps linear address to  
segment:offset address. Otherwise, I feel the result is unpredictable  
because ambiguous: the compiler may have at least two options. The first  
one would be to work with a fixed segment as the base address for each  
memory pool and then the address attribute would match the offset only  
(Pascal compilers was working this way inside of units). The second one  
would be to use the standard convention at that time, to have offset range  
in 0..15 and the remaining of the address held by the segment… the was the  
Borland C++ way when using the so called Huge Memory model. These two  
interpretation ends into different things. In short, there is no way to  
believe “for Vidmem'Address use 16#000B_8000#” can be OK without further  
investigations.

-- 
Si les chats miaulent et font autant de vocalises bizarres, c’est pas pour  
les chiens.

“I am fluent in ASCII” [Warren 2010]

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 2/7/2011 4:00 AM, Ludovic Brenta wrote:
> I recently found another bug in a C program that was caused
> by changing the value of a "passed-by-copy" parameter. Of
 > course the caller was unaffected but the algorithm inside
 > the function was broken.

In C or C++, a function parameter is an ordinary variable
which is initialized by the an expression in the function
call. If the parameter is not const, it may then be changed
during the operation of the function. C has worked this way
for something like forty years, so being surprised by this
now seems disingenuous.

There's no particular reason that a function parameter should
not be permitted to be changed, notwithstanding that you found
a case where doing so caused an error. One puts implementation,
for example, is

     int puts(char *s)
     {
         while (*s) if (putchar(*s++) == EOF) return EOF;
         return putchar('\n');
     }

and a C programmer would be puzzled when told that this function
would be better if he had to use another variable initialized to
the value of 's' before getting down to business.

I rather think that it's Ada that got it wrong here, by choosing
to combine the concept of passing by value or reference and the
concept of immutability. Evidence for that is the fact that in
several places the Ada standard has to say that a parameter must
be passed by reference while the declaration of the subprogram
does not give you that information (because the parameter is 'in').

Re: How do I write directly to a memory address?

[Adam Beneschan]

On Feb 8, 7:36 am, Hyman Rosen <hyro...@mail.com> wrote:
> On 2/7/2011 4:00 AM, Ludovic Brenta wrote:> I recently found another bug in a C program that was caused
> > by changing the value of a "passed-by-copy" parameter. Of
>
>  > course the caller was unaffected but the algorithm inside
>  > the function was broken.
>
> In C or C++, a function parameter is an ordinary variable
> which is initialized by the an expression in the function
> call. If the parameter is not const, it may then be changed
> during the operation of the function. C has worked this way
> for something like forty years, so being surprised by this
> now seems disingenuous.
>
> There's no particular reason that a function parameter should
> not be permitted to be changed, notwithstanding that you found
> a case where doing so caused an error. One puts implementation,
> for example, is
>
>      int puts(char *s)
>      {
>          while (*s) if (putchar(*s++) == EOF) return EOF;
>          return putchar('\n');
>      }

But if C has been working this way for forty years, and its
programmers still can't get it right (as evidenced by the fact that
Ludovic found a bug), then it's arguable that the language is making
it too easy to write incorrect code and too difficult to write code
you can count on.  A two-line example such as yours doesn't count as
evidence against that; it's easy to get really short subroutines
correct.  The problems come up when you have larger routines.  And
I've run into this problem with a program I maintain, in a language
(not C) that also allows value parameters to be modified locally.
Someone has gone into it and written a statement that uses the
parameter, assuming that it's the value that the caller gave it,
without realizing that someone else had written a statement up above
that changed the parameter's value.

There's always going to be a religious war between those who want a
language that doesn't make them do extra annoying stuff and putting
annoying restrictions on their code, and those who prefer a language
that provides some degree of protection against stupid errors (not
only their own, but stupid errors made by the other programmer down
the hall who got laid off two years ago).  I'm certainly not going to
resolve the religious war here.  But since I do so much of my work
with other people's code, I do have a preference for the latter, and I
think Ada got this one right.

                                  -- Adam

Re: How do I write directly to a memory address?

[Adam Beneschan]

On Feb 8, 2:03 am, Georg Bauhaus <rm-host.bauh...@maps.futureapps.de>
wrote:
> On 2/8/11 10:58 AM, Ludovic Brenta wrote:
>
> >> (c) by single case logic, Ada's type system has not prevented
> >> deaths in Ariane 5 anyway.
>
> > Huh?
>
> You don't even know this?

Quoting Wikipedia: "As it was an unmanned flight, there were no
victims".  What "deaths" are you referring to?  I think that's what
Ludovic meant by "Huh?".

                             -- Adam

Re: How do I write directly to a memory address?

[Pascal Obry]

Le 08/02/2011 10:46, Georg Bauhaus a �crit :
> As Hyman said, there are tons of well working C programs out there,
> very likely using some int i, plus increment or decrement.

Sure, I agree 100% with you. The question what was the cost to have the
code running fine? We can also see many assembly code running fine, what
what the cost per line?

I'm not a guy having fun playing with a language that want to kill me or
empty my pocket because I need to spend energy on intrinsic problems. I
want to concentrate to my application domain not to C/C++ idiosyncrasy!

So for what it's worth I agree 100% with Ludovic. I too see bugs in
every C line of code...

Pascal.

-- 

--|------------------------------------------------------
--| Pascal Obry                           Team-Ada Member
--| 45, rue Gabriel Peri - 78114 Magny Les Hameaux FRANCE
--|------------------------------------------------------
--|    http://www.obry.net  -  http://v2p.fr.eu.org
--| "The best way to travel is by means of imagination"
--|
--| gpg --keyserver keys.gnupg.net --recv-key F949BD3B

Re: How do I write directly to a memory address?

[Pascal Obry]

Le 08/02/2011 10:46, Georg Bauhaus a �crit :
> As Hyman said, there are tons of well working C programs out there,
> very likely using some int i, plus increment or decrement.

Sure, I agree 100% with you. The question what was the cost to have the
code running fine? We can also see many assembly code running fine, what
what the cost per line?

I'm not a guy having fun playing with a language that want to kill me or
empty my pocket because I need to spend energy on intrinsic problems. I
want to concentrate to my application domain not to C/C++ idiosyncrasy!

So for what it's worth I agree 100% with Ludovic. I too see bugs in
every C line of code...

Pascal.

-- 

--|------------------------------------------------------
--| Pascal Obry                           Team-Ada Member
--| 45, rue Gabriel Peri - 78114 Magny Les Hameaux FRANCE
--|------------------------------------------------------
--|    http://www.obry.net  -  http://v2p.fr.eu.org
--| "The best way to travel is by means of imagination"
--|
--| gpg --keyserver keys.gnupg.net --recv-key F949BD3B

Re: How do I write directly to a memory address?

[Pascal Obry]

Le 08/02/2011 10:46, Georg Bauhaus a �crit :
> As Hyman said, there are tons of well working C programs out there,
> very likely using some int i, plus increment or decrement.

Sure, I agree 100% with you. The question what was the cost to have the
code running fine? We can also see many assembly code running fine, what
what the cost per line?

I'm not a guy having fun playing with a language that want to kill me or
empty my pocket because I need to spend energy on intrinsic problems. I
want to concentrate to my application domain not to C/C++ idiosyncrasy!

So for what it's worth I agree 100% with Ludovic. I too see bugs in
every C line of code...

Pascal.

-- 

--|------------------------------------------------------
--| Pascal Obry                           Team-Ada Member
--| 45, rue Gabriel Peri - 78114 Magny Les Hameaux FRANCE
--|------------------------------------------------------
--|    http://www.obry.net  -  http://v2p.fr.eu.org
--| "The best way to travel is by means of imagination"
--|
--| gpg --keyserver keys.gnupg.net --recv-key F949BD3B

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 2/8/2011 11:44 AM, Adam Beneschan wrote:
> But if C has been working this way for forty years, and its
> programmers still can't get it right (as evidenced by the fact that
> Ludovic found a bug), then it's arguable that the language is making
> it too easy to write incorrect code and too difficult to write code
> you can count on.  A two-line example such as yours doesn't count as
> evidence against that; it's easy to get really short subroutines
> correct.  The problems come up when you have larger routines.  And
> I've run into this problem with a program I maintain, in a language
> (not C) that also allows value parameters to be modified locally.
> Someone has gone into it and written a statement that uses the
> parameter, assuming that it's the value that the caller gave it,
> without realizing that someone else had written a statement up above
> that changed the parameter's value.

An anecdotal reference, and not even showing the problematic code,
does not constitute compelling evidence. I don't see why the same
error might not arise with respect to any variable that a programmer
assumes has one value while in fact it has been changed to another.

 > A two-line example such as yours doesn't count as
 > evidence against that; it's easy to get really short subroutines
 > correct.  The problems come up when you have larger routines.

Then don't write large routines. In fact, you should switch to my
new imaginary programming language Lydia. In that language, all
subprograms can be no longer than five lines, since made-up statistics
show that 95% of all programming errors occur in subprograms which are
longer.

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 2/8/2011 12:11 PM, Pascal Obry wrote:
> I want to concentrate to my application domain not
 > to C/C++ idiosyncrasy!

You mean like Ada, where you have to know the difference
between bounded and unbounded strings before you can just
go ahead and focus on your domain?

> So for what it's worth I agree 100% with Ludovic.
 > I too see bugs in every C line of code...

Perhaps that makes you unsuited to look at C code?

C has been in continuous use for around forty years,
and there are enormous amounts of working C code
everywhere. If you believe that every line of C code
is broken, I submit that the fault lies in you, not
in the code - you may not understand how to evaluate
C code properly.

Re: How do I write directly to a memory address?

[Jeffrey Carter]

On 02/08/2011 06:12 AM, J-P. Rosen wrote:
>
> The key is that FORTRAN IV required all parameter passing to be by
> reference. In a call like:
>     CALL SP (4)
> how do you pass "4" by reference? You have to create a variable. The
> compiler was clever enough to create only one variable for each static
> value. But inside SP, nothing prevented you from modifying the formal...

The story I heard about the FORTRAN-IV compiler on the CDC 6400 I learned on in 
1975 was that certain "common" values (0, 1, 2, ...) were stored in global 
memory locations, used by all programs. So if one program changed the value of 
"2", every other program would get the wrong value thereafter until the system 
was restarted.

I never tested it, and never heard of it happening, so I can't say if it was true.

-- 
Jeff Carter
"Mr. President, we must not allow a mine-shaft gap!"
Dr. Strangelove
33

Re: How do I write directly to a memory address?

[Dmitry A. Kazakov]

On Mon, 7 Feb 2011 15:11:23 -0800 (PST), Maciej Sobczak wrote:

> On Feb 7, 10:24�am, "Dmitry A. Kazakov" <mail...@dmitry-kazakov.de>
> wrote:
> 
>>> The contract is not broken. The function cannot modify the original
>>> value that is passed by copy (this being the very nature of "copy")
>>> and the caller cannot even reason about what happens behind the
>>> signature.
>>
>> It is broken because const T is not substitutable for T. Mutators of the
>> type T are not operations of const T. q.e.d.
> 
> q.e.d. what?

1. const T /= T
2. not (const T <: T)

> I have an impression that we are (again) in the mode where you bring
> arbitrarily twisted definitions in order to prove your point.
> 
> What contract is broken?
> 
> Why do you want to substitute one type by another?

Because one is passed as a parameter where another is declared, expected
and used. This is substitution.

> These are not
> generics, nor other type-dependent constructs, so type substitutions
> are out of the picture.

Not at all. const T and T are distinct [sub]types. The types are different
because the sets of operations defined on them are.

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de

Re: How do I write directly to a memory address?

[Georg Bauhaus]

On 08.02.11 17:48, Adam Beneschan wrote:
> On Feb 8, 2:03 am, Georg Bauhaus <rm-host.bauh...@maps.futureapps.de>
> wrote:
>> On 2/8/11 10:58 AM, Ludovic Brenta wrote:
>>
>>>> (c) by single case logic, Ada's type system has not prevented
>>>> deaths in Ariane 5 anyway.
>>
>>> Huh?
>>
>> You don't even know this?
> 
> Quoting Wikipedia: "As it was an unmanned flight, there were no
> victims".  What "deaths" are you referring to?  I think that's what
> Ludovic meant by "Huh?".

The C programmers vs the Ada programmers kind of deaths
that inevitably happen in those rocket functions that,
by the laws of the wrong language, have shown that failure
must ensue because we have seen it once. -- You know, they
did use Ada in that rocket and it exploded! said some authority
and therefore, by Palinian logic, anything other than Ada is
better and rockets should not explode above the heads of American
people. That's not what we pay our taxes for, for funding
a government compiler that makes rockets explode. -- But it
was a different rocket. -- Well, I think that if it happened
in another rocket, we should be happy that not both of
them have made people die.  -- They didn't use GNAT either. --
So you are saying that GNAT is not an Ada compiler?  They were
so proud to use Ada and then the rocket exploded. -- But
no one died in Ariane 5. It was unstaffed.  -- I think you
are dishonest to the American people.  They've got a right to
learn that using "in" mode parameters in preference over
passing copies can kill our astronauts.  -- Ariane 5 is a
European rocket. -- It lifts off in French Guiana.
That's very close to Florida, isn't it? --

This kind of death.  Of argument.  The birth of rhetoric.
Things are made up for the sake of argument. Which is why
I mixed several perfectly comparable rockets: they all
look the same, as we all can see.  Too much of this
happens in language comparisons.

It is very good to learn about traceable cases of the danger
inherent in some language, such as using mutable scalars
from the largest possible scope they can have inside
functions (parameters in C; better in Ada?).

I wish they were collected in some unbiased public wiki,
together with a kind of cost analysis, metaphorical or real,
of the observed effects.  Wouldn't this be a nice addition
to the Style Guide? A chapter on Bug Avoidance Techniques (BAT)?.

I bet Les Hatton would find this chapter to be in line with his
evaluation of style guides.

Re: How do I write directly to a memory address?

[Dmitry A. Kazakov]

On Tue, 08 Feb 2011 12:24:17 -0500, Hyman Rosen wrote:

> C has been in continuous use for around forty years,
> and there are enormous amounts of working C code
> everywhere.

Slavery was around for thousands of years. Slaves built the Colosseum and
Pyramids. How silly of us would be not to deploy such an established
economical and technological framework.

> If you believe that every line of C code
> is broken, I submit that the fault lies in you, not
> in the code - you may not understand how to evaluate
> C code properly.

Yes, there is something wrong with us...

Remember the episode in Space Quest III with slave programmers working at
ScumSoft company? I bet they used C. (:-))

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de

Re: How do I write directly to a memory address?

[Jeffrey Carter]

On 02/08/2011 03:14 AM, Ludovic Brenta wrote:
>
> No. Stupid programmers use "int" when they really mean "positive", and
> they don't even explain that to users of their APIs.  Not even in
> comments.  Then they say bugs are every one else's fault but theirs.

 From the Ada mind-set point of view, this is correct. But in the C mind set, 
there are no APIs. Header files are just complications you have to create to 
keep the compiler happy; nobody reads them, and they're generally not commented 
or formatted nicely. You are expected (and all C coders expect) that before 
using a function, you have read and understand its code and know what it will do.

I once worked on an Ada project that had been done by C people. The package 
specs were badly formatted collections of declarations with no comments; the 
developers viewed them as header files that no one would read. There were 
minimal comments in the bodies, and everyone was expected to read the body code 
to understand how to use the operations.

The problem with this is it violates Dijkstra's adage that we have small brains 
and must do our work with them. Few of us can keep all the code for the entire 
project in his head, and there are times when what one remembers is incorrect. 
And so, eventually, in any real project, even the best of developers make errors 
under such circumstances.

So, when talking to a C coder, "You said int, so negative values should be OK" 
isn't considered a valid argument. The response will be that you are supposed to 
have read the code and realized what would happen if you called it with a 
negative value. If you then go ahead and do so, you get what you asked for.

-- 
Jeff Carter
"Mr. President, we must not allow a mine-shaft gap!"
Dr. Strangelove
33

Re: How do I write directly to a memory address?

[Georg Bauhaus]

On 08.02.11 18:13, Hyman Rosen wrote:

> Then don't write large routines.

Is there evidence that a mechanism necessary for combining
the smaller routines leads to fewer errors?  I'd like to
believe this if its statistically true.

(And put aside worries about impractical overhead that, for
example, objects have in some languages.)

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 2/8/2011 1:33 PM, Georg Bauhaus wrote:
> On 08.02.11 18:13, Hyman Rosen wrote:
>
>> Then don't write large routines.
>
> Is there evidence that a mechanism necessary for combining
> the smaller routines leads to fewer errors?  I'd like to
> believe this if its statistically true.

I was just joking, as the rest of the post should have made clear.

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 2/8/2011 1:27 PM, Dmitry A. Kazakov wrote:
> Slavery was around for thousands of years. Slaves built the Colosseum and
> Pyramids. How silly of us would be not to deploy such an established
> economical and technological framework.

Slavery is analogous to Ada, whose rigidity forces
everyone into strict, regimented, and gray coding
practices instead of permitting the open delightful
freedom given by C.

Can we stop this stupidity now?

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 2/8/2011 1:30 PM, Jeffrey Carter wrote:
> I once worked on an Ada project that had been done by C people.
 > The package specs were badly formatted collections of declarations
> with no comments; the developers viewed them as header files that
 > no one would read. There were minimal comments in the bodies, and
> everyone was expected to read the body code to understand how to
 > use the operations.

Ah, now I understand. No true Scotsman would write bad Ada!

Re: How do I write directly to a memory address?

[Dmitry A. Kazakov]

On Tue, 08 Feb 2011 11:30:51 -0700, Jeffrey Carter wrote:

> The problem with this is it violates Dijkstra's adage that we have small brains 
> and must do our work with them. Few of us can keep all the code for the entire 
> project in his head, and there are times when what one remembers is incorrect. 
> And so, eventually, in any real project, even the best of developers make errors 
> under such circumstances.
> 
> So, when talking to a C coder, "You said int, so negative values should be OK" 
> isn't considered a valid argument. The response will be that you are supposed to 
> have read the code and realized what would happen if you called it with a 
> negative value. If you then go ahead and do so, you get what you asked for.

Three candidates in a row I have interviewed for a C/C++/C# position could
not answer the question how to test the 3rd bit of a byte in C. All three
had 3+ years of programming "experience."

The problem is worse than Dijkstra pictured it. More programmers are needed
than before. There are much more projects than before. As the average
programmer qualification drops even more programmers needed. It is a
positive feedback. Their bird-brains are pre-filled filled with rubbish
unrelated to programming. E.g. how to use VisualStudio, MS-Word, Outlook
and hundreds of other useless overblown tools etc. There is less and less
place to memorize the ticks and pitfalls of C.

I am not sure if Ada could really save the world, but it is certain that C
significantly aggravates the situation.

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de

Re: How do I write directly to a memory address?

[Shark8]

On Feb 8, 2:43 am, Georg Bauhaus <rm-host.bauh...@maps.futureapps.de>
wrote:
> On 2/8/11 9:04 AM, Ludovic Brenta wrote:
>
> >> void foo(int countdown)
> >> {
> >>    while (--countdown) {
> >>      fputc('.', stdout);
> >>    }
> >>    fputc('\n', stdout);
> >> }
>
> > That's what I meant by "variants of premature optimization".
>
> See why Ada cannot be efficient?  ;-)

But to say that the given C example is efficient is analogous to
saying that a function {or constant} "pi" returning the byte '3' is
efficient because it takes less space and time* to use.

I would, however, be extremely suspicious programs using such an
'optimized' approach.

* Because, in general, a single integer operation is faster than the
corresponding floating-point operation.

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 2/8/2011 2:43 PM, Dmitry A. Kazakov wrote:
> Three candidates in a row I have interviewed for a C/C++/C# position could
> not answer the question how to test the 3rd bit of a byte in C. All three
> had 3+ years of programming "experience."

     (byte & (1 << (3 - 1)))

Just saying.

> Their bird-brains are pre-filled filled with rubbish
> unrelated to programming. E.g. how to use VisualStudio, MS-Word, Outlook
> and hundreds of other useless overblown tools etc. There is less and less
> place to memorize the ticks and pitfalls of C.

That's not a valid criticism. Much programming today is done
for platforms where even the simplest program requires a fairly
elaborate framework, because the old "one keyboard, one ASCII
terminal, one input, one output" paradigm does not exist there.
The tools are used to generate that framework and to assist in
programming within it. As you say, there is less and less time
to waste on programmers who insist on coding these frameworks
by hand from scratch.

> I am not sure if Ada could really save the world, but it is certain that C
> significantly aggravates the situation.

How is it the fault of C that we now program on these platforms?
How do you test the third bit of a byte in Ada? *Why* do you test
the third bit of a byte in any language? Are you sure that the
questions you are asking reflect the needs of your organization
rather than representing the "get off my lawn" screams of a paradigm
becoming obsolete?

Re: How do I write directly to a memory address?

[Simon Clubley]

On 2011-02-08, Dmitry A. Kazakov <mailbox@dmitry-kazakov.de> wrote:
> On Tue, 08 Feb 2011 11:30:51 -0700, Jeffrey Carter wrote:
>> 
>> So, when talking to a C coder, "You said int, so negative values should be OK" 
>> isn't considered a valid argument. The response will be that you are supposed to 
>> have read the code and realized what would happen if you called it with a 
>> negative value. If you then go ahead and do so, you get what you asked for.
>
> Three candidates in a row I have interviewed for a C/C++/C# position could
> not answer the question how to test the 3rd bit of a byte in C. All three
> had 3+ years of programming "experience."
>

Are you serious ? (I assume you are, but that's so unreal I just needed
to ask.)

What academic or training qualifications did these candidates have ?

Do any mitigating circumstances exist ? Ie: are you advertising for a
trainee position and they are new to C, but know how to do this in another
language ? (I notice you said "programming experience" above and not
"C experience".)

Simon.

-- 
Simon Clubley, clubley@remove_me.eisner.decus.org-Earth.UFP
Microsoft: Bringing you 1980s technology to a 21st century world

Re: How do I write directly to a memory address?

[Shark8]

On Feb 8, 11:47 am, Hyman Rosen <hyro...@mail.com> wrote:
> On 2/8/2011 1:30 PM, Jeffrey Carter wrote:> I once worked on an Ada project that had been done by C people.
>
>  > The package specs were badly formatted collections of declarations> with no comments; the developers viewed them as header files that
>
>  > no one would read. There were minimal comments in the bodies, and> everyone was expected to read the body code to understand how to
>
>  > use the operations.
>
> Ah, now I understand. No true Scotsman would write bad Ada!

No, that's not it.
What is 'it' is that the C programmers treated Ada as if it were C and
the result was, as expected, bad Ada.

The reverse is less true, I think.
If you give an Ada Programmer a "must do" in C, AND he applied the
theory/ideology of Ada {specifically contract enforcement & rejection/
culling of bad values}, then the result would NOT be "bad C"... would
it?

Re: How do I write directly to a memory address?

[Shark8]

On Feb 8, 3:11 am, Georg Bauhaus <rm-host.bauh...@maps.futureapps.de>
wrote:
> On 2/8/11 9:04 AM, Ludovic Brenta wrote:
>
> > BTW, like I said, *every* time I look at C code, I see a bug. In your
> > case, foo has undefined behavior if countdown is negative.
>
> You took the bait.   Fine.
>
> Strict contracts in subprogram profiles. Ha!
>
> void foo2(int jump)
>    /* make sure jump % 2 == 0! */
> {
>     ...
>
> }
>
> Write that in Ada 2005 to demonstrate the glorious power of
> your subtype constraints.  When was it that compilers will
> support aspects reliably?

Okay.
Procedure Foo( Jump : In Integer ) is
  SubType Half_Range is Integer'First/2 .. Integer'Last/2;
  Odd_Number : Exception;
begin
 if jump mod 2 = 0 then
   declare
     Jump_2 : Jump_Half:= Jump / 2;
   begin
  ---- insert operations here
   end
else
 Raise Odd_Number;
end if;
end Foo;

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 2/8/2011 3:11 PM, Shark8 wrote:
> No, that's not it. What is 'it' is that the C programmers  treated
 > Ada as if it were C and the result was, as expected, bad Ada.

It is my understanding that Ada proponents believe that
using Ada results in better programs than using C. But
when presented with a program written in Ada that is not
demonstrably better, that program is removed from the set
of Ada programs under consideration by virtue of having
been written by "C people". That is precisely the "no true
Scotsman" fallacy.

> The reverse is less true, I think. If you give an Ada  Programmer
 > a "must do" in C, AND he applied the theory/ideology of Ada
 > {specifically contract enforcement & rejection/culling of bad
 > values}, then the result would NOT be "bad C"... would it?

In other words, training in a certain style of programming leads
to better programs. Sure, that's plausible.

Re: How do I write directly to a memory address?

[Dmitry A. Kazakov]

On Tue, 08 Feb 2011 15:01:39 -0500, Hyman Rosen wrote:

> On 2/8/2011 2:43 PM, Dmitry A. Kazakov wrote:
>> Three candidates in a row I have interviewed for a C/C++/C# position could
>> not answer the question how to test the 3rd bit of a byte in C. All three
>> had 3+ years of programming "experience."
> 
>      (byte & (1 << (3 - 1)))
> 
> Just saying.

Huh, I have no doubt that *you* would pass. But to those guys the very
concept of masking was unknown. That is not all. The result of masking (as
in your example) is not a bit. It might sound unbelievable, but for one of
them even the jump from

    (byte & (1 << (3 - 1)))

to

    if (byte & (1 << (3 - 1))) { ... }

was too much. He could not gasp the obvious[?] that testing for non-zero is
equivalent to testing the bit. When confronted a formula similar to yours,
he objected that it is not a bit!

>> Their bird-brains are pre-filled filled with rubbish
>> unrelated to programming. E.g. how to use VisualStudio, MS-Word, Outlook
>> and hundreds of other useless overblown tools etc. There is less and less
>> place to memorize the ticks and pitfalls of C.
> 
> That's not a valid criticism. Much programming today is done
> for platforms where even the simplest program requires a fairly
> elaborate framework, because the old "one keyboard, one ASCII
> terminal, one input, one output" paradigm does not exist there.
> The tools are used to generate that framework and to assist in
> programming within it. As you say, there is less and less time
> to waste on programmers who insist on coding these frameworks
> by hand from scratch.

This or that way, it seems that no room left for the concept bit masking.

>> I am not sure if Ada could really save the world, but it is certain that C
>> significantly aggravates the situation.
> 
> How is it the fault of C that we now program on these platforms?
> How do you test the third bit of a byte in Ada?

In Ada you could shape it as

   Byte (3)

But this is not my point. My point is that there is less and less room for
trickery C programming requires. C is much too complex for an average
programmer and the gap grows day by day.

> *Why* do you test
> the third bit of a byte in any language? Are you sure that the
> questions you are asking reflect the needs of your organization
> rather than representing the "get off my lawn" screams of a paradigm
> becoming obsolete?

The positions were for automation, control and embedded applications. The
guys would read sensors, write actuators, program ECU etc. They weren't
hired for designing web-sites and in their resumes they wrote "embedded
programming experience." BTW, they didn't lie! Watch up, it is well
possible that some devices around you were programmed by such guys!

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 2/8/2011 3:27 PM, Dmitry A. Kazakov wrote:
> The positions were for automation, control and embedded applications. The
> guys would read sensors, write actuators, program ECU etc. They weren't
> hired for designing web-sites and in their resumes they wrote "embedded
> programming experience." BTW, they didn't lie! Watch up, it is well
> possible that some devices around you were programmed by such guys!

Oh, dear :-) Well, perhaps I will draw some comfort by believing
that those devices are now themselves running Linux kernels and
reporting their measurements via high-level messages!

See <http://www.boingboing.net/2011/01/14/paranoia-and-deletio.html>
along those lines.

Re: How do I write directly to a memory address?

[Dmitry A. Kazakov]

On Tue, 8 Feb 2011 20:04:14 +0000 (UTC), Simon Clubley wrote:

> On 2011-02-08, Dmitry A. Kazakov <mailbox@dmitry-kazakov.de> wrote:
>> On Tue, 08 Feb 2011 11:30:51 -0700, Jeffrey Carter wrote:
>>> 
>>> So, when talking to a C coder, "You said int, so negative values should be OK" 
>>> isn't considered a valid argument. The response will be that you are supposed to 
>>> have read the code and realized what would happen if you called it with a 
>>> negative value. If you then go ahead and do so, you get what you asked for.
>>
>> Three candidates in a row I have interviewed for a C/C++/C# position could
>> not answer the question how to test the 3rd bit of a byte in C. All three
>> had 3+ years of programming "experience."
> 
> Are you serious ? (I assume you are, but that's so unreal I just needed
> to ask.)

Yes, I am. Never take interviews if you want sleep well!

The next test was this:

   x and FF = ?
   x or FF = ?
   x xor FF = ?

Only one of 5 candidates could solve the first two! Only one managed xor!

> What academic or training qualifications did these candidates have ?

Bachelors, finished projects. Two of them had informatics as the major. One
had mechanical engineering.

> Do any mitigating circumstances exist ? Ie: are you advertising for a
> trainee position and they are new to C, but know how to do this in another
> language ? (I notice you said "programming experience" above and not
> "C experience".)

The question was: take any language you know or explain verbally. The
opinions were divided between: "it is impossible to do," and "there must be
a library function for this, I don't remember which."

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de

Re: How do I write directly to a memory address?

[Vinzent Hoefler]

Georg Bauhaus wrote:

> I wish they were collected in some unbiased public wiki,
> together with a kind of cost analysis, metaphorical or real,
> of the observed effects.  Wouldn't this be a nice addition
> to the Style Guide? A chapter on Bug Avoidance Techniques (BAT)?.

Look at MISRA-C to see what BAT does to C. And then again, look at
Ada and compare how many of these rules could are applicable to Ada
at all.

That at least tells me, that the most common errors ever done in C
(which MISRA is trying to avoid) are not even possible in Ada.

At least not without employing dirty tricks.


Vinzent.

-- 
You know, we're sitting on four million pounds of fuel, one nuclear weapon,
and a thing that has 270,000 moving parts built by the lowest bidder.
Makes you feel good, doesn't it?
   --  Rockhound, "Armageddon"

Re: How do I write directly to a memory address?

[Shark8]

On Feb 8, 1:27 pm, Hyman Rosen <hyro...@mail.com> wrote:
> On 2/8/2011 3:11 PM, Shark8 wrote:> No, that's not it. What is 'it' is that the C programmers  treated
>
>  > Ada as if it were C and the result was, as expected, bad Ada.
>
> It is my understanding that Ada proponents believe that
> using Ada results in better programs than using C.

First off, I purposely did not say (or even imply) that using
Ada "automagically" makes one a better programmer, or
that it makes the programs themselves better.

Let me put it a different way: pneumatic tires are a pretty
good development; they can absorb shock to some
degree as well as allowing a measure of protection
from damage to the wheels {rim/hub} and in so doing
help minimize the cost of when you eventually run into
some road hazard.... but there is NOTHING preventing
you from going out and letting all the air out of your tires
and experiencing the same wheel-cost as the old
covered-wagons, no?

IOW, Ada could have all the most wonderful features and
helps possible but if one never uses them then they do
no good whatsoever to that person.

> But when presented with a program written in Ada that is not
> demonstrably better, that program is removed from the set
> of Ada programs under consideration by virtue of having
> been written by "C people". That is precisely the "no true
> Scotsman" fallacy.

Again, I was not dismissing any program in itself, or even
class of programs, and therefore the "No True Scotsman"
fallacy CANNOT apply to what I presented.

What is interesting, however, is some of the replies to
shown examples of Ada I've written to those well-versed
in C/C++ but unfamiliar with Ada. If you're interested I
have a LISP interpreter* I would otherwise post to show
some of the the "wows" I've gotten; and I'm not doing
anything too spectacular things like having my
overwriting the S_Expression type's 'read and 'write
attributes so I could do something like:

   Ada.Text_IO.Put_Line( "Begin Run:" );
   Open( Input, In_File, Name => "Temp.Txt" );
   Declare
      In_Stream	: Access Ada.Streams.Root_Stream_Type'Class:=
	Ada.Text_IO.Text_Streams.Stream( Input );
      Use LISP;
   Begin
      S_Expression'Read( In_Stream, S );
      -- Here's where EVAL would go.
      S_Expression'Write( Out_Stream, S );
   End;
   Ada.Text_IO.Put_Line( "" );
   Ada.Text_IO.Put_Line( "End Run." );
   Close( Input );

*Not working, I still have to implement the atomic-level
functions, the special-forms cases {like 'if'}, and the
Eval function.

> > The reverse is less true, I think. If you give an Ada  Programmer
>
>  > a "must do" in C, AND he applied the theory/ideology of Ada
>  > {specifically contract enforcement & rejection/culling of bad
>  > values}, then the result would NOT be "bad C"... would it?
>
> In other words, training in a certain style of programming leads
> to better programs. Sure, that's plausible.

More than plausible. I've had professors able to spot that I'd been
'trained' in Pascal from reading my C-code. "Trained" here actually
being self-taught with little more than the compiler and the user's
manual for the compiler.

Re: How do I write directly to a memory address?

[Georg Bauhaus]

On 2/8/11 8:43 PM, Dmitry A. Kazakov wrote:

> The problem is worse than Dijkstra pictured it. More programmers are needed
> than before. There are much more projects than before. As the average
> programmer qualification drops even more programmers needed.

Looking around here, I see high demand for specialists in SAP, PHP,
Simatic, ... Jobs that make programming appear an add-on,
not a profession!
(Which on a personal note lets me think I might have to go back
to entry level and try joining a crowd of migratory laborers
in the outsourcing market.)

Re: How do I write directly to a memory address?

[Adam Beneschan]

On Feb 8, 12:01 pm, Hyman Rosen <hyro...@mail.com> wrote:
> On 2/8/2011 2:43 PM, Dmitry A. Kazakov wrote:
>
> > Three candidates in a row I have interviewed for a C/C++/C# position could
> > not answer the question how to test the 3rd bit of a byte in C. All three
> > had 3+ years of programming "experience."
>
>      (byte & (1 << (3 - 1)))

That's not the correct answer.  The correct answer is to ask, "Third
bit from which end?"  If you just assume one or the other (byte &
0x04, or byte & 0x20) and write code without asking for the specs to
be clarified, you'd fail if I were the interviewer.

Just saying.

                                    -- Adam

Re: How do I write directly to a memory address?

[Vinzent Hoefler]

Yannick Duchêne (Hibou57) wrote:

> Le Thu, 03 Feb 2011 09:08:50 +0100, mockturtle <framefritti@gmail.com> a
> écrit:
>
>>    type Vidmem_Array is array (natural range <>) of Character;
>>    Vidmem : Vidmem_Array (0 .. Max_Size);
>>
>>    for Vidmem'Address use 16#000B_8000#;
>
> There may be a real issue here. This was segment register = B800 and
> offset register = 0000, for the base address. Ada does not make any
> distinction about segment and offset.

So it should map the linear address - if possible at all.

> There should be something stated in
> the compiler's documentation, to know how it maps linear address to
> segment:offset address.

Technically there's only one address, even if there are several ways to
address it. It's never been a real issue unless you were comparing
addresses, but even then they were usually normalized before doing so.


Vinzent.

-- 
You know, we're sitting on four million pounds of fuel, one nuclear weapon,
and a thing that has 270,000 moving parts built by the lowest bidder.
Makes you feel good, doesn't it?
   --  Rockhound, "Armageddon"

Re: How do I write directly to a memory address?

[Shark8]

On Feb 8, 1:01 pm, Hyman Rosen <hyro...@mail.com> wrote:
>
> How is it the fault of C that we now program on these platforms?

Because managers have had reinforced the erroneous idea that:
"C is the *only* valid systems-level language." for one.

> How do you test the third bit of a byte in Ada?

One Way, assuming a 1..8 numbering for an 8-bit byte:
 SubType Bits is Positive Range 1..Byte'Size;
 Type Bit_Mask is Array ( Bits'Range ) of Boolean;
 For Bit_Mask'Size use Byte'Size;

Function Test_Bit( Value : In Byte; Bit : In Bits )  Return Boolean is
  Mask : Bit_Mask;
  For Mask'Address use Value'Address;
  Pragma Import( Ada, Mask );
begin
  Return Mask(Bit);
end Test_Bit;

> *Why* do you test the third bit of a byte in any language?

Why does a hardware device set the third bit of some information?
To communicate.

> Are you sure that the questions you are asking reflect the needs
> of your organization rather than representing the "get off my lawn"
> screams of a paradigm becoming obsolete?

That sort of precision is needed for ANY sort of device-driver, such
paradigm will never become obsolete so long as new/different
devices are introduced or some existing device needs support where
previously it had none (i.e. bootstrapping).

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 2/8/2011 4:06 PM, Adam Beneschan wrote:
> byte & 0x20
> you'd fail if I were the interviewer.
> Just saying.

0x20? You assume a byte has eight bits?
You would fail if I were the interviewer!

Re: How do I write directly to a memory address?

[Vinzent Hoefler]

Adam Beneschan wrote:

> On Feb 8, 12:01 pm, Hyman Rosen <hyro...@mail.com> wrote:
>> On 2/8/2011 2:43 PM, Dmitry A. Kazakov wrote:
>>
>> > Three candidates in a row I have interviewed for a C/C++/C# position could
>> > not answer the question how to test the 3rd bit of a byte in C. All three
>> > had 3+ years of programming "experience."
>>
>>      (byte & (1 << (3 - 1)))
>
> That's not the correct answer.  The correct answer is to ask, "Third
> bit from which end?"

 From the less significant end, unless you want the bit numbers to change when
assigned to different sized variables.


Vinzent.

-- 
You know, we're sitting on four million pounds of fuel, one nuclear weapon,
and a thing that has 270,000 moving parts built by the lowest bidder.
Makes you feel good, doesn't it?
   --  Rockhound, "Armageddon"

Re: How do I write directly to a memory address?

[Simon Clubley]

On 2011-02-08, Dmitry A. Kazakov <mailbox@dmitry-kazakov.de> wrote:
> On Tue, 8 Feb 2011 20:04:14 +0000 (UTC), Simon Clubley wrote:
>
>> On 2011-02-08, Dmitry A. Kazakov <mailbox@dmitry-kazakov.de> wrote:
>>>
>>> Three candidates in a row I have interviewed for a C/C++/C# position could
>>> not answer the question how to test the 3rd bit of a byte in C. All three
>>> had 3+ years of programming "experience."
>> 
>> Are you serious ? (I assume you are, but that's so unreal I just needed
>> to ask.)
>
> Yes, I am. Never take interviews if you want sleep well!
>
> The next test was this:
>
>    x and FF = ?
>    x or FF = ?
>    x xor FF = ?
>
> Only one of 5 candidates could solve the first two! Only one managed xor!
>

Thanks for the response.

In some ways this example is even worse because this is a simple (and
generally language independent) boolean operation which does not require
knowing how to mask out a bit from within a byte in a C program as your
first example did.

This is a serious question: Do these people get fired after a period of
time when it's discovered they are useless (and hence they move from job
to job) or do they somehow manage to survive in a job ?

>
>> Do any mitigating circumstances exist ? Ie: are you advertising for a
>> trainee position and they are new to C, but know how to do this in another
>> language ? (I notice you said "programming experience" above and not
>> "C experience".)
>
> The question was: take any language you know or explain verbally. The
> opinions were divided between: "it is impossible to do," and "there must be
> a library function for this, I don't remember which."
>

With this attitude on their part, I would love to see how they were (for
example) testing (and setting) the contents of device registers in their
previous projects. OTOH, it's probably better for my blood pressure if
I didn't. :-)

Simon.

-- 
Simon Clubley, clubley@remove_me.eisner.decus.org-Earth.UFP
Microsoft: Bringing you 1980s technology to a 21st century world

Re: How do I write directly to a memory address?

[Jeffrey Carter]

On 02/08/2011 01:52 PM, Shark8 wrote:
>
>     Ada.Text_IO.Put_Line( "" );

New_Line?

-- 
Jeff Carter
"Mr. President, we must not allow a mine-shaft gap!"
Dr. Strangelove
33

Re: How do I write directly to a memory address?

[Georg Bauhaus]

On 2/8/11 9:48 PM, Vinzent Hoefler wrote:
> Georg Bauhaus wrote:
>
>> I wish they were collected in some unbiased public wiki,
>> together with a kind of cost analysis, metaphorical or real,
>> of the observed effects. Wouldn't this be a nice addition
>> to the Style Guide? A chapter on Bug Avoidance Techniques (BAT)?.
>
> Look at MISRA-C to see what BAT does to C. And then again, look at
> Ada and compare how many of these rules could are applicable to Ada
> at all.

I know ;-)  Suppose pclint -w4 were built into every C compiler.
What effects would this change likely have on program production?
The skeptic's view:

- more annoyed programmers
- clever ways of working around compilers
- pride issues

I guess it isn't that bad?

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 2/8/2011 4:09 PM, Shark8 wrote:
> On Feb 8, 1:01 pm, Hyman Rosen<hyro...@mail.com>  wrote:
>> How is it the fault of C that we now program on these platforms?
>
> Because managers have had reinforced the erroneous idea that:
> "C is the *only* valid systems-level language." for one.

Huh? Web, smart-phone, and other complex interfaces exist
because of C? That makes no sense.

>> How do you test the third bit of a byte in Ada?
>
> One Way, assuming a 1..8 numbering for an 8-bit byte:
>   SubType Bits is Positive Range 1..Byte'Size;
>   Type Bit_Mask is Array ( Bits'Range ) of Boolean;
>   For Bit_Mask'Size use Byte'Size;
>
> Function Test_Bit( Value : In Byte; Bit : In Bits )  Return Boolean is
>    Mask : Bit_Mask;
>    For Mask'Address use Value'Address;
>    Pragma Import( Ada, Mask );
> begin
>    Return Mask(Bit);
> end Test_Bit;

I think that's why I'll stick with (byte & (1 << (3 - 1))).
Or rather, I would most likely write a macro,
     #define TEST_BIT(n, b) ((n) & (1 << ((b) - 1)))
Then the Ada people who see errors in every line of C code
would come after me complaining about how terrible my code
is, and what if the macro is invoked with zero or negative
or too high bit number.

>> *Why* do you test the third bit of a byte in any language?
>
> Why does a hardware device set the third bit of some information?
> To communicate.

Except for DK, who granted was actually interviewing people to work
with such hardware devices, programming doesn't really involve such
bit twiddling any more. It doesn't even involve being able to design
data structures much any more either. These days, someone working in
Java or C++ will just pick an appropriate container class from the
library and use it, and it will be good enough.

Re: How do I write directly to a memory address?

[Jeffrey Carter]

On 02/08/2011 12:43 PM, Dmitry A. Kazakov wrote:
>
> Three candidates in a row I have interviewed for a C/C++/C# position could
> not answer the question how to test the 3rd bit of a byte in C. All three
> had 3+ years of programming "experience."

Sure, there are lots of coders, and many of them aren't even good coders. Yet 
they are considered, and encouraged to consider themselves, qualified to design 
software and choose the language to implement software (even though they often 
only know a single language). The construction workers are designing the bridges 
and choosing the materials to build them with.

The advantage of Ada is that it is not a coder's language. Those who dislike it 
have identified themselves as coders, and can be dealt with appropriately.

-- 
Jeff Carter
"Mr. President, we must not allow a mine-shaft gap!"
Dr. Strangelove
33

Re: How do I write directly to a memory address?

[Shark8]

On Feb 8, 1:44 pm, "Dmitry A. Kazakov" <mail...@dmitry-kazakov.de>
wrote:
>
> The next test was this:
>
>    x and FF = ?
>    x or FF = ?
>    x xor FF = ?
>

...w.t.f.
That's insane... how is it I'm not even getting to the interview
stage?
I could do that; though I'm loathe to in C/C++.

// we do have a bool type on this compiler, no?
bool and ( int v1, int v2 )
{ int result = 0;
 for (int index = 7; index>=0; --index)
 { result |= (( v1>>index && v2>>index ) && 1) << index; }
return result;
}

bool or ( int v1, int v2 )
{ int result = 0;
 for (int index = 7; index>=0; --index)
 { result |= (( v1>>index || v2>>index ) && 1) << index; }
return result;
}

bool xor ( int v1, int v2 )
{ int result = 0;
  int not_and = !and( v1, v2 );
  int _or = or( v1, v2 );
 for (int index = 7; index>=0; --index)
 { result |= (( not_and>>index && _or>>index ) && 1) << index; }
return result;
}

Re: How do I write directly to a memory address?

[Shark8]

On Feb 8, 2:21 pm, Jeffrey Carter <spam.jrcarter....@spam.not.acm.org>
wrote:
> On 02/08/2011 01:52 PM, Shark8 wrote:
>
>
>
> >     Ada.Text_IO.Put_Line( "" );
>
> New_Line?
>
> --
> Jeff Carter
> "Mr. President, we must not allow a mine-shaft gap!"
> Dr. Strangelove
> 33

Yep; it was more-or-less also a stub for displaying another test-
message to myself.
Like I said, it's still under construction.

Re: How do I write directly to a memory address?

[Vinzent Hoefler]

Georg Bauhaus wrote:

> On 2/8/11 9:48 PM, Vinzent Hoefler wrote:
>> Georg Bauhaus wrote:
>>
>>> I wish they were collected in some unbiased public wiki,
>>> together with a kind of cost analysis, metaphorical or real,
>>> of the observed effects. Wouldn't this be a nice addition
>>> to the Style Guide? A chapter on Bug Avoidance Techniques (BAT)?.
>>
>> Look at MISRA-C to see what BAT does to C. And then again, look at
>> Ada and compare how many of these rules could are applicable to Ada
>> at all.
>
> I know ;-)  Suppose pclint -w4 were built into every C compiler.
> What effects would this change likely have on program production?
> The skeptic's view:
>
> - more annoyed programmers
> - clever ways of working around compilers
> - pride issues

Yes.

But potentially better programs, too.

Of course, with Ada you can have all this for free (pun intended).


Vinzent.

-- 
You know, we're sitting on four million pounds of fuel, one nuclear weapon,
and a thing that has 270,000 moving parts built by the lowest bidder.
Makes you feel good, doesn't it?
    --  Rockhound, "Armageddon"

Re: How do I write directly to a memory address?

[Georg Bauhaus]

On 2/8/11 9:21 PM, Shark8 wrote:

>> void foo2(int jump)
>>     /* make sure jump % 2 == 0! */
>> {
>>      ...
>>
>> }
>>
>> Write that in Ada 2005 to demonstrate the glorious power of
>> your subtype constraints.  When was it that compilers will
>> support aspects reliably?
>
> Okay.
> Procedure Foo( Jump : In Integer ) is
--  make sure jump mod 2 == 0 *before* calling this function

You'd need a formal type in Foo's signature that lets the client
see what values can be supplied  without having to look at the body.
A first approximation is a precondition:

    procedure Foo2 (Jump : in Integer)
      with Pre => (Jump mod 2 = 0)
    is
      ...

A type in Ada 2012 can use an Invariant aspect referencing
an expression function,

    type Even is range -12 .. 345 with
      Invariant => Is_Even (Even);

    function Is_Even (E : Even) return Boolean is
       (E mod 2 = 0);

Then,

    procedure Foo2 (Jump : in Even);

seems a much better approximation of the C comment.

      

Re: How do I write directly to a memory address?

[Vinzent Hoefler]

Hyman Rosen wrote:

> I think that's why I'll stick with (byte & (1 << (3 - 1))).
> Or rather, I would most likely write a macro,
>      #define TEST_BIT(n, b) ((n) & (1 << ((b) - 1)))

And it's still wrong. As we all know, C programmers start counting
with zero (including bit numbers), so you're bit-addressing is off
by one.

Assembler can be so much more expressive:

; group A is port B and port C[7:4], definitions are MUTEX
%ASSIGN MODE_A_0 (00b << 5)     ; mode 0 for group A (bits [5:6])
%ASSIGN MODE_A_1 (01b << 5)     ; mode 1 for group A
%ASSIGN MODE_A_2 (10b << 5)     ; mode 2 for group A

; group B is port A and port C[3:0], definitions are MUTEX
%ASSIGN MODE_B_0 (0b << 2)      ; mode 0 for group B (bit 2)
%ASSIGN MODE_B_1 (1b << 2)      ; mode 1 for group B

At least it actually /has/ binary numbers.


Vinzent.

-- 
You know, we're sitting on four million pounds of fuel, one nuclear weapon,
and a thing that has 270,000 moving parts built by the lowest bidder.
Makes you feel good, doesn't it?
   --  Rockhound, "Armageddon"

Re: How do I write directly to a memory address?

[Maciej Sobczak]

On Feb 8, 7:14 pm, "Dmitry A. Kazakov" <mail...@dmitry-kazakov.de>
wrote:

> > q.e.d. what?
>
> 1. const T /= T
> 2. not (const T <: T)

That's of course very interesting, but does not relate to the example
that we are discussing.

> > Why do you want to substitute one type by another?
>
> Because one is passed as a parameter where another is declared, expected
> and used. This is substitution.

No. According to the C standard (6.5.2.2/4) this is *assignment*.

In Ada assignment looks like this:

declare
   J : constant Integer := 7;
   I : Integer;
begin
   I := J;  --  here

   --  and later, for example:
   I := I + 1;
end;

There is no substitution in the above code, at least as far as my
definitions go. This is assignment.
And since the C standard says black on white (hint: you cannot argue
with what the standard says) that the assignment takes place when
parameters are passed to functions, then no substitution takes place
there either.

And then, no contract is broken.

q.e.d. ?

--
Maciej Sobczak * http://www.inspirel.com

Re: How do I write directly to a memory address?

[Simon Clubley]

On 2011-02-08, Hyman Rosen <hyrosen@mail.com> wrote:
>
> Except for DK, who granted was actually interviewing people to work
> with such hardware devices, programming doesn't really involve such
> bit twiddling any more. It doesn't even involve being able to design
> data structures much any more either. These days, someone working in
> Java or C++ will just pick an appropriate container class from the
> library and use it, and it will be good enough.

In this world view, what happens when the programmer _does_ need to move
up from assembling prefabricated Lego bricks into a standard pattern (which
is what this position above amounts to) to actually having to design
a new structure because they have been given something unique to do ?

How do they acquire the experience necessary to understand the tradeoffs
involved with efficiently accessing the structure and updating it ?

How do they understand the issues with multiple threads/programs updating
and accessing the same data structures at the same time ?

Although you can use the prefabricated bricks approach for many standard
designs, you cannot use them for all designs. How do the people who work
on the latter type of project get the experience necessary ?

Simon.

-- 
Simon Clubley, clubley@remove_me.eisner.decus.org-Earth.UFP
Microsoft: Bringing you 1980s technology to a 21st century world

Re: How do I write directly to a memory address?

[Vinzent Hoefler]

Shark8 wrote:

> On Feb 8, 1:44 pm, "Dmitry A. Kazakov" <mail...@dmitry-kazakov.de>
> wrote:
>>
>> The next test was this:
>>
>>    x and FF = ?
>>    x or FF = ?
>>    x xor FF = ?
>>
>
> ...w.t.f.
> That's insane... how is it I'm not even getting to the interview
> stage?

What so insane with just ones and zeros?

The first simply returns X, the seconds returns FF, the third returns the
bit-inverse of X.

Unless, of course, this was a trick question and FF is not meant to be a
base-16 number.


Vinzent.

-- 
You know, we're sitting on four million pounds of fuel, one nuclear weapon,
and a thing that has 270,000 moving parts built by the lowest bidder.
Makes you feel good, doesn't it?
   --  Rockhound, "Armageddon"

Re: How do I write directly to a memory address?

[Vinzent Hoefler]

Simon Clubley wrote:

> Although you can use the prefabricated bricks approach for many standard
> designs, you cannot use them for all designs. How do the people who work
> on the latter type of project get the experience necessary ?

Or, in other words: who is it, who fabricates the bricks?


Vinzent.

-- 
You know, we're sitting on four million pounds of fuel, one nuclear weapon,
and a thing that has 270,000 moving parts built by the lowest bidder.
Makes you feel good, doesn't it?
   --  Rockhound, "Armageddon"

Re: How do I write directly to a memory address?

[Simon Clubley]

On 2011-02-08, Vinzent Hoefler <0439279208b62c95f1880bf0f8776eeb@t-domaingrabbing.de> wrote:
> Shark8 wrote:
>
>> On Feb 8, 1:44 pm, "Dmitry A. Kazakov" <mail...@dmitry-kazakov.de>
>> wrote:
>>>
>>> The next test was this:
>>>
>>>    x and FF = ?
>>>    x or FF = ?
>>>    x xor FF = ?
>>>
>>
>> ...w.t.f.
>> That's insane... how is it I'm not even getting to the interview
>> stage?
>
> What so insane with just ones and zeros?
>

I think what he means is that it's insane he's not getting to the
interview stage if his competition cannot answer these questions.

Simon.

-- 
Simon Clubley, clubley@remove_me.eisner.decus.org-Earth.UFP
Microsoft: Bringing you 1980s technology to a 21st century world

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 2/8/2011 4:46 PM, Vinzent Hoefler wrote:
> And it's still wrong. As we all know, C programmers start counting
> with zero (including bit numbers), so you're bit-addressing is off
> by one.

DK was asking for "the third bit". C programmers use the
conventional meaning of "first", "second", etc.

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 2/8/2011 4:49 PM, Simon Clubley wrote:
> In this world view, what happens when the programmer _does_ need to move
> up from assembling prefabricated Lego bricks into a standard pattern (which
> is what this position above amounts to) to actually having to design
> a new structure because they have been given something unique to do ?

I first point out that "assembling Lego bricks into a standard pattern"
has been an explicit (but rarely met) goal of programming language design
for decades. But if someone does need to design something new and cannot,
they go and consult the old, wise programmer or the young, wise programmer
who knows that kind of stuff. Eventually, they too may become wise.

> How do they acquire the experience necessary to understand the tradeoffs
> involved with efficiently accessing the structure and updating it ?

Mostly they don't have to. They throw things into a hashtable
and it's good enough.

> How do they understand the issues with multiple threads/programs updating
> and accessing the same data structures at the same time ?

They put their data into protected objects and let the system
deal with it. (Or am I wrong about why Ada had to be changed to
provide these?)

> Although you can use the prefabricated bricks approach for many standard
> designs, you cannot use them for all designs. How do the people who work
> on the latter type of project get the experience necessary ?

 From other people who know. How do Ada programmers get it?

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 2/8/2011 4:51 PM, Vinzent Hoefler wrote:
> Or, in other words: who is it, who fabricates the bricks?

Brick fabricators. You need a lot fewer of them.

Re: How do I write directly to a memory address?

[Shark8]

On Feb 8, 2:25 pm, Hyman Rosen <hyro...@mail.com> wrote:

> > Because managers have had reinforced the erroneous idea that:
> > "C is the *only* valid systems-level language." for one.
>
> Huh? Web, smart-phone, and other complex interfaces exist
> because of C? That makes no sense.

You didn't read that right, or perhaps I didn't express it right;
and what you point to is really the beginning of the manager-
section of software-engineering projects seeing that C/C++
*isn't* required to do system-level work.

> >> How do you test the third bit of a byte in Ada?
>
> > One Way, assuming a 1..8 numbering for an 8-bit byte:
> >   SubType Bits is Positive Range 1..Byte'Size;
> >   Type Bit_Mask is Array ( Bits'Range ) of Boolean;
> >   For Bit_Mask'Size use Byte'Size;
>
> > Function Test_Bit( Value : In Byte; Bit : In Bits )  Return Boolean is
> >    Mask : Bit_Mask;
> >    For Mask'Address use Value'Address;
> >    Pragma Import( Ada, Mask );
> > begin
> >    Return Mask(Bit);
> > end Test_Bit;
>
> I think that's why I'll stick with (byte & (1 << (3 - 1))).
> Or rather, I would most likely write a macro,
>      #define TEST_BIT(n, b) ((n) & (1 << ((b) - 1)))

Why? Isn't that the purpose of a function to reuse code?
And if you're going to say that's what the macro does,
then what problem is there with using Pragma Inline?

> Then the Ada people who see errors in every line of C code
> would come after me complaining about how terrible my code
> is, and what if the macro is invoked with zero or negative
> or too high bit number.

Er, why are you making such a statement to me?
Have I said anything about how horrid your code is?
Have I given you a "what if" just to be an ass?

Have I not been willing to discuss the whole matter as
equals?

> >> *Why* do you test the third bit of a byte in any language?
>
> > Why does a hardware device set the third bit of some information?
> > To communicate.
>
> Except for DK, who granted was actually interviewing people to work
> with such hardware devices, programming doesn't really involve such
> bit twiddling any more.

Which is why I said that as long as new devices were being developed
we need "bit-twiddling." And in fact Ada was designed to meet some of
the very needs of that sort of bit-twiddling: representation clauses,
for one.

> It doesn't even involve being able to design
> data structures much any more either. These days, someone working in
> Java or C++ will just pick an appropriate container class from the
> library and use it, and it will be good enough.

And isn't that the whole point of the gripe DK was making?

Re: How do I write directly to a memory address?

[Shark8]

On Feb 8, 2:46 pm, Georg Bauhaus <rm-host.bauh...@maps.futureapps.de>
wrote:
> On 2/8/11 9:21 PM, Shark8 wrote:
>
> >> void foo2(int jump)
> >>     /* make sure jump % 2 == 0! */
> >> {
> >>      ...
>
> >> }
>
> >> Write that in Ada 2005 to demonstrate the glorious power of
> >> your subtype constraints.  When was it that compilers will
> >> support aspects reliably?
>
> > Okay.
> > Procedure Foo( Jump : In Integer ) is
>
> --  make sure jump mod 2 == 0 *before* calling this function
>
> You'd need a formal type in Foo's signature that lets the client
> see what values can be supplied  without having to look at the body.
> A first approximation is a precondition:
>
>     procedure Foo2 (Jump : in Integer)
>       with Pre => (Jump mod 2 = 0)
>     is
>       ...
>
> A type in Ada 2012 can use an Invariant aspect referencing
> an expression function,
>
>     type Even is range -12 .. 345 with
>       Invariant => Is_Even (Even);
>
>     function Is_Even (E : Even) return Boolean is
>        (E mod 2 = 0);
>
> Then,
>
>     procedure Foo2 (Jump : in Even);
>
> seems a much better approximation of the C comment.

Nifty; but he *did* specify using Ada 2005...

Re: How do I write directly to a memory address?

[Adam Beneschan]

On Feb 8, 1:16 pm, "Vinzent Hoefler"
<0439279208b62c95f1880bf0f8776...@t-domaingrabbing.de> wrote:
> Adam Beneschan wrote:
> > On Feb 8, 12:01 pm, Hyman Rosen <hyro...@mail.com> wrote:
> >> On 2/8/2011 2:43 PM, Dmitry A. Kazakov wrote:
>
> >> > Three candidates in a row I have interviewed for a C/C++/C# position could
> >> > not answer the question how to test the 3rd bit of a byte in C. All three
> >> > had 3+ years of programming "experience."
>
> >>      (byte & (1 << (3 - 1)))
>
> > That's not the correct answer.  The correct answer is to ask, "Third
> > bit from which end?"
>
>  From the less significant end, unless you want the bit numbers to change when
> assigned to different sized variables.

The original question was how to test the 3rd bit of a *byte* (let's
assume "byte" means 8 bits), not how to test the 3rd bit of an
mathematical integer value that could be stored in variables of
different sizes.  If someone were talking about the 3rd bit of
anything, then 99.9% of the time it would be in the context of some
data record with fixed-size fields and where some of those fields are
bit fields compressed into a byte or into some *known* larger word
size.  (Typical when dealing with hardware---and writing directly into
hardware what the original question was about, approximately 130 posts
ago!)  In any event, although I don't recall seeing the terms "the
first bit", "the second bit", etc., all that often, I've seen plenty
of times when descriptions of (say) hardware device registers or
process control structures on a processor or packets communicated
between computers use the terms "bit 0", "bit 1", "bit 2"---and I've
seen those terms used both ways, i.e. where bit 0 refers to the high-
order bit, or where it refers to the low-order bit.  Thus, if someone
asked me to write code to test either "bit 2 of a byte" or "the third
bit of a byte", I would definitely need to ask for clarification.

                                       -- Adam

Re: How do I write directly to a memory address?

[Shark8]

On Feb 8, 2:56 pm, Simon Clubley <clubley@remove_me.eisner.decus.org-
Earth.UFP> wrote:

> > What so insane with just ones and zeros?
>
> I think what he means is that it's insane he's not getting to the
> interview stage if his competition cannot answer these questions.
>

Quite correct.

Re: How do I write directly to a memory address?

[Simon Clubley]

On 2011-02-08, Hyman Rosen <hyrosen@mail.com> wrote:
> On 2/8/2011 4:49 PM, Simon Clubley wrote:
>> In this world view, what happens when the programmer _does_ need to move
>> up from assembling prefabricated Lego bricks into a standard pattern (which
>> is what this position above amounts to) to actually having to design
>> a new structure because they have been given something unique to do ?
>
> I first point out that "assembling Lego bricks into a standard pattern"
> has been an explicit (but rarely met) goal of programming language design
> for decades. But if someone does need to design something new and cannot,
> they go and consult the old, wise programmer or the young, wise programmer
> who knows that kind of stuff. Eventually, they too may become wise.
>

And where do they find these people if organisations see no point in hiring
these types of people because said organisation believes it only needs
cheaper and lower skilled prefabricated assemblers ?

While there has indeed been a movement towards standard patterns, it was
still the case that traditionally, you still learnt about the underlying
computer science principles while going through higher education.

Now we have the situation that people are presenting for interview who do
not even understand bit manipulation/boolean algebra and in your scenario
you believe such skills are not needed.

In that environment, how do such people even understand what they are been
told even if they have someone in the organisation to explain it to them ?

This is the point I was trying to make. Traditionally you went through a
series of incremental steps in your professional development. Now, someone
who is used to just assembling prefabricated bricks may need to actually
design one of those bricks one day which is a sudden massive jump in what
is required of them in terms of understanding.

How can they do that if they do not have the background to understand the
issues involved and where do you find replacement people if they are not
even presenting themselves with the required skill set at interview ?

Simon.

-- 
Simon Clubley, clubley@remove_me.eisner.decus.org-Earth.UFP
Microsoft: Bringing you 1980s technology to a 21st century world

Re: How do I write directly to a memory address?

[Randy Brukardt]

"Hyman Rosen" <hyrosen@mail.com> wrote in message 
news:4d51a7bb$0$19486$882e7ee2@usenet-news.net...
> On 2/8/2011 3:11 PM, Shark8 wrote:
>> No, that's not it. What is 'it' is that the C programmers  treated
> > Ada as if it were C and the result was, as expected, bad Ada.
>
> It is my understanding that Ada proponents believe that
> using Ada results in better programs than using C. But
> when presented with a program written in Ada that is not
> demonstrably better, that program is removed from the set
> of Ada programs under consideration by virtue of having
> been written by "C people". That is precisely the "no true
> Scotsman" fallacy.

No fallacy here. 99% of programs (in any programming language) are garbage. 
The 1% that are not garbage are written in a language that supports and 
enforces real contracts. C is not such a language, ergo all of its programs 
are garbage (it might be possible to write some simple functions that aren't 
garbage, but nothing complex). Ada is only *barely* such a language, so most 
Ada programs are garbage as well. Garbage programs might work after lots of 
testing, but they're not engineered in any way.

Lest you think I'm talking about mythical other people, let me say that I 
put Janus/Ada (written almost solely in Ada) in the category of garbage Ada 
programs. It was designed by people (including me, fresh out of college) 
that didn't understand encapsulation and contracts very well, and as such it 
doesn't use them very consistently. It "works", of course, but it suffers 
from a lot of the problems that you might get from a C written compiler. 
With one exception: virtually every problem is detected by the failure of an 
Ada runtime check, so it is rare to get the wrong answer as opposed to no 
answer.

I would in fact argue that Ada is not good enough here; we need more 
contracts than even Ada 2012 can provide. Or we can continue to assume that 
crap is good enough. The world, sadly, is pretty much convinced that is all 
we can do. It surely is with the programming languages in wide use.

                                  Randy.

Re: How do I write directly to a memory address?

[Randy Brukardt]

"Shark8" <onewingedshark@gmail.com> wrote in message 
news:ee766e88-e4c4-4278-8b05-fd0dc9aa3fdb@k17g2000pre.googlegroups.com...
>> How do you test the third bit of a byte in Ada?
>
>One Way, assuming a 1..8 numbering for an 8-bit byte:

Presuming I *wasn't* interviewing for a job, would be to point out that that 
is the wrong question. The question is typically something like testing the 
ready bit in a device. And the solution to that in Ada is to map the device 
to an appropriate record type, and then read that proper component. For 
instance:

   type Dev_Status is
      Read_Ready : Boolean; -- Bit 3.
      Write_Ready : Boolean;
      ...
   end record;
   for Dev_Status use record
      Read_Ready at 0 range 3 .. 3; -- Bit 3.
      Write_Ready at 0 range 4 .. 4;
      ...
   end record;

   My_Dev_Status : Dev_Status
      with Address => <something appropriate>;

    if My_Dev_Status.Read_Ready then -- Testing bit 3.

QED. :-)

                              Randy.

Re: How do I write directly to a memory address?

[Shark8]

On Feb 8, 5:03 pm, "Randy Brukardt" <ra...@rrsoftware.com> wrote:
> "Hyman Rosen" <hyro...@mail.com> wrote in message
>
> news:4d51a7bb$0$19486$882e7ee2@usenet-news.net...
>
> > On 2/8/2011 3:11 PM, Shark8 wrote:
> >> No, that's not it. What is 'it' is that the C programmers  treated
> > > Ada as if it were C and the result was, as expected, bad Ada.
>
> > It is my understanding that Ada proponents believe that
> > using Ada results in better programs than using C. But
> > when presented with a program written in Ada that is not
> > demonstrably better, that program is removed from the set
> > of Ada programs under consideration by virtue of having
> > been written by "C people". That is precisely the "no true
> > Scotsman" fallacy.
>
> No fallacy here. 99% of programs (in any programming language) are garbage.
> The 1% that are not garbage are written in a language that supports and
> enforces real contracts. C is not such a language, ergo all of its programs
> are garbage (it might be possible to write some simple functions that aren't
> garbage, but nothing complex). Ada is only *barely* such a language, so most
> Ada programs are garbage as well. Garbage programs might work after lots of
> testing, but they're not engineered in any way.
>
> Lest you think I'm talking about mythical other people, let me say that I
> put Janus/Ada (written almost solely in Ada) in the category of garbage Ada
> programs. It was designed by people (including me, fresh out of college)
> that didn't understand encapsulation and contracts very well, and as such it
> doesn't use them very consistently. It "works", of course, but it suffers
> from a lot of the problems that you might get from a C written compiler.
> With one exception: virtually every problem is detected by the failure of an
> Ada runtime check, so it is rare to get the wrong answer as opposed to no
> answer.
>
> I would in fact argue that Ada is not good enough here; we need more
> contracts than even Ada 2012 can provide. Or we can continue to assume that
> crap is good enough. The world, sadly, is pretty much convinced that is all
> we can do. It surely is with the programming languages in wide use.
>
>                                   Randy.

Intriguing self-assessment on Janus/Ada.
If you don't mind my asking, if you were to scrap-redo the compiler
what would you do differently?
Assuming you'd be using Ada, would you implement it in Ada 2012?

Also, in your opinion what's the best thing to do to really understand
encapsulation and contracts?

Re: How do I write directly to a memory address?

[Shark8]

On Feb 8, 5:13 pm, "Randy Brukardt" <ra...@rrsoftware.com> wrote:
> "Shark8" <onewingedsh...@gmail.com> wrote in message
>
> news:ee766e88-e4c4-4278-8b05-fd0dc9aa3fdb@k17g2000pre.googlegroups.com...
>
> >> How do you test the third bit of a byte in Ada?
>
> >One Way, assuming a 1..8 numbering for an 8-bit byte:
>
> Presuming I *wasn't* interviewing for a job, would be to point out that that
> is the wrong question. The question is typically something like testing the
> ready bit in a device. And the solution to that in Ada is to map the device
> to an appropriate record type, and then read that proper component. For
> instance:
>
>    type Dev_Status is
>       Read_Ready : Boolean; -- Bit 3.
>       Write_Ready : Boolean;
>       ...
>    end record;
>    for Dev_Status use record
>       Read_Ready at 0 range 3 .. 3; -- Bit 3.
>       Write_Ready at 0 range 4 .. 4;
>       ...
>    end record;
>
>    My_Dev_Status : Dev_Status
>       with Address => <something appropriate>;
>
>     if My_Dev_Status.Read_Ready then -- Testing bit 3.
>
> QED. :-)
>
>                               Randy.

That is a far more elegant & practical solution, IMO.

The problem really comes into play with the question
"How do you set the third bit?" because there is no
such context (a device in your example) with which
to base your answer, and so you must give an
answer somewhat tangential to what the actual
practical problem may be. {i.e. it 'works.'}

Re: How do I write directly to a memory address?

[Adam Beneschan]

On Feb 8, 5:56 pm, Shark8 <onewingedsh...@gmail.com> wrote:
>
> That is a far more elegant & practical solution, IMO.
>
> The problem really comes into play with the question
> "How do you set the third bit?" because there is no
> such context (a device in your example) with which
> to base your answer, and so you must give an
> answer somewhat tangential to what the actual
> practical problem may be.

Since this is an interview and not the final exam of a college class,
I don't see a problem with giving an answer that reflects how you'd
actually approach the problem.  Dmitry asks, "How do you set the third
bit?", and you say, "Well, if the third bit is a Ready bit in a
hardware I/O register, I'd define a struct with bit components [yes, I
think C has those] and just assign 1 to the component, which would be
more readable than using a mask."  If the interviewer were Dmitry, I
think he'd be impressed.  If the interviewer were one of the
programmers Dmitry was complaining about, they may not have a clue
what you're talking about.  So you have to judge.  But a good,
experienced programmer knows that sometimes the thing that someone's
asking you for isn't always what they really want, and sometimes you
have to dig a bit deeper to find out whether it really is what they
need, or whether they've just assumed a solution to some deeper
problem and maybe you have a better solution.  Answering in this way
tells the interviewer that you have the ability to do this kind of
probing when it's necessary, assuming the interviewer isn't an idiot.

                             -- Adam

Re: How do I write directly to a memory address?

[Mart van de Wege]

"Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de> writes:

> On Tue, 08 Feb 2011 11:30:51 -0700, Jeffrey Carter wrote:
>
>> The problem with this is it violates Dijkstra's adage that we have small brains 
>> and must do our work with them. Few of us can keep all the code for the entire 
>> project in his head, and there are times when what one remembers is incorrect. 
>> And so, eventually, in any real project, even the best of developers make errors 
>> under such circumstances.
>> 
>> So, when talking to a C coder, "You said int, so negative values should be OK" 
>> isn't considered a valid argument. The response will be that you are supposed to 
>> have read the code and realized what would happen if you called it with a 
>> negative value. If you then go ahead and do so, you get what you asked for.
>
> Three candidates in a row I have interviewed for a C/C++/C# position could
> not answer the question how to test the 3rd bit of a byte in C. All three
> had 3+ years of programming "experience."

I'm not much of a programmer at all, and I don't know the exact
construct in C, but isn't that simply a question of doing a bitwise AND
with 0x04, assuming counting from the RHS?

Mart

-- 
"We will need a longer wall when the revolution comes."
    --- AJS, quoting an uncertain source.

Re: How do I write directly to a memory address?

[Dmitry A. Kazakov]

On Tue, 8 Feb 2011 13:48:29 -0800 (PST), Maciej Sobczak wrote:

> On Feb 8, 7:14�pm, "Dmitry A. Kazakov" <mail...@dmitry-kazakov.de>
> wrote:
> 
>>> q.e.d. what?
>>
>> 1. const T /= T
>> 2. not (const T <: T)
> 
> That's of course very interesting, but does not relate to the example
> that we are discussing.

It does, because const T is the type of the actual parameter and T is the
type of the formal parameter.

>>> Why do you want to substitute one type by another?
>>
>> Because one is passed as a parameter where another is declared, expected
>> and used. This is substitution.
> 
> No. According to the C standard (6.5.2.2/4) this is *assignment*.

Making local copies requires copy constructor. That's for sure. But this is
unrelated to the substitution, which is always there when you call a
subprogram with parameters and/or results.

> In Ada assignment looks like this:
> 
> declare
>    J : constant Integer := 7;
>    I : Integer;
> begin
>    I := J;  --  here
> 
>    --  and later, for example:
>    I := I + 1;
> end;
> 
> There is no substitution in the above code, at least as far as my
> definitions go. This is assignment.

In this example there is no call, except than the assignment operation.
Note that the assignment's implied profile is:

   procedure ":=" (Left : in out Integer; Right : Integer);

When J is substituted for Right there is no problem because the anonymous
types of "constant T" and "in T" are same in Ada.

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de

Re: How do I write directly to a memory address?

[Dmitry A. Kazakov]

On Tue, 08 Feb 2011 22:41:35 +0100, Vinzent Hoefler wrote:

> Georg Bauhaus wrote:
> 
>> On 2/8/11 9:48 PM, Vinzent Hoefler wrote:
>>> Georg Bauhaus wrote:
>>>
>>>> I wish they were collected in some unbiased public wiki,
>>>> together with a kind of cost analysis, metaphorical or real,
>>>> of the observed effects. Wouldn't this be a nice addition
>>>> to the Style Guide? A chapter on Bug Avoidance Techniques (BAT)?.
>>>
>>> Look at MISRA-C to see what BAT does to C. And then again, look at
>>> Ada and compare how many of these rules could are applicable to Ada
>>> at all.
>>
>> I know ;-)  Suppose pclint -w4 were built into every C compiler.
>> What effects would this change likely have on program production?
>> The skeptic's view:
>>
>> - more annoyed programmers
>> - clever ways of working around compilers
>> - pride issues
> 
> Yes.
> 
> But potentially better programs, too.

Unfortunately not. The problem is that the C language was not designed in
order to be used at this level of scrutiny. It becomes extremely annoying
because many warnings are false negatives. It is a structural problem of C:
the number of false negatives cannot be reduced without increasing the
number of false positives. And this is not the compiler's problem only.
When you read C program you have to set your alarm level much lower than
for Ada. Because otherwise, you won't be able to understand the program at
all.

So as Ludovic put it, each time you read a C program you see a bug. I would
add: and *know* that there are dozen other bugs you just do not care to
look after.

> Of course, with Ada you can have all this for free (pun intended).

Ada has such problems as well:

   overriding function Foo return Bar;
   
   function Foo return Bar is
   begin
      raise Use_Error; -- This won't compile
   end No_Way;

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de

Re: How do I write directly to a memory address?

[Dmitry A. Kazakov]

On Wed, 09 Feb 2011 08:59:55 +0100, Mart van de Wege wrote:

> "Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de> writes:
> 
>> On Tue, 08 Feb 2011 11:30:51 -0700, Jeffrey Carter wrote:
>>
>>> The problem with this is it violates Dijkstra's adage that we have small brains 
>>> and must do our work with them. Few of us can keep all the code for the entire 
>>> project in his head, and there are times when what one remembers is incorrect. 
>>> And so, eventually, in any real project, even the best of developers make errors 
>>> under such circumstances.
>>> 
>>> So, when talking to a C coder, "You said int, so negative values should be OK" 
>>> isn't considered a valid argument. The response will be that you are supposed to 
>>> have read the code and realized what would happen if you called it with a 
>>> negative value. If you then go ahead and do so, you get what you asked for.
>>
>> Three candidates in a row I have interviewed for a C/C++/C# position could
>> not answer the question how to test the 3rd bit of a byte in C. All three
>> had 3+ years of programming "experience."
> 
> I'm not much of a programmer at all, and I don't know the exact
> construct in C, but isn't that simply a question of doing a bitwise AND
> with 0x04, assuming counting from the RHS?

Yes it is. There must be something awfully wrong with the software
engineering industry and education. 20 years ago such a question would
offend the candidate. 10 years ago I would not ask it. These days I must
ask it. I am preparing for worse...

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de

Re: How do I write directly to a memory address?

[Dmitry A. Kazakov]

On Tue, 8 Feb 2011 21:19:30 +0000 (UTC), Simon Clubley wrote:

> On 2011-02-08, Dmitry A. Kazakov <mailbox@dmitry-kazakov.de> wrote:

>> The next test was this:
>>
>>    x and FF = ?
>>    x or FF = ?
>>    x xor FF = ?
>>
>> Only one of 5 candidates could solve the first two! Only one managed xor!
>>
> Thanks for the response.
> 
> In some ways this example is even worse because this is a simple (and
> generally language independent) boolean operation which does not require
> knowing how to mask out a bit from within a byte in a C program as your
> first example did.

Yes, it is indicative, they just don't understand the concept.

BTW, this is a common case for many young programmers. They learn tricks as
a dog would, but they miss the basic ideas. They can solve a problem when
the pattern is known. If you modify it just a bit, they fail. E.g. he might
know how to test one bit (somebody shown to him), but ask him how to test
if one bit is set and another is clean in one memory read ... and full
stop.

> This is a serious question: Do these people get fired after a period of
> time when it's discovered they are useless (and hence they move from job
> to job) or do they somehow manage to survive in a job ?

They survived, at least one of them.

It was always a puzzle to me why almost anything around us works, being
programmed by programmers like that. I have no doubt that an average
programmer isn't much better.

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de

Re: How do I write directly to a memory address?

[Ludovic Brenta]

Hyman Rosen wrote on comp.lang.ada:
> Except for DK, who granted was actually interviewing people to work
> with such hardware devices, programming doesn't really involve such
> bit twiddling any more. It doesn't even involve being able to design
> data structures much any more either. These days, someone working in
> Java or C++ will just pick an appropriate container class from the
> library and use it, and it will be good enough.

I disagree.  If you look at struct sockaddr_t used by bind(2) and
friends, you will see that the address and port number are in network
byte order; you need to understand how, when and why to swap bytes.
Just saying.

Besides, just because, by some made-up statistic, the majority of
programmers use a high-level framework to write disposable web
applications does not mean I want to be part of that majority, or that
I want my programs to be disposable, or that I want to hire
programmers who can't extract a bit from a byte.

--
Ludovic Brenta.

Re: How do I write directly to a memory address?

[Mart van de Wege]

"Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de> writes:

> On Wed, 09 Feb 2011 08:59:55 +0100, Mart van de Wege wrote:
>
>> "Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de> writes:
>> 
>>> On Tue, 08 Feb 2011 11:30:51 -0700, Jeffrey Carter wrote:
>>>
>>>> The problem with this is it violates Dijkstra's adage that we have small brains 
>>>> and must do our work with them. Few of us can keep all the code for the entire 
>>>> project in his head, and there are times when what one remembers is incorrect. 
>>>> And so, eventually, in any real project, even the best of developers make errors 
>>>> under such circumstances.
>>>> 
>>>> So, when talking to a C coder, "You said int, so negative values should be OK" 
>>>> isn't considered a valid argument. The response will be that you are supposed to 
>>>> have read the code and realized what would happen if you called it with a 
>>>> negative value. If you then go ahead and do so, you get what you asked for.
>>>
>>> Three candidates in a row I have interviewed for a C/C++/C# position could
>>> not answer the question how to test the 3rd bit of a byte in C. All three
>>> had 3+ years of programming "experience."
>> 
>> I'm not much of a programmer at all, and I don't know the exact
>> construct in C, but isn't that simply a question of doing a bitwise AND
>> with 0x04, assuming counting from the RHS?
>
> Yes it is. There must be something awfully wrong with the software
> engineering industry and education. 20 years ago such a question would
> offend the candidate. 

Which is why I asked my question. It seems so completely obvious to me,
that I can't understand that someone with a formal education in the
field wouldn't know about it.

I must admit that I learned programming about 30 years ago doing
hardware stuff on a C64, so bit-banging and masking to read register bits
are easy for me.

And I agree with your general gist, the current crop of programmers is
not very good. My real job is managing and integrating their stuff, and
I found out quickly why sysadmins tend to dislike developers.

Mart

-- 
"We will need a longer wall when the revolution comes."
    --- AJS, quoting an uncertain source.

Re: How do I write directly to a memory address?

[Simon Wright]

"Vinzent Hoefler" <0439279208b62c95f1880bf0f8776eeb@t-domaingrabbing.de>
writes:

> Adam Beneschan wrote:
>
>> On Feb 8, 12:01 pm, Hyman Rosen <hyro...@mail.com> wrote:
>>> On 2/8/2011 2:43 PM, Dmitry A. Kazakov wrote:
>>>
>>> > Three candidates in a row I have interviewed for a C/C++/C#
>>> > position could not answer the question how to test the 3rd bit of
>>> > a byte in C. All three had 3+ years of programming "experience."
>>>
>>>      (byte & (1 << (3 - 1)))
>>
>> That's not the correct answer.  The correct answer is to ask, "Third
>> bit from which end?"
>
> From the less significant end, unless you want the bit numbers to
> change when assigned to different sized variables.

Well, on big-endian hardware like standard PowerPC, they - in some sense
- do.

With a project on PowerPC involving lots of different groups/companies,
some writing in Ada and some in C, we ended up drawing maps: this is the
sort of thing I mean; it describes (the first word of) an NTP datagram,
which is sent in network byte order:

   --   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   --  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   --  |LI | VN  |Mode |    Stratum    |     Poll      |   Precision   |
   --  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

(this one is my own work, for project purposes we put the byte numbers
in as well).

We found that most (UK-raised) programmers could intuit that bit 31 of
this 32-bit structure was the lsb of Precision, however unnatural they
thought it.

I don't think I've ever met anyone who naturally thought big-endian;
perhaps it's a first-machine effect.

Re: How do I write directly to a memory address?

[KK6GM]

On Feb 8, 1:25 pm, Hyman Rosen <hyro...@mail.com> wrote:
> Except for DK, who granted was actually interviewing people to work
> with such hardware devices, programming doesn't really involve such
> bit twiddling any more. It doesn't even involve being able to design
> data structures much any more either. These days, someone working in
> Java or C++ will just pick an appropriate container class from the
> library and use it, and it will be good enough.

You have a very high-level-platform view of programming.  That is one
large segment of the programming universe, but by no means the only
one.  There are some 10 billion microcontrollers sold each year, and
somebody has to write code at the "bit twiddling" level for each of
them.  And remember that you are posting in an Ada group, a language
which was developed in good measure to do such "bit twiddling".

Re: How do I write directly to a memory address?

[KK6GM]

On Feb 9, 1:21 am, "Dmitry A. Kazakov" <mail...@dmitry-kazakov.de>
wrote:
> On Tue, 8 Feb 2011 21:19:30 +0000 (UTC), Simon Clubley wrote:
> > On 2011-02-08, Dmitry A. Kazakov <mail...@dmitry-kazakov.de> wrote:
> >> The next test was this:
>
> >>    x and FF = ?
> >>    x or FF = ?
> >>    x xor FF = ?
>
> >> Only one of 5 candidates could solve the first two! Only one managed xor!
>
> > Thanks for the response.
>
> > In some ways this example is even worse because this is a simple (and
> > generally language independent) boolean operation which does not require
> > knowing how to mask out a bit from within a byte in a C program as your
> > first example did.
>
> Yes, it is indicative, they just don't understand the concept.
>
> BTW, this is a common case for many young programmers. They learn tricks as
> a dog would, but they miss the basic ideas. They can solve a problem when
> the pattern is known. If you modify it just a bit, they fail. E.g. he might
> know how to test one bit (somebody shown to him), but ask him how to test
> if one bit is set and another is clean in one memory read ... and full
> stop.
>
> > This is a serious question: Do these people get fired after a period of
> > time when it's discovered they are useless (and hence they move from job
> > to job) or do they somehow manage to survive in a job ?
>
> They survived, at least one of them.
>
> It was always a puzzle to me why almost anything around us works, being
> programmed by programmers like that. I have no doubt that an average
> programmer isn't much better.
>
> --
> Regards,
> Dmitry A. Kazakovhttp://www.dmitry-kazakov.de- Hide quoted text -
>
> - Show quoted text -

Has somebody already posted Dr. Dewar's comments about the current
state of programming education?  If so I didn't catch it, so I'll post
them (again?)

http://www.adacore.com/wp-content/uploads/2009/02/principled_approach.pdf
http://itmanagement.earthweb.com/career/article.php/3761921/The-Anti-Java-Professor-and-the-Jobless-Programmers.htm
http://itmanagement.earthweb.com/career/article.php/3722876/Who-Killed-the-Software-Engineer-Hint-It-Happened-in-College.htm

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 2/8/2011 7:03 PM, Randy Brukardt wrote:
> The 1% that are not garbage are written in a language that supports and
> enforces real contracts.

I'm sorry, but I just don't buy it. I sit day after day at a
computer, and my spreadsheets calculate, my e-mail is delivered,
my documents print, my wallpaper updates itself, my compilers
compile my code, and my angry birds wreak havoc on smug pigs.
Characterizing all of these programs as garbage because they fail
to adhere to some Platonic ideal of perfect program design is
ridiculous.

The mechanical world doesn't work that way - cars get recalled,
pipes burst, termites eat wood, stray voltage shocks pedestrians.
Just yesterday, two construction workers were killed just blocks
from where I live:
<http://www.ny1.com/content/top_stories/133581/two-workers-fall-to-death-at-uws-construction-site>
And yet, we drive, we wash, we build, and we walk without worrying
too much about the perfection of the enabling processes. We strive
to improve, but most of don't labor under the illusion that we can
be liberated from error.

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 2/8/2011 9:33 PM, Adam Beneschan wrote:
>  Dmitry asks, "How do you set the third
> bit?", and you say, "Well, if the third bit is a Ready bit in a
> hardware I/O register, I'd define a struct with bit components [yes, I
> think C has those] and just assign 1 to the component, which would be
> more readable than using a mask."

This can be considerably more complicated depending on
the hardware and the compiler; you are trying to assign
to a single bit, but the compiler may do this by reading
an entire word, setting the bit in the result, and
assigning the entire word back. That could have dire
effects if writing adjacent bits does something.

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 2/9/2011 5:28 AM, Mart van de Wege wrote:
> Which is why I asked my question. It seems so completely obvious to me,
> that I can't understand that someone with a formal education in the
> field wouldn't know about it.

It works in the other direction too, you know. In a different
message RB was complaining about how he has to provide installers
for his compiler because his customers demand it. But it seems so
completely obvious to me that this is how software packages are
provided that I find it astonishing that anyone in the business
of selling software would feel put upon to do so.

Re: How do I write directly to a memory address?

[Dmitry A. Kazakov]

On Wed, 09 Feb 2011 10:34:02 -0500, Hyman Rosen wrote:

> On 2/8/2011 7:03 PM, Randy Brukardt wrote:
>> The 1% that are not garbage are written in a language that supports and
>> enforces real contracts.
> 
> I'm sorry, but I just don't buy it. I sit day after day at a
> computer, and my spreadsheets calculate, my e-mail is delivered,
> my documents print, my wallpaper updates itself, my compilers
> compile my code, and my angry birds wreak havoc on smug pigs.
> Characterizing all of these programs as garbage because they fail
> to adhere to some Platonic ideal of perfect program design is
> ridiculous.
> 
> The mechanical world doesn't work that way - cars get recalled,
> pipes burst, termites eat wood, stray voltage shocks pedestrians.

Physical world is ruled by statistical laws. Software is not controlled by
such laws. It is theoretically possible to say if a program is correct,
while no any car is.

Even if the damage inflicted by a program is less than one by a
malfunctioned hardware there is a psychological difference. People do not
accept preventable or deliberate damages. E.g. it is OK for thousands to
die in car accidents, but intolerable when a single person die in gun
shooting.

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 2/9/2011 10:20 AM, KK6GM wrote:
> Has somebody already posted Dr. Dewar's comments about the current
> state of programming education?  If so I didn't catch it, so I'll post
> them (again?)

Look at this quote:
<http://itmanagement.earthweb.com/career/article.php/3722876>
     And [forget] all this business about �command line� � we�ll have
     people use nice visual interfaces where they can point and click
     and do fancy graphic stuff and have fun.

Can you just hear the shouts of "get off my lawn!"? It's even more
ironic considering that AdaCore proudly offers GPS,
<http://www.adacore.com/2010/10/26/gps-5-0/>,
     AdaCore releases GPS 5.0
     GPS 5.0 Integrated Development Environment brings enhanced
     multi-language support, more powerful source editing, and
     improved ease of use
and
     access to project templates for easy project setup

Now look at their GPS documentation:
<http://libre.adacore.com/wp-content/files/auto_update/gps-docs/gps.html>
It may be a marvel of late twentieth-century web design, but
compare it to their own modern-looking GPS description page here:
<http://libre.adacore.com/libre/tools/gps/>. Why hasn't AdaCore
produced properly-designed on-line documentation in accordance
with web standards as they exist today?

I submit that it's all of a piece - it's programmers staying in
their comfort zones instead of understanding that custom and style
change and should be accommodated, not scorned.

Re: How do I write directly to a memory address?

[KK6GM]

On Feb 9, 8:15 am, "Dmitry A. Kazakov" <mail...@dmitry-kazakov.de>
wrote:
> On Wed, 09 Feb 2011 10:34:02 -0500, Hyman Rosen wrote:
> > On 2/8/2011 7:03 PM, Randy Brukardt wrote:
> >> The 1% that are not garbage are written in a language that supports and
> >> enforces real contracts.
>
> > I'm sorry, but I just don't buy it. I sit day after day at a
> > computer, and my spreadsheets calculate, my e-mail is delivered,
> > my documents print, my wallpaper updates itself, my compilers
> > compile my code, and my angry birds wreak havoc on smug pigs.
> > Characterizing all of these programs as garbage because they fail
> > to adhere to some Platonic ideal of perfect program design is
> > ridiculous.
>
> > The mechanical world doesn't work that way - cars get recalled,
> > pipes burst, termites eat wood, stray voltage shocks pedestrians.
>
> Physical world is ruled by statistical laws. Software is not controlled by
> such laws. It is theoretically possible to say if a program is correct,
> while no any car is.
>
> Even if the damage inflicted by a program is less than one by a
> malfunctioned hardware there is a psychological difference. People do not
> accept preventable or deliberate damages. E.g. it is OK for thousands to
> die in car accidents, but intolerable when a single person die in gun
> shooting.
>

I think a useful yardstick (yeah, I know, we should go metric) is to
ask, if one had to defend some code in a court of law against a claim
of injury or economic damage, would one be able to claim "best
practices"?  And unfortunately, many popular languages today, absent a
cocoon of protective tools, cannot make that claim.  Maybe that would
change if more programmers were held legally liable for their work -
not an attractive thought to most programmers, but one that would
certainly produce interesting changes in language choice and
programming methodology!

Re: How do I write directly to a memory address?

[KK6GM]

On Feb 9, 8:39 am, Hyman Rosen <hyro...@mail.com> wrote:
> On 2/9/2011 10:20 AM, KK6GM wrote:
>
> > Has somebody already posted Dr. Dewar's comments about the current
> > state of programming education?  If so I didn't catch it, so I'll post
> > them (again?)
>
> Look at this quote:
> <http://itmanagement.earthweb.com/career/article.php/3722876>
>      And [forget] all this business about command line we ll have
>      people use nice visual interfaces where they can point and click
>      and do fancy graphic stuff and have fun.
>
> Can you just hear the shouts of "get off my lawn!"? It's even more
> ironic considering that AdaCore proudly offers GPS,
> <http://www.adacore.com/2010/10/26/gps-5-0/>,
>      AdaCore releases GPS 5.0
>      GPS 5.0 Integrated Development Environment brings enhanced
>      multi-language support, more powerful source editing, and
>      improved ease of use
> and
>      access to project templates for easy project setup
>
> Now look at their GPS documentation:
> <http://libre.adacore.com/wp-content/files/auto_update/gps-docs/gps.html>
> It may be a marvel of late twentieth-century web design, but
> compare it to their own modern-looking GPS description page here:
> <http://libre.adacore.com/libre/tools/gps/>. Why hasn't AdaCore
> produced properly-designed on-line documentation in accordance
> with web standards as they exist today?
>
> I submit that it's all of a piece - it's programmers staying in
> their comfort zones instead of understanding that custom and style
> change and should be accommodated, not scorned.

Is that really the main point you took away from the three articles
(articles about software engineering _education_, let us not forget)?

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 2/9/2011 11:15 AM, Dmitry A. Kazakov wrote:
> It is theoretically possible to say if a program is correct

No it's not, because the statement of correctness is equivalent to
the program itself; you simply push the potential error out one level.
How do I know that your assertion as to the correctness of the
program accurately models what the program should do?

> Even if the damage inflicted by a program is less than one by a
> malfunctioned hardware there is a psychological difference. People do not
> accept preventable or deliberate damages. E.g. it is OK for thousands to
> die in car accidents, but intolerable when a single person die in gun
> shooting.

Your example is false; it is not intolerable when a single person
dies in a gun shooting. Here in the U.S. we do not take away guns
from the public even though some of its members use them to murder.

And in fact, people treat computer programs as they do other more
physical objects. They work around problems, they upgrade to better
versions, and they complain.

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 2/9/2011 11:46 AM, KK6GM wrote:
>> I submit that it's all of a piece - it's programmers staying in
>> their comfort zones instead of understanding that custom and style
>> change and should be accommodated, not scorned.
>
> Is that really the main point you took away from the three articles
> (articles about software engineering _education_, let us not forget)?

Yes. If I'm going to believe someone who is claiming that
certain things are wrong and need to be improved, I want
to look at their work to see evidence that it is better
than that of the people they criticize. Instead, I see
people who have had to be dragged kicking and screaming
into modernity, and who haven't completed the trip.

And apropos of JC's comments,
let's take a look at a random bit of GPS source code,
<http://libre2.adacore.com/viewvc/trunk/gps/ada_module/ui/src/ada_naming_editors.ads?view=markup>
<http://libre2.adacore.com/viewvc/trunk/gps/ada_module/ui/src/ada_naming_editors.adb?view=markup>

JC said "I once worked on an Ada project that had been done by C people.
The package specs were badly formatted collections of declarations with
no comments; the developers viewed them as header files that no one would
read. There were minimal comments in the bodies, and everyone was expected
to read the body code to understand how to use the operations."

The module above is certainly neatly formatted. But it contains
minimal comments in the spec or the body. Oddly, the spec contains
comments mostly for procedures which are commented as "shouldn't
be called directly". (Is there no way to express such things in Ada
so that things that shouldn't be called directly can't be called
directly?) I submit that anyone who wishes to understand this
module is going to read the source code of the body. I further
submit that this isn't really unusual.

Re: How do I write directly to a memory address?

[Shark8]

On Feb 9, 10:15 am, Hyman Rosen <hyro...@mail.com> wrote:
> Oddly, the spec contains
> comments mostly for procedures which are commented as "shouldn't
> be called directly". (Is there no way to express such things in Ada
> so that things that shouldn't be called directly can't be called
> directly?)

Yes, there is a way to prevent some function or procedure from being
called directly FROM CLIENT CODE.

Package Example is
 Type something is null record;
 Procedure Public_Procedure( Input : In something );

private
 Procedure Private_Procedure( Input : In something );
end Example;

Private_Procedure is completely uncallable from a client using this
spec.
There is, however a "workaround" that would in essence directly call
it.

Package Example.Child is
  Procedure Public_Procedure_Alias( Input : In something );
end Example.Child;

Package Body Example.Child is
  Procedure Public_Procedure_Alias( Input : In something ) is
  begin
    Public_Procedure( Input );
  end;

-- "Procedure Public_Procedure_Alias( Input : In something )
--  Renames Public_Procedure;" or something of  a similar
-- syntax may also be possible. {I'm fuzzy on function/procedure
-- renaming rules.}
end Example.Child;

Those comments may be of the effect that in child-packages those
functions & procedures are not to be directly exposed to the client.

Re: How do I write directly to a memory address?

[Dmitry A. Kazakov]

On Wed, 9 Feb 2011 08:43:09 -0800 (PST), KK6GM wrote:

> I think a useful yardstick (yeah, I know, we should go metric) is to
> ask, if one had to defend some code in a court of law against a claim
> of injury or economic damage, would one be able to claim "best
> practices"?  And unfortunately, many popular languages today, absent a
> cocoon of protective tools, cannot make that claim.  Maybe that would
> change if more programmers were held legally liable for their work -
> not an attractive thought to most programmers, but one that would
> certainly produce interesting changes in language choice and
> programming methodology!

Yes, this is my thought too. Anybody who sells software must become liable.

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de

Re: How do I write directly to a memory address?

[Dmitry A. Kazakov]

On Wed, 09 Feb 2011 11:48:07 -0500, Hyman Rosen wrote:

> On 2/9/2011 11:15 AM, Dmitry A. Kazakov wrote:
>> It is theoretically possible to say if a program is correct
> 
> No it's not, because the statement of correctness is equivalent to
> the program itself; you simply push the potential error out one level.

Right. It is pushed to the level of requirements.

> How do I know that your assertion as to the correctness of the
> program accurately models what the program should do?

I don't need to know it. There is nothing beyond the requirements. How do
you know that a car is for driving and not for killing pedestrians?

>> Even if the damage inflicted by a program is less than one by a
>> malfunctioned hardware there is a psychological difference. People do not
>> accept preventable or deliberate damages. E.g. it is OK for thousands to
>> die in car accidents, but intolerable when a single person die in gun
>> shooting.
> 
> Your example is false; it is not intolerable when a single person
> dies in a gun shooting. Here in the U.S. we do not take away guns
> from the public even though some of its members use them to murder.

Hmm, isn't murder a criminal offence in the US? And look there is a huge
crowd of leftists lobbying for taking guns away. The same people are silent
about cars! They could at least require that cars were in state property.
No? Cars kill thousands, but these are acceptable deaths.

> And in fact, people treat computer programs as they do other more
> physical objects.

Not really. Legally you don't even own most of the programs you are using.

> They work around problems, they upgrade to better
> versions, and they complain.

They were educated by MS and others. This does not mean that the current
way is sustainable. Most people in c.l.a. believe that it is not. Yes this
is in disagreement with the vast majority of people, professionals
included.

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 2/9/2011 12:49 PM, Dmitry A. Kazakov wrote:
> Anybody who sells software must become liable.

In the U.S., software is expressive speech and cannot be
legally constrained in this way. As it should be.

Re: How do I write directly to a memory address?

[Dmitry A. Kazakov]

On Wed, 09 Feb 2011 12:15:53 -0500, Hyman Rosen wrote:

> Yes. If I'm going to believe someone who is claiming that
> certain things are wrong and need to be improved, I want
> to look at their work to see evidence that it is better
> than that of the people they criticize.

No, you cannot. There are economical reasons (ruined, non-functioning
market of software), why it is impossible for anybody to design software
properly. Even if they wanted. Those who couldn't sell their souls are out
of business, long ago. There are some small niches remaining, rapidly
closing. Something must happen, really disastrous (and it will), that would
make the society and the law makers to rethink the ways. But so far
everybody is happy except for a couple of retrogrades from c.l.a.

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de

Re: How do I write directly to a memory address?

[Vinzent Hoefler]

Hyman Rosen wrote:

> On 2/8/2011 4:51 PM, Vinzent Hoefler wrote:
>> Or, in other words: who is it, who fabricates the bricks?
>
> Brick fabricators. You need a lot fewer of them.

But they should be good or the house falls apart.


Vinzent.

-- 
You know, we're sitting on four million pounds of fuel, one nuclear weapon,
and a thing that has 270,000 moving parts built by the lowest bidder.
Makes you feel good, doesn't it?
   --  Rockhound, "Armageddon"

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 2/9/2011 12:49 PM, Dmitry A. Kazakov wrote:
> There is nothing beyond the requirements.

You cannot use the word "requirements" as if it is simple.
What are the requirements of an Ada compiler? I submit that
specifying the requirements of a program is identical to
writing that program, and you are only fooling yourself if
you believe otherwise.

> Hmm, isn't murder a criminal offence in the US? And look there is a huge
> crowd of leftists lobbying for taking guns away. The same people are silent
> about cars! They could at least require that cars were in state property.
> No? Cars kill thousands, but these are acceptable deaths.

Actually, the same crowd of leftists would be happy to take
away the cars as well. Furthermore, many car deaths could be
avoided by design changes - we could armor cars like tanks,
and we could limit their speed to under thirty miles per hour
for example. But our legal system does not require this of car
manufacturers, and it would similarly not hold software makers
liable for not using Ada.

>> And in fact, people treat computer programs as they do other more
>> physical objects.
>
> Not really. Legally you don't even own most of the programs you are using.

Irrelevant. People treat computer programs as they do other more
physical objects regardless of what the law says.

>> They work around problems, they upgrade to better
>> versions, and they complain.
>
> They were educated by MS and others. This does not mean that the current
> way is sustainable. Most people in c.l.a. believe that it is not. Yes this
> is in disagreement with the vast majority of people, professionals
> included.

What does sustainable mean? As the decades pass I see more and
better software everywhere, including from MS. I see no evidence
that software is failing to keep up with what it needs to do. I
just see the same old handful of people complaining because no
one uses their pet language.

Re: How do I write directly to a memory address?

[Shark8]

On Feb 9, 9:15 am, "Dmitry A. Kazakov" <mail...@dmitry-kazakov.de>
wrote:
>
> Even if the damage inflicted by a program is less than one by a
> malfunctioned hardware there is a psychological difference. People do not
> accept preventable or deliberate damages. E.g. it is OK for thousands to
> die in car accidents, but intolerable when a single person die in gun
> shooting.

I agree with the point you're making, but certainly NOT the example.
In Jurisprudence even homicide may be justified; it is why soldiers
that have killed in war-zones are not, by the fact of their killing
another,
automatically murderers. It is the reason that someone being mugged
is not a murderer if they kill to protect themselves: regardless of
whether or not the implement used is a gun, or knife, or even fists.

Re: How do I write directly to a memory address?

[Vinzent Hoefler]

Shark8 wrote:

> On Feb 8, 2:56 pm, Simon Clubley <clubley@remove_me.eisner.decus.org-
> Earth.UFP> wrote:
>
>> > What so insane with just ones and zeros?
>>
>> I think what he means is that it's insane he's not getting to the
>> interview stage if his competition cannot answer these questions.
>
> Quite correct.

Oh, yes. I should read more carefully.

Explanation? Well, resumes are usually not read by the software engineers,
or managers with the appropriate knowledge. Instead they are prefiltered by
the human resource department. And there, anything is thrown out that
doesn't have the proper papers or doesn't match the right TLAs.


Vinzent.

-- 
You know, we're sitting on four million pounds of fuel, one nuclear weapon,
and a thing that has 270,000 moving parts built by the lowest bidder.
Makes you feel good, doesn't it?
   --  Rockhound, "Armageddon"

Re: How do I write directly to a memory address?

[Dmitry A. Kazakov]

On Wed, 09 Feb 2011 12:54:17 -0500, Hyman Rosen wrote:

> On 2/9/2011 12:49 PM, Dmitry A. Kazakov wrote:
>> Anybody who sells software must become liable.
> 
> In the U.S., software is expressive speech and cannot be
> legally constrained in this way.

When they passed DCMA, they didn't bother about freedom of speech.

The only thing they should do is to require that any software sold under a
no-liability license must be refundable at the moment the customer stopped
using it. The product was not damaged and is returned its original state.
How does this constrain speech?

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 2/9/2011 1:02 PM, Dmitry A. Kazakov wrote:
> On Wed, 09 Feb 2011 12:15:53 -0500, Hyman Rosen wrote:
>
>> Yes. If I'm going to believe someone who is claiming that
>> certain things are wrong and need to be improved, I want
>> to look at their work to see evidence that it is better
>> than that of the people they criticize.
>
> No, you cannot. There are economical reasons (ruined, non-functioning
> market of software), why it is impossible for anybody to design software
> properly. Even if they wanted. Those who couldn't sell their souls are out
> of business, long ago. There are some small niches remaining, rapidly
> closing. Something must happen, really disastrous (and it will), that would
> make the society and the law makers to rethink the ways. But so far
> everybody is happy except for a couple of retrogrades from c.l.a.

How can you consider something to be "proper design" when
it cannot produce working software in a timely fashion?
Software exists to do things, not to live in perfect and
abstract beauty. A design methodology must be able to
produce the ting it is meant to produce by the time it is
needed, or it is not a useful methodology.

When other methodologies do so, and then someone comes along
and says the results of those methodologies are garbage, I
would consider him a crank - after all, here is the product
in front of me, and to all appearances it works as it should.

Re: How do I write directly to a memory address?

[Shark8]

On Feb 9, 9:48 am, Hyman Rosen <hyro...@mail.com> wrote:

> > It is theoretically possible to say if a program is correct
>
> No it's not, because the statement of correctness is equivalent to
> the program itself; you simply push the potential error out one level.

Of course it is!
Just as we can prove whether some procedure is correct or not.

Function Fib( N : Positive ) Return Positive is
begin
   Case N is
     When 1 => Return 1;
     When 2 => Return 1;
     When Others => Return Fib(N-1) + Fib(N-2);
   end case;
end Fib;

is provable for correctness; so long the resultant summation
stays in the realm of the computer's [finite] number-system;
when it attempts to exceed those limits an exception is raised
as both expected and required.

Re: How do I write directly to a memory address?

[Vinzent Hoefler]

Dmitry A. Kazakov wrote:

> On Tue, 08 Feb 2011 22:41:35 +0100, Vinzent Hoefler wrote:
>
>> Georg Bauhaus wrote:
>>
>>> On 2/8/11 9:48 PM, Vinzent Hoefler wrote:
>>>> Georg Bauhaus wrote:
>>>>
>>>>> I wish they were collected in some unbiased public wiki,
>>>>> together with a kind of cost analysis, metaphorical or real,
>>>>> of the observed effects. Wouldn't this be a nice addition
>>>>> to the Style Guide? A chapter on Bug Avoidance Techniques (BAT)?.
>>>>
>>>> Look at MISRA-C to see what BAT does to C. And then again, look at
>>>> Ada and compare how many of these rules could are applicable to Ada
>>>> at all.
>>>
>>> I know ;-)  Suppose pclint -w4 were built into every C compiler.
>>> What effects would this change likely have on program production?
>>> The skeptic's view:
>>>
>>> - more annoyed programmers
>>> - clever ways of working around compilers
>>> - pride issues
>>
>> Yes.
>>
>> But potentially better programs, too.
>
> Unfortunately not. The problem is that the C language was not designed in
> order to be used at this level of scrutiny. It becomes extremely annoying
> because many warnings are false negatives. It is a structural problem of C:
> the number of false negatives cannot be reduced without increasing the
> number of false positives. And this is not the compiler's problem only.
> When you read C program you have to set your alarm level much lower than
> for Ada. Because otherwise, you won't be able to understand the program at
> all.

So tell me what I did wrong. In the eight months I spent in the auto-motive
sector [so I literally moved up ;)] I did MISRA-C, both compilers were tuned
to their maximum warning level and PC-Lint was run with a quite restrictive
set of rules. The goal was zero warnings from those tools. I think, I had
two which could not be circumvented and thus could count as false-positives.

Ok, in some sense it was a toy program (~ 12k sLOC), but that's still less
than 0.2 warnings per sLOC.

> So as Ludovic put it, each time you read a C program you see a bug. I would
> add: and *know* that there are dozen other bugs you just do not care to
> look after.

Well, there were more bugs than warnings, that I am sure of.

>> Of course, with Ada you can have all this for free (pun intended).
>
> Ada has such problems as well:
>
>    overriding function Foo return Bar;
>   function Foo return Bar is
>    begin
>       raise Use_Error; -- This won't compile
>    end No_Way;

Quite right. Your point is that the appropriate return statement would be
dead code, which is not allowed in DO-178B Level A software? ;)


Vinzent.

-- 
You know, we're sitting on four million pounds of fuel, one nuclear weapon,
and a thing that has 270,000 moving parts built by the lowest bidder.
Makes you feel good, doesn't it?
   --  Rockhound, "Armageddon"

Re: How do I write directly to a memory address?

[Shark8]

On Feb 9, 10:54 am, Hyman Rosen <hyro...@mail.com> wrote:
> On 2/9/2011 12:49 PM, Dmitry A. Kazakov wrote:
>
> > Anybody who sells software must become liable.
>
> In the U.S., software is expressive speech and cannot be
> legally constrained in this way. As it should be.

Not quite.
One can still make fraudulent claims about software and can
-- and should -- be liable for fraud.

Re: How do I write directly to a memory address?

[Shark8]

On Feb 9, 11:12 am, "Vinzent Hoefler"
<0439279208b62c95f1880bf0f8776...@t-domaingrabbing.de> wrote:
> Shark8 wrote:
> > On Feb 8, 2:56 pm, Simon Clubley <clubley@remove_me.eisner.decus.org-
> > Earth.UFP> wrote:
>
> >> > What so insane with just ones and zeros?
>
> >> I think what he means is that it's insane he's not getting to the
> >> interview stage if his competition cannot answer these questions.
>
> > Quite correct.
>
> Oh, yes. I should read more carefully.
>
> Explanation? Well, resumes are usually not read by the software engineers,
> or managers with the appropriate knowledge. Instead they are prefiltered by
> the human resource department. And there, anything is thrown out that
> doesn't have the proper papers or doesn't match the right TLAs.
>
> Vinzent.
>
> --
> You know, we're sitting on four million pounds of fuel, one nuclear weapon,
> and a thing that has 270,000 moving parts built by the lowest bidder.
> Makes you feel good, doesn't it?
>    --  Rockhound, "Armageddon"

IOW, "your resume isn't using enough buzzwords!!" right?
; )

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 2/9/2011 1:23 PM, Shark8 wrote:
> so long the resultant summation
> stays in the realm of the computer's [finite] number-system;
> when it attempts to exceed those limits an exception is raised
> as both expected and required.

So even for this restricted bit of code you cannot tell me
what will happen for a given value of N.

Re: How do I write directly to a memory address?

[Dmitry A. Kazakov]

On Wed, 09 Feb 2011 13:17:59 -0500, Hyman Rosen wrote:

> On 2/9/2011 1:02 PM, Dmitry A. Kazakov wrote:
>> On Wed, 09 Feb 2011 12:15:53 -0500, Hyman Rosen wrote:
>>
>>> Yes. If I'm going to believe someone who is claiming that
>>> certain things are wrong and need to be improved, I want
>>> to look at their work to see evidence that it is better
>>> than that of the people they criticize.
>>
>> No, you cannot. There are economical reasons (ruined, non-functioning
>> market of software), why it is impossible for anybody to design software
>> properly. Even if they wanted. Those who couldn't sell their souls are out
>> of business, long ago. There are some small niches remaining, rapidly
>> closing. Something must happen, really disastrous (and it will), that would
>> make the society and the law makers to rethink the ways. But so far
>> everybody is happy except for a couple of retrogrades from c.l.a.
> 
> How can you consider something to be "proper design" when
> it cannot produce working software in a timely fashion?

"Working" needs to be defined.

> Software exists to do things, not to live in perfect and
> abstract beauty. A design methodology must be able to
> produce the ting it is meant to produce by the time it is
> needed, or it is not a useful methodology.

No, the technology must be able to produce an economically reasonable
product. The software industry in its present state is not economically
sustainable because the producers are not liable to software faults. Which
means that there exist hidden costs of software paid by others. This is a
form socialism (distribution of wealth), which is known for not working.

> When other methodologies do so, and then someone comes along
> and says the results of those methodologies are garbage, I
> would consider him a crank - after all, here is the product
> in front of me, and to all appearances it works as it should.

Here is a steak infected by botulin in front of you. How do you know it
works as it should?

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 2/9/2011 1:12 PM, Vinzent Hoefler wrote:
> resumes are usually not read by the software engineers

Fortunately, resumés aren't *written* by software engineers
either. They're written by recruitment agents who carefully
add all the TLAs that the HR departments want to see :-)

Re: How do I write directly to a memory address?

[Dmitry A. Kazakov]

On Wed, 09 Feb 2011 13:07:19 -0500, Hyman Rosen wrote:

> On 2/9/2011 12:49 PM, Dmitry A. Kazakov wrote:
>> There is nothing beyond the requirements.
> 
> You cannot use the word "requirements" as if it is simple.
> What are the requirements of an Ada compiler?

There is a certification procedure that includes conformity tests.

> I submit that
> specifying the requirements of a program is identical to
> writing that program,

It is not. The proof is simple: there exist more than one correct
implementation.

>> Hmm, isn't murder a criminal offence in the US? And look there is a huge
>> crowd of leftists lobbying for taking guns away. The same people are silent
>> about cars! They could at least require that cars were in state property.
>> No? Cars kill thousands, but these are acceptable deaths.
> 
> Actually, the same crowd of leftists would be happy to take
> away the cars as well. Furthermore, many car deaths could be
> avoided by design changes - we could armor cars like tanks,
> and we could limit their speed to under thirty miles per hour
> for example. But our legal system does not require this of car
> manufacturers,

Right, this is because having such cars is felt acceptable.

> and it would similarly not hold software makers
> liable for not using Ada.

No need for that, they must be liable for damages of certain extent.

>>> And in fact, people treat computer programs as they do other more
>>> physical objects.
>>
>> Not really. Legally you don't even own most of the programs you are using.
> 
> Irrelevant. People treat computer programs as they do other more
> physical objects regardless of what the law says.

Not knowing the law does not make you immune to its consequences.

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de

Re: How do I write directly to a memory address?

[Vinzent Hoefler]

Adam Beneschan wrote:

> On Feb 8, 1:16 pm, "Vinzent Hoefler"
> <0439279208b62c95f1880bf0f8776...@t-domaingrabbing.de> wrote:
>> Adam Beneschan wrote:
>> > On Feb 8, 12:01 pm, Hyman Rosen <hyro...@mail.com> wrote:
>> >> On 2/8/2011 2:43 PM, Dmitry A. Kazakov wrote:
>>
>> >> > Three candidates in a row I have interviewed for a C/C++/C# position could
>> >> > not answer the question how to test the 3rd bit of a byte in C. All three
>> >> > had 3+ years of programming "experience."
>>
>> >>      (byte & (1 << (3 - 1)))
>>
>> > That's not the correct answer.  The correct answer is to ask, "Third
>> > bit from which end?"
>>
>>  From the less significant end, unless you want the bit numbers to change when
>> assigned to different sized variables.
>
> The original question was how to test the 3rd bit of a *byte* (let's
> assume "byte" means 8 bits), not how to test the 3rd bit of an
> mathematical integer value that could be stored in variables of
> different sizes.

So bit 3 of a 32-bit word is a different bit than that of a byte?

> between computers use the terms "bit 0", "bit 1", "bit 2"---and I've
> seen those terms used both ways, i.e. where bit 0 refers to the high-
> order bit, or where it refers to the low-order bit.

Those data-sheets which count from the wrong side simply have it wrong.

As long as you can't address individual bits (and I am not talking about
bit set instructions which some CPUs have, but real addresses), the notion
of endianess for bit-order does not make sense. You could not even tell the
difference.


Vinzent.

-- 
You know, we're sitting on four million pounds of fuel, one nuclear weapon,
and a thing that has 270,000 moving parts built by the lowest bidder.
Makes you feel good, doesn't it?
   --  Rockhound, "Armageddon"

Re: How do I write directly to a memory address?

[Vinzent Hoefler]

Simon Wright wrote:

> "Vinzent Hoefler" <0439279208b62c95f1880bf0f8776eeb@t-domaingrabbing.de>
> writes:
>
>> Adam Beneschan wrote:
>>
>>> That's not the correct answer.  The correct answer is to ask, "Third
>>> bit from which end?"
>>
>> From the less significant end, unless you want the bit numbers to
>> change when assigned to different sized variables.
>
> Well, on big-endian hardware like standard PowerPC, they - in some sense
> - do.

No. Even although Ada has the somewhat flawed concept of Bit_Order, there
isn't any sense on turning it around. Bit 0 is the bit with the value 2**0,
Bit 1 is 2**1, ... and that's true on _every_ hardware, no matter on which
side of the chip the flip-flop storing the bit is located. ;)


Vinzent.

-- 
You know, we're sitting on four million pounds of fuel, one nuclear weapon,
and a thing that has 270,000 moving parts built by the lowest bidder.
Makes you feel good, doesn't it?
   --  Rockhound, "Armageddon"

Re: How do I write directly to a memory address?

[Vinzent Hoefler]

Simon Wright wrote:

>    --   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
>    --  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>    --  |LI | VN  |Mode |    Stratum    |     Poll      |   Precision   |
>    --  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>
> (this one is my own work, for project purposes we put the byte numbers
> in as well).

Actually, we use something similar. Funny thing is that the natural word
size there is 16 bits, so a 32-bit value starts at bit 15 (which is the
MSB) according to the documentation. That doesn't make it right, does it?

> I don't think I've ever met anyone who naturally thought big-endian;
> perhaps it's a first-machine effect.

I simply think binary number system. ;)


Vinzent.

-- 
You know, we're sitting on four million pounds of fuel, one nuclear weapon,
and a thing that has 270,000 moving parts built by the lowest bidder.
Makes you feel good, doesn't it?
   --  Rockhound, "Armageddon"

Re: How do I write directly to a memory address?

[Vinzent Hoefler]

Hyman Rosen wrote:

> On 2/8/2011 4:46 PM, Vinzent Hoefler wrote:
>> And it's still wrong. As we all know, C programmers start counting
>> with zero (including bit numbers), so you're bit-addressing is off
>> by one.
>
> DK was asking for "the third bit". C programmers use the
> conventional meaning of "first", "second", etc.

So the first array index is 0 or 1? Same with bit numbers.


Vinzent.

-- 
You know, we're sitting on four million pounds of fuel, one nuclear weapon,
and a thing that has 270,000 moving parts built by the lowest bidder.
Makes you feel good, doesn't it?
   --  Rockhound, "Armageddon"

Re: How do I write directly to a memory address?

[J-P. Rosen]

Le 09/02/2011 19:39, Vinzent Hoefler a écrit :

> No. Even although Ada has the somewhat flawed concept of Bit_Order, there
> isn't any sense on turning it around. Bit 0 is the bit with the value 2**0,
> Bit 1 is 2**1, ... and that's true on _every_ hardware, no matter on which
> side of the chip the flip-flop storing the bit is located. ;)
> 
On every hardware you know... I have worked with computers wher bit 0
corresponded to 2**31.

-- 
---------------------------------------------------------
           J-P. Rosen (rosen@adalog.fr)
Adalog a déménagé / Adalog has moved:
2 rue du Docteur Lombard, 92441 Issy-les-Moulineaux CEDEX
Tel: +33 1 45 29 21 52, Fax: +33 1 45 29 25 00

Re: How do I write directly to a memory address?

[Vinzent Hoefler]

Shark8 wrote:

> IOW, "your resume isn't using enough buzzwords!!" right?
> ; )

More or less, yes.

I remember a job ad from around 2002 where they required at least
15 years experience in Java.

They could have asked James Gosling directly, that was about the only
person who could have fit that profile - if he wasn't too old already.


Vinzent.

-- 
You know, we're sitting on four million pounds of fuel, one nuclear weapon,
and a thing that has 270,000 moving parts built by the lowest bidder.
Makes you feel good, doesn't it?
   --  Rockhound, "Armageddon"

Re: How do I write directly to a memory address?

[Vinzent Hoefler]

Hyman Rosen wrote:

> On 2/9/2011 1:12 PM, Vinzent Hoefler wrote:
>> resumes are usually not read by the software engineers
>
> Fortunately, resumés aren't *written* by software engineers
> either. They're written by recruitment agents who carefully
> add all the TLAs that the HR departments want to see :-)

Well, I wrote mine myself. And it even did the job. ;)


Vinzent.

-- 
You know, we're sitting on four million pounds of fuel, one nuclear weapon,
and a thing that has 270,000 moving parts built by the lowest bidder.
Makes you feel good, doesn't it?
   --  Rockhound, "Armageddon"

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 2/9/2011 1:34 PM, Dmitry A. Kazakov wrote:
> "Working" needs to be defined.

Whatever the definition, "not existing" doesn't qualify.

> No, the technology must be able to produce an economically reasonable
> product. The software industry in its present state is not economically
> sustainable because the producers are not liable to software faults. Which
> means that there exist hidden costs of software paid by others. This is a
> form socialism (distribution of wealth), which is known for not working.

The cost of software is borne by manufacturers of devices which
need it to function (e.g., Apple), or by end users who purchase
it (e.g., Call of Duty: Black Ops), or by companies which build
empires on top of it and use it to acquire money in other ways
(e.g., Google). It is nonsense to say that producers are not
liable for software faults - such faults are punished by market
forces rather than legal ones, but they are indeed punished.

Socialization of software costs comes when governments fund software
development. Many of those attempts fail precisely because of the
lack of market forces pressuring the developers. Instead, they suck
money from the public until the projects are abandoned. And fairly
or no, many people would include Ada in this category.

> Here is a steak infected by botulin in front of you.
 > How do you know it works as it should?

Because I purchased it from a vendor who is subject to periodic
inspections by my city's Board of Health, who in turn bought it
from a supplier who is subject to the USDA. Before I purchased
it I examined the packaging and the appearance of the steak and
it looked much like other good steaks I have eaten in the past.
If, nevertheless, the steak is infected, I may get sick. But I
would find it unreasonable to submit each piece of food I was
about to eat to a laboratory procedure to prove its safety.

Re: How do I write directly to a memory address?

[KK6GM]

On Feb 9, 9:15 am, Hyman Rosen <hyro...@mail.com> wrote:
> On 2/9/2011 11:46 AM, KK6GM wrote:
>
> >> I submit that it's all of a piece - it's programmers staying in
> >> their comfort zones instead of understanding that custom and style
> >> change and should be accommodated, not scorned.
>
> > Is that really the main point you took away from the three articles
> > (articles about software engineering _education_, let us not forget)?
>
> Yes. If I'm going to believe someone who is claiming that
> certain things are wrong and need to be improved, I want
> to look at their work to see evidence that it is better
> than that of the people they criticize. Instead, I see
> people who have had to be dragged kicking and screaming
> into modernity, and who haven't completed the trip.

You seem unwilling to distinguish between productivity-enhancing tools
that may be used used by people who _are_ trained in X, and concepts
that might be beneficial to people _being_ trained in X.

And again, that you would focus on a throw-away line and ignore the
arguments being presented is just odd.

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 2/9/2011 1:44 PM, Vinzent Hoefler wrote:
> So the first array index is 0 or 1? Same with bit numbers.

The first array index is 0, and the first bit number is 0.
DK asked for the "third bit" not "bit number three".

Re: How do I write directly to a memory address?

[Vinzent Hoefler]

J-P. Rosen wrote:

> Le 09/02/2011 19:39, Vinzent Hoefler a écrit :
>
>> No. Even although Ada has the somewhat flawed concept of Bit_Order, there
>> isn't any sense on turning it around. Bit 0 is the bit with the value 2**0,
>> Bit 1 is 2**1, ... and that's true on _every_ hardware, no matter on which
>> side of the chip the flip-flop storing the bit is located. ;)
>>
> On every hardware you know...

No. On _every_ hardware. Otherwise you would even need to flip the bits
representing an integer.

> I have worked with computers wher bit 0
> corresponded to 2**31.

Then they just counted it wrong.


Vinzent.

-- 
You know, we're sitting on four million pounds of fuel, one nuclear weapon,
and a thing that has 270,000 moving parts built by the lowest bidder.
Makes you feel good, doesn't it?
   --  Rockhound, "Armageddon"

Re: How do I write directly to a memory address?

[Vinzent Hoefler]

Hyman Rosen wrote:

> On 2/9/2011 1:44 PM, Vinzent Hoefler wrote:
>> So the first array index is 0 or 1? Same with bit numbers.
>
> The first array index is 0, and the first bit number is 0.
> DK asked for the "third bit" not "bit number three".

And your macro subtracts one from the bit number.


Vinzent.

-- 
You know, we're sitting on four million pounds of fuel, one nuclear weapon,
and a thing that has 270,000 moving parts built by the lowest bidder.
Makes you feel good, doesn't it?
   --  Rockhound, "Armageddon"

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 2/9/2011 1:36 PM, Dmitry A. Kazakov wrote:
> On Wed, 09 Feb 2011 13:07:19 -0500, Hyman Rosen wrote:
>
>> On 2/9/2011 12:49 PM, Dmitry A. Kazakov wrote:
>>> There is nothing beyond the requirements.
>>
>> You cannot use the word "requirements" as if it is simple.
>> What are the requirements of an Ada compiler?
>
> There is a certification procedure that includes conformity tests.

So it is your claim that a piece of software which passes
the certification procedure and the conformity tests is a
correct Ada compiler? Suppose I coded an Ada compiler which,
each time it compiled a program, picked an arbitrary even
number, and if it determined that the number was not the
sum of two primes then deliberately translated that program
incorrectly. Is that a correct Ada compiler?

>> I submit that
>> specifying the requirements of a program is identical to
>> writing that program,
>
> It is not. The proof is simple: there exist more than one correct
> implementation.

Really? Can you prove that the several implementations are
identical?

> Right, this is because having such cars is felt acceptable.

And so is having software that is built in ad hoc ways and
written in C++ instead of Ada.

> No need for that, they must be liable for damages of certain extent.

But they already are. See, for example,
<http://www.sec.gov/news/press/2011/2011-37.htm>, where a company has
settled a claim with SEC for 242 million dollars, entirely due to a
software error and its deliberate concealment.

> Not knowing the law does not make you immune to its consequences.

Knowing the law does not necessarily make you more inclined to obey it.

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 2/9/2011 1:53 PM, KK6GM wrote:
> You seem unwilling to distinguish between productivity-enhancing tools
> that may be used used by people who _are_ trained in X, and concepts
> that might be beneficial to people _being_ trained in X.

No, I am saying that people who are trained in X have a tendency
to believe that X is everything, and are shocked to discover that
people now need and value Y.

> And again, that you would focus on a throw-away line and ignore the
> arguments being presented is just odd.

See, that's the same problem. Throw-away lines are the way we
communicate now (e.g., Twitter), not by long-winded reasonably
presented arguments. ( :-), maybe ) But seriously, I clicked on
the links and this statement just leaped out at me. I found it
so wrong-headed that I didn't think I needed to read any more.

Re: How do I write directly to a memory address?

[Shark8]

On Feb 9, 11:31 am, Hyman Rosen <hyro...@mail.com> wrote:
> On 2/9/2011 1:23 PM, Shark8 wrote:
>
> > so long the resultant summation
> > stays in the realm of the computer's [finite] number-system;
> > when it attempts to exceed those limits an exception is raised
> > as both expected and required.
>
> So even for this restricted bit of code you cannot tell me
> what will happen for a given value of N.

Sure I can; but to do that I need to be given a value of N, obviously.
We can also show its correctness via mathematical induction.

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 2/9/2011 1:59 PM, Vinzent Hoefler wrote:
> And your macro subtracts one from the bit number.

No, from the ordinal :-)

<http://en.wikipedia.org/wiki/Ordinal_number_%28linguistics%29>

Re: How do I write directly to a memory address?

[Vinzent Hoefler]

Hyman Rosen wrote:

> On 2/9/2011 1:59 PM, Vinzent Hoefler wrote:
>> And your macro subtracts one from the bit number.
>
> No, from the ordinal :-)

Well, /that/ level of abstraction is unusual. For C-programmers that is. ;)


Vinzent.

-- 
You know, we're sitting on four million pounds of fuel, one nuclear weapon,
and a thing that has 270,000 moving parts built by the lowest bidder.
Makes you feel good, doesn't it?
   --  Rockhound, "Armageddon"

Re: How do I write directly to a memory address?

[Shark8]

> > It is not. The proof is simple: there exist more than one correct
> > implementation.
>
> Really? Can you prove that the several implementations are
> identical?


Yes. It takes a bit of doing but check out the proofs of recursive
& iterative implementations of functions being identical. The
methods used in the implementations are *NOT* identical, but
the methods themselves are identical in that for ANY input
given they produce the EXACT SAME output.

Example, exponentiation:
Function Exponent(Base : In Integer; Exp : In Natural) Return Integer
is
begin
  case Exp is
   When 0 => Return 1;
   When 1 => Return Base;
   When Others =>
    if Exp mod 2 = 1 then
     Declare
       Temp : Integer:= Exp( Base, (Exp-1)/2 );
     begin
       Return Temp * Temp * Base;
     end;
    else
     Declare
       Temp : Integer:= Exp( Base, Exp/2 );
     begin
       Return Temp * Temp;
     end;
    end if;
  end case;
end;

AND

Function Exponent_2(Base : In Integer; Exp : In Natural) Return
Integer is
begin
Return Result : Integer:= 1 do
  For Index in 1..Exp loop
   Result:= Result * Base;
  end loop;
end Return;
end;

AND

Function "**"( Left : In Integer; Right : In Natural ) Return Integer;

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 2/9/2011 2:20 PM, Shark8 wrote:
> Sure I can; but to do that I need to be given a value of N, obviously.

OK, how about N = 90?

 > We can also show its correctness via mathematical induction.

Go ahead, do that.

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 2/9/2011 2:30 PM, Vinzent Hoefler wrote:
> Hyman Rosen wrote:
>
>> On 2/9/2011 1:59 PM, Vinzent Hoefler wrote:
>>> And your macro subtracts one from the bit number.
>>
>> No, from the ordinal :-)
>
> Well, /that/ level of abstraction is unusual. For C-programmers that is. ;)

It's in C, so to figure out what it does, you have to read the body :-)

Re: How do I write directly to a memory address?

[Dmitry A. Kazakov]

On Wed, 09 Feb 2011 13:52:07 -0500, Hyman Rosen wrote:

> On 2/9/2011 1:34 PM, Dmitry A. Kazakov wrote:
> 
>> No, the technology must be able to produce an economically reasonable
>> product. The software industry in its present state is not economically
>> sustainable because the producers are not liable to software faults. Which
>> means that there exist hidden costs of software paid by others. This is a
>> form socialism (distribution of wealth), which is known for not working.
> 
> The cost of software is borne by manufacturers of devices which
> need it to function (e.g., Apple), or by end users who purchase
> it (e.g., Call of Duty: Black Ops), or by companies which build
> empires on top of it and use it to acquire money in other ways
> (e.g., Google). It is nonsense to say that producers are not
> liable for software faults - such faults are punished by market
> forces rather than legal ones, but they are indeed punished.

Look how MS was punished!

How many new OSes were developed in recent 20 years (0).
Name one SW company getting revenues from compiler sales (0) .
Develop a component library and sell it. How much would you earn (0).
Can you earn anything by selling a device driver?

Now consider the following statement. The most complex and expensive (in
terms of invested man-years and know-how) software is given away for free
or far under the real costs. OSes, compilers, numerical libraries, OCR,
drivers etc. You can sell only something simple, which one specific
customer needs because he cannot do it by himself and you could hack it in
a couple of months. Who pays for this banquet?

> Socialization of software costs comes when governments fund software
> development.

by buying Windows licenses.

Government is a dwarf playing no role on the would-be-market of software.

> Many of those attempts fail precisely because of the
> lack of market forces pressuring the developers.

Forces are lacking because there is no software market at all. It became a
monopoly long ago.

>> Here is a steak infected by botulin in front of you.
>  > How do you know it works as it should?
> 
> Because I purchased it from a vendor who is subject to periodic
> inspections by my city's Board of Health, who in turn bought it
> from a supplier who is subject to the USDA.

Who does inspect MS?

Who does the ECU of your car? Have you heard about the crash assistant
built in there? Do you have a steer by wire system? Brake by wire?

> Before I purchased
> it I examined the packaging and the appearance of the steak and
> it looked much like other good steaks I have eaten in the past.

Have you eaten another Windows?

> If, nevertheless, the steak is infected, I may get sick.

Who will pay for that? And who pays for Windows damages?

> But I
> would find it unreasonable to submit each piece of food I was
> about to eat to a laboratory procedure to prove its safety.

This tells about the level of acceptable risk.

Now the problem with software is that any risk is considered acceptable and
nobody is liable. With the food if you get poisoned, or merely fat (like in
the McDonald's cases), you may get a huge compensation exceeding the cost
of one steak in the proportion of one to 10**7. For the software you cannot
even get your money back. You call it a functioning model?

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 2/9/2011 2:41 PM, Shark8 wrote:
> Yes. It takes a bit of doing but check out the proofs of recursive
> &  iterative implementations of functions being identical. The
> methods used in the implementations are *NOT* identical, but
> the methods themselves are identical in that for ANY input
> given they produce the EXACT SAME output.

Can I play too? I'll write my routine in C, but the translation
to Ada should be readily apparent:

unsigned Exponent(unsigned base, unsigned exp)
{
     if (exp == 0) return 1;
     if (base == 0) return 0;
     while (true)
     {
         unsigned guess = random();
         unsigned g = guess;
         unsigned i = 0;
         while (g % base == 0 && i < exp)
         {
             g = g / base;
             i = i + 1;
         }
         if (g == 1 && i == exp) return guess;
     }
}

Is it OK if I replace your Exponent method with my implementation?

Re: How do I write directly to a memory address?

[Dmitry A. Kazakov]

On Wed, 09 Feb 2011 14:12:02 -0500, Hyman Rosen wrote:

> On 2/9/2011 1:36 PM, Dmitry A. Kazakov wrote:
>> On Wed, 09 Feb 2011 13:07:19 -0500, Hyman Rosen wrote:
>>
>>> On 2/9/2011 12:49 PM, Dmitry A. Kazakov wrote:
>>>> There is nothing beyond the requirements.
>>>
>>> You cannot use the word "requirements" as if it is simple.
>>> What are the requirements of an Ada compiler?
>>
>> There is a certification procedure that includes conformity tests.
> 
> So it is your claim that a piece of software which passes
> the certification procedure and the conformity tests is a
> correct Ada compiler?

No, my claim is that it is assumed validated.

>> Right, this is because having such cars is felt acceptable.
> 
> And so is having software that is built in ad hoc ways and
> written in C++ instead of Ada.

Yes, this is exactly what I consider as a problem. Crashing software is
felt acceptable. Food poisoning was too. Let them have it in their cars,
home automation systems, TV-sets and home entertainment systems etc, and
we'll see.

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de

Re: How do I write directly to a memory address?

[Dmitry A. Kazakov]

On Wed, 09 Feb 2011 19:25:16 +0100, Vinzent Hoefler wrote:

> Dmitry A. Kazakov wrote:
> 
>> Unfortunately not. The problem is that the C language was not designed in
>> order to be used at this level of scrutiny. It becomes extremely annoying
>> because many warnings are false negatives. It is a structural problem of C:
>> the number of false negatives cannot be reduced without increasing the
>> number of false positives. And this is not the compiler's problem only.
>> When you read C program you have to set your alarm level much lower than
>> for Ada. Because otherwise, you won't be able to understand the program at
>> all.
> 
> So tell me what I did wrong. In the eight months I spent in the auto-motive
> sector [so I literally moved up ;)] I did MISRA-C, both compilers were tuned
> to their maximum warning level and PC-Lint was run with a quite restrictive
> set of rules. The goal was zero warnings from those tools. I think, I had
> two which could not be circumvented and thus could count as false-positives.

You circumvented false alarm rather than fixed actual problems. Did it make
the program more readable?

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de

Re: How do I write directly to a memory address?

[Vinzent Hoefler]

Hyman Rosen wrote:

> On 2/9/2011 2:30 PM, Vinzent Hoefler wrote:
>> Hyman Rosen wrote:
>>
>>> On 2/9/2011 1:59 PM, Vinzent Hoefler wrote:
>>>> And your macro subtracts one from the bit number.
>>>
>>> No, from the ordinal :-)
>>
>> Well, /that/ level of abstraction is unusual. For C-programmers that is. ;)
>
> It's in C, so to figure out what it does, you have to read the body :-)

Unfortunately, that's much too true.


Vinzent.

-- 
You know, we're sitting on four million pounds of fuel, one nuclear weapon,
and a thing that has 270,000 moving parts built by the lowest bidder.
Makes you feel good, doesn't it?
   --  Rockhound, "Armageddon"

Re: How do I write directly to a memory address?

[Vinzent Hoefler]

Dmitry A. Kazakov wrote:

> Who does the ECU of your car? Have you heard about the crash assistant
> built in there? Do you have a steer by wire system? Brake by wire?

The latter aka. "break by wire". ;)


Vinzent.

-- 
You know, we're sitting on four million pounds of fuel, one nuclear weapon,
and a thing that has 270,000 moving parts built by the lowest bidder.
Makes you feel good, doesn't it?
   --  Rockhound, "Armageddon"

Re: How do I write directly to a memory address?

[Simon Wright]

Hyman Rosen <hyrosen@mail.com> writes:

> On 2/9/2011 12:49 PM, Dmitry A. Kazakov wrote:
>> Anybody who sells software must become liable.
>
> In the U.S., software is expressive speech and cannot be
> legally constrained in this way. As it should be.

What about embedded software? of course, the safety case covers the
whole device, the software is only a part of the system. We sue the
company who built the car/heart monitor/xray machine.

I imagine that the software house that subcontracted the development
might well find itself in court as well.

Re: How do I write directly to a memory address?

[Vinzent Hoefler]

Dmitry A. Kazakov wrote:

> On Wed, 09 Feb 2011 19:25:16 +0100, Vinzent Hoefler wrote:
>
>> Dmitry A. Kazakov wrote:
>>
>>> Unfortunately not. The problem is that the C language was not designed in
>>> order to be used at this level of scrutiny. It becomes extremely annoying
>>> because many warnings are false negatives. It is a structural problem of C:
>>> the number of false negatives cannot be reduced without increasing the
>>> number of false positives. And this is not the compiler's problem only.
>>> When you read C program you have to set your alarm level much lower than
>>> for Ada. Because otherwise, you won't be able to understand the program at
>>> all.
>>
>> So tell me what I did wrong. In the eight months I spent in the auto-motive
>> sector [so I literally moved up ;)] I did MISRA-C, both compilers were tuned
>> to their maximum warning level and PC-Lint was run with a quite restrictive
>> set of rules. The goal was zero warnings from those tools. I think, I had
>> two which could not be circumvented and thus could count as false-positives.
>
> You circumvented false alarm rather than fixed actual problems.

I wouldn't see it that way. Most warnings were actual defects (not necessarily
bugs in the common sense, but at least "questionable constructs" like using an
"int" where it should have been the appropriate typedef), some warnings even
turned out to be real bugs.

But well, with GNAT I also usually turn on most style-checks, even the real
masochistic ones, so my point of view in that matter is probably skewed.

> Did it make the program more readable?

Well it went through all code reviews with only minor objections (like "for
the ASM-function doing the RAM-check every single line shall have a comment").

So it probably was as readable as C-code could ever be. Of course, things like
putting "(void)" before each function where the return value is not evaluated
might not really count as "readable", but it's a good hint for the maintenance
programmer that it was ignored on purpose.


Vinzent.

-- 
You know, we're sitting on four million pounds of fuel, one nuclear weapon,
and a thing that has 270,000 moving parts built by the lowest bidder.
Makes you feel good, doesn't it?
   --  Rockhound, "Armageddon"

Re: How do I write directly to a memory address?

[Shark8]

On Feb 9, 1:00 pm, Hyman Rosen <hyro...@mail.com> wrote:
> On 2/9/2011 2:41 PM, Shark8 wrote:
>
> > Yes. It takes a bit of doing but check out the proofs of recursive
> > &  iterative implementations of functions being identical. The
> > methods used in the implementations are *NOT* identical, but
> > the methods themselves are identical in that for ANY input
> > given they produce the EXACT SAME output.
>
> Can I play too? I'll write my routine in C, but the translation
> to Ada should be readily apparent:
>
> unsigned Exponent(unsigned base, unsigned exp)
> {
>      if (exp == 0) return 1;
>      if (base == 0) return 0;
>      while (true)
>      {
>          unsigned guess = random();
>          unsigned g = guess;
>          unsigned i = 0;
>          while (g % base == 0 && i < exp)
>          {
>              g = g / base;
>              i = i + 1;
>          }
>          if (g == 1 && i == exp) return guess;
>      }
>
> }
>
> Is it OK if I replace your Exponent method with my implementation?

No, yours rejects signed values for the bases; mine does not...
thus it violates the equal-inputs requirement.

Re: How do I write directly to a memory address?

[Shark8]

On Feb 9, 12:43 pm, Hyman Rosen <hyro...@mail.com> wrote:
> On 2/9/2011 2:20 PM, Shark8 wrote:
>
> > Sure I can; but to do that I need to be given a value of N, obviously.
>
> OK, how about N = 90?
>
>  > We can also show its correctness via mathematical induction.
>
> Go ahead, do that.

The Fibonacci Sequence is defined as the first two elements being 1,
and all successive elements being the summation of the previous two
elements.

Base Parts:
Fib(1) –> True
 Fib(1) = 1; as per definition.

Fib(2) –> True
 Fib(2) = 1; as per definition


Induction part:
Fib(N) –> Fib(N+1)
Given:
	Fib(N)	= Fib(N-1) + Fib(N-2);	as per definition
and	Fib(N) = Fib(N);			mathematical identity

Fib(N) + Fib(N-1);	Add Fib(N-1) to both sides, retaining equality;
		= Fib(N) + Fib(N-1)
		= Fib(N+1-1) + Fib(N+1-2)
		= Fib(N+1)
Therefore, Fib(N) –> Fib(N+1).

Re: How do I write directly to a memory address?

[Simon Wright]

"Vinzent Hoefler" <0439279208b62c95f1880bf0f8776eeb@t-domaingrabbing.de>
writes:

> So bit 3 of a 32-bit word is a different bit than that of a byte?

Yes. On big-endian hardware.

A 32-bit big-endian integer with bit 3 set would be 16#10_00_00_00#.

(You've moved the goalposts a bit; we were talking about "the third
bit"!)

Re: How do I write directly to a memory address?

[Vinzent Hoefler]

Simon Wright wrote:

> What about embedded software? of course, the safety case covers the
> whole device, the software is only a part of the system. We sue the
> company who built the car/heart monitor/xray machine.
>
> I imagine that the software house that subcontracted the development
> might well find itself in court as well.

That's why the contractor requires a SPICE (CMMI in the U.S.) level
certificate and subcontractors are happy to have it:

Contractor:    "Judge, it's not our fault, we contracted someone who was
                 certified following the best practices according to the
                 process."

Subcontractor: "It's not our fault, we are certified to follow the best
                 practices by an independent auditor. We usually do not
                 make this kind of mistake, but as we all know - shit just
                 happens."

Judge:         "So you are telling me, that it was just an accident and
                 a very unfortunate series of unforeseeable events that
                 led to the detonation of the nuke right in the middle of
                 that big city!?"


Vinzent.

-- 
You know, we're sitting on four million pounds of fuel, one nuclear weapon,
and a thing that has 270,000 moving parts built by the lowest bidder.
Makes you feel good, doesn't it?
   --  Rockhound, "Armageddon"

Re: How do I write directly to a memory address?

[Vinzent Hoefler]

Simon Wight wrote:

> "Vinzent Hoefler" <0439279208b62c95f1880bf0f8776eeb@t-domaingrabbing.de>
> writes:
>
>> So bit 3 of a 32-bit word is a different bit than that of a byte?
>
> Yes. On big-endian hardware.

That's a misconception, although a common one. Endianess is only defined
for bytes, that's why it's also often called byte-order.

> A 32-bit big-endian integer with bit 3 set would be 16#10_00_00_00#.

I would set 2#100#. That's independent from the byte-order and the actual
type's size.

> (You've moved the goalposts a bit; we were talking about "the third
> bit"!)

Yes. That would have been bit 2. ;)


Vinzent.

-- 
You know, we're sitting on four million pounds of fuel, one nuclear weapon,
and a thing that has 270,000 moving parts built by the lowest bidder.
Makes you feel good, doesn't it?
   --  Rockhound, "Armageddon"

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 2/9/2011 2:48 PM, Dmitry A. Kazakov wrote:
> Look how MS was punished!

If they prospered, it was because the perceived benefits of
using their work outweighed the perceived flaws.

> How many new OSes were developed in recent 20 years (0).

Linux and its Android offshoots, Symbian, iOS, Palm OS.

> Name one SW company getting revenues from compiler sales (0) .

AdaCore!

> Develop a component library and sell it. How much would you earn (0).

My wife pays thousands of dollars a year to (now) IBM for the
CPLEX optimizer library which she uses in her product.
<http://www-01.ibm.com/software/integration/optimization/cplex-optimizer/>

> Can you earn anything by selling a device driver?

Apparently Thesycon thinks so:
<http://www.thesycon.de/usbio/usbio_win_pricelist.pdf>

What is the point of this, anyway? Some business models make
money in certain environments, and others do not. The is no
entitlement that it should be possible to make money developing
and selling software. Some people can, some cannot.

> Now consider the following statement. The most complex and expensive (in
> terms of invested man-years and know-how) software is given away for free
> or far under the real costs. OSes, compilers, numerical libraries, OCR,
> drivers etc. You can sell only something simple, which one specific
> customer needs because he cannot do it by himself and you could hack it in
> a couple of months. Who pays for this banquet?

The people who are choosing to give it away, by finding other
business models which bring in money to offset the development
costs. I could say that the most brilliant acting performances,
the most hilarious comedy, the most deeply felt tragedy, the
most imaginative science fiction, the most suspenseful mysteries
are all created by an industry that then simply flings them to
the world for free on the air waves. Who pays for this banquet?

>> Socialization of software costs comes when governments fund software
>> development.
>
> by buying Windows licenses.

No, that's false. That is buying an existing product. If the
vendor chooses to use that money for further development, that
is not the same as the government directly funding development
of products that do not yet exist. When a government office
buys a stapler, that does not mean that the government is
funding the development of better staplers. Money is fungible.

> Government is a dwarf playing no role on the would-be-market
 > of software.

The failed FAA project <http://www.teamlalala.com/blog/category/faa/>
cost some 3.7 billion dollars. Various failed IRS projects have cost
over fifty billion dollars. That's a smallish piece of the total market,
but it's plenty large.

>> Many of those attempts fail precisely because of the
>> lack of market forces pressuring the developers.
>
> Forces are lacking because there is no software market at all.
 > It became a monopoly long ago.

Long ago? Microsoft has only been a public corporation for
twenty-five years! OS/2 was being actively promoted by IBM
twenty years ago. There are hundreds of millions of smart
telephones currently active, each vastly more powerful than
the PCs of that long ago, all running non-MS software. And
there is an enormous market for game software on a variety of
platforms. One such game, Call of Duty: Black Ops, brought in
over one billion dollars in sales. The game World of Warcraft
has twelve million subscribers each paying a monthly fee ($13
in the US).

Just because it may not be profitable to do what you want to
do in the way that you want to do it is no reason to believe
that there are no business models from which to earn money
developing and selling software.

> Who does inspect MS?

The world community, through reports and reviews. Even hackers
play their part, hastening the repair of problems by exposing
users and thus MS to risk.

> Who does the ECU of your car? Have you heard about the crash assistant
> built in there? Do you have a steer by wire system? Brake by wire?

The manufacturer, the NHTSA, and even NASA. And we know, because of the
extended investigations into the Toyota sudden acceleration problems,
that the systems are working properly:
<http://www.nhtsa.gov/staticfiles/nvs/pdf/NASA-UA_report.pdf>

> Have you eaten another Windows?

Over the years I have used version after version of Windows as I
changed computers, and I have found them all suitable to task. I
currently use Windows 7 and it works fine.

>> If, nevertheless, the steak is infected, I may get sick.
>
> Who will pay for that? And who pays for Windows damages?

My health insurance company, to whom my employer and I pay
premiums against such an eventuality. Windows damages, such
as they are, are paid by the people who are damaged.

>> But I
>> would find it unreasonable to submit each piece of food I was
>> about to eat to a laboratory procedure to prove its safety.
>
> This tells about the level of acceptable risk.
>
> Now the problem with software is that any risk is considered acceptable and
> nobody is liable. With the food if you get poisoned, or merely fat (like in
> the McDonald's cases), you may get a huge compensation exceeding the cost
> of one steak in the proportion of one to 10**7. For the software you cannot
> even get your money back. You call it a functioning model?

Certainly. It functions quite well. You know where else I can't get
my money back? If I go to a restaurant and the food is lousy, or I
go to a show and the acting is dreadful. It's all a matter of business
models.

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 2/9/2011 3:01 PM, Dmitry A. Kazakov wrote:
> Yes, this is exactly what I consider as a problem. Crashing software is
> felt acceptable. Food poisoning was too. Let them have it in their cars,
> home automation systems, TV-sets and home entertainment systems etc, and
> we'll see.

You may not have noticed, but we already have cars, home automation
systems, TV sets, and home entertainment systems and they work quite
well. When they don't, many are field upgradeable and the manufacturer
provides easily applied software updates.

Re: How do I write directly to a memory address?

[Maciej Sobczak]

On Feb 9, 9:43 am, "Dmitry A. Kazakov" <mail...@dmitry-kazakov.de>
wrote:

> >>> q.e.d. what?
>
> >> 1. const T /= T
> >> 2. not (const T <: T)
>
> > That's of course very interesting, but does not relate to the example
> > that we are discussing.
>
> It does, because const T is the type of the actual parameter and T is the
> type of the formal parameter.

No, because formal and actual are distinct objects in C. They are not
related (they are assigned to each other, but this is very weak
relationship), so there is no type substitution. And therefore there
is no contract that might be broken.

> > No. According to the C standard (6.5.2.2/4) this is *assignment*.
>
> Making local copies requires copy constructor. That's for sure.

For sure the word "constructor" does not appear in the C standard, not
even once, so I would not bet my money on this requirement.

> But this is
> unrelated to the substitution, which is always there when you call a
> subprogram with parameters and/or results.

In C you don't call a subprogram with parameters, they are assigned -
you seem to try to apply the Ada terminology to C and you go nowhere
with this.

> Note that the assignment's implied profile is:
>
>    procedure ":=" (Left : in out Integer; Right : Integer);
>
> When J is substituted for Right there is no problem because the anonymous
> types of "constant T" and "in T" are same in Ada.

Cool. So what's the implied profile of the copy constructor (which is
not even mentioned in the C standard) for int? How is it supposed to
work? Oops.

Stop applying Ada terminology to C, because this leads you to wrong
conclusions.

--
Maciej Sobczak * http://www.inspirel.com

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 2/9/2011 3:19 PM, Vinzent Hoefler wrote:
> So it probably was as readable as C-code could ever be. Of course, things like
> putting "(void)" before each function where the return value is not evaluated
> might not really count as "readable", but it's a good hint for the maintenance
> programmer that it was ignored on purpose.

Ugh. I would never allow such constructs to pass inspection.
It isn't idiomatic C, and it's ugly as sin.

Why might you have such ignored returns? For example, strcat
and strcpy return their first argument so you can cascade,

     strcat(strcat(strcpy(buf, "a"), "b"), "c");

but typically you're just doing

     strcpy(buf, "hello");

If you write

     (void)strcpy(buf, "hello");

that doesn't tell me you're careful, I'll just hate you.

Re: How do I write directly to a memory address?

[Anonymous]

Damn and I was just about to approve a purchase order ;)

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 2/9/2011 3:25 PM, Shark8 wrote:
> No, yours rejects signed values for the bases; mine does not...
> thus it violates the equal-inputs requirement.

If you insist:

long Exponent(long base, unsigned exp)
{
     if (exp == 0) return 1;
     if (base == 0) return 0;
     int sign = base < 0 && exp % 2 == 1 ? -1 : 1;
     if (base < 0) base = -base;
     while (true)
     {
         long guess = random();
         long g = guess;
         unsigned i = 0;
         while (g % base == 0 && i < exp)
         {
             g /= base;
             ++i;
         }
         if (g == 1 && i == exp) return guess * sign;
     }
}

OK, now can I use my routine instead of yours?

Re: How do I write directly to a memory address?

[Shark8]

On Feb 9, 2:20 pm, Hyman Rosen <hyro...@mail.com> wrote:
> On 2/9/2011 3:25 PM, Shark8 wrote:
>
> > No, yours rejects signed values for the bases; mine does not...
> > thus it violates the equal-inputs requirement.
>
> If you insist:
>
> long Exponent(long base, unsigned exp)
> {
>      if (exp == 0) return 1;
>      if (base == 0) return 0;
>      int sign = base < 0 && exp % 2 == 1 ? -1 : 1;
>      if (base < 0) base = -base;
>      while (true)
>      {
>          long guess = random();
>          long g = guess;
>          unsigned i = 0;
>          while (g % base == 0 && i < exp)
>          {
>              g /= base;
>              ++i;
>          }
>          if (g == 1 && i == exp) return guess * sign;
>      }
>
> }
>
> OK, now can I use my routine instead of yours?

Almost: prove it returns.

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 2/9/2011 3:29 PM, Shark8 wrote:
> On Feb 9, 12:43 pm, Hyman Rosen<hyro...@mail.com>  wrote:
>> On 2/9/2011 2:20 PM, Shark8 wrote:
>>
>>> Sure I can; but to do that I need to be given a value of N, obviously.
>>
>> OK, how about N = 90?
>>
>>   >  We can also show its correctness via mathematical induction.
>>
>> Go ahead, do that.
>
> The Fibonacci Sequence is defined as...

OK, let's see if I understand:

     Function SumTo( N : Positive ) Return Positive is
     begin
        Case N is
          When 1 => Return 1;
          When Others => Return 1 + SumTo(N-1);
        end case;
     end SumTo;

The induction should be similar, correct? So the induction
will tell me what result I will get for SumTo(100_000_000)?

Re: How do I write directly to a memory address?

[Simon Wright]

"Vinzent Hoefler" <0439279208b62c95f1880bf0f8776eeb@t-domaingrabbing.de>
writes:

> Simon Wright wrote:
>
>> "Vinzent Hoefler" <0439279208b62c95f1880bf0f8776eeb@t-domaingrabbing.de>
>> writes:
>>
>>> Adam Beneschan wrote:
>>>
>>>> That's not the correct answer.  The correct answer is to ask,
>>>> "Third bit from which end?"
>>>
>>> From the less significant end, unless you want the bit numbers to
>>> change when assigned to different sized variables.
>>
>> Well, on big-endian hardware like standard PowerPC, they - in some
>> sense - do.
>
> No. Even although Ada has the somewhat flawed concept of Bit_Order,
> there isn't any sense on turning it around. Bit 0 is the bit with the
> value 2**0, Bit 1 is 2**1, ... and that's true on _every_ hardware, no
> matter on which side of the chip the flip-flop storing the bit is
> located. ;)

That is certainly the way my brain would like to work. However...

I've always understood that the bit numbering in big-endian Ada
compilers was chosen because that was the way bits were numbered in
standard big-endian architectures (eg, MC68000 as used in SUN systems).

On looking at the reference manual for the archetypal BE machine (the
MC68000 series), at
http://www.freescale.com/files/archives/doc/ref_manual/M68000PRM.pdf,
it's clear that bits are numbered with LSB=0. The bit instructions
(BSET, BTST) likewise.

But, in a bizarre attempt by the hardware designers to confuse the rest
of us, the bit *field* instructions are different: on Page 3-20, para
3.3.4,

"One of the data types provided by the MC68030 is the bit field,
consisting of as many as 32 consecutive bits. An offset from an
effective address and a width value defines a bit field. The offset is a
value in the range of – 231 through 231 – 1 from the most significant
bit (bit 7) at the effective address. The width is a positive number, 1
through 32. The most significant bit of a bit field is bit 0. The bits
number in a direction opposite to the bits of an integer."

I guess the bit field instructions were more commonly used (for a start,
BSET etc were limited to a byte when operating in store).

Looking at the equivalent for the PowerPC -
http://www.ibm.com/developerworks/systems/library/es-archguide-v2.html,
Book I, we at least see consistency:

"Bits in registers, instructions, and fields are specified as follows.

- Bits are numbered left to right, starting with bit 0.

- Ranges of bits are specified by two numbers separated by a colon
  (:). The range p:q consists of bits p through q."


So, at a hardware level, like it or not, (some) big-endian processors
Really Do Number The Bits From The MSB.

Re: How do I write directly to a memory address?

[Dmitry A. Kazakov]

On Wed, 9 Feb 2011 13:07:55 -0800 (PST), Maciej Sobczak wrote:

> On Feb 9, 9:43�am, "Dmitry A. Kazakov" <mail...@dmitry-kazakov.de>
> wrote:
> 
>>>>> q.e.d. what?
>>
>>>> 1. const T /= T
>>>> 2. not (const T <: T)
>>
>>> That's of course very interesting, but does not relate to the example
>>> that we are discussing.
>>
>> It does, because const T is the type of the actual parameter and T is the
>> type of the formal parameter.
> 
> No, because formal and actual are distinct objects in C.

So what? It seems that you are confusing parameter passing mode and
substitution.

>>> No. According to the C standard (6.5.2.2/4) this is *assignment*.
>>
>> Making local copies requires copy constructor. That's for sure.
> 
> For sure the word "constructor" does not appear in the C standard, not
> even once, so I would not bet my money on this requirement.

I used the term constructor because semantically this is not an assignment.
Assignment destroys the target and then constructs new object. When the
parameter is copied-in it is semantically only construction (+allocation).

>> But this is
>> unrelated to the substitution, which is always there when you call a
>> subprogram with parameters and/or results.
> 
> In C you don't call a subprogram with parameters, they are assigned -
> you seem to try to apply the Ada terminology to C and you go nowhere
> with this.

No, I am applying a typed language terminology. I don't care how C or Ada
name these things. For example, pointer is pointer even when "access" in
Ada.

Since the word "contract" is probably not even mentioned in the C standard,
it makes no sense to discuss it in the way you do. You could start just
with this and spare net traffic.

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de

Re: How do I write directly to a memory address?

[Shark8]

On Feb 9, 2:26 pm, Hyman Rosen <hyro...@mail.com> wrote:
> On 2/9/2011 3:29 PM, Shark8 wrote:
>
> > On Feb 9, 12:43 pm, Hyman Rosen<hyro...@mail.com>  wrote:
> >> On 2/9/2011 2:20 PM, Shark8 wrote:
>
> >>> Sure I can; but to do that I need to be given a value of N, obviously.
>
> >> OK, how about N = 90?
>
> >>   >  We can also show its correctness via mathematical induction.
>
> >> Go ahead, do that.
>
> > The Fibonacci Sequence is defined as...
>
> OK, let's see if I understand:
>
>      Function SumTo( N : Positive ) Return Positive is
>      begin
>         Case N is
>           When 1 => Return 1;
>           When Others => Return 1 + SumTo(N-1);
>         end case;
>      end SumTo;
>
> The induction should be similar, correct? So the induction
> will tell me what result I will get for SumTo(100_000_000)?

Er, no.
Induction just proves that for some statement P, and some
parameter n {where n may or may not be constrained}, that
P(n) being true necessarily means that P(N+Step) is also
true. {I have to wax quite general here because* the
statement, P, and the step are not fixed in any way.}

What induction *CAN* do is tell you whether or not SumTo
is correctly constructed and that, barring exceptions, is
what guarantees the return-value to be correct.

IE It is a proof of correctness; not per se a returner of values.

* it is perfectly valid to run induction on, say, prime numbers
as steps (1,2,3,5,7,11,...)... though I can't readily think of
a case requiring it.

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 2/9/2011 4:23 PM, Shark8 wrote:
> Almost: prove it returns.

Sure. The function "random()" uses the h'Thunk pseudo-random
number subscription service. The manufacturer guarantees that
the stream of numbers returned is a permutation of the possible
positive values of type long. The Ada version available to
translated versions additionally guarantees to raise an exception
if it is called again after all possible values have been returned.

Re: How do I write directly to a memory address?

[Vinzent Hoefler]

Hyman Rosen wrote:

> On 2/9/2011 3:19 PM, Vinzent Hoefler wrote:
>> So it probably was as readable as C-code could ever be. Of course, things like
>> putting "(void)" before each function where the return value is not evaluated
>> might not really count as "readable", but it's a good hint for the maintenance
>> programmer that it was ignored on purpose.
>
> Ugh. I would never allow such constructs to pass inspection.
> It isn't idiomatic C, and it's ugly as sin.

AFAICT, it's a common coding standard in the automotive industry. Probably
based on MISRA, rule 86: "If a function returns error information, then
that error information should be tested."

There also was the rule that every "if" needs an "else", even if empty.

> Why might you have such ignored returns?

Because one does not fscking care about whatever bogus result the function
is returning? ;)

> If you write
>
>      (void)strcpy(buf, "hello");
>
> that doesn't tell me you're careful, I'll just hate you.

Don't hate me, hate the coding standard that tells you to do

(void) printf ("Hello, world.");

Or when was it the last time, that you evaluated the return code of printf()?
Or close()?


Vinzent.

-- 
You know, we're sitting on four million pounds of fuel, one nuclear weapon,
and a thing that has 270,000 moving parts built by the lowest bidder.
Makes you feel good, doesn't it?
   --  Rockhound, "Armageddon"

Re: How do I write directly to a memory address?

[Simon Wright]

Hyman Rosen <hyrosen@mail.com> writes:

> On 2/9/2011 2:48 PM, Dmitry A. Kazakov wrote:

>> Name one SW company getting revenues from compiler sales (0) .
>
> AdaCore!

Actually, they sell support contracts. (I agree that sometimes, eg for a
VxWorks cross-compiler, it can feel very like paying for the compiler!
You can build your own GCC-based cross, but - especially I suspect for
Ada - you may have considerable difficulty actually getting it to work).

Re: How do I write directly to a memory address?

[Dmitry A. Kazakov]

On Wed, 09 Feb 2011 15:56:05 -0500, Hyman Rosen wrote:

> On 2/9/2011 3:01 PM, Dmitry A. Kazakov wrote:
>> Yes, this is exactly what I consider as a problem. Crashing software is
>> felt acceptable. Food poisoning was too. Let them have it in their cars,
>> home automation systems, TV-sets and home entertainment systems etc, and
>> we'll see.
> 
> You may not have noticed,

I did! My DVD player crashed periodically. The new one isn't much better. I
have updated the firmware of my TV-set and it still has problems.

> When they don't, many are field upgradeable and the manufacturer
> provides easily applied software updates.

Applause, standing ovation.

Can't wait to start updating the fridge, light switches and the boiler.

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de

Re: How do I write directly to a memory address?

[Simon Wright]

"Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de> writes:

> Can't wait to start updating the fridge, light switches and the
> boiler.

It came as a surprise to me that I could update the firmware in my
camera's *lens"! (Panasonic DMC-G1K, kit lens)

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 2/9/2011 4:47 PM, Dmitry A. Kazakov wrote:
> Can't wait to start updating the fridge, light switches and the boiler.

It will give new meaning to the expression that you don't
own beer, you only rent it :-)

Re: How do I write directly to a memory address?

[Dmitry A. Kazakov]

On Wed, 09 Feb 2011 16:56:27 -0500, Hyman Rosen wrote:

> On 2/9/2011 4:47 PM, Dmitry A. Kazakov wrote:
>> Can't wait to start updating the fridge, light switches and the boiler.
> 
> It will give new meaning to the expression that you don't
> own beer, you only rent it :-)

(:-))

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de

Re: How do I write directly to a memory address?

[J-P. Rosen]

Le 09/02/2011 19:55, Vinzent Hoefler a écrit :
>> I have worked with computers wher bit 0
>> corresponded to 2**31.
> 
> Then they just counted it wrong.
> 
No. They are just used to write left to right.

Note that it's the reason why you can set bit_order in Ada: it allows
you to write your representation clauses just as the hardware manual
describes the device, without having to compute 31-N everywhere.
(representation clauses are normally connected to some hardware need).

-- 
---------------------------------------------------------
           J-P. Rosen (rosen@adalog.fr)
Adalog a déménagé / Adalog has moved:
2 rue du Docteur Lombard, 92441 Issy-les-Moulineaux CEDEX
Tel: +33 1 45 29 21 52, Fax: +33 1 45 29 25 00

Re: How do I write directly to a memory address?

[Vinzent Hoefler]

Simon Wright wrote:

> But, in a bizarre attempt by the hardware designers to confuse the rest
> of us, the bit *field* instructions are different: on Page 3-20, para
> 3.3.4,
>
> "One of the data types provided by the MC68030 is the bit field,
> consisting of as many as 32 consecutive bits. An offset from an
> effective address and a width value defines a bit field. The offset is a
> value in the range of – 231 through 231 – 1 from the most significant
> bit (bit 7) at the effective address. The width is a positive number, 1
> through 32. The most significant bit of a bit field is bit 0. The bits
> number in a direction opposite to the bits of an integer."

Indeed, the bit-field counting indeed goes into the other direction. It
even makes some kind of sense here, because the addressed bits keep their
significance if the bit-field would be interpreted as integer and are
still in (logically) consecutive order.

> So, at a hardware level, like it or not, (some) big-endian processors
> Really Do Number The Bits From The MSB.

Hate to say that ;), but you're right.


Vinzent.

-- 
You know, we're sitting on four million pounds of fuel, one nuclear weapon,
and a thing that has 270,000 moving parts built by the lowest bidder.
Makes you feel good, doesn't it?
    --  Rockhound, "Armageddon"

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 2/9/2011 4:40 PM, Shark8 wrote:
> What induction *CAN* do is tell you whether or not SumTo
> is correctly constructed and that, barring exceptions, is
> what guarantees the return-value to be correct.
>
> IE It is a proof of correctness; not per se a returner of values.

Oh. OK, then. But I need to know what my SumTo function is going to
do with a given value of N. I'm trying to reason about the behavior
of my code here, not abstract math.

Re: How do I write directly to a memory address?

[Shark8]

On Feb 9, 2:45 pm, Simon Wright <si...@pushface.org> wrote:
> Hyman Rosen <hyro...@mail.com> writes:
> > On 2/9/2011 2:48 PM, Dmitry A. Kazakov wrote:
> >> Name one SW company getting revenues from compiler sales (0) .
>
> > AdaCore!
>
> Actually, they sell support contracts. (I agree that sometimes, eg for a
> VxWorks cross-compiler, it can feel very like paying for the compiler!
> You can build your own GCC-based cross, but - especially I suspect for
> Ada - you may have considerable difficulty actually getting it to work).

Embarcadero -- The now-producers of Delphi. http://www.embarcadero.com/

Re: How do I write directly to a memory address?

[Shark8]

On Feb 9, 3:09 pm, Hyman Rosen <hyro...@mail.com> wrote:
> On 2/9/2011 4:40 PM, Shark8 wrote:
>
> > What induction *CAN* do is tell you whether or not SumTo
> > is correctly constructed and that, barring exceptions, is
> > what guarantees the return-value to be correct.
>
> > IE It is a proof of correctness; not per se a returner of values.
>
> Oh. OK, then. But I need to know what my SumTo function is going to
> do with a given value of N. I'm trying to reason about the behavior
> of my code here, not abstract math.

...Ah, so then does this mean that when you're coding something up
you don't care about "abstract logic"?

I hate to tell you {not really} but you JUST used "abstract math" when
you presented a subprogram which yields the same results for any
given input. IOW, you have shot your own argument down.

Re: How do I write directly to a memory address?

[Vinzent Hoefler]

J-P. Rosen wrote:

> Le 09/02/2011 19:55, Vinzent Hoefler a écrit :
>>> I have worked with computers wher bit 0
>>> corresponded to 2**31.
>>
>> Then they just counted it wrong.
>>
> No. They are just used to write left to right.

Yes, but as you probably know, the number system is - arabic and there
the text-direction is "rtl".

> Note that it's the reason why you can set bit_order in Ada: it allows
> you to write your representation clauses just as the hardware manual
> describes the device, without having to compute 31-N everywhere.
> (representation clauses are normally connected to some hardware need).

I know. Unfortunately, still some compilers (especially the one we're
using) do not support that. I don't remember the exact error message,
but it was somewhere along the lines of "non-default bit-order not
supported".


Vinzent.

-- 
You know, we're sitting on four million pounds of fuel, one nuclear weapon,
and a thing that has 270,000 moving parts built by the lowest bidder.
Makes you feel good, doesn't it?
    --  Rockhound, "Armageddon"

Re: How do I write directly to a memory address?

[Anonymous]

> You cannot use the word "requirements" as if it is simple.
> What are the requirements of an Ada compiler? I submit that
> specifying the requirements of a program is identical to
> writing that program, and you are only fooling yourself if
> you believe otherwise.

The Ada language specification and standard are the requirements. They did a
really good job, perhaps the best in computing history. Ada is more portable
than any language I've seen. I can type in examples from books starting in
1983 and they all run without error.

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 2/9/2011 5:23 PM, Shark8 wrote:
> On Feb 9, 3:09 pm, Hyman Rosen<hyro...@mail.com>  wrote:
>> On 2/9/2011 4:40 PM, Shark8 wrote:
>>
>>> What induction *CAN* do is tell you whether or not SumTo
>>> is correctly constructed and that, barring exceptions, is
>>> what guarantees the return-value to be correct.
>>
>>> IE It is a proof of correctness; not per se a returner of values.
>>
>> Oh. OK, then. But I need to know what my SumTo function is going to
>> do with a given value of N. I'm trying to reason about the behavior
>> of my code here, not abstract math.
>
> ...Ah, so then does this mean that when you're coding something up
> you don't care about "abstract logic"?
>
> I hate to tell you {not really} but you JUST used "abstract math" when
> you presented a subprogram which yields the same results for any
> given input. IOW, you have shot your own argument down.

Excuse me, but I really, truly do need to know what my
subprogram is going to do. People have been telling me
about "contracts" and "requirements" and "proofs of
correctness" and that Ada is good for stuff. So I have
this subprogram and I'd like to know what it will do
for different values of its parameter so I'll know if
I can use it or not.

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 2/9/2011 5:31 PM, Anonymous wrote:
>> You cannot use the word "requirements" as if it is simple.
>> What are the requirements of an Ada compiler? I submit that
>> specifying the requirements of a program is identical to
>> writing that program, and you are only fooling yourself if
>> you believe otherwise.
>
> The Ada language specification and standard are the requirements. They did a
> really good job, perhaps the best in computing history. Ada is more portable
> than any language I've seen. I can type in examples from books starting in
> 1983 and they all run without error.

Oh, good. Maybe you can answer the question I've been asking
Shark8. I have this subprogram,

     Function SumTo( N : Positive ) Return Positive is
     begin
        Case N is
          When 1 => Return 1;
          When Others => Return 1 + SumTo(N-1);
        end case;
     end SumTo;

What values of N can I pass to this function and get back a
correct sum? Do the Ada compiler requirements tell me?

Re: How do I write directly to a memory address?

[Vinzent Hoefler]

Hyman Rosen wrote:

> Excuse me, but I really, truly do need to know what my
> subprogram is going to do. People have been telling me
> about "contracts" and "requirements" and "proofs of
> correctness" and that Ada is good for stuff. So I have
> this subprogram and I'd like to know what it will do
> for different values of its parameter so I'll know if
> I can use it or not.

You can't use it. It will raise Storage_Error for some
values.


Vinzent.

-- 
You know, we're sitting on four million pounds of fuel, one nuclear weapon,
and a thing that has 270,000 moving parts built by the lowest bidder.
Makes you feel good, doesn't it?
   --  Rockhound, "Armageddon"

Re: How do I write directly to a memory address?

[Vinzent Hoefler]

Hyman Rosen wrote:

>      Function SumTo( N : Positive ) Return Positive is
>      begin
>         Case N is
>           When 1 => Return 1;
>           When Others => Return 1 + SumTo(N-1);
>         end case;
>      end SumTo;
>
> What values of N can I pass to this function and get back a
> correct sum? Do the Ada compiler requirements tell me?

No, they don't. But you knew that already.


Vinzent.

-- 
You know, we're sitting on four million pounds of fuel, one nuclear weapon,
and a thing that has 270,000 moving parts built by the lowest bidder.
Makes you feel good, doesn't it?
    --  Rockhound, "Armageddon"

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 2/9/2011 5:38 PM, Vinzent Hoefler wrote:
> Hyman Rosen wrote:
>
>> Excuse me, but I really, truly do need to know what my
>> subprogram is going to do. People have been telling me
>> about "contracts" and "requirements" and "proofs of
>> correctness" and that Ada is good for stuff. So I have
>> this subprogram and I'd like to know what it will do
>> for different values of its parameter so I'll know if
>> I can use it or not.
>
> You can't use it. It will raise Storage_Error for some
> values.

Hmm. You know, this makes me think that before I can call
any subprogram, I'm going to need to examine its body to
see how many nested subprogram calls it makes, as well as
those bodies, and so on. And even then, is there anything
that tells me exactly when I will get Storage_Error? How
can I reason about the behavior of any Ada program?

OK, I know I'm sounding like a smart ass, but take my
question seriously. There's an awful lot of castigation
of C code (and coders) going on here, with complaints
about "bugs on every line", but isn't that equally true
of Ada code? Doesn't every subprogram call potentially
raise Storage_Error, and isn't that possibility usually
ignored? And in fact, don't Ada newbies run into this
all the time, because they declare large arrays or
records as local variables and run out the call stack?

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 2/9/2011 5:41 PM, Vinzent Hoefler wrote:
> No, they don't. But you knew that already.

Of course. See my other response for what I'm getting at.

Re: How do I write directly to a memory address?

[Shark8]

On Feb 9, 3:31 pm, Hyman Rosen <hyro...@mail.com> wrote:
> On 2/9/2011 5:23 PM, Shark8 wrote:
>
>
>
> > On Feb 9, 3:09 pm, Hyman Rosen<hyro...@mail.com>  wrote:
> >> On 2/9/2011 4:40 PM, Shark8 wrote:
>
> >>> What induction *CAN* do is tell you whether or not SumTo
> >>> is correctly constructed and that, barring exceptions, is
> >>> what guarantees the return-value to be correct.
>
> >>> IE It is a proof of correctness; not per se a returner of values.
>
> >> Oh. OK, then. But I need to know what my SumTo function is going to
> >> do with a given value of N. I'm trying to reason about the behavior
> >> of my code here, not abstract math.
>
> > ...Ah, so then does this mean that when you're coding something up
> > you don't care about "abstract logic"?
>
> > I hate to tell you {not really} but you JUST used "abstract math" when
> > you presented a subprogram which yields the same results for any
> > given input. IOW, you have shot your own argument down.
>
> Excuse me, but I really, truly do need to know what my
> subprogram is going to do. People have been telling me
> about "contracts" and "requirements" and "proofs of
> correctness" and that Ada is good for stuff. So I have
> this subprogram and I'd like to know what it will do
> for different values of its parameter so I'll know if
> I can use it or not.

And you answered yourself when I asked you to prove your example
would, in fact, return; that required you to justify usage of
Random().

That you "need to know what it's doing" indicates to me one of two
possibilities: either this function you have is not *really* yours but
instead someone else's that you've 'inherited' OR you are attempting
to use a tool {function/procedure} you do not fully understand for
a problem you might not fully understand.

Understanding a problem gives rise to the requirements and
possibilities-of-solutions; this is what helps guide the 'contract'
that *is* your subprogram's inputs and outputs.

The 'tool' in this case could be a "containers"-object/package, or
as it was in your example "Random()"... you were able to give
an answer (to proving it returned) PRECISELY because you *knew*
the details about that RNG.

In this context your "I really need to know what my subprogram
is going to do" seems very much like some college-kid whining
about how he "really needs to know what happens in book X,"
while decrying people telling him "read the book."

This is precisely to say that just as in reading the book the
answer to the question is answered, so to is your "I need to
know what happens" answered when a) contracts are made
and enforced AND b) proofs of completeness & correctness
are done.

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 2/9/2011 6:07 PM, Shark8 wrote:
> In this context your "I really need to know what my subprogram
> is going to do" seems very much like some college-kid whining
> about how he "really needs to know what happens in book X,"
> while decrying people telling him "read the book."
>
> This is precisely to say that just as in reading the book the
> answer to the question is answered, so to is your "I need to
> know what happens" answered when a) contracts are made
> and enforced AND b) proofs of completeness&  correctness
> are done.

OK, I see that my attempts at being Socratic and oracular
are failing. What I'm trying to demonstrate is that the
chatter here about requirements and specifications and
contracts fails to capture essential aspects of programs
and even in Ada there's a good chance that you'll have to
read the bodies to know what's going on. (Thanks for playing
into that with the "read the book" example.)

The problem with my SumTo subprogram is that it's liable to
raise Storage_Error for a wide range of legal arguments. The
problem with my Exponent subprogram is that its running time
is enormous. Neither of these aspects can be made visible
through Ada language facilities, and typical mathematical
proofs of correctness won't show you this either.

Just like C programmers, you Ada folks still find a way to
get your work done, though.

Re: How do I write directly to a memory address?

[Robert A Duff]

Hyman Rosen <hyrosen@mail.com> writes:

> On 2/9/2011 4:23 PM, Shark8 wrote:
>> Almost: prove it returns.
>
> Sure. The function "random()" uses the h'Thunk pseudo-random
> number subscription service. The manufacturer guarantees that
> the stream of numbers returned is a permutation of the possible
> positive values of type long. The Ada version available to
> translated versions additionally guarantees to raise an exception
> if it is called again after all possible values have been returned.

;-)

Why not simplify your algorithm?  Just count through the numbers.
No need for pseudo-random numbers.

Your point is a good one, though: it illustrates the difference
between specifying what a program does, and how it does so
(the latter being, one hopes, efficient).

By the way, even if you used a "truly" random number generator,
the program will terminate in finite time with probability 1.

- Bob

Re: How do I write directly to a memory address?

[Shark8]

On Feb 9, 3:50 pm, Hyman Rosen <hyro...@mail.com> wrote:
> On 2/9/2011 5:38 PM, Vinzent Hoefler wrote:
>
> OK, I know I'm sounding like a smart ass, but take my
> question seriously. There's an awful lot of castigation
> of C code (and coders) going on here, with complaints
> about "bugs on every line", but isn't that equally true
> of Ada code?

No, there are some errors in C that are flatly impossible
within Ada; one of my 'favorite' being the ability to put
an assignment int a conditional-test.

I realize that there are *SOME* possibly valid uses
thereof, but in my experience the overwhelming
majority of the time it's encountered it is the incorrect
formulation of a condition-test and needs/needed to
be corrected.

The reduction of *possible* errors necessarily means
that the purely-random chance of producing an
error-free program is increased.

> Doesn't every subprogram call potentially
> raise Storage_Error, and isn't that possibility usually
> ignored?

No, and no.
First, consider this:

Procedure main is
  Procedure Stub is begin null end Stub;
begin
Stub;
end main;

Where main is anagolus to C's main...
unless you truly ARE out of memory, in which case the
program-loader should itself give you the error, there is
enough memory for Stub because there was enough for
main, which was loaded and Stub is a part of main.

{There could be odd-compiler exceptions where this isn't true.}

Furthermore even though it is a general possibility that
any subprogram could raise storage_error, this is *NOT*
generally unaccounted for, the program halts and displays
just that error.

IE - In just the way that JAVA cannot triple-fault your system
with an un-handled exception because the JAVA-VM program
has a handler built-in to a) display the error and b) prevent the
exception from cascading into the OS, so to is the exception
system in Ada; instead of merrily chugging away the proper
message is displayed and thins are 'shut down' to save the
rest of the system.

> And in fact, don't Ada newbies run into this
> all the time, because they declare large arrays or
> records as local variables and run out the call stack?

That's an interesting question... it is an honest way to handle
something, arrays in particular, to throw out a message saying
"I don't have enough memory to do this!" and halt the program,
than say pretending that doesn't matter and allowing the
program to continue, no?

That beginners make the mistake of over-allocating memory is
not, in my thinking, a very valid complaint. If you're coming in
from a heavy math-background then the limitations {like the
finiteness of integer-types, or the [im]precision of floating types}
is certainly bothersome, but accurately reflect the limitations of
the underlying hardware. {Some languages, like Prolog, have no
real limit to the range of representable integers except
ALL OF MEMORY.}

On the other hand, someone coming in to CS from, say, high-
school would encounter the exact same problem of limitations
but with the added burdens of ignorance regarding, say, the
properties of numbers.

Ada offers the BEST combination I have seen between showing
the finite/limited nature of the computer, allowing/encouraging the
use of properties (sub-types like Natural & Positive), and
expressing it all in a high-level manner.

Java, as a counter-example strives to express things as "Objects,"
in a high-level uniform manner with abstraction and methods and
all that, but low-level {device-driver} it is not.

C (note I am not saying C++) is at the opposite end of the spectrum
where it focuses endlessly on the limitations of the hardware w/o
providing much in the way of abstraction: functions. C's "arrays" are
an interesting result of this; they really aren't arrays, just
pointers and
the item in the [] is an offset, and in C-compilers {at least one}
you
could say 4[array] instead of array[4] because that specific array-
element IS accessible as Array_base_Address + 4 and the '+' is
the same regardless of which side is which.

LISP, on the other-other hand is a sort of high-level emphasize-
the-properties type. Many mathematical functions are a fairly
straightforward translation, though the prefix-syntax is a bit odd.
As you can see the Fibonacci function[s] are a straightforward
translation of the math piecewise-function:
(defun fib (0) 1)
(defun fib (1) 1)
(defun fib (n)
    (+ (fib (- n 1)) (fib (- n 2)))
)
In this manner, LISP is almost the polar opposite of C; it is utterly
unconcerned about the interior-implementation and underlying
hardware.

If "newbies can easily create a whole memory-sized array" is
really that much of a problem, then LISP would be the answer.

Re: How do I write directly to a memory address?

[Shark8]

On Feb 9, 4:24 pm, Hyman Rosen <hyro...@mail.com> wrote:
> On 2/9/2011 6:07 PM, Shark8 wrote:
>
> > In this context your "I really need to know what my subprogram
> > is going to do" seems very much like some college-kid whining
> > about how he "really needs to know what happens in book X,"
> > while decrying people telling him "read the book."
>
> > This is precisely to say that just as in reading the book the
> > answer to the question is answered, so to is your "I need to
> > know what happens" answered when a) contracts are made
> > and enforced AND b) proofs of completeness&  correctness
> > are done.
>
> OK, I see that my attempts at being Socratic and oracular
> are failing. What I'm trying to demonstrate is that the
> chatter here about requirements and specifications and
> contracts fails to capture essential aspects of programs
> and even in Ada there's a good chance that you'll have to
> read the bodies to know what's going on. (Thanks for playing
> into that with the "read the book" example.)

> The problem with my SumTo subprogram is that it's liable to
> raise Storage_Error for a wide range of legal arguments.

But are they your intended arguments?
As MANY here have pointed out having (int x) is NOT
a guarantee that X is not zero, nor is it guarantee it is not
negative.
And yet many C programmers ASSUME that they *ARE* whether
based on comments or just assumptions is irrelevant to that point.

In Ada we *CAN* control our inputs, ie ( X : In Positive ) cannot be
attempted when X < Positive'First. And as was shown earlier,
with Ada 2012 we'll be able to constrain 'X' to be odd, or whatever.

> The
> problem with my Exponent subprogram is that its running time
> is enormous.

So, you didn't indicate that time was an issue.
You assumed that I would believe it to be, but as we were
discussing completeness/correctness and the running time
was, in a word, irrelevant.

> Neither of these aspects can be made visible
> through Ada language facilities, and typical mathematical
> proofs of correctness won't show you this either.

So? In the context of our conversation NEITHER of those
were an issue.

> Just like C programmers, you Ada folks still find a way to
> get your work done, though.

Yep.

Re: How do I write directly to a memory address?

[Randy Brukardt]

"Georg Bauhaus" <rm-host.bauhaus@maps.futureapps.de> wrote in message 
news:4d5116d1$0$7657$9b4e6d93@newsspool1.arcor-online.net...
...
> Strict contracts in subprogram profiles. Ha!

Software that doesn't have them is garbage. Period. Even in Ada.

> void foo2(int jump)
>   /* make sure jump % 2 == 0! */
> {
>    ...
> }
>
> Write that in Ada 2005 to demonstrate the glorious power of
> your subtype constraints.  When was it that compilers will
> support aspects reliably?

Can't be done. It illustrates my point that even Ada doesn't have enough 
support for non-garbage software.

But Ada 2012 can do it:

subtype Odd_Natural is Natural with Dynamic_Predicate => Odd_Natural mod 2 
/= 0;

   procedure Foo2 (Jump : Odd_Natural) is ...

A call
   Foo2(2);
will raise Assertion_Error because the predicate fails.

There are also static predicates, which of course could be checked at 
compile-time with static operands. This isn't in that form, however.

                                     Randy.

Re: How do I write directly to a memory address?

[Randy Brukardt]

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain, Size: 709 bytes --]

"Yannick Duch�ne (Hibou57)" <yannick_duchene@yahoo.fr> wrote in message 
news:op.vqk62ka5ule2fv@garhos...
...
>There may be a real issue here. This was segment register = B800 and 
>offset register = 0000, for the base address. Ada does not make any 
>distinction about segment and offset. There should be something stated in 
>the compiler's documentation, to know how it maps linear address to 
>segment:offset address.

The 16-bit versions of Janus/Ada have no concept of "linear address". Type 
Address is a record type, with a Segment and Offset component. Thus:

         Address'(Segment =>16#B800#, Offset => 0)

Would represent the address B800:0000.

                                   Randy.

Re: How do I write directly to a memory address?

[Randy Brukardt]

"Shark8" <onewingedshark@gmail.com> wrote in message 
news:7ee1e395-a885-4f86-a3ed-30f773b67803@y12g2000prf.googlegroups.com...
On Feb 8, 5:03 pm, "Randy Brukardt" <ra...@rrsoftware.com> wrote:
...
>> Lest you think I'm talking about mythical other people, let me say that I
>> put Janus/Ada (written almost solely in Ada) in the category of garbage 
>> Ada
>> programs. It was designed by people (including me, fresh out of college)
>> that didn't understand encapsulation and contracts very well, and as such 
>> it
>> doesn't use them very consistently. It "works", of course, but it suffers
>> from a lot of the problems that you might get from a C written compiler.
>> With one exception: virtually every problem is detected by the failure of 
>> an
>> Ada runtime check, so it is rare to get the wrong answer as opposed to no
>> answer.
>
>Intriguing self-assessment on Janus/Ada.
>If you don't mind my asking, if you were to scrap-redo the compiler
>what would you do differently?
>Assuming you'd be using Ada, would you implement it in Ada 2012?

The last part is easy, yes, of course. Nothing better has appeared, and I 
don't think some one-off language would be a good choice.

The main thing to redo would be to organize the units and interfaces in some 
logical way. We had to work around various arbitrary constraints in the 
early days -- to get the compiler to fit at all on CP/M systems and 16-bit 
MS-DOS systems. That's led to a forest of packages with poorly defined 
interfaces (because putting everything related in one package would have 
been too large for what was compilable on MS-DOS). Moreover, people always 
"cheat" for expediency -- they directly call supposely internal routines 
because they can. (Ada 83 didn't have anything like private packages; we 
used subunits when we could, but they were only effective for large 
subprograms.) Getting rid of that would be good. Finally, there is a lot of 
duplicated algorithms, mainly because we couldn't spare the space to store 
little used values.

>Also, in your opinion what's the best thing to do to really understand
>encapsulation and contracts?

I'm not sure. I didn't really figure it out until I had been burned enough 
by bad ones. :-) And we had experience using a "modular" language at the 
University of Wisconsin (the original Modula), so we already had a vague 
idea of what benefits it could bring.

                                     Randy.

Re: How do I write directly to a memory address?

[Randy Brukardt]

"Hyman Rosen" <hyrosen@mail.com> wrote in message 
news:4d52b489$0$19486$882e7ee2@usenet-news.net...
....
>We strive
> to improve, but most of don't labor under the illusion that we can
> be liberated from error.

Software is not burdened by the realities of the physical world: it *can* be 
perfect. We should at least *try* to get there, there is nothing resembling 
an attempt right now.

I'm a perfectionist by nature anyway, that's why I'm reasonably well cut out 
for software development (software has to be pretty close to perfect before 
it will even work to any leave of usefulness). And I cannot stand debugging, 
I want my software to tell me when I've made a mistake and precisely where. 
Ada at least provides some measure of that.

                        Randy.

Re: How do I write directly to a memory address?

[Randy Brukardt]

"Hyman Rosen" <hyrosen@mail.com> wrote in message 
news:4d52d7d9$0$18057$882e7ee2@usenet-news.net...
 >...
>I submit that
> specifying the requirements of a program is identical to
> writing that program, and you are only fooling yourself if
> you believe otherwise.

I used to think that, too, but that line of thought misses the value of 
redundancy. That is, specifying a program in two different ways and ensuring 
that the two specifications are identical detects or eliminates most 
problems.

You are of course right that is if the requirements are wrong, the program 
still won't do what it needs to do -- but that gets addressed by fixing the 
requirements AND the program.

                                Randy.

Re: How do I write directly to a memory address?

[Adam Beneschan]

On Feb 9, 12:44 pm, "Vinzent Hoefler"
<0439279208b62c95f1880bf0f8776...@t-domaingrabbing.de> wrote:
> Simon Wight wrote:
> > "Vinzent Hoefler" <0439279208b62c95f1880bf0f8776...@t-domaingrabbing.de>
> > writes:
>
> >> So bit 3 of a 32-bit word is a different bit than that of a byte?
>
> > Yes. On big-endian hardware.
>
> That's a misconception, although a common one. Endianess is only defined
> for bytes, that's why it's also often called byte-order.

For what it's worth, the Ada RM contradicts you here (and conforms to
what Simon says).  And it just happens that I ran into this today,
while looking into an issue that had nothing to do with this
comp.lang.ada thread.  See 13.5.3(2):

A bit ordering is a method of interpreting the meaning of the storage
place attributes. High_Order_First (known in the vernacular as “big
endian”) means that the first bit of a storage element (bit 0) is the
most significant bit (interpreting the sequence of bits that represent
a component as an unsigned integer value). Low_Order_First (known in
the vernacular as “little endian”) means the opposite: the first bit
is the least significant.

So by that convention, bit 0 of a byte is the most-significant bit on
a big-endian machine, which would make bit 2 the one represented by
the value 16#20#.

There's a good reason for this, too.  Suppose you want to pack three
fields into a 16-bit word, where the three fields are 5, 5, and 6 bits
respectively.  On a big-endian machine, the second field would occupy
the least three significant bits of the byte at Addr, and the most-
significant two bytes at Addr+1.  If we call the bits in the first
byte bit 0 through bit 7, and the bits in the second byte bit 8
through bit 15, then the second field will occupy bits 5, 6, 7 (in the
first byte) and 8, 9 (in the second byte), using the convention
described in 13.5.3(2).  In Ada, we'd express this with a
representation clause that looks (in part) something like

   Second_Field  at 0 range 5..9;

If we did things the way you think is the "right" way, the second
field would occupy bits 2, 1, 0, 15, and 14.  Which would be most
unhelpful.  So clearly, since the ability to give our packed fields
consecutive bit numbers is much more important than ensuring that the
bit numbers remain the same when you convert an integer from one size
to a different size, the way Ada does things is the right way.

But I am still not convinced that there is "one right way", or one
right convention.  If some documentation that describes some data
format calls the high-order bit of a byte Bit 0, and they make it
clear that that's their convention, I don't think I could say for
certain that they're "wrong", in the sense that if someone pointed to
a dog and called it a "cat" they'd be wrong even if they tried to pull
a Humpty Dumpty and say "Well, that's my meaning for the word 'cat'".
We have dictionaries which can authoritatively show that their word
usage is wrong.  You say that this usage of "Bit 0" is "just wrong",
but can you point to any work that has as much authority as a
dictionary to support your statement?  That's why I believe it would
be necessary to ask if someone started referring to "Bit 2" or "The
third bit" of something.

                                -- Adam

Re: How do I write directly to a memory address?

[Adam Beneschan]

On Feb 9, 2:25 pm, "Vinzent Hoefler"
<0439279208b62c95f1880bf0f8776...@t-domaingrabbing.de> wrote:
> J-P. Rosen wrote:
> > Le 09/02/2011 19:55, Vinzent Hoefler a écrit :
> >>> I have worked with computers wher bit 0
> >>> corresponded to 2**31.
>
> >> Then they just counted it wrong.
>
> > No. They are just used to write left to right.
>
> Yes, but as you probably know, the number system is - arabic and there
> the text-direction is "rtl".

Ummm, the number system originated in India ...

                    -- Adam

Re: How do I write directly to a memory address?

[Randy Brukardt]

"Hyman Rosen" <hyrosen@mail.com> wrote in message 
news:4d52e704$0$18057$882e7ee2@usenet-news.net...
> On 2/9/2011 1:36 PM, Dmitry A. Kazakov wrote:
...
>> There is a certification procedure that includes conformity tests.
>
> So it is your claim that a piece of software which passes
> the certification procedure and the conformity tests is a
> correct Ada compiler? Suppose I coded an Ada compiler which,
> each time it compiled a program, picked an arbitrary even
> number, and if it determined that the number was not the
> sum of two primes then deliberately translated that program
> incorrectly. Is that a correct Ada compiler?

No, because there would be no chance that you could pass the conformity 
suite (>10000 compilations, all of which have to be right).

You should have picked a better example:
Imagine that there is an Ada compiler that detects the name of the unit it 
is compiling and compiles that unit differently than it normally would, say 
by suppressing certain overflow checks. Is that a correct Ada compiler?

And then I could answer: Yes! And I have the validation certificates to 
prove it! :-)

                                  Randy.

Re: How do I write directly to a memory address?

[Randy Brukardt]

"Hyman Rosen" <hyrosen@mail.com> wrote in message 
news:4d531a54$0$18057$882e7ee2@usenet-news.net...
> On 2/9/2011 5:38 PM, Vinzent Hoefler wrote:
>> Hyman Rosen wrote:
>>
>>> Excuse me, but I really, truly do need to know what my
>>> subprogram is going to do. People have been telling me
>>> about "contracts" and "requirements" and "proofs of
>>> correctness" and that Ada is good for stuff. So I have
>>> this subprogram and I'd like to know what it will do
>>> for different values of its parameter so I'll know if
>>> I can use it or not.
>>
>> You can't use it. It will raise Storage_Error for some
>> values.
>
> Hmm. You know, this makes me think that before I can call
> any subprogram, I'm going to need to examine its body to
> see how many nested subprogram calls it makes, as well as
> those bodies, and so on. And even then, is there anything
> that tells me exactly when I will get Storage_Error? How
> can I reason about the behavior of any Ada program?

You can't. Ada says that *anything* can raise Storage_Error; reading the 
body will do you no good at all. You might be able to guess by reading the 
body, but the language definition says that "null;" can raise Storage_Error. 
Thus there is no reason to read the body to worry about Storage_Error.

That's one of the reasons why I said "Ada is not good enough". If you 
actually care about Storage_Error (and surely it is relevant sometimes), the 
language has to give you the tools to reason about it.

In addition, the contract (or even the comments) for your routine says 
nothing about the expected input or output values. A "good" language would 
simply not allow you to write such a contract, you would have to say 
*something*. (Unfortunately, experience with Java seems to suggest that 
people choose expediency over correctness every time, so there are a lot of 
useless contracts that are written. A "great" language would have to enforce 
"no useless contracts", too. It's should be obvious that this is a hard 
problem.)

                                                 Randy.

Re: How do I write directly to a memory address?

[Randy Brukardt]

"Hyman Rosen" <hyrosen@mail.com> wrote in message 
news:4d52b82f$0$19486$882e7ee2@usenet-news.net...
> On 2/8/2011 9:33 PM, Adam Beneschan wrote:
>>  Dmitry asks, "How do you set the third
>> bit?", and you say, "Well, if the third bit is a Ready bit in a
>> hardware I/O register, I'd define a struct with bit components [yes, I
>> think C has those] and just assign 1 to the component, which would be
>> more readable than using a mask."
>
> This can be considerably more complicated depending on
> the hardware and the compiler; you are trying to assign
> to a single bit, but the compiler may do this by reading
> an entire word, setting the bit in the result, and
> assigning the entire word back. That could have dire
> effects if writing adjacent bits does something.

Quite true, there have been devices where you can't read the adjacent bits. 
Those are going to be problematical to deal with in any case (even in 
assembler). But of course the Ada solution handles that just fine (presuming 
you've appropriately used the Volatile and/or Atomic pragmas) -- you just 
have to assign an entire aggregate in that case. You still don't do any bit 
twiddling yourself.

                               Randy.

Re: How do I write directly to a memory address?

[Randy Brukardt]

"Hyman Rosen" <hyrosen@mail.com> wrote in message 
news:4d52ba17$0$19486$882e7ee2@usenet-news.net...
> On 2/9/2011 5:28 AM, Mart van de Wege wrote:
>> Which is why I asked my question. It seems so completely obvious to me,
>> that I can't understand that someone with a formal education in the
>> field wouldn't know about it.
>
> It works in the other direction too, you know. In a different
> message RB was complaining about how he has to provide installers
> for his compiler because his customers demand it. But it seems so
> completely obvious to me that this is how software packages are
> provided that I find it astonishing that anyone in the business
> of selling software would feel put upon to do so.

Only because the installer (until recently, anyway) doesn't actually do 
anything other than copy files. The person who I was corresponding with 
complained about complicated installations, and I generally agree with them. 
Most versions of Janus/Ada don't need any "installation" at all, just put 
the files somewhere, put them on the Path, and go. It seems like a huge 
waste of time to write a fancy program to do that (and try to figure out all 
of the permutations of setting the Path in Windows, for one example).

Like GUIs, it is necessary today, and I expect to spend the time to do it. 
That's no different than creating/updating documentation, another necessary 
task which adds almost nothing to what the user can do. But in both cases it 
is time that could have been spent on something else, something that would 
obviously add value to the customers (like new features).

                                    Randy.

Re: How do I write directly to a memory address?

[Shark8]

On Feb 9, 7:51 pm, "Randy Brukardt" <ra...@rrsoftware.com> wrote:
> "Shark8" <onewingedsh...@gmail.com> wrote in message
>
> news:7ee1e395-a885-4f86-a3ed-30f773b67803@y12g2000prf.googlegroups.com...
> On Feb 8, 5:03 pm, "Randy Brukardt" <ra...@rrsoftware.com> wrote:
> ...
>
>
>
> >> Lest you think I'm talking about mythical other people, let me say that I
> >> put Janus/Ada (written almost solely in Ada) in the category of garbage
> >> Ada
> >> programs. It was designed by people (including me, fresh out of college)
> >> that didn't understand encapsulation and contracts very well, and as such
> >> it
> >> doesn't use them very consistently. It "works", of course, but it suffers
> >> from a lot of the problems that you might get from a C written compiler.
> >> With one exception: virtually every problem is detected by the failure of
> >> an
> >> Ada runtime check, so it is rare to get the wrong answer as opposed to no
> >> answer.
>
> >Intriguing self-assessment on Janus/Ada.
> >If you don't mind my asking, if you were to scrap-redo the compiler
> >what would you do differently?
> >Assuming you'd be using Ada, would you implement it in Ada 2012?
>
> The last part is easy, yes, of course. Nothing better has appeared, and I
> don't think some one-off language would be a good choice.
>
> The main thing to redo would be to organize the units and interfaces in some
> logical way. We had to work around various arbitrary constraints in the
> early days -- to get the compiler to fit at all on CP/M systems and 16-bit
> MS-DOS systems. That's led to a forest of packages with poorly defined
> interfaces (because putting everything related in one package would have
> been too large for what was compilable on MS-DOS). Moreover, people always
> "cheat" for expediency -- they directly call supposely internal routines
> because they can. (Ada 83 didn't have anything like private packages; we
> used subunits when we could, but they were only effective for large
> subprograms.) Getting rid of that would be good. Finally, there is a lot of
> duplicated algorithms, mainly because we couldn't spare the space to store
> little used values.

I definitely see how that (private packages) could help. This may
be a dumb question but could those duplicated algorithms have
been into a single generic procedures / functions and then
instantiated where needed?

> >Also, in your opinion what's the best thing to do to really understand
> >encapsulation and contracts?
>
> I'm not sure. I didn't really figure it out until I had been burned enough
> by bad ones. :-) And we had experience using a "modular" language at the
> University of Wisconsin (the original Modula), so we already had a vague
> idea of what benefits it could bring.

I see.I get the same feeling [vague idea of benefits] when I think how
an OS with a mind to strong-typing, that logical organization of
units,
and a very object (and stream) oriented would be different n-nature
than
virtually all consumer level OSes.

If you're hiring for a rewrite, I'd be especially interested.
Actually, I
would really love to get in on an Ada shop if possible, so if you are
hiring at all I'm interested.

Re: How do I write directly to a memory address?

[J-P. Rosen]

Le 09/02/2011 23:25, Vinzent Hoefler a écrit :
>> No. They are just used to write left to right.
> 
> Yes, but as you probably know, the number system is - arabic and there
> the text-direction is "rtl".
That's because you are insisting of considering that every machine word
is a number. It is not. It just a set of bits. You /can/ interpret this
set of a bit as an integer number representation in some cases, as a
floating point number (with many variations in representation) in other
cases, or as a packed record, an enumeration, or whatever.

I don't see any reason why the representation as an integer should
impose its requirements to a machine word.

> I know. Unfortunately, still some compilers (especially the one we're
> using) do not support that. I don't remember the exact error message,
> but it was somewhere along the lines of "non-default bit-order not
> supported".
> 
Just curious, which one is it? I'm surprised that a compiler is unable
to compute 31-N.

-- 
---------------------------------------------------------
           J-P. Rosen (rosen@adalog.fr)
Adalog a déménagé / Adalog has moved:
2 rue du Docteur Lombard, 92441 Issy-les-Moulineaux CEDEX
Tel: +33 1 45 29 21 52, Fax: +33 1 45 29 25 00

Re: How do I write directly to a memory address?

[J-P. Rosen]

Le 10/02/2011 04:36, Randy Brukardt a �crit :
> Like GUIs, it is necessary today, and I expect to spend the time to do it. 
> That's no different than creating/updating documentation, another necessary 
> task which adds almost nothing to what the user can do. But in both cases it 
> is time that could have been spent on something else, something that would 
> obviously add value to the customers (like new features).
> 
FWIW, I recommend Inno Setup (http://www.innosetup.com), the one I use
for AdaControl.

It's free software, easy to use, and if you need to do more complicated
things*, you just program it in Pascal.

* For example, the source distribution of AdaControl has a Setup that
recompiles it on the fly.
-- 
---------------------------------------------------------
           J-P. Rosen (rosen@adalog.fr)
Adalog a d�m�nag� / Adalog has moved:
2 rue du Docteur Lombard, 92441 Issy-les-Moulineaux CEDEX
Tel: +33 1 45 29 21 52, Fax: +33 1 45 29 25 00

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 2/9/2011 7:16 PM, Shark8 wrote:
> No, there are some errors in C that are flatly impossible
> within Ada;

You're illustrating my point. It's typical of language wars that
one side will pick a perceived problem in the other language that
they believe has been fixed by their own, and then focus on that
to demonstrate that their own language is perfect.

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 2/9/2011 7:35 PM, Shark8 wrote:
>> The problem with my SumTo subprogram is that it's liable to
>> raise Storage_Error for a wide range of legal arguments.
>
> But are they your intended arguments?
> As MANY here have pointed out having (int x) is NOT
> a guarantee that X is not zero, nor is it guarantee it is not
> negative.
> And yet many C programmers ASSUME that they *ARE* whether
> based on comments or just assumptions is irrelevant to that point.

You're not paying attention. You are falling into the language
wars trap of finding a perceived problem in C that is fixed by
Ada, and then no matter what I say, you say "but in Ada I can
guarantee that the input is not zero". My SumTo subprogram can
raise Storage_Error for a wide range of its legal arguments.
There is nothing in an Ada spec that declares how much call
stack is needed by a subprogram. Why do you believe that it is
a severe problem in C that I cannot specify in the language that
a parameter is positive, but it is not a severe problem in Ada
that you cannot tell me for which values my program will work?

>> The problem with my Exponent subprogram is that its running time
>> is enormous.
>
> So, you didn't indicate that time was an issue.

I kept asking you if I could replace your code with mine.
Computer programs are not abstract objects. They are run
in order to perform tasks. If you replace part of it with
something that is much slower, it's likely to be very bad.
Again, you focus on what Ada can do (specify argument ranges)
and ignore as irrelevant what it cannot (time bounds).

Re: How do I write directly to a memory address?

[Shark8]

On Feb 10, 8:28 am, Hyman Rosen <hyro...@mail.com> wrote:
> On 2/9/2011 7:16 PM, Shark8 wrote:
>
> > No, there are some errors in C that are flatly impossible
> > within Ada;
>
> You're illustrating my point. It's typical of language wars that
> one side will pick a perceived problem in the other language that
> they believe has been fixed by their own, and then focus on that
> to demonstrate that their own language is perfect.

Where have I *EVER* said Ada is perfect?
I readily acknowledged its deficiencies, as in the case where
you could not constrain some integer-type to be only even.

You miss my point completely: your question was if every error
that was in C was also present in Ada, the answer is NO and I
gave an example; all that is needed to disprove an "every"
statement is a single counter-example.

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 2/10/2011 11:38 AM, Shark8 wrote:
> your question was if every error that was in C
 > was also present in Ada

I don't believe I ever said such a thing.

Re: How do I write directly to a memory address?

[Shark8]

On Feb 10, 8:38 am, Hyman Rosen <hyro...@mail.com> wrote:
> On 2/9/2011 7:35 PM, Shark8 wrote:
>
> >> The problem with my SumTo subprogram is that it's liable to
> >> raise Storage_Error for a wide range of legal arguments.
>
> > But are they your intended arguments?
> > As MANY here have pointed out having (int x) is NOT
> > a guarantee that X is not zero, nor is it guarantee it is not
> > negative.
> > And yet many C programmers ASSUME that they *ARE* whether
> > based on comments or just assumptions is irrelevant to that point.
>
> You're not paying attention. You are falling into the language
> wars trap of finding a perceived problem in C that is fixed by
> Ada, and then no matter what I say, you say "but in Ada I can
> guarantee that the input is not zero". My SumTo subprogram can
> raise Storage_Error for a wide range of its legal arguments.
> There is nothing in an Ada spec that declares how much call
> stack is needed by a subprogram. Why do you believe that it is
> a severe problem in C that I cannot specify in the language that
> a parameter is positive, but it is not a severe problem in Ada
> that you cannot tell me for which values my program will work?

Because that's highly dependent on your system: is "integer" a
32-bit value, a 64-bit value, a 48-bit value, a 128-bit value; are
integers 2's complement, or 1's complement? In the abstract
logic of programming it doesn't matter; that is, it only matters in
a specific instance, and that instance usually imposes some
requirements -- like your running time example -- which are not,
strictly speaking, in the requirements of the algorithm itself.

If it's really an issue you would calculate, or run SumTo to
find the value which it overflows and then constrain it via
subtype: SubType SumTo_Range is Integer
0..Integer'Pred( OVERFLOW_INPUT_VALUE );

And then you're on your merry way.

>
> >> The problem with my Exponent subprogram is that its running time
> >> is enormous.
>
> > So, you didn't indicate that time was an issue.
>
> I kept asking you if I could replace your code with mine.
> Computer programs are not abstract objects. They are run
> in order to perform tasks. If you replace part of it with
> something that is much slower, it's likely to be very bad.

So, again you did *NOT* put in the requirement anything about
running -time. This whole portion is somewhat akin to you
complaining that your peg-leg prosthetic you got from the doctor
makes it impossible for you to run when your request was "can
you make it so I can walk around" and not something like "I
want to run in a marathon."

Furthermore, there are legitimate reasons why you might need
a slower routine, namely to validate/check the 'speedy' algorithm.
It would be absolutely *STUPID* to have a "sort" algorithm like:

Type Integer_Array is (Positive Range <>) Of Integer;
Function Sort( Input : Integer_Array ) Return Integer_Array is
begin
return Result : Integer_Array( Input'Range ):= (  Others => 0 );
end sort;

and then claim that because it's fast it is correct; though EVERY
array it returns *IS*, in fact, sorted.

> Again, you focus on what Ada can do (specify argument ranges)
> and ignore as irrelevant what it cannot (time bounds).

First, for all of your examples time *WAS* irrelevant; there was
*NO* mention of any sort of requirement on time UNTIL you
decided started objecting my conclusions. It's somewhat similar
to saying that the method of breaking polygons into triangles
to find the area is completely useless because it doesn't consider
circles... even though we were discussing polygons themselves.

Also, if that really IS the case then why then would you use
C or C++ where you cannot do either.

In fact, off the top of my head I cannot think of any language which
actually allows you to specify the running-time of a procedure,
except as a sort of TERMINATE IF DURATION LONGER THAN X.

You could fairly easily make an run-time analyzer in LISP, since
it is both recursive and homoiconic: so why aren't you using LISP?

Re: How do I write directly to a memory address?

[Georg Bauhaus]

On 10.02.11 16:38, Hyman Rosen wrote:
>  Why do you believe that it is
> a severe problem in C that I cannot specify in the language that
> a parameter is positive, but it is not a severe problem in Ada
> that you cannot tell me for which values my program will work?

SPARK is made to tell us the values for which a subprogram will
work.

Re: How do I write directly to a memory address?

[Vinzent Hoefler]

Hyman Rosen wrote:

> Hmm. You know, this makes me think that before I can call
> any subprogram, I'm going to need to examine its body to
> see how many nested subprogram calls it makes, as well as
> those bodies, and so on. And even then, is there anything
> that tells me exactly when I will get Storage_Error?

Not in your case, because you implemented it recursively.

> How can I reason about the behavior of any Ada program?

The same way tools like PC-Lint reasons about the minimum needed
stack size of a given C-program.

> of Ada code? Doesn't every subprogram call potentially
> raise Storage_Error, and isn't that possibility usually
> ignored?

Yes. No. In critical applications recursive calls are not allowed
and if there aren't any, a minimum stack size can be statically
determined before the program is even run.

Same thing in C. The difference is that with an Ada program and
enabled stack check you get Storage_Error while a C-program just
behaves in a funny way.


Vinzent.

-- 
You know, we're sitting on four million pounds of fuel, one nuclear weapon,
and a thing that has 270,000 moving parts built by the lowest bidder.
Makes you feel good, doesn't it?
   --  Rockhound, "Armageddon"

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 2/10/2011 12:05 PM, Shark8 wrote:
> On Feb 10, 8:38 am, Hyman Rosen<hyro...@mail.com>  wrote:
>> Why do you believe that it is
>> a severe problem in C that I cannot specify in the language that
>> a parameter is positive, but it is not a severe problem in Ada
>> that you cannot tell me for which values my program will work?
>
> Because that's highly dependent on your system: is "integer" a
> 32-bit value, a 64-bit value, a 48-bit value, a 128-bit value; are
> integers 2's complement, or 1's complement? In the abstract
> logic of programming it doesn't matter; that is, it only matters in
> a specific instance, and that instance usually imposes some
> requirements -- like your running time example -- which are not,
> strictly speaking, in the requirements of the algorithm itself.

I don't understand how this "because" answers my question.

> If it's really an issue you would calculate, or run SumTo to
> find the value which it overflows and then constrain it via
> subtype: SubType SumTo_Range is Integer
> 0..Integer'Pred( OVERFLOW_INPUT_VALUE );
>
> And then you're on your merry way.

You are suggesting that I rewrite my program by testing to see
where it crashes on one platform and then restricting inputs to
try to prevent that crash? That's C-like in its beauty!

Let me try to explain again. Writers here said that they look
at every line of C code and see bugs. I am telling you that I
look at every line of Ada and I see bugs - you cannot tell me
that a simple subprogram call will work, because it may crash
the program instead by raising Storage_Error.

What I am trying to make you see is that C code does not have
bugs on every line, just as Ada code does not have bugs on
every line. You look at C and say "What if the pointer is
null, or the index is out of range?" I tell you that it is no
more justified to think that each time than it is for me to
look at Ada code and say "What if this subprogram call raises
Storage_Error?" It is true that some C code will contain
pointer and index errors, just as some Ada code will raise
Storage_Error. But it is a bad mistake to assume that this
is true everywhere in the code.

> So, again you did *NOT* put in the requirement anything about
> running -time.

Right. You are inordinately proud of Ada's ability to capture
numeric ranges in its type system. I am trying to show you that
you are using that in the typical language wars way to lord it
over another language that doesn't have that, but you are failing
to realize, or ignoring, that there is a great deal more to
requirements than what can be captured by a type system.

> Also, if that really IS the case then why then would you use
> C or C++ where you cannot do either.

Because they are both good and capable languages with attractive,
idiomatic, and powerful ways of doing certain things, and I like
them. And partly because I'm an old fogey who learned C in 1980.

> In fact, off the top of my head I cannot think of any language
 > which actually allows you to specify the running-time of a procedure

Well, that's the point, isn't it? That's why being able to express
numeric range restrictions in the language is no panacea for writing
programs that meet their requirements.

The C++ standard has O(�) requirements for the running time of
its container operations and algorithms, by the way.

Re: How do I write directly to a memory address?

[Vinzent Hoefler]

J-P. Rosen wrote:

> Le 09/02/2011 23:25, Vinzent Hoefler a écrit :
>>> No. They are just used to write left to right.
>>
>> Yes, but as you probably know, the number system is - arabic and there
>> the text-direction is "rtl".
>
> That's because you are insisting of considering that every machine word
> is a number. It is not. It just a set of bits.

Yeah. I remember Turbo-Pascal sets and an associates discussion in the
FreePascal mailing list where someone complained that the order of the
bits changes with the endianess. In such a case the bit-numbering indeed
is more or less meaningless (and should be declared by convention),
because it's not associated with some numeric value.

(Yet, to be a really nit-picking a**hole, the original question was
about the "third bit in a byte", and I consider "byte" an integral
type, or "number".)

>> I know. Unfortunately, still some compilers (especially the one we're
>> using) do not support that. I don't remember the exact error message,
>> but it was somewhere along the lines of "non-default bit-order not
>> supported".
>>
> Just curious, which one is it?

The opposite of red valleys. ;)

> I'm surprised that a compiler is unable
> to compute 31-N.

I should probably have tried it again today to tell the precise
problem. I just remember that the code compiled with GNAT for both
little and big endian targets, but the target compiler complained
if a bit-order attribute was given.


Vinzent.

-- 
You know, we're sitting on four million pounds of fuel, one nuclear weapon,
and a thing that has 270,000 moving parts built by the lowest bidder.
Makes you feel good, doesn't it?
   --  Rockhound, "Armageddon"

Re: How do I write directly to a memory address?

[Shark8]

On Feb 10, 10:40 am, Hyman Rosen <hyro...@mail.com> wrote:
> On 2/10/2011 12:05 PM, Shark8 wrote:
>
> > On Feb 10, 8:38 am, Hyman Rosen<hyro...@mail.com>  wrote:
> >> Why do you believe that it is
> >> a severe problem in C that I cannot specify in the language that
> >> a parameter is positive, but it is not a severe problem in Ada
> >> that you cannot tell me for which values my program will work?
>
> > Because that's highly dependent on your system: is "integer" a
> > 32-bit value, a 64-bit value, a 48-bit value, a 128-bit value; are
> > integers 2's complement, or 1's complement? In the abstract
> > logic of programming it doesn't matter; that is, it only matters in
> > a specific instance, and that instance usually imposes some
> > requirements -- like your running time example -- which are not,
> > strictly speaking, in the requirements of the algorithm itself.
>
> I don't understand how this "because" answers my question.
>
> > If it's really an issue you would calculate, or run SumTo to
> > find the value which it overflows and then constrain it via
> > subtype: SubType SumTo_Range is Integer
> > 0..Integer'Pred( OVERFLOW_INPUT_VALUE );
>
> > And then you're on your merry way.
>
> You are suggesting that I rewrite my program by testing to see
> where it crashes on one platform and then restricting inputs to
> try to prevent that crash? That's C-like in its beauty!

That's what happens when you reject as invalid any sort of
reasoning about the program, now isn't it?

>
> Let me try to explain again. Writers here said that they look
> at every line of C code and see bugs.

So because someone else says something you are holding it
to my account? How in Chaos is *that* valid?

> I am telling you that I
> look at every line of Ada and I see bugs - you cannot tell me
> that a simple subprogram call will work, because it may crash
> the program instead by raising Storage_Error.

And you are insisting that is the wrong behavior. I have asked
you if continuing to run and producing invalid results is valid, is
it?

>
> What I am trying to make you see is that C code does not have
> bugs on every line, just as Ada code does not have bugs on
> every line.

*I* never said that C has bugs on every line; I *have* said that
in my experience it tends to encourage sloppy programming,
but that is wholly different.

> You look at C and say "What if the pointer is
> null, or the index is out of range?" I tell you that it is no
> more justified to think that each time than it is for me to
> look at Ada code and say "What if this subprogram call raises
> Storage_Error?" It is true that some C code will contain
> pointer and index errors, just as some Ada code will raise
> Storage_Error. But it is a bad mistake to assume that this
> is true everywhere in the code.
>

And your logic is flawed: you say that because someone else
claims to see on every line of C code that my examples of how
*SOME* errors -- NOT ALL -- are wholly preventable are invalid?

> > So, again you did *NOT* put in the requirement anything about
> > running -time.
>
> Right. You are inordinately proud of Ada's ability to capture
> numeric ranges in its type system. I am trying to show you that
> you are using that in the typical language wars way to lord it
> over another language that doesn't have that, but you are failing
> to realize, or ignoring, that there is a great deal more to
> requirements than what can be captured by a type system.

Um, no. I *AM* saying that you FAILED TO PROVIDE THE
REQUIREMENTS.

>
> > Also, if that really IS the case then why then would you use
> > C or C++ where you cannot do either.
>
> Because they are both good and capable languages with attractive,
> idiomatic, and powerful ways of doing certain things, and I like
> them. And partly because I'm an old fogey who learned C in 1980.

Ah, so now you say "because I like it" is a valid preference
consideration while at the same time rejecting *my* preference for
a type-system which allows me to exclude as least some invalid
values?

> > In fact, off the top of my head I cannot think of any language
>
>  > which actually allows you to specify the running-time of a procedure
>
> Well, that's the point, isn't it? That's why being able to express
> numeric range restrictions in the language is no panacea for writing
> programs that meet their requirements.

And did I *EVER* say that the type system was itself EITHER
necessary OR sufficient for meeting requirements?

IIRC, I merely stated that it can help you follow the requirements,
just like a Syntax-checker can tell you if some text is valid in its
syntax cannot be relied upon to guarantee completeness OR
correctness of the program.

>
> The C++ standard has O(·) requirements for the running time of
> its container operations and algorithms, by the way.

Ah, I know that there are some time requirements for Ada, but I
don't know what they are; nor, at the moment, do I care; *NONE*
of my current projects are time-sensitive.

Re: How do I write directly to a memory address?

[Vinzent Hoefler]

Adam Beneschan wrote:

> A bit ordering is a method of interpreting the meaning of the storage
> place attributes. High_Order_First (known in the vernacular as “big
> endian”) means that the first bit of a storage element (bit 0) is the
> most significant bit (interpreting the sequence of bits that represent
> a component as an unsigned integer value). Low_Order_First (known in
> the vernacular as “little endian”) means the opposite: the first bit
> is the least significant.

Yes. And then read the GNAT RM 6.8 (Bit_Order clauses):

|In the case where the non-standard value is specified, the effect is
|to renumber bits within each byte. ...

There they explain in great detail that the Bit_Order has nothing to do
with the byte ordering.

> So by that convention, bit 0 of a byte is the most-significant bit on
> a big-endian machine, which would make bit 2 the one represented by
> the value 16#20#.

Only if the value in question is a byte. That's what makes this sort
of counting useless. If it were bit 2 of a 5-bit word, the value would
suddenly be 2#01000# (or 16#08#, if you prefer base 16).

Convention or not, it's at least confusing to make the bit numbers
dependent on the number of available bits.

> described in 13.5.3(2).  In Ada, we'd express this with a
> representation clause that looks (in part) something like
>
>    Second_Field  at 0 range 5..9;
>
> If we did things the way you think is the "right" way, the second
> field would occupy bits 2, 1, 0, 15, and 14.

That just means, we cannot have a declaration that will do on both
machines, regardless of what bit-order you specify:

|Components that are positioned across byte boundaries but do not
|occupy an integral number of bytes. Given that bytes are not reordered,
|such fields would occupy a non-contiguous sequence of bits in memory,
|requiring non-trivial code to reassemble. They are for this reason not
|permitted, and any component clause specifying such a layout will be
|flagged as illegal by GNAT.

Given, that I happened to write a converter (in Ada) that creates such
Ada record representations from an interface document where the bit
numbering is mostly wrong (calling bit 15 of a 32-bit word the MSB can
be called wrong - no matter how you look at it), I'm quite sure I know
what I'm talking about and why such numbering is just confusing.

> Which would be most
> unhelpful.  So clearly, since the ability to give our packed fields
> consecutive bit numbers is much more important than ensuring that the
> bit numbers remain the same when you convert an integer from one size
> to a different size, the way Ada does things is the right way.

I didn't say, Ada does it wrong. The "Ada way" also specifies that the
Bit_Order has nothing to do with the Byte_Order (other than having
some machine-dependent default), so there indeed is a _convention_ for
exactly the reason you state - and I can respect that.

>                                       That's why I believe it would
> be necessary to ask if someone started referring to "Bit 2" or "The
> third bit" of something.

Honestly, I would probably ask, too. Even if it were just to make sure
my presumption was correct. I'm an Ada programmer, after all. ;)


Vinzent.

-- 
You know, we're sitting on four million pounds of fuel, one nuclear weapon,
and a thing that has 270,000 moving parts built by the lowest bidder.
Makes you feel good, doesn't it?
    --  Rockhound, "Armageddon"

Re: How do I write directly to a memory address?

[Georg Bauhaus]

On 2/10/11 6:40 PM, Hyman Rosen wrote:

> The C++ standard has O(�) requirements for the running time of
> its container operations and algorithms, by the way.

Not surprisingly, the Ada LRM specifies these for the container
operations, too.  Not surprisingly, since the STL containers
had come back to Ada via Scheme and C++.

It may be worthwhile considering that the C++ STL emphasizes speedy
execution (and can do more with templates than Ada can do with
genercics, maybe less if ASIS is part of the hypothetical compiler)
where Ada adds the notion of tampering with cursors/elements.

Might be interesting to see how each flavor is going to be
integrated with many-processor market pressure and more
concurrent programming.

Re: How do I write directly to a memory address?

[Randy Brukardt]

"Shark8" <onewingedshark@gmail.com> wrote in message 
news:47adc19e-7623-4d9b-a027-2e35ef64defa@o21g2000prn.googlegroups.com...
On Feb 9, 7:51 pm, "Randy Brukardt" <ra...@rrsoftware.com> wrote:
...
>> The main thing to redo would be to organize the units and interfaces in 
>> some
>> logical way. We had to work around various arbitrary constraints in the
>> early days -- to get the compiler to fit at all on CP/M systems and 
>> 16-bit
>> MS-DOS systems. That's led to a forest of packages with poorly defined
>> interfaces (because putting everything related in one package would have
>> been too large for what was compilable on MS-DOS). Moreover, people 
>> always
>> "cheat" for expediency -- they directly call supposely internal routines
>> because they can. (Ada 83 didn't have anything like private packages; we
>> used subunits when we could, but they were only effective for large
>> subprograms.) Getting rid of that would be good. Finally, there is a lot 
>> of
>> duplicated algorithms, mainly because we couldn't spare the space to 
>> store
>> little used values.
>
>I definitely see how that (private packages) could help. This may
>be a dumb question but could those duplicated algorithms have
>been into a single generic procedures / functions and then
>instantiated where needed?

Possibly, but it would be better to simply make a single routine that does 
the job and share it amongst every usage. Sometimes, adding a simple 
parameter would be enough for that (like "Look_through_private_types"). Of 
course, that's hard to do with the current arrangement, partially because it 
isn't obvious where particular things ought to live.

                                        Randy.


> >Also, in your opinion what's the best thing to do to really understand
> >encapsulation and contracts?
>
> I'm not sure. I didn't really figure it out until I had been burned enough
> by bad ones. :-) And we had experience using a "modular" language at the
> University of Wisconsin (the original Modula), so we already had a vague
> idea of what benefits it could bring.

I see.I get the same feeling [vague idea of benefits] when I think how
an OS with a mind to strong-typing, that logical organization of
units,
and a very object (and stream) oriented would be different n-nature
than
virtually all consumer level OSes.

If you're hiring for a rewrite, I'd be especially interested.
Actually, I
would really love to get in on an Ada shop if possible, so if you are
hiring at all I'm interested. 

Re: How do I write directly to a memory address?

[Stephen Leake]

"Vinzent Hoefler" <0439279208b62c95f1880bf0f8776eeb@t-domaingrabbing.de>
writes:

> Adam Beneschan wrote:
>
>> In Ada, we'd express this with a
>> representation clause that looks (in part) something like
>>
>>    Second_Field  at 0 range 5..9;
>>
>> If we did things the way you think is the "right" way, the second
>> field would occupy bits 2, 1, 0, 15, and 14.
>
> That just means, we cannot have a declaration that will do on both
> machines, regardless of what bit-order you specify:

Not true! That's what 'Bit_Order is for; you tell the compiler what
convention for bit numbers your source code is using, and it does the
right thing for the target hardware.

-- 
-- Stephe

Re: How do I write directly to a memory address?

[Ludovic Brenta]

Hyman Rosen wrote:
> Writers here said that they look
> at every line of C code and see bugs. I am telling you that I
> look at every line of Ada and I see bugs - you cannot tell me
> that a simple subprogram call will work, because it may crash
> the program instead by raising Storage_Error.

FTR, I never said I saw a bug on every line of C code. I said: every
time I look at a C *code* I see a bug.

And I am actually flattered that the only "bug" you could think of
when looking at Ada code was the possibility of a Storage_Error.  This
is a Good Thing.  In C, you can't get a Storage_Error because C lacks
exception; instead you get undefined behavior.  And there are a *lot*
more ways that C can hide bugs than Ada.  This is why I maintain that
C is bad for everyone's health.  Ada is not perfect but it's the best
I've come across so far (and I've come across many languages).  SPARK
is, of course, even more secure but unfortunately not applicable to
all programming needs.

> What I am trying to make you see is that C code does not have
> bugs on every line, just as Ada code does not have bugs on
> every line. You look at C and say "What if the pointer is
> null, or the index is out of range?" I tell you that it is no
> more justified to think that each time than it is for me to
> look at Ada code and say "What if this subprogram call raises
> Storage_Error?"
>
> It is true that some C code will contain
> pointer and index errors, just as some Ada code will raise
> Storage_Error. But it is a bad mistake to assume that this
> is true everywhere in the code.

You are wrong because the C program can *also* overflow its stack or
heap and you *also* have to worry about that, just like in Ada; but
you get no help from the C language or run-time library to detect
these classes of bug.  At least Ada makes stack overflows visible to
you.  And you can take advantage of Ada's type system to make many
other bugs impossible (e.g. array bounds, null pointer, double-free,
etc.) such that you *don't* have to worry about them.  In other words,
the set of bugs you must look out for in C is a superset of those you
have to look out for in Ada *and* the possible manifestations of these
bugs are usually undefined in C whereas they are bounded errors (i.e.
exceptions) in Ada. This is why Ada is so vastly superior to C.

When looking at C code, if you don't constantly ask yourself "hat if
the pointer is null, or the index is out of range?" then I am quite
worried at the resulting quality of your code.

> Right. You are inordinately proud of Ada's ability to capture
> numeric ranges in its type system.

I'm not proud of Ada's numeric ranges; I am proud to have chosen the
proper tool for the job, and every time Ada's numeric ranges has saved
my skin in the past has reinforced my confidence in it. You don't seem
to even grasp how useful these numeric ranges are; they are so useful
that, after my years of experience using 20+ languages, I would refuse
to consider using a language that doesn't have them.

> Because [C and C++] are both good and capable languages with attractive,
> idiomatic, and powerful ways of doing certain things, and I like
> them. And partly because I'm an old fogey who learned C in 1980.

No, they are not good and capable languages.  They are bad and
dangerous languages.  The only redeeming feature of C was that it was
easy to implement (but so were Pascal and Modula).  C++ does not even
have that excuse.

--
Ludovic Brenta.

Re: How do I write directly to a memory address?

[Nasser M. Abbasi]

On 2/11/2011 12:26 AM, Ludovic Brenta wrote:

>
>> Right. You are inordinately proud of Ada's ability to capture
>> numeric ranges in its type system.
>
> I'm not proud of Ada's numeric ranges; I am proud to have chosen the
> proper tool for the job, and every time Ada's numeric ranges has saved
> my skin in the past has reinforced my confidence in it. You don't seem
> to even grasp how useful these numeric ranges are; they are so useful
> that, after my years of experience using 20+ languages, I would refuse
> to consider using a language that doesn't have them.
>

Which should make one more puzzled as to why then Ada isn't
used much at all in numerical computations, financial
applications, and such places, where such features can
be more appreciated.

As a matter of fact, it seems these days, that the less
strongly typed a language is, the more it becomes popular
and used more for numerical work.

We must be living in strange times ;)

--Nasser

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 2/11/2011 3:26 AM, Ludovic Brenta wrote:
> You are wrong because the C program can *also* overflow its stack or
> heap and you *also* have to worry about that, just like in Ada;

Actually, Ada has the more severe problem here, because Ada
makes it easy to declare objects on the stack which are sized
based on the values of subprogram parameters, while C and C++
do not. I know I've seen a good number of postings over the
years here on c.l.a. where newbies make this mistake - they'll
declare some local N�N�N matrix and wonder why their program
blows up. The heap is much more forgiving, especially nowadays.

> When looking at C code, if you don't constantly ask yourself "hat if
> the pointer is null, or the index is out of range?" then I am quite
> worried at the resulting quality of your code.

That just isn't so. Programs aren't just randomly tossed
together bits of code. When someone calls a function, they
know what the function expects and call it that way. It's
certainly possible to get things wrong, and it's true that
the result of such an error will be much more mysterious
than in Ada, but it is severely incorrect in C code to go
around looking at pointer indirections and adding checks
for null. It is simply the case that some routines expect
to be called with a non-null pointer, and in C it's the job
of the programmer to make sure that is what happens. You may
not like this way of working, but it is what it is, and you
are not going to convince any C programmer that the function
has bugs because it doesn't check. And similarly for array
bounds.

No one is asking you to abandon Ada for C, but as I said,
there are absolutely enormous amounts of correctly working
C code in existence, and you need to respect the language
and its practitioners enough to recognize that.

You might also ask yourself why, if Ada is so good, is it so
little used? There was the old canard that C programmers didn't
want their pointers and array bounds checked, but since the
world took so readily to Java, that doesn't hold water. Maybe
it's just that people don't respond well when told "We're going
to show you idiots how it *should* be done." It's interesting to
read J-P Rosen's <http://adalog.fr/publicat/Ada-paradox.pdf>.
It's full of this kind of attitude, that the designers of Ada
have cast pearls before swine.

Re: How do I write directly to a memory address?

[Dmitry A. Kazakov]

On Fri, 11 Feb 2011 11:10:59 -0500, Hyman Rosen wrote:

> No one is asking you to abandon Ada for C, but as I said,
> there are absolutely enormous amounts of correctly working
> C code in existence, and you need to respect the language
> and its practitioners enough to recognize that.

I wrote/reviewed more code in C/C++ than in Ada, you are fooling yourself.

> You might also ask yourself why, if Ada is so good, is it so
> little used?

Because code quality has negative value. Anybody delivering quality code
(no matter in which language) will suffer economically.

The reason for this was already discussed by us. The expenses and risks are
not covered by the price of software.

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 2/11/2011 1:04 PM, Dmitry A. Kazakov wrote:
>> You might also ask yourself why, if Ada is so good, is it so
>> little used?
>
> Because code quality has negative value. Anybody delivering quality code
> (no matter in which language) will suffer economically.
>
> The reason for this was already discussed by us. The expenses and risks are
> not covered by the price of software.

But software developers have switched to languages which
they believe will improve what they produce; C++, Java,
and C# have all become popular. No one switched to those
languages with the goal of producing poorer software.

Perhaps what you believe to be quality and how to achieve
it is incorrect? The cell phone in my pocket is a miracle.
It performs wonders beyond the wildest science-fictional
fantasies dreamed of a few decades ago. Its code is written
in C and C++ and Java. If we can have such features with
allegedly low-quality software, why indeed should anyone
believe that higher quality is needed or possible?

Re: How do I write directly to a memory address?

[Vinzent Hoefler]

Hyman Rosen wrote:

> But software developers have switched to languages which
> they believe will improve what they produce;

No. For example, I know a project where the developers switched
 from Pascal to C++, because C++ was "object-oriented" and Java was
too slow. Productivity was so good, that the project was cancelled
three years later.

IME, "productivity" has never been a real factor, things like "it
looks familiar", "it has a Windows IDE", or "everybody else uses it"
were far more important.


Vinzent.

-- 
You know, we're sitting on four million pounds of fuel, one nuclear weapon,
and a thing that has 270,000 moving parts built by the lowest bidder.
Makes you feel good, doesn't it?
   --  Rockhound, "Armageddon"

Re: How do I write directly to a memory address?

[Vinzent Hoefler]

Hyman Rosen wrote:

> Actually, Ada has the more severe problem here, because Ada
> makes it easy to declare objects on the stack which are sized
> based on the values of subprogram parameters, while C and C++
> do not.

ÀFAIK, at least C99 supports dynamic arrays.


Vinzent.

-- 
You know, we're sitting on four million pounds of fuel, one nuclear weapon,
and a thing that has 270,000 moving parts built by the lowest bidder.
Makes you feel good, doesn't it?
     --  Rockhound, "Armageddon"

Re: How do I write directly to a memory address?

[Vinzent Hoefler]

Stephen Leake wrote:

> "Vinzent Hoefler" <0439279208b62c95f1880bf0f8776eeb@t-domaingrabbing.de>
> writes:
>
>> Adam Beneschan wrote:
>>
>>> In Ada, we'd express this with a
>>> representation clause that looks (in part) something like
>>>
>>>    Second_Field  at 0 range 5..9;
>>>
>>> If we did things the way you think is the "right" way, the second
>>> field would occupy bits 2, 1, 0, 15, and 14.
>>
>> That just means, we cannot have a declaration that will do on both
>> machines, regardless of what bit-order you specify:
>
> Not true! That's what 'Bit_Order is for; you tell the compiler what
> convention for bit numbers your source code is using, and it does the
> right thing for the target hardware.

Only in a perfect world. Under certain circumstances (which seem
compiler-dependent), it does not work. Admitted, those are rare cases.

I just tried it today. "if Bit_Order is specified, field must start on
a word boundary". That's not the exact wording, but you get the meaning.
GNAT complained with a message about that I should try to use Ada05
mode. And indeed, with -gnat05 it did it with a warning and spit out the
bit numbers it used.

(Of course, that was a *really* nasty thing, but that's how it was specified
by the interface specification. Bottom line is, no matter how you specify it,
it only works with one endianess. You still can play the usual tricks,
though.)


Vinzent.

-- 
You know, we're sitting on four million pounds of fuel, one nuclear weapon,
and a thing that has 270,000 moving parts built by the lowest bidder.
Makes you feel good, doesn't it?
      --  Rockhound, "Armageddon"

Re: How do I write directly to a memory address?

[Georg Bauhaus]

On 11.02.11 17:10, Hyman Rosen wrote:
> On 2/11/2011 3:26 AM, Ludovic Brenta wrote:
>> You are wrong because the C program can *also* overflow its stack or
>> heap and you *also* have to worry about that, just like in Ada;
> 
> Actually, Ada has the more severe problem here, because Ada
> makes it easy to declare objects on the stack which are sized
> based on the values of subprogram parameters, while C and C++
> do not. I know I've seen a good number of postings over the
> years here on c.l.a. where newbies make this mistake - they'll
> declare some local N�N�N matrix and wonder why their program
> blows up. The heap is much more forgiving, especially nowadays.

Just allocating arrays without thinking about heap or stack
is not a mistake, I'd think!  Even if several versions of GNAT
seem to have this quality of implementation issue. On the other
hand, there may be good reasons to manually control memory
allocation choices, but they seem to be rather technical.
It is sad that they should become idiomatic just because
some at AdaCore favor using pointers for larger objects.


> You might also ask yourself why, if Ada is so good, is it so
> little used?

The answer I have heard frequently is that the market was
such that some vendors went hoggish, knowing there would be
semi-forced buyers.

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 2/11/2011 1:42 PM, Vinzent Hoefler wrote:
> Hyman Rosen wrote:
>
>> But software developers have switched to languages which
>> they believe will improve what they produce;
>
> No. For example, I know a project where the developers switched
> from Pascal to C++, because C++ was "object-oriented" and Java was
> too slow. Productivity was so good, that the project was cancelled
> three years later.

And they switched because they believed that "object oriented"
programming languages would help them improve what they produced.
Even Ada bowed to this paradigm, no?

> IME, "productivity" has never been a real factor, things like "it
> looks familiar", "it has a Windows IDE", or "everybody else uses it"
> were far more important.

When the world tells you what it considers important, you ignore it
at your peril. You speak of a project that was canceled after three
years. What of Ada itself? Hasn't it too been "canceled" by the market?
And how exactly do you believe a language goes from non-existence to
ubiquity if the driving force is "everybody uses it"?

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 2/11/2011 1:43 PM, Vinzent Hoefler wrote:
> Hyman Rosen wrote:
>
>> Actually, Ada has the more severe problem here, because Ada
>> makes it easy to declare objects on the stack which are sized
>> based on the values of subprogram parameters, while C and C++
>> do not.
>
> ÀFAIK, at least C99 supports dynamic arrays.

Fortunately, no one uses C99.

In general, I believe that language designs reach a point of
stability beyond which they should not be changed, just replaced.
They have their original version, they get one good overhaul
which fixes obvious problems, and then they're pretty much done.
Later changes tend to be ignored. We'll see how Ada '12 goes :-).

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 2/11/2011 1:52 PM, Georg Bauhaus wrote:
> Just allocating arrays without thinking about heap or stack
> is not a mistake, I'd think!  Even if several versions of GNAT
> seem to have this quality of implementation issue. On the other
> hand, there may be good reasons to manually control memory
> allocation choices, but they seem to be rather technical.
> It is sad that they should become idiomatic just because
> some at AdaCore favor using pointers for larger objects.

I suppose this will expose me for the old fogey I am, but in my
day, we were uncomfortable with the notion that a compiler would
choose to do heap allocation when this was not manifest in the
code. In C, you declare large static arrays, small automatic ones,
and arbitrary heap ones, and everyone can see what's going on.

Re: How do I write directly to a memory address?

[Dmitry A. Kazakov]

On Fri, 11 Feb 2011 13:31:38 -0500, Hyman Rosen wrote:

> The cell phone in my pocket is a miracle.
> It performs wonders beyond the wildest science-fictional
> fantasies dreamed of a few decades ago.

Come on, your cell phone has the computational power of dozen mainframes of
a few decades ago. 90% of its resources are just wasted. 70% of features
are useless and used by nobody.

P.S. I am not in phone's development, but I know pretty well the embedded
software used in automotive, metering devices (e.g. the things you have to
blow into when you get caught by police officers. Are they already allowed
as an evidence in the court? Good luck then! (:-)). I bet that no ECU works
as specified. Usually these problems are attributed to / covered by the
hardware. But service people would privately say you that you may change
the ECU as frequently as you wish, the problems will persist.

Low quality of office applications and computer games became legendary.

SCADA, ERP etc systems are probably the worst of all.

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de

Re: How do I write directly to a memory address?

[Vinzent Hoefler]

Hyman Rosen wrote:

> On 2/11/2011 1:42 PM, Vinzent Hoefler wrote:
>> Hyman Rosen wrote:
>>
>>> But software developers have switched to languages which
>>> they believe will improve what they produce;
>>
>> No. For example, I know a project where the developers switched
>> from Pascal to C++, because C++ was "object-oriented" and Java was
>> too slow. Productivity was so good, that the project was cancelled
>> three years later.
>
> And they switched because they believed that "object oriented"
> programming languages would help them improve what they produced.

No, they switched because it had to be "object-oriented, because that's
what modern software has to be". The old DOS-project survived years
after them. It had the advantage that it worked.

> Even Ada bowed to this paradigm, no?

I'm not against object-oriented, but I'm all with Alan Kay.

> When the world tells you what it considers important, you ignore it
> at your peril. You speak of a project that was canceled after three
> years. What of Ada itself? Hasn't it too been "canceled" by the market?

Well, it's like the old DOS-project. It just works.

> And how exactly do you believe a language goes from non-existence to
> ubiquity if the driving force is "everybody uses it"?

Good marketing and stupid people. Look at Java.


Vinzent.

-- 
You know, we're sitting on four million pounds of fuel, one nuclear weapon,
and a thing that has 270,000 moving parts built by the lowest bidder.
Makes you feel good, doesn't it?
    --  Rockhound, "Armageddon"

Re: How do I write directly to a memory address?

[Vinzent Hoefler]

Hyman Rosen wrote:

> On 2/11/2011 1:43 PM, Vinzent Hoefler wrote:
>> Hyman Rosen wrote:
>>
>>> Actually, Ada has the more severe problem here, because Ada
>>> makes it easy to declare objects on the stack which are sized
>>> based on the values of subprogram parameters, while C and C++
>>> do not.
>>
>> ÀFAIK, at least C99 supports dynamic arrays.
>
> Fortunately, no one uses C99.

Probably because there's no C99 compliant compiler in existance? :)


Vinzent.

-- 
You know, we're sitting on four million pounds of fuel, one nuclear weapon,
and a thing that has 270,000 moving parts built by the lowest bidder.
Makes you feel good, doesn't it?
    --  Rockhound, "Armageddon"

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 2/11/2011 3:15 PM, Vinzent Hoefler wrote:
> Probably because there's no C99 compliant compiler in existance? :)

Like I said, after the first major update, later changes are ignored.
Do you know how well the Ada 2005 changes are faring?

Re: How do I write directly to a memory address?

[Vinzent Hoefler]

Hyman Rosen wrote:

> On 2/11/2011 3:15 PM, Vinzent Hoefler wrote:
>> Probably because there's no C99 compliant compiler in existance? :)
>
> Like I said, after the first major update, later changes are ignored.

Actually, reading the german version of comp.lang.c I don't think so.

> Do you know how well the Ada 2005 changes are faring?

Personally, I used the container classes, the "raise ... with <<message>>"
statement and the Ada.Real_Time.Timing_Objects thus far. But as the
project still uses an Ada95 compiler that does not really count.


Vinzent.

-- 
You know, we're sitting on four million pounds of fuel, one nuclear weapon,
and a thing that has 270,000 moving parts built by the lowest bidder.
Makes you feel good, doesn't it?
    --  Rockhound, "Armageddon"

Re: How do I write directly to a memory address?

[Edward Fish]

On Feb 2, 10:52 pm, Syntax Issues <syntax.iss...@gmail.com> wrote:
> I am planning to start learning lower-level programming with ada,
> however, I was unable to find a solid tutorial on writing directly to
> a memory address or interfacing with assembly. Does anyone know where
> I can find a reference to some tutorials/information? Below is an
> example of code I would like to be able to implement.
>

As others have replied using the 'Address attribute on a constrained
array
of your video's cell-type {attribute-character pair}is the way to go.

But if you're using GNAT you may have noticed that it doesn't allow
a straight "For Data'Address Use 16#000B_8000#;" because GNAT
uses a private type and not a derivative of Universal_Integer.

They recommend an implementation-dependent "to_Address" function,
but that would make things non-portable.

After some thought and some fiddling here's a portable, insofar as I
know,
method to convert an integer literal or constant (or even variable) to
an
address containing that value.

-- Address_Overlay.ads; Pragma pure may be added.
With System;
Package Address_Overlay is

   Type Address_Integer is Range 0..System.Memory_Size;

Private
End Address_Overlay;

-----  Address_Overlay.This.ads; an instantiation of
-----                             this provides the proper overlay
Generic
   Value : Address_Integer;
Package Address_Overlay.This is

   Address : Constant System.Address;		-- Overlay Address with Value.

Private
  Pragma Warnings (Off, "*overlay*");		-- Here we turn off the warning
   For Address'Address Use Value'Address;	-- about a constant
overlaying
   Pragma Import( Ada, Address );		-- a variable; as that is our
  Pragma Warnings (On, "*overlay*");		-- intention.
End Address_Overlay.This;

-----------
-- USAGE --
-----------
   Declare
      Package An_Address( 16#000C_8000#  );

      Data : Integer;
      For Data'Address Use An_Address.Address;
   Begin
	Data:= 4;
   End;

Re: How do I write directly to a memory address?

[Niklas Holsti]

Edward Fish wrote:
> On Feb 2, 10:52 pm, Syntax Issues <syntax.iss...@gmail.com> wrote:
>> I am planning to start learning lower-level programming with ada,
>> however, I was unable to find a solid tutorial on writing directly to
>> a memory address or interfacing with assembly. Does anyone know where
>> I can find a reference to some tutorials/information? Below is an
>> example of code I would like to be able to implement.
>>
> 
> As others have replied using the 'Address attribute on a constrained
> array of your video's cell-type {attribute-character pair}is the
> way to go.
> 
> But if you're using GNAT you may have noticed that it doesn't allow
> a straight "For Data'Address Use 16#000B_8000#;" because GNAT
> uses a private type and not a derivative of Universal_Integer.

That is correct, and it need not work on any compiler, because 
System.Address is an implementation-defined type. You should in effect 
consider it a private type.

> They recommend an implementation-dependent "to_Address" function,
> but that would make things non-portable.

As others have said earlier in this thread (before the language war) 
there is a standard conversion function in the package 
System.Storage_Elements: the function System.Storage_Elements.To_Address 
converts from the integer type System.Storage_Elements.Integer_Address 
to System.Address.

Perhaps this is the function that AdaCore meant? The function and its 
usage are standard. (The implementation of the function is of course 
implementation-dependent, as it should be.)

> After some thought and some fiddling here's a portable,
> insofar as I know, method to convert an integer literal
> or constant (or even variable) to an address containing
> that value.

Your method may work on some systems, but it is not portable, because it 
assumes that System.Address has the same size and the same internal 
representation as your integer type Address_Overlay.Address_Integer, 
which does not follow from the language standard.

The functions System.Storage_Elements.To_Address/To_Integer translate 
between the internal representations if they are different.

In your method, the overlay of an Address_Integer with a System.Address 
is the same as an Unchecked_Conversion (which would be a simpler way to 
implement the same, wrong, method).

By your method (or by Unchecked_Conversion) you can indeed make a 
System.Address that "contains" the given integer value, in the sense of 
containing the same bit pattern, but this bit pattern may not be the 
Address that you want.

> -- Address_Overlay.ads; Pragma pure may be added.
> With System;
> Package Address_Overlay is
> 
>    Type Address_Integer is Range 0..System.Memory_Size;
> 
> Private
> End Address_Overlay;
> 
> -----  Address_Overlay.This.ads; an instantiation of
> -----                             this provides the proper overlay
> Generic
>    Value : Address_Integer;
> Package Address_Overlay.This is
> 
>    Address : Constant System.Address;		-- Overlay Address with Value.
> 
> Private
>   Pragma Warnings (Off, "*overlay*");		-- Here we turn off the warning
>    For Address'Address Use Value'Address;	-- about a constant
> overlaying
>    Pragma Import( Ada, Address );		-- a variable; as that is our
>   Pragma Warnings (On, "*overlay*");		-- intention.
> End Address_Overlay.This;
> 
> -----------
> -- USAGE --
> -----------
>    Declare
>       Package An_Address( 16#000C_8000#  );
> 
>       Data : Integer;
>       For Data'Address Use An_Address.Address;
>    Begin
> 	Data:= 4;
>    End;

Here is an example of the use of System.Storage_Elements and its 
Integer_Address type and functions:

-- begin example

with System.Storage_Elements;
with Ada.Text_IO;

procedure ItoA is

    use Ada.Text_IO;
    use System;

    Value : aliased Float := 1.2345;
    -- A variable that we will modify through an overlay,
    -- just to show that we can do it.

    Value_Int_Address : constant Storage_Elements.Integer_Address :=
       Storage_Elements.To_Integer (Value'Address);
    -- The address of Value, as an integer.

    Value_Address : constant Address :=
       Storage_Elements.To_Address (Value_Int_Address);
    -- The address of Value, converted back from its integer form.

    Other_Value : Float;
    for Other_Value'Address use Value_Address;
    -- Other_Value now overlays Value.

begin

    Put_Line ("Value'Address as integer ="
       & Storage_Elements.Integer_Address'Image (Value_Int_Address));

    Put_Line ("Value originally =" & Float'Image (Value));

    Other_Value := 9.8765;

    Put_Line ("Value changed via Other_Value =" & Float'Image (Value));

end ItoA;

-- end example


So the OP should use System.Storage_Elements.To_Address (16#000B_8000#) 
to compute the address (if that number is indeed the right one to use).

It is conceivable that the implementations of System.Storage_Elements in 
two different Ada compilers for the same target system could have 
different interpretations of the Integer_Address type and thus different 
mappings from Integer_Address to System.Address. For example, if the 
target system is only addressable in units of 16-bit words, one compiler 
could choose to use "16-bit word" as the unit of Integer_Address and 
another compiler could choose to use "8-bit octet". For the latter 
compiler, only even values of Integer_Address would be valid. (There are 
some 16-bit processors where different C compilers differ in this way, 
in the addresses that they display in listings and symbol tables.)

For octet-addressable processors Integer_Address in any Ada compiler is 
almost sure to use octet units, so values of Integer_Address should be 
portable across compilers.

-- 
Niklas Holsti
Tidorum Ltd
niklas holsti tidorum fi
       .      @       .

Re: How do I write directly to a memory address?

[anon]

I have watch a number of people showing ways of using the representation 
clause's "attribute_definition_clause" or the "at_clause" to define a 
memory location.  But they forget to say that aome OSs may restrict or 
reject access to real memory even the video memory.

The main problem in using this type of programming is that most OSs used 
today protects their real memory. And also some OSs use framebuffers for 
video memory. So, you may need to alter your code to create a Ada device 
driver server program for your video needs with the main program being a 
client that links to this server to send data to the video. That way you can 
have both the privilege to write to the video memory and/or to correctly 
access the right framebuffer.




In <67063a5b-f588-45ea-bf22-ca4ba0196ee6@l11g2000yqb.googlegroups.com>, Syntax Issues <syntax.issues@gmail.com> writes:
>I am planning to start learning lower-level programming with ada,
>however, I was unable to find a solid tutorial on writing directly to
>a memory address or interfacing with assembly. Does anyone know where
>I can find a reference to some tutorials/information? Below is an
>example of code I would like to be able to implement.
>
>....
>unsigned int print(char *message, unsigned int line)
>{
>	char *vidmem = (char *) 0xb8000;
>	unsigned int i= 0;
>
>	i=(line*80*2);
>
>	while(*message!=0) // 24h
>	{
>		vidmem[i]= *message;
>		*message++;
>		i++;
>		vidmem[i]= 0x7;
>		i++;
>	};
>
>	return(1);
>};
>....
>
>

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 2/11/2011 11:47 PM, Edward Fish wrote:
> But if you're using GNAT you may have noticed that it doesn't allow
> a straight "For Data'Address Use 16#000B_8000#;" because GNAT
> uses a private type and not a derivative of Universal_Integer.
>
> They recommend an implementation-dependent "to_Address" function,
> but that would make things non-portable.

Portable to what? Other systems that also happen to have a two-segment
address with a video frame buffer at 16#000B_8000#? Aren't you being a
little pedantic here?

Re: How do I write directly to a memory address?

[Randy Brukardt]

"Hyman Rosen" <hyrosen@mail.com> wrote in message 
news:4d5872d3$0$1707$882e7ee2@usenet-news.net...
> On 2/11/2011 11:47 PM, Edward Fish wrote:
>> But if you're using GNAT you may have noticed that it doesn't allow
>> a straight "For Data'Address Use 16#000B_8000#;" because GNAT
>> uses a private type and not a derivative of Universal_Integer.
>>
>> They recommend an implementation-dependent "to_Address" function,
>> but that would make things non-portable.
>
> Portable to what? Other systems that also happen to have a two-segment
> address with a video frame buffer at 16#000B_8000#? Aren't you being a
> little pedantic here?

There definitely are different degrees of portabaility. He's probably 
thinking of "portable for the same target", that is, portable to another Ada 
implementation on the same target.

That's not that uncommon of a goal. Claw, for example is intended to be a 
portable interface to Windows, "portable" in the sense that it will work on 
all Ada 95 compilers that target Windows. This is something that has to be 
baked in from the beginning, in that if you get in bad habits of depending 
on implementation-specific behavior, it can be very painful to work out from 
under them.

Portability to any Ada compiler for any target is even better, but it 
doesn't make sense for a lot of applications. (What good does an interface 
to Windows do on Linux?)

                              Randy.

Re: How do I write directly to a memory address?

[Edward Fish]

On Feb 14, 4:25 pm, "Randy Brukardt" <ra...@rrsoftware.com> wrote:
> "Hyman Rosen" <hyro...@mail.com> wrote in message
>
> news:4d5872d3$0$1707$882e7ee2@usenet-news.net...
>
> > On 2/11/2011 11:47 PM, Edward Fish wrote:
> >> But if you're using GNAT you may have noticed that it doesn't allow
> >> a straight "For Data'Address Use 16#000B_8000#;" because GNAT
> >> uses a private type and not a derivative of Universal_Integer.
>
> >> They recommend an implementation-dependent "to_Address" function,
> >> but that would make things non-portable.
>
> > Portable to what? Other systems that also happen to have a two-segment
> > address with a video frame buffer at 16#000B_8000#? Aren't you being a
> > little pedantic here?
>
> There definitely are different degrees of portabaility. He's probably
> thinking of "portable for the same target", that is, portable to another Ada
> implementation on the same target.
>
> That's not that uncommon of a goal. Claw, for example is intended to be a
> portable interface to Windows, "portable" in the sense that it will work on
> all Ada 95 compilers that target Windows. This is something that has to be
> baked in from the beginning, in that if you get in bad habits of depending
> on implementation-specific behavior, it can be very painful to work out from
> under them.


You got it in one.

Re: How do I write directly to a memory address?

[David Thompson]

On Mon, 7 Feb 2011 17:06:06 -0800 (PST), Adam Beneschan
<adam@irvine.com> wrote:
<snip: 'constant' number changed>

> I think C was originally designed for the PDP-11.  It's been ages

Yes and no. C was derived from BCPL and B, which were designed for
large (or at least medium) word machines. When dmr et al got a PDP-11
it led to enough change in B he decided 'new B' deserved a new name.

The PDP-11 architecture certainly influenced a lot of early C code,
especially Unix (which is what B and C were created to do),
particularly using pointers to step through strings and other arrays
rather than subscripting, but it's difficult to see much influence on
the language itself. In particular there is a widespread myth that the
increment/decrement operators p++ *p++ p-- etc. were created for the
autoincrement and autodecrement addressing modes on the -11, but in
fact these operators were in B before the -11 even existed AND B and C
have the full orthogonal set whereas the -11 has only a few cases,
albeit arguably the most useful ones.

> since I did anything with that processor, but my recollection is that
> you could include a 16-bit numeric literal in an instruction.  It
> would take up an extra word, but putting the literal somewhere else
> and including the address in the instruction would also take up an
> extra word, so you wouldn't save anything.  However, if the literal

Cost not save. Immediate (R7)+ takes one word in the instruction.
Somewhere else generally requires either absolute @(R7)+ addr where
addr points to data, or relative offset(R7) R7'+offset points to data;
both of those have a word in the instruction PLUS the data word.
The only exception would be if a register contains a pointer to
(exactly) the data word, and since you have (at most) 6 registers to
work with they can't simultaneously point to very many things.

The decade-subsequent VAX did have a more efficient encoding for short
(8bit, or 16bit) offsets from a register, and enough registers you
could usually leave one or a few pointed at data areas.

> needed to be 32 bits then I can imagine it might have made sense to
> stick it in a global.
> 
But as already noted *in Fortran* all arguments were normally passed
by reference/address. Strictly the standards didn't require this, and
still don't except for some newer special cases, but they did and do
require callees to generally be able to mutate actuals, and the
simplest implementation was usually to always pass by reference.
And to pass by address of course you need a memory location,
although not necessarily a static/global one.

Re: How do I write directly to a memory address?

[David Thompson]

On Tue, 8 Feb 2011 13:31:29 -0800 (PST), Shark8
<onewingedshark@gmail.com> wrote:

> On Feb 8, 1:44�pm, "Dmitry A. Kazakov" <mail...@dmitry-kazakov.de>
> wrote:
> >
> > The next test was this:
> >
> > � �x and FF = ?
> > � �x or FF = ?
> > � �x xor FF = ?
> >
> 
> ...w.t.f.
> That's insane... how is it I'm not even getting to the interview
> stage?
> I could do that; though I'm loathe to in C/C++.
> 
> // we do have a bool type on this compiler, no?

In C++ always; in C99 the functionality is standard under the name
_Bool, but to have the name bool you must #include <stdbool.h>
But bool/_Bool is a single true/false value, see below.

> bool and ( int v1, int v2 )

See below.

> { int result = 0;
>  for (int index = 7; index>=0; --index)
>  { result |= (( v1>>index && v2>>index ) && 1) << index; }

This doesn't do what any sensible person wants; it sets bit # index in
the result if bit # index *or any bit larger in magnitude* (numbered
higher in your numbering) is set in each of v1 and v2.

If you don't want to just do builtin bitwise v1 & v2, you can do
  ... ( (v1>>index)&1 && (v2>>index)&1 ) << index ...
or 
  ... ( v1 & (1<<index) ) && ( v2 & (1<<index) ) ? 1<<index : 0 
which latter can be simplified by changing the loop variable e.g.
  for( mask = 1<<7; mask!=0; mask >>= 1 )
    result |= (v1 & mask) && (v2 & mask) ? mask: 0
which you can further modify to 
  for( mask = 1<<7; mask!=0; mask >>= 1 )
    result |= v1 & v2 & mask;
at which point it's pretty obvious to just do
  result = v1 & v2;

> return result;

If you do compute the bitwise-and correctly above, then for a bool
return type, this would return true=1 if *any* bit is set, false=0 if
none. That makes it useless for the way you try to use it below.
You might as well use int for the return since your inputs did, 
although it would be better to make them both unsigned char, the only
C type likely (but not guaranteed!) to be exactly 8 magnitude bits.

<snip similar or, and parts of xor>

>   int not_and = !and( v1, v2 );

! is 'boolean' complement; it is 1 if the operand is all-zero-bits,
and 0 if the operand has any-one-bits. You want ~ bitwise.

>   int _or = or( v1, v2 );

Most identifiers beginning with underscore are reserved to the
implementation e.g. for 'private' bits in standard headers, since C
can't make them invisible. Some subsets are available, and this one is
among them, but a competent reviewer/etc. will need to check. 
It's easier to eschew such identifiers and safely avoid any problem.
C++ also reserves double-underscore *anywhere* in identifiers.

Re: How do I write directly to a memory address?

[David Thompson]

On Tue, 8 Feb 2011 18:33:46 -0800 (PST), Adam Beneschan
<adam@irvine.com> wrote:

> ... Dmitry asks, "How do you set the third
> bit?", and you say, "Well, if the third bit is a Ready bit in a
> hardware I/O register, I'd define a struct with bit components [yes, I
> think C has those] and just assign 1 to the component, which would be
> more readable than using a mask."  ...

C does have bit-field members of structs, but the standard leaves
implementation-defined whether they go top-to-bottom or bottom-to-top,
and in what size 'storage unit' (NOT the same thing as Ada's). 

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 2/7/2011 11:24 AM, Robert A Duff wrote:
> Hyman Rosen<hyrosen@mail.com>  writes:
>
>> ...And is Ada any
>> more immune than C to little Bobby Tables? (<http://xkcd.com/327/>)
>
> Well, yeah, somewhat.  As I mentioned in another thread:
>
> http://www.adacore.com/2010/03/22/gem-82/
> http://www.adacore.com/2010/04/05/gem-83/
>
> The second "gem" contains a reference to that very
> same xkcd comic you mention above (which I found
> highly amusing!).
>
> Similar things could be done in C, but it's it's rather
> more trouble.

It's somewhat ironic given this discussion that we've recently
seen the GNATColl error which caused incorrect string values to
be inserted into the database! It should serve as a caution to
those who seamlessly transition from "Ada is immune to entire
classes of errors prevalent in C++" to "Ada is immune to errors".

(And yes, I know that when baldly presented this way, everyone
will deny that they have ever said or thought the latter, but it
is the attitude that often comes through.)

Re: How do I write directly to a memory address?

[Dmitry A. Kazakov]

On Tue, 01 Mar 2011 15:27:49 -0500, Hyman Rosen wrote:

> It's somewhat ironic given this discussion that we've recently
> seen the GNATColl error which caused incorrect string values to
> be inserted into the database!

It should serve as a caution against deploying damaging, unsafe and often
useless technologies like RDBMS. There should be no such thing (there
definitely exist better approaches to persistence) and no languages like
SQL.

Though this has nothing to do with Ada or C++, except that C is to blame
for horrific interfaces to the RDBMS, making them worse than SQL requires.

> It should serve as a caution to
> those who seamlessly transition from "Ada is immune to entire
> classes of errors prevalent in C++" to "Ada is immune to errors".

No, Ada is immune exactly to this class of errors, which arise from
unnecessary type conversions. The only reason why conversion is there is
because of inability of C to describe even that pitiful set of datatypes
SQL is capable of. Kick the mess out, rewrite it in Ada, and there will be
no place for these errors. 

There cannot be safety if you communicate unsafe components.

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 3/1/2011 3:47 PM, Dmitry A. Kazakov wrote:
> It should serve as a caution against deploying damaging, unsafe and often
> useless technologies like RDBMS. There should be no such thing (there
> definitely exist better approaches to persistence) and no languages like
> SQL.

Hmm. The whole world uses C and C++, but that's bad. The whole world
uses relational databases and that's bad too. Yet somehow the whole
world seems to get along. Maybe it's just you.

> No, Ada is immune exactly to this class of errors, which arise from
> unnecessary type conversions.

Except that this error has nothing to do with "unnecessary" type
conversions. It is a plain old error due to a failure to distinguish
between a string being interpolated into an SQL statement and a
string being passed to be bound to an SQL statement parameter.

And this is an Ada interface to SQL maintained by the same people
who maintain the GNAT compiler. If they're providing interfaces
with "unnecessary type conversions" that cause errors, why should
anyone believe that programming in Ada is the wonderful thing that
it's proponents claim?

Re: How do I write directly to a memory address?

[Dmitry A. Kazakov]

On Tue, 01 Mar 2011 16:17:48 -0500, Hyman Rosen wrote:

> On 3/1/2011 3:47 PM, Dmitry A. Kazakov wrote:
>> It should serve as a caution against deploying damaging, unsafe and often
>> useless technologies like RDBMS. There should be no such thing (there
>> definitely exist better approaches to persistence) and no languages like
>> SQL.
> 
> Hmm. The whole world uses C and C++, but that's bad. The whole world
> uses relational databases and that's bad too.

There are lot of bad things used by the "whole world," more than you think.

> Yet somehow the whole
> world seems to get along. Maybe it's just you.

No, it is not me, because I am using C, C++ and RDBMS as well.

>> No, Ada is immune exactly to this class of errors, which arise from
>> unnecessary type conversions.
> 
> Except that this error has nothing to do with "unnecessary" type
> conversions. It is a plain old error due to a failure to distinguish
> between a string being interpolated into an SQL statement and a
> string being passed to be bound to an SQL statement parameter.

If that interface were properly typed neither would be a string.

> And this is an Ada interface to SQL maintained by the same people
> who maintain the GNAT compiler. If they're providing interfaces
> with "unnecessary type conversions" that cause errors, why should
> anyone believe that programming in Ada is the wonderful thing that
> it's proponents claim?

They must do it this way, because the database interface is untyped. Lack
of typing relies upon the "competent" programmers making no type errors.
What we see here is the myth "any competent program would never make that
silly error" busted. AdaCore programmers are undoubtedly competent.

Anything that can possibly go wrong, does. (the Murphy's law) This not only
explains why weak typing is wrong. It also does why strong typing will not
be used and why C/C++/SQL/Perl & Co. keep on ruling the "whole world."
*Because* that is wrong!

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de

Re: How do I write directly to a memory address?

[Maciej Sobczak]

On 9 Lut, 22:38, "Dmitry A. Kazakov" <mail...@dmitry-kazakov.de>
wrote:

> > No, because formal and actual are distinct objects in C.
>
> So what? It seems that you are confusing parameter passing mode and
> substitution.

It seems that you are trying to use the Ada terminology with regard to
C, which has its own terminology. And, by the way, its own standard.

> > For sure the word "constructor" does not appear in the C standard, not
> > even once, so I would not bet my money on this requirement.
>
> I used the term constructor because semantically this is not an assignment.

As I have already pointed out some posts before, your recognized style
of discussing is to warp definitions indefinitely just to prove your
point, whatever it is.
The problem is - C has its own standard and that standard says *black
on white* that this is an assignment. The standard says so. Amen. End
of story. If you say something else, then you are going nowhere.

> Assignment destroys the target and then constructs new object.

No. Assignment does not destroy anything and does not construct
anything. Especially in the languages that has no destructors and no
constructors. The standard says so.

Ironically, you got it wrong not only for C (by completely ignoring
its own standard), but you have even got it wrong for Ada (5.2/1):

"An assignment_statement replaces the current value of a variable with
the result of evaluating an expression."

No destruction and no construction is mentioned in this chapter. Not
even once.

And it would be surprising to see them there, because in Ada, as in C,
the identity of the mutable object is preserved across assignment.
Atomicity of the process is yet another story. You would have to
invent a lot of additional stuff up in order for your theory to be
self consistent.

> No, I am applying a typed language terminology.

Your own terminology? Destruction and construction are processes that
do not need to occur in order for the assignment to take place and
this has nothing to do with any given language being typed or not. You
are just making things up now.

We are going nowhere with this discussion.

--
Maciej Sobczak * www.msobczak.com * www.inspirel.com

Re: How do I write directly to a memory address?

[Pascal Obry]

Hyman,

> It's somewhat ironic given this discussion that we've recently
> seen the GNATColl error which caused incorrect string values to
> be inserted into the database! It should serve as a caution to
> those who seamlessly transition from "Ada is immune to entire
> classes of errors prevalent in C++" to "Ada is immune to errors".

Right, but note that this is an *interface* problem which does not 
involve Ada only. I've also seen many problems to have proper 
implementation for filenames with spaces and pathnames with slashes or 
backslash. Quoting the spaces, escaping for the backslashes when passing 
to OS process... Again is that really Ada fault, I would say not but I 
may be biased.

Pascal.

-- 

--|------------------------------------------------------
--| Pascal Obry                           Team-Ada Member
--| 45, rue Gabriel Peri - 78114 Magny Les Hameaux FRANCE
--|------------------------------------------------------
--|    http://www.obry.net  -  http://v2p.fr.eu.org
--| "The best way to travel is by means of imagination"
--|
--| gpg --keyserver keys.gnupg.net --recv-key F949BD3B

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 3/1/2011 4:37 PM, Dmitry A. Kazakov wrote:
> They must do it this way, because the database interface is untyped.

That makes no sense. They are providing a programming interface
for Ada to SQL. Whatever is the actual interface to the database
should not have any influence on the proper way to define this.
And SQL isn't "untyped". It supports a rather small set of data
types that can be stored in tables. It seems to me one cannot
design an Ada interface that requires passing data using
      Params => (1 => +Name'Access)
and then blame the results on anything but themselves.

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 3/1/2011 4:52 PM, Pascal Obry wrote:
>> It's somewhat ironic given this discussion that we've recently
>> seen the GNATColl error which caused incorrect string values to
>> be inserted into the database! It should serve as a caution to
>> those who seamlessly transition from "Ada is immune to entire
>> classes of errors prevalent in C++" to "Ada is immune to errors".
>
> Right, but note that this is an *interface* problem which does not
 > involve Ada only. I've also seen many problems to have proper
> implementation for filenames with spaces and pathnames with slashes
 > or backslash. Quoting the spaces, escaping for the backslashes
> when passing to OS process... Again is that really Ada fault, I would
 > say not but I may be biased.

What does that mean? Every program ultimately interfaces with its
environment and must do so in the correct way. When a program gets
this wrong then it has an error, and that is true even when the
program is written in Ada. This example proves that Ada programmers,
even ostensibly good ones who work for the company that makes the
compiler, can make "stupid" mistakes like putting in extra quotes
where they don't belong. That's a given, of course, because no one
is immune to this sort of error, but as I said, in these language
wars people erroneously progress from "my language is immune to a
certain class of errors" to "my language is immune to errors".

Re: How do I write directly to a memory address?

[Randy Brukardt]

"Hyman Rosen" <hyrosen@mail.com> wrote in message 
news:4d6d6e60$0$11509$882e7ee2@usenet-news.net...
> On 3/1/2011 4:52 PM, Pascal Obry wrote:
...
>> Right, but note that this is an *interface* problem which does not
> > involve Ada only. I've also seen many problems to have proper
>> implementation for filenames with spaces and pathnames with slashes
> > or backslash. Quoting the spaces, escaping for the backslashes
>> when passing to OS process... Again is that really Ada fault, I would
> > say not but I may be biased.
>
> What does that mean? Every program ultimately interfaces with its
> environment and must do so in the correct way.

If "the environment" had a strongly typed Ada interface, then the error 
could not occur there. I suppose eventually you'll get to hardware that is 
untyped and have a source of errors at that point, but that interface can be 
minimized far more than it is. Indeed, even hardware can be typed (consider 
the Rational R1000, which was an Ada computer even in the hardware).

It is clear that many errors occur in interfacing (far more than occur in 
Ada itself); the solution is to minimize the interfacing as much as 
possible.

(Anyone that thinks that *all* errors are avoidable is an idiot. But a lot 
of errors are avoidable, far more than we actually avoid in practice.)

                        Randy.

Re: How do I write directly to a memory address?

[Nasser M. Abbasi]

On 3/1/2011 4:41 PM, Randy Brukardt wrote:

>
> It is clear that many errors occur in interfacing (far more than occur in
> Ada itself); the solution is to minimize the interfacing as much as
> possible.
>

Yes, Just use global variables everywhere.

:)

Seriously though, what do you mean by "minimize the interfacing as much as
possible"?

doesn't this depend on the specific situation and the protocol between the
entities involved?

May be a concrete example would help.

thanks
--Nasser

Re: How do I write directly to a memory address?

[Dmitry A. Kazakov]

On Tue, 01 Mar 2011 16:54:04 -0500, Hyman Rosen wrote:

> On 3/1/2011 4:37 PM, Dmitry A. Kazakov wrote:
>> They must do it this way, because the database interface is untyped.
> 
> That makes no sense. They are providing a programming interface
> for Ada to SQL.

No, they do to the PostgreSQL client, which is in C.

SQL cannot be interfaced at all, unless embedded.

> It seems to me one cannot
> design an Ada interface that requires passing data using
>       Params => (1 => +Name'Access)

I don't understand this. Of course they can and they did. The Ada interface
used exactly this way of parameter passing. Where is a problem.

All problems are on the client size, which is untyped because C cannot
capture the set of DB types, and RDBMS is unable to describe the semantics
and internal representation of these types. Ada cannot save you of you are
sitting on top of a cesspit. You are already there, enjoy it!

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de

Re: How do I write directly to a memory address?

[Pascal Obry]

Le 01/03/2011 23:08, Hyman Rosen a �crit :
> What does that mean? Every program ultimately interfaces with its
> environment and must do so in the correct way. When a program gets
> this wrong then it has an error, and that is true even when the

Exactly... So what? One single example: creating an interface to spawn 
executable which must work on Windows and UNIXes. Have you do so? I've 
been there and this is overly complex, not because Ada but because 
issues I have descibed (quoting, slash/backslash) and this because all 
this is *untyped* programming.

When this is done it is just trivial and safe to use the interface. 
That's the problem we are discussing with GNATcoll.

Pascal.

-- 

--|------------------------------------------------------
--| Pascal Obry                           Team-Ada Member
--| 45, rue Gabriel Peri - 78114 Magny Les Hameaux FRANCE
--|------------------------------------------------------
--|    http://www.obry.net  -  http://v2p.fr.eu.org
--| "The best way to travel is by means of imagination"
--|
--| gpg --keyserver keys.gnupg.net --recv-key F949BD3B

Re: How do I write directly to a memory address?

[Dmitry A. Kazakov]

On Wed, 02 Mar 2011 10:19:33 +0100, Pascal Obry wrote:

> I've 
> been there and this is overly complex, not because Ada but because 
> issues I have descibed (quoting, slash/backslash) and this because all 
> this is *untyped* programming.

BTW, my major objection to the design of Ada.Directories is that path and
file name were made "untyped" Strings. That is not Ada!

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de

Re: How do I write directly to a memory address?

[Nasser M. Abbasi]

On 3/2/2011 1:31 AM, Dmitry A. Kazakov wrote:
> On Wed, 02 Mar 2011 10:19:33 +0100, Pascal Obry wrote:
>
>> I've
>> been there and this is overly complex, not because Ada but because
>> issues I have descibed (quoting, slash/backslash) and this because all
>> this is *untyped* programming.
>
> BTW, my major objection to the design of Ada.Directories is that path and
> file name were made "untyped" Strings. That is not Ada!
>

I wonder what you would think then of the new Java feature (in JDK 7) in
which one can do now do a switch on a string literal?

http://tech.puredanger.com/java7/#switch

--------------------------------
Description: Allow switch statements to use strings in the case blocks.

Example:

static boolean booleanFromString(String s) {
switch(s) {
case "true":
return true;
case "false":
return false;
}
throw new IllegalArgumentException(s);
}
-------------------------

Another example I saw:
http://www.zparacha.com/features-coming-java-7/

----------------------------
swith(clientID){
   case "eStore":
     callEStore();
     break;
  case "Retail":
    calRetail();
    break;
  case "CSR":
    callCSR();
    break;
    default:
    invalidClient();
  }
-----------------------

It seems like it might be a convenient feature?

--Nasser

Re: How do I write directly to a memory address?

[Georg Bauhaus]

On 3/2/11 10:45 AM, Nasser M. Abbasi wrote:

> ----------------------------
> swith(clientID){
> case "eStore":
> callEStore();
> break;
> case "Retail":
> calRetail();
> break;
> case "CSR":
> callCSR();
> break;
> default:
> invalidClient();
> }
> -----------------------
>
> It seems like it might be a convenient feature?

The feature is present in Eiffel and C#.  The syntax looks nicely
clean, compared to repeated ifelse.  Is it healthy in practice?
If a convenience, and welcome as such, what kinds of programs
will the feature make more likely when in the hands of programmers?

With Java 5 enumeration types, you can already link strings and
methods to enumeration literals. And then still use enums, not
strings, for making distinctions.  If Java 5 were Ada, a Java
programmer could then switch on an enum and be sure that all cases
are covered specifically (no "others" or "default").  This cannot
be achieved with an untyped selection of strings (i.e. not some
type's set of strings), since no case coverage is possible.

You might also end up with two kinds of string literals in your
Java program, but not with two types, since there is only one
for string literals:

(1) Strings that can be "internationalized" and
(2) strings that can't because they control program logic in some
    switch statement.

Or can you switch natural languages while the Java program is
running and still assume that the switch {} will be working as
it should? Can the translation of the switch still be efficient?

Granted, similar issues can affect ifelse, e.g. when a
translation produces the same word W for two different words
W1 and W2 of the original language.

Conclusion:

controlling program flow by inspecting string values creates
maintenance effort and program translation issues caused by
the absence of distinguished types.

Re: How do I write directly to a memory address?

[Dmitry A. Kazakov]

On Wed, 02 Mar 2011 01:45:27 -0800, Nasser M. Abbasi wrote:

> I wonder what you would think then of the new Java feature (in JDK 7) in
> which one can do now do a switch on a string literal?
> 
> http://tech.puredanger.com/java7/#switch
> 
> --------------------------------
> Description: Allow switch statements to use strings in the case blocks.

There are problems with this. Case statement in Ada has non-overlapping
alternatives checked at compile time. So if more or less complex patterns
are used as alternatives, which is the next logical step, it quickly
becomes undecidable. Furthermore matching against a string has too many
parameters varying from case to case (e.g. case-sensitivity). And it shall
have side effects. Usually it is a character stream to match for a pattern.
The side effect is that the matched string is consumed.

If you are interested in an Ada solution, here is one:

   http://www.dmitry-kazakov.de/ada/tables.htm

This is a library that matches strings against a list of alternatives. It
is also integrated into the parser here:

   http://www.dmitry-kazakov.de/ada/components.htm#12.4

which is table driven. In particular, see 12.4.4. You can instantiate the
generic package with an Ada enumeration type and match the source for it.

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 3/1/2011 7:41 PM, Randy Brukardt wrote:
> If "the environment" had a strongly typed Ada interface,
 > then the error could not occur there.

Isn't it the case that Ada proponents argue that Ada is a good
(and possibly the best) programming language in general, and not
just when interfacing to a strongly typed Ada interface? I sense
an attitude of "If it's good, thank Ada. If it's bad, it's the
fault of something else."

Re: How do I write directly to a memory address?

[Ludovic Brenta]

Hyman Rosen wrote:
> On 3/1/2011 7:41 PM, Randy Brukardt wrote:
>> If "the environment" had a strongly typed Ada interface,
>> then the error could not occur there.
>
> Isn't it the case that Ada proponents argue that Ada is a good
> (and possibly the best) programming language in general, and not
> just when interfacing to a strongly typed Ada interface? I sense
> an attitude of "If it's good, thank Ada. If it's bad, it's the
> fault of something else."

I think everyone is correct here.

I maintain that Ada is the best language that I know; this does not
make all Ada programs or bindings perfect, and in fact could induce
programmers into complacency.  Trying to blame this  GNATColl bug on
SQL or on C is dishonest, IMHO.  A bug is a bug and we, perfectionist
Ada programmers, should know better than trying to find excuses.

OTOH, it is also true that interfacing Ada with a weakly-typed
language such as SQL and C is just as error-prone as programming in
SQL or C in the first place.  That's where perfectionist Ada
programmers should show the attention to detail they've learned with
the strongly-typed language, but without help from the compiler.

--
Ludovic Brenta.

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 3/2/2011 3:42 AM, Dmitry A. Kazakov wrote:
> On Tue, 01 Mar 2011 16:54:04 -0500, Hyman Rosen wrote:
>> On 3/1/2011 4:37 PM, Dmitry A. Kazakov wrote:
>>> They must do it this way, because the database interface is untyped.
>> That makes no sense. They are providing a programming interface
>> for Ada to SQL.
> No, they do to the PostgreSQL client, which is in C.
> SQL cannot be interfaced at all, unless embedded.

No. They are providing the client programmer an interface to SQL in
Ada. That they then have to implement this interface via the C Postgres
SQL client should be irrelevant to what the client Ada programmer sees.
Isn't that what Ada programmers want?

> I don't understand this.

Try not clipping out the last half of my sentence, then.

> All problems are on the client size, which is untyped because C cannot
> capture the set of DB types, and RDBMS is unable to describe the semantics
> and internal representation of these types. Ada cannot save you of you are
> sitting on top of a cesspit. You are already there, enjoy it!

You may wave your hands and rant all you like, but in fact the error
was a simple one - the programmer of the SQL interface made a mistake
and added quotes to strings which were being bound to parameters, where
this should not be done.

Ada is great at avoiding out-of-bounds array access and null pointer
indirection. It's great at making sure you don't forget a case in a
case statement. It won't protect you against the same old dumb logic
errors that creep into any program.

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 3/2/2011 4:19 AM, Pascal Obry wrote:
> Le 01/03/2011 23:08, Hyman Rosen a �crit :
>> What does that mean? Every program ultimately interfaces with its
>> environment and must do so in the correct way. When a program gets
>> this wrong then it has an error, and that is true even when the
>
> Exactly... So what? One single example: creating an interface to
 > spawn executable which must work on Windows and UNIXes. Have you do
> so? I've been there and this is overly complex, not because Ada but
 > because issues I have descibed (quoting, slash/backslash) and
> this because all this is *untyped* programming.

Actually, the error in this case is believing that there should
be such a single interface for both UNIX and Windows. It stems
from laziness. (I'll bet the UNIX version existed first, and then
got hammered on to try to make it work for Windows.) It's part of
the same parcel as leads Dewar to rail against college CS programs
which require students to write programs with GUIs.

Programmers, who are lazy by nature, will be very happy to blame
portability for failure to provide access to native features in
the way that other native applications do.

> When this is done it is just trivial and safe to use the interface.
 > That's the problem we are discussing with GNATcoll.

No, it's not. GNATcoll had a very plain and simple error - it added
quotes around a string that it should have left alone.

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 3/2/2011 9:34 AM, Ludovic Brenta wrote:
> OTOH, it is also true that interfacing Ada with a weakly-typed
> language such as SQL and C is just as error-prone as programming in
> SQL or C in the first place.

I don't understand or believe the claim that programming in SQL is
error-prone, whether directly or through an interface. I also don't
understand or believe the claim that SQL is weakly typed.

Can you explain?

Re: How do I write directly to a memory address?

[Pascal Obry]

Le 02/03/2011 15:59, Hyman Rosen a �crit :
> I don't understand or believe the claim that programming in SQL is
> error-prone, whether directly or through an interface. I also don't
> understand or believe the claim that SQL is weakly typed.

You seem to put lot of efforts to not understand.

> Can you explain?

Sure, the subject is *interfacing*. There is no check done when crossing 
borders.

Pascal.

-- 

--|------------------------------------------------------
--| Pascal Obry                           Team-Ada Member
--| 45, rue Gabriel Peri - 78114 Magny Les Hameaux FRANCE
--|------------------------------------------------------
--|    http://www.obry.net  -  http://v2p.fr.eu.org
--| "The best way to travel is by means of imagination"
--|
--| gpg --keyserver keys.gnupg.net --recv-key F949BD3B

Re: How do I write directly to a memory address?

[Dmitry A. Kazakov]

On Wed, 02 Mar 2011 09:36:50 -0500, Hyman Rosen wrote:

> That they then have to implement this interface via the C Postgres
> SQL client should be irrelevant

This is where the bug was, in interfacing the PostgreSQL client. It has
nothing to do with Ada.

>> All problems are on the client size, which is untyped because C cannot
>> capture the set of DB types, and RDBMS is unable to describe the semantics
>> and internal representation of these types. Ada cannot save you of you are
>> sitting on top of a cesspit. You are already there, enjoy it!
> 
> You may wave your hands and rant all you like, but in fact the error
> was a simple one - the programmer of the SQL interface made a mistake
> and added quotes to strings which were being bound to parameters, where
> this should not be done.

And if the interface were typed that could never happen.

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 3/2/2011 10:19 AM, Pascal Obry wrote:
> Le 02/03/2011 15:59, Hyman Rosen a �crit :
>> I don't understand or believe the claim that programming in SQL is
>> error-prone, whether directly or through an interface. I also don't
>> understand or believe the claim that SQL is weakly typed.
>
> You seem to put lot of efforts to not understand.

No, I just refuse to believe self-serving claims put forth
without supporting evidence.

>> Can you explain?
>
> Sure, the subject is *interfacing*. There is no check done when crossing borders.

The OP claimed that programming in SQL is error prone.
What borders are involved there? As for interfacing,
when processing the results of a query the underlying
interface makes available the name and data type of each
result as well as its value. Since this is ultimately a
network protocol, what else can be expected? Any further
desired type safety must be done by the receiving program.

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 3/2/2011 10:30 AM, Dmitry A. Kazakov wrote:
> This is where the bug was, in interfacing the PostgreSQL client.
 > It has nothing to do with Ada.

The error was not in interfacing with the client. The error
as wrapping a string parameter in quotes when it was incorrect
to do so. It has nothing to do with Ada except to demonstrate
that using Ada does not prevent a programmer from making the
same stupid logic errors that programmers make elsewhere. It
apparently also demonstrates that Ada programmers will seek to
deflect blame away from themselves and their pet language just
as much as anyone else.

> And if the interface were typed that could never happen.

What prevented the GNATColl authors from providing such an
interface?

Re: How do I write directly to a memory address?

[Ludovic Brenta]

Hyman Rosen wrote on comp.lang.ada:
> On 3/2/2011 9:34 AM, Ludovic Brenta wrote:
>
>> OTOH, it is also true that interfacing Ada with a weakly-typed
>> language such as SQL and C is just as error-prone as programming in
>> SQL or C in the first place.
>
> I don't understand or believe the claim that programming in SQL is
> error-prone, whether directly or through an interface. I also don't
> understand or believe the claim that SQL is weakly typed.
>
> Can you explain?

If you insist: http://xkcd.com/327/

Also, SQL lacks integer types with range checking like Ada has had
since
1979.

--
Ludovic Brenta.

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 3/2/2011 10:49 AM, Ludovic Brenta wrote:
> If you insist: http://xkcd.com/327/

The little Bobby Tables bug (SQL injection) arises when
programmers construct SQL statements through string
concatenation without sanitizing user inputs. This is
not the fault of SQL. Instead, using parameters with
prepared SQL statements avoids the problem, and it was
in this case that GNATColl erroneously added quotes to
strings.

> Also, SQL lacks integer types with range checking like Ada has had
> since 1979.

That's false. See, for example,
<http://manuals.sybase.com/onlinebooks/group-as/asg1250e/sqlug/@Generic__BookTextView/21464>
You can do
     create table joe ( harry int not null check ( harry between 42 and 84 ) )
and then you will not be able to insert values into the
table that are not in the permitted range.

Re: How do I write directly to a memory address?

[Georg Bauhaus]

On 02.03.11 16:40, Hyman Rosen wrote:

> What prevented the GNATColl authors from providing such an
> interface?

It may not always be possible.

Speaking more generally, there should be good reasons for
relying on string literals that represent structured information.
Such as calendar dates, which could easily be of a type other
than string, in any language supporting user defined, structured
types.

structure {
  .y = 2011,
  .m = 3,
  .d = 2
}

(I'll guess that PostgreSQL might let us define our own DATE
types, named differently, though.)

MySQL, for example, is very lenient. Sometimes in ways that
must lead to "erroneous execution".  You pass a value that is
not a valid value of the type.  An Ada compiler would tell you
in similar situations.  (So would a C compiler.) MySQL won't.
It might warn if you ask it.  But in "normal operation", it
continues with whatever it is programmed to substitute for
the incorrect value.

CREATE TEMPORARY TABLE T (TM TIME NOT NULL);

SELECT CAST('2011-02-02' AS DATE);

+----------------------------+
| 2011-02-02                 |
+----------------------------+

SELECT CAST('02-02-2011' AS DATE);

+----------------------------+
| NULL                       |
+----------------------------+

INSERT INTO T VALUES ('02-02-2011');
Query OK, 1 row affected, 1 warning (0.00 sec)

SELECT * FROM T;

+----------+
| 00:00:02 |
+----------+

INSERT INTO T VALUES ('02-02-2011');
Query OK, 1 row affected, 1 warning (0.00 sec)

SHOW WARNINGS;
+---------+------+-----------------------------------------+
| Warning | 1265 | Data truncated for column 'TM' at row 1 |
+---------+------+-----------------------------------------+

The fact that MySQL still drives many sites will neither bring back
the time spent fighting its leniency nor compensate for the amount
of anger created when confronted with its idiosyncrasies.
It is fast and cheap, though.  That's why it drives many sites.

A good (Ada) interface might try to provide a structured calendar
date type.  I doubt that such an interface will make the practical
programmer happy.

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 3/2/2011 11:25 AM, Georg Bauhaus wrote:
> A good (Ada) interface might try to provide a structured calendar
> date type.  I doubt that such an interface will make the practical
> programmer happy.

Why in the world not? Dealing with date and time properly is one
of the most complex issues a programmer faces. A good interface
would be welcomed, not rejected.

Also, I find it difficult to envision the circumstances under which
a program must deal with all the possible ways in which a date can
be written as a string, so the leniency or peculiarity of MySQL ought
not to cause practical difficulties.

Re: How do I write directly to a memory address?

[Dmitry A. Kazakov]

On Wed, 02 Mar 2011 10:40:19 -0500, Hyman Rosen wrote:

> On 3/2/2011 10:30 AM, Dmitry A. Kazakov wrote:
>> This is where the bug was, in interfacing the PostgreSQL client.
>  > It has nothing to do with Ada.
> 
> The error was not in interfacing with the client.

It is.

> The error
> as wrapping a string parameter in quotes when it was incorrect
> to do so. It has nothing to do with Ada except to demonstrate
> that using Ada does not prevent a programmer from making the
> same stupid logic errors that programmers make elsewhere.

Of course it does. No Ada programmer would add anything to an actual
parameter. Things are passed as-is in Ada. It was a requirement of untyped
SQL to quote strings in a statement, as well as using other idiotic escape
sequences.

>> And if the interface were typed that could never happen.
> 
> What prevented the GNATColl authors from providing such an
> interface?

PostreSQL.

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 3/2/2011 12:21 PM, Dmitry A. Kazakov wrote:
> It is.

It isn't.

> Of course it does. No Ada programmer would add anything to an actual
> parameter.

The GNATColl code did so.

> Things are passed as-is in Ada. It was a requirement of untyped
> SQL to quote strings in a statement

This is nonsense. Ada has exactly the same requirement.
In Ada, you cannot write
     Ada.Text_IO.Put_Line (Hello, world!);
you must write
     Ada.Text_IO.Put_Line ("Hello, world!");

SQL is a type of programming language, and SQL statements that
involve literal strings must have them be quoted. Programmers
sometimes construct SQL statements dynamically and interpolate
data as string literals into the SQL, and then those must be
properly quoted. But SQL interfaces also grant the ability to
build SQL statements with placeholder parameters where values
for those parameters are passed separately when the statements
are executed, and in that case the parameters are simply passed
as-is with no quoting required.

> as well as using other idiotic escape sequences.

But Ada has the same idiocy:
<http://www.adaic.org/resources/add_content/standards/05rm/html/RM-2-6.html>
     string_literal ::= "{string_element}"
     string_element ::= "" | non_quotation_mark_graphic_character

>>> And if the interface were typed that could never happen.
>>
>> What prevented the GNATColl authors from providing such an
>> interface?
>
> PostreSQL.

No, because GNATColl provided an interface to Ada programmers.
That interface was free to use any Ada design methodology and
type design that its creators wished to use, regardless of the
requirements of the Postgres programming interface.

Re: How do I write directly to a memory address?

[Dmitry A. Kazakov]

On Wed, 02 Mar 2011 12:40:26 -0500, Hyman Rosen wrote:

> On 3/2/2011 12:21 PM, Dmitry A. Kazakov wrote:
> 
>> Of course it does. No Ada programmer would add anything to an actual
>> parameter.
> 
> The GNATColl code did so.

Because they interfaced a PostreSQL client.
 
>> Things are passed as-is in Ada. It was a requirement of untyped
>> SQL to quote strings in a statement
> 
> This is nonsense. Ada has exactly the same requirement.
> In Ada, you cannot write
>      Ada.Text_IO.Put_Line (Hello, world!);
> you must write
>      Ada.Text_IO.Put_Line ("Hello, world!");

Hello world! is not a string.

> SQL is a type of programming language, and SQL statements that
> involve literal strings must have them be quoted.

Literal strings need not be quoted. Quotes is an integral part of the
literal. The resulting string does not have quotes.

When an Ada subprogram is called no quotes are required as in your example
with Put_Line. A string object is passed as-is be it a literal or not. But
interfacing SQL requires quotes because it requires a conversion of a
native string object to its would be equivalent textual representation in
the SQL syntax. This is a source of errors as expected, because it is
untyped. There is no way the program can be checked for type errors. Either
random string represent a legal SQL statement of the semantics nobody can
tell, or not. That is to happen at run time.

> Programmers
> sometimes construct SQL statements dynamically and interpolate
> data as string literals into the SQL, and then those must be
> properly quoted.

Things they need not to do when they writing in Ada.

> But SQL interfaces also grant the ability to
> build SQL statements with placeholder parameters where values
> for those parameters are passed separately when the statements
> are executed, and in that case the parameters are simply passed
> as-is with no quoting required.

Nope. The DB driver converts data types with often unpredictable results.
There are complex charts describing [always] partial correspondence between
C and SQL types when parameters are bound. This is the essence of being
weakly typed.

>>>> And if the interface were typed that could never happen.
>>>
>>> What prevented the GNATColl authors from providing such an
>>> interface?
>>
>> PostreSQL.
> 
> No, because GNATColl provided an interface to Ada programmers.
> That interface was free to use any Ada design methodology and
> type design that its creators wished to use, regardless of the
> requirements of the Postgres programming interface.

There was no error in how GNATColl was used by the OP. So the design
methodology has indeed payed off.

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 3/2/2011 1:04 PM, Dmitry A. Kazakov wrote:
>> On 3/2/2011 12:21 PM, Dmitry A. Kazakov wrote:
>>> Of course it does. No Ada programmer would add anything to an actual
>>> parameter.
>> The GNATColl code did so.
> Because they interfaced a PostreSQL client.

But that client didn't want the quotes. The GNATColl Ada programmers
made a mistake.

> Hello world! is not a string.

Correct, neither in Ada nor in SQL. It must be quoted to become one.

>> SQL is a type of programming language, and SQL statements that
>> involve literal strings must have them be quoted.
>
> Literal strings need not be quoted. Quotes is an integral part of the
> literal. The resulting string does not have quotes.

Programmers construct pieces of SQL code, interpolating strings
into those constructs so that those interpolated strings become
string literals in the SQL code. In that created SQL code, the
interpolated strings must be quoted.

> When an Ada subprogram is called no quotes are required as in your example
> with Put_Line. A string object is passed as-is be it a literal or not.

If a programmer were to create the line of Ada dynamically and
interpolate a string into the result, he would be faced with
exactly the same problem. You seem to have a major difficulty
in understanding that programmers are creating code dynamically.


> But
> interfacing SQL requires quotes because it requires a conversion of a
> native string object to its would be equivalent textual representation in
> the SQL syntax.

That is false, because SQL interfaces also provide ways to pass
parameters separately, not through textual interpolation. It was
in this approach that GNATColl had an error, erroneously converting
to the textual representation when it was not required.

 > This is a source of errors as expected, because it is
> untyped. There is no way the program can be checked for type errors. Either
> random string represent a legal SQL statement of the semantics nobody can
> tell, or not. That is to happen at run time.

This is again false. A dynamic SQL builder in Ada could be created
that represented SQL statements using hierarchical Ada types and
objects, and produced the final SQL string representation upon
execution. In fact, GNATColl uses this approach:
     <http://www.adacore.com/wp-content/files/auto_update/gnatcoll-docs/gnatcoll.html#Writing-queries>
It also allows prepared queries with parameters, and it was in
processing those parameters that the programmers simply screwed up
and added quotes where they shouldn't have, because they got mixed
up between generating the literal code and passing the parameters.

Re: How do I write directly to a memory address?

[Georg Bauhaus]

On 02.03.11 17:40, Hyman Rosen wrote:
> On 3/2/2011 11:25 AM, Georg Bauhaus wrote:
>> A good (Ada) interface might try to provide a structured calendar
>> date type.  I doubt that such an interface will make the practical
>> programmer happy.
> 
> Why in the world not?

I was told that today's programmers have grown accustomed
to handling calendar dates as strings. Briefly. That they expect
to be able to pass these strings to calendar date handling libraries
and back. As strings.  And then just output whatever the library
computes.
Anything like Ada.Calendar is too bothersome, as important things
should be done with ease, with little writing, handled by good
libraries.  The good interface to the complexities of properly
dealing with time and date would be

- Pass a date string (that is automagically parsed by the library)
- Say add_days(2)
- Get the resulting date string

The permitted level of noise in date and time computations
would be something like

date_string = DOM_document.getElementById("date_of_birth").text()
if
  Calendar.get_month(date_string) = Calendar.current_month()
then
   ...


> Also, I find it difficult to envision the circumstances under which
> a program must deal with all the possible ways in which a date can
> be written as a string, so the leniency or peculiarity of MySQL ought
> not to cause practical difficulties.

The difficulty is the silent bugs introduced when some subsystem of
a program produces "legacy calendar date" strings.  They tend to be
of some non-standard form, one that is not compatible with MySQL's
expectations, but that MySQL does not reject. You might then
notice the effects when it is too late.

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 3/2/2011 1:44 PM, Georg Bauhaus wrote:
> I was told that today's programmers have grown accustomed
> to handling calendar dates as strings.

It's not intrinsically horrible to do things this way
provided you have proper control over your inputs so
that you know you are starting with valid data. But it
obviously makes it easier to lose that control, because
people will be tempted to start fiddling with the data
outside of what the library offers.

I can't say that I've ever written code that way, nor
seen others do so. I've always used data types to hold
dates and times. The only problem is that I've had to
deal with many such types and conversions between them.

> The difficulty is the silent bugs introduced when some subsystem of
> a program produces "legacy calendar date" strings.  They tend to be
> of some non-standard form, one that is not compatible with MySQL's
> expectations, but that MySQL does not reject. You might then
> notice the effects when it is too late.

Yes. If you can't trust your library do to date conversion
properly, then you must add your own validation module and
sanitize all inputs before passing them along. And then it
becomes easy to miss a case and let an error slip through.

Re: How do I write directly to a memory address?

[KK6GM]

On Mar 1, 1:17 pm, Hyman Rosen <hyro...@mail.com> wrote:
> On 3/1/2011 3:47 PM, Dmitry A. Kazakov wrote:
>
> > It should serve as a caution against deploying damaging, unsafe and often
> > useless technologies like RDBMS. There should be no such thing (there
> > definitely exist better approaches to persistence) and no languages like
> > SQL.
>
> Hmm. The whole world uses C and C++, but that's bad. The whole world
> uses relational databases and that's bad too. Yet somehow the whole
> world seems to get along. Maybe it's just you.

Extrapolating the 2002 NIST study on the cost of software defects, the
whole world "gets along" with a loss of about $350 billion every year
due to buggy software.  By way of comparison, the cost of the entire
Apollo space program, in today's dollars, was about half that amount.

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 3/2/2011 3:34 PM, KK6GM wrote:
> Extrapolating the 2002 NIST study on the cost of software defects, the
> whole world "gets along" with a loss of about $350 billion every year
> due to buggy software.  By way of comparison, the cost of the entire
> Apollo space program, in today's dollars, was about half that amount.

Yeah, you know? I'll bet those numbers are like the amount of
money "lost due to piracy".

Re: How do I write directly to a memory address?

[Vinzent Hoefler]

Hyman Rosen wrote:

> On 3/2/2011 3:34 PM, KK6GM wrote:
>> Extrapolating the 2002 NIST study on the cost of software defects, the
>> whole world "gets along" with a loss of about $350 billion every year
>> due to buggy software.  By way of comparison, the cost of the entire
>> Apollo space program, in today's dollars, was about half that amount.
>
> Yeah, you know? I'll bet those numbers are like the amount of
> money "lost due to piracy".

Actually, no. While "lost due to piracy" are pure virtual numbers, because
they are based on something that could have happened, the cost of recalls,
bug-fix cycles etc. are quite real and measurable. Because they did happen.


Vinzent.

-- 
A C program is like a fast dance on a newly waxed dance floor by people carrying
razors.
   --  Waldi Ravens

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 3/2/2011 4:03 PM, Vinzent Hoefler wrote:
> Actually, no. While "lost due to piracy" are pure virtual numbers, because
> they are based on something that could have happened, the cost of recalls,
> bug-fix cycles etc. are quite real and measurable. Because they did happen.

The recalls and problems may have happened, but I have serious doubts
whether their costs were, or even can be, measured accurately. Also,
what is not measured is the opportunity cost of applying error prevention
developmental methodologies to all produced software. I might speculate
that this would cost substantially more than remediation in case of error.

Re: How do I write directly to a memory address?

[KK6GM]

On Mar 2, 1:13 pm, Hyman Rosen <hyro...@mail.com> wrote:
> On 3/2/2011 4:03 PM, Vinzent Hoefler wrote:
>
> > Actually, no. While "lost due to piracy" are pure virtual numbers, because
> > they are based on something that could have happened, the cost of recalls,
> > bug-fix cycles etc. are quite real and measurable. Because they did happen.
>
> The recalls and problems may have happened, but I have serious doubts
> whether their costs were, or even can be, measured accurately. Also,
> what is not measured is the opportunity cost of applying error prevention
> developmental methodologies to all produced software. I might speculate
> that this would cost substantially more than remediation in case of error.

Why would you assume any positive opportunity cost at all (as opposed
to a negative opportunity cost, that is, a savings)?  Why would you
assume that the entire software development/maintenance cycle is
cheaper when using tools and methods that produce more bugs?

Re: How do I write directly to a memory address?

[Dmitry A. Kazakov]

On Wed, 02 Mar 2011 13:29:56 -0500, Hyman Rosen wrote:

> If a programmer were to create the line of Ada dynamically and
> interpolate a string into the result, he would be faced with
> exactly the same problem. You seem to have a major difficulty
> in understanding that programmers are creating code dynamically.

Yes, if Ada were such a pitiful language as SQL is, but fortunately Ada is
not. Problems arise when Ada meets SQL, C and similar mess.

>> But
>> interfacing SQL requires quotes because it requires a conversion of a
>> native string object to its would be equivalent textual representation in
>> the SQL syntax.
> 
> That is false, because SQL interfaces also provide ways to pass
> parameters separately, not through textual interpolation.

Prepared statements and bound parameters is not a part of SQL. In any case
there is no warranty that the driver does not do the same thing for bound
parameters. It depends on the SQL interpreter of the DB client/driver.

>> This is a source of errors as expected, because it is
>> untyped. There is no way the program can be checked for type errors. Either
>> random string represent a legal SQL statement of the semantics nobody can
>> tell, or not. That is to happen at run time.
> 
> This is again false. A dynamic SQL builder in Ada could be created
> that represented SQL statements using hierarchical Ada types and
> objects, and produced the final SQL string representation upon
> execution. In fact, GNATColl uses this approach:
>      <http://www.adacore.com/wp-content/files/auto_update/gnatcoll-docs/gnatcoll.html#Writing-queries>
> It also allows prepared queries with parameters, and it was in
> processing those parameters that the programmers simply screwed up
> and added quotes where they shouldn't have, because they got mixed
> up between generating the literal code and passing the parameters.

Prepared statements are interpreted at run time. There is no way to check
them and their parameters statically. Preparing does nothing more than a
very superficial pre-compilation.

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 3/2/2011 4:55 PM, Dmitry A. Kazakov wrote:
> Yes, if Ada were such a pitiful language as SQL is

No. if Ada were used as a dynamic query language as SQL is.
The only reason quote injection bugs don't occur in dynamic
Ada code is that there's no such thing as dynamic Ada code.

> Prepared statements and bound parameters is not a part of SQL.

That's false.
<http://www.contrib.andrew.cmu.edu/~shadow/sql/sql1992.txt>
     Many SQL-statements can be written to use "parameters" (which are
     manifested in static execution of SQL-statements as <parameters>
     in <SQL statement>s contained in <procedure>s in <module>s or as
     <embedded variable name>s in <SQL statement>s contained in <em-
     bedded SQL host program>s). In SQL-statements that are executed
     dynamically, the parameters are called dynamic parameters (<dynamic
     parameter specification>s) and are represented in SQL language by a
     <question mark> (?).

> In any case there is no warranty that the driver does not do the same
 > thing for bound parameters. It depends on the SQL interpreter of the
 > DB client/driver.

What same thing? DB client/drivers do not have SQL interpreters.
What are you talking about?

> Prepared statements are interpreted at run time. There is no way to check
> them and their parameters statically. Preparing does nothing more than a
> very superficial pre-compilation.

Check their parameters for what? What are you talking about? What does
this have to do with erroneously tacking quotes around a string?

Re: How do I write directly to a memory address?

[Vinzent Hoefler]

Hyman Rosen wrote:

> On 3/2/2011 4:03 PM, Vinzent Hoefler wrote:
>> Actually, no. While "lost due to piracy" are pure virtual numbers, because
>> they are based on something that could have happened, the cost of recalls,
>> bug-fix cycles etc. are quite real and measurable. Because they did happen.
>
> The recalls and problems may have happened, but I have serious doubts
> whether their costs were, or even can be, measured accurately.

Well, we may debate the accuracy of the number of $350 billion. But I still
think the magnitude is about right.

The 1:10 rule of thumb of the cost of error removal still applies.

> Also,
> what is not measured is the opportunity cost of applying error prevention
> developmental methodologies to all produced software. I might speculate
> that this would cost substantially more than remediation in case of error.

As always, it depends on the domain. I tend to think embedded (call it
occupational hazard) - and that often means either really expensive hardware
(like jumbo or fighter jets) or /a lot/ (think millions) of relatively cheap
hardware, like that's the case in the automotive industry.

Now do the math. According to wikipedia, a B-2 stealth bomber costs about $1
billion. That's a lot of bucks to spend in error prevention before you'd hit
a break-even for a crash due to buggy software.

Same if you have 10 million devices which need to be recalled. The device I
wrote the program for was planned to be installed into about four and a half
million cars with an option for another series - summing up to a potential
seven million devices (and that would be just one device of many in a single
car).
Flashing one MCU took about 10 seconds, now multiply with seven million - that's
about two years of time just to give those devices a software update, not to
mention the cost of informing all the car owners and ordering them back to the
shop. ;)

Or take banking software for example. What's the cost of a minor slip-through
there? IIRC, it wasn't too long ago where some rogue program crashed the stock
market. How do you count the cost of such incidents?


Vinzent.

-- 
A C program is like a fast dance on a newly waxed dance floor by people carrying
razors.
   --  Waldi Ravens

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 3/2/2011 6:18 PM, Vinzent Hoefler wrote:
> How do you count the cost of such incidents?

How do you count the cost of the extra development that would
be required for all software to come to some standard of not
having known errors?

As it stands, anyone who wishes to have software written with
such exactitude is free to pay for it, and many do, in exactly
the cases you indicated where the cost of error is prohibitively
high.

Re: How do I write directly to a memory address?

[Edward Fish]

On Mar 2, 4:26 pm, Hyman Rosen <hyro...@mail.com> wrote:
>
> As it stands, anyone who wishes to have software written with
> such exactitude is free to pay for it, and many do, in exactly
> the cases you indicated where the cost of error is prohibitively
> high.

And in exactly those cases Ada seems to be [empirically] the
forerunner/center-stage-star... so, what was your complaint?

Ada can't prevent logic-errors, or misunderstandings, or misdesigns
from ever occurring; no programming language can. A programming
language *CAN* help to reduce those, however. I believe that Ada
does, in fact, do this; one way Ada does so is with Strong Typing
{now strong-typing can be circumvented via Unchecked_Conversion, or
even (by choice of the programmer) not employed}. Having a separate
Integer-type for, say, GALLONS and for POUNDS, and for MILES without
*implicit* conversions between them is one concrete example; there
is nothing barring the programmer from having all of those be SubType
of Integer (Range Integer'Range) and freely mixing them as might be
easily done in a C, Java, Assembler or even Pascal program.
is

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 3/2/2011 7:46 PM, Edward Fish wrote:
> And in exactly those cases Ada seems to be [empirically] the
> forerunner/center-stage-star... so, what was your complaint?

The senseless diatribe against relational databases and programming
languages other than Ada.

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 3/2/2011 4:34 PM, KK6GM wrote:
> Why would you assume any positive opportunity cost at all (as opposed
> to a negative opportunity cost, that is, a savings)?  Why would you
> assume that the entire software development/maintenance cycle is
> cheaper when using tools and methods that produce more bugs?

I assume that taking extra time to fix all known errors and to test
very thoroughly for unknown errors will incur large costs in time,
money, and opportunity. Sometimes that works out (Starcraft 2) and
sometimes it doesn't (Duke Nukem Forever). Of course, I will welcome
evidence of commercial products that are developed in a way of which
you approve and succeed in the market.

Re: How do I write directly to a memory address?

[KK6GM]

On Mar 2, 5:09 pm, Hyman Rosen <hyro...@mail.com> wrote:
> On 3/2/2011 4:34 PM, KK6GM wrote:
>
> > Why would you assume any positive opportunity cost at all (as opposed
> > to a negative opportunity cost, that is, a savings)?  Why would you
> > assume that the entire software development/maintenance cycle is
> > cheaper when using tools and methods that produce more bugs?
>
> I assume that taking extra time to fix all known errors and to test
> very thoroughly for unknown errors will incur large costs in time,
> money, and opportunity. Sometimes that works out (Starcraft 2) and
> sometimes it doesn't (Duke Nukem Forever). Of course, I will welcome
> evidence of commercial products that are developed in a way of which
> you approve and succeed in the market.

Why do you assume that the entire development/maintenence cycle would
take more time?  Your comment about testing very thoroughly is
revealing, since it should be common knowledge that you cannot test
quality into software.

Re: How do I write directly to a memory address?

[Randy Brukardt]

"Nasser M. Abbasi" <nma@12000.org> wrote in message 
news:ikkbpu$2lh$1@speranza.aioe.org...
...
> Seriously though, what do you mean by "minimize the interfacing as much as
> possible"?
>
> doesn't this depend on the specific situation and the protocol between the
> entities involved?

Of course.

The easy answer is to use only Ada, but of course that isn't always 
practical. The Rational R1000 took that to its logical extreme, with Ada 
programs being the only thing it did, down to the hardware level (it had 
typed memory and hardware exception mechanisms).

But even when you aren't using only Ada, you can take steps to minimize the 
interface layer(s) as much as possible. That means interjecting Ada typing 
as soon as possible, at the lowest level possible. We tried to do this with 
Claw, for instance (one of the reasons why it interfaces to Win32 and not 
something like MFC). The trick is to not go to too low a level and end up 
reinventing too many wheels. (Some wheels are best reinvented, if the 
"native" interface is too dissimilar to Ada.)

I still much prefer the early MS-DOS days, when the OS did essentially 
nothing and thus the amount of interfacing that you had to do was minimal. 
Every interface to a non-Ada system is essentially untyped (even if the 
other side is also typed) and thus is a major source of errors. Anyway, 
we're not going back to MS-DOS, and even embedded systems rarely run on bare 
machines anymore (which is sad, given that an Ada runtime system gives you 
most of what is needed for an OS kernel).

                                                 Randy.

Re: How do I write directly to a memory address?

[Randy Brukardt]

"Hyman Rosen" <hyrosen@mail.com> wrote in message 
news:4d6e53c1$0$21954$882e7ee2@usenet-news.net...
> On 3/1/2011 7:41 PM, Randy Brukardt wrote:
>> If "the environment" had a strongly typed Ada interface,
> > then the error could not occur there.
>
> Isn't it the case that Ada proponents argue that Ada is a good
> (and possibly the best) programming language in general, and not
> just when interfacing to a strongly typed Ada interface?

I think most Ada proponents are *only* thinking about strongly-typed 
interfaces when they are thinking about Ada as a great programming language. 
Ada can do little to help when using a weakly-typed interface, nor can any 
other programming language.

You might remember when I referred to "98% of code being garbage, including 
most Ada code" (for which you called me a "crank"). One of the things I was 
thinking of is weakly-typed interfaces without little runtime checking as 
well. Those are garbage in any programming language, including Ada. (Note 
again that just because they are garbage doesn't mean that you can't use 
them - it's not that unusual to take an empty bottle or can or junk mail out 
of the trash and use it for something.)

> I sense an attitude of "If it's good, thank Ada. If it's bad, it's the
> fault of something else."

No, it's the fault of the interface, not necessarily the items on either 
side. There might very well being nothing wrong with the "something else", 
either. The problem (in implementation terms) is that there is no 
consistency check across an interface.

Specifically, when you use "pragma Import" in Ada code, you are telling the 
Ada compiler what the other side expects for parameter types, number of 
parameters, and the like. There can be no check that these declarations are 
correct, in Ada or in the other language. (At least not unless you are the 
compiler vendor for both languages, a highly unlikely situation for most of 
us.) The effect is that any error in these specifications causes random 
behavior that is often very difficult to trace to the actual mistake.

Probably 75% of the effort debugging Claw was tracking down these sorts of 
problems (along with related compiler bugs).

OTOH, if both subsystems were written in Ada (or in C++ for that matter), 
the compiler could enforce consistency between the calls and declarations, 
and the majority of those errors would be detected before they caused any 
problems at all.

That's why I have always believed that to truly get the benefits of Ada, you 
really have to write the vast majority of the system in Ada. If someone is 
trying to integrate major subsystems built in a variety of different 
languages, they greatly increase the chances for errors *at the interfaces* 
and reduce the value of Ada (and the other languages as well). Indeed, even 
though it is bad for business, I try to discourage people from just writing 
a small part of a system in Ada, as I believe that the hassles of doing so 
will most probably outweight the gains. (Plenty of others disagree with me 
on that.)

This was one of the major reasons that we built Claw to allow creation of 
Windows GUI programs all in Ada (and as much as possible in an Ada 
paradyme). Having to go outside of Ada for major parts of an application 
greatly reduces the benefits of Ada. Ideally, you would write everything in 
one language (hopefully Ada), but that isn't always possible (you might be 
forced to use SQL, or some GUI for which there is no Ada equivalent, etc.).

Note that this isn't just an Ada-specific phenomona. It applies equally well 
to C++ and Java and pretty much any other programming language out there. 
Maybe even more so, since Ada at least tries to make a facility for using 
other languages available within the language (most other languages require 
vendor-specific features to do that).

Anyway, most of the point here is that the *need* to interface immediately 
reduces the value of a strongly typed language like Ada. (And it also 
reduces the value of program analysis tools and pretty much anything else 
that can be done before the execution of the program - which is the only 
point where bugs can be automatically detected rather than having to be 
ferreted out by testing/debugging.)

                                  Randy.

Re: How do I write directly to a memory address?

[Randy Brukardt]

"Hyman Rosen" <hyrosen@mail.com> wrote in message 
news:4d6eea4d$0$14912$882e7ee2@usenet-news.net...
> On 3/2/2011 4:34 PM, KK6GM wrote:
>> Why would you assume any positive opportunity cost at all (as opposed
>> to a negative opportunity cost, that is, a savings)?  Why would you
>> assume that the entire software development/maintenance cycle is
>> cheaper when using tools and methods that produce more bugs?
>
> I assume that taking extra time to fix all known errors and to test
> very thoroughly for unknown errors will incur large costs in time,
> money, and opportunity.

That assumption depends very much on the techniques used. I very much doubt 
that "testing very thoroughly" would have much effect on software quality, 
but it surely would have the effects on time and opportunity cost that you 
are mentioning.

OTOH, if your compiler and toolset somehow eliminated most of the debugging 
phase (by detecting errors early during the "bugging" phase of program 
development), one would imagine that your costs could go way down.

Note that I think the above is a goal more than something that is completely 
achievable. I tend to think that there will always be a few logic errors 
that are too hard to detect without taking too much up-front effort. (The 
attempt of tools like SPARK to catch everything has a point of diminishing 
returns.) But we surely can do better than Ada does.

To the extent that this is possible, I already do this in my own projects. I 
hardly ever use a debugger on any of our programs (the exception is 
malfunctioning compiler output; as a compiler writer, one has to figure out 
where the generated code goes wrong, and that usually requires 
single-stepping), and testing is mostly limited to existing regression 
suites. The Ada compiler detects most problems up-front; the self-checking 
built-into the programs detects most of the rest. What's left would be 
unlikely to be detected by testing anyway (especially after clean regression 
test runs).

                                                   Randy.

Re: How do I write directly to a memory address?

[Randy Brukardt]

"Hyman Rosen" <hyrosen@mail.com> wrote in message 
news:4d6ee8e2$0$14912$882e7ee2@usenet-news.net...
> On 3/2/2011 7:46 PM, Edward Fish wrote:
>> And in exactly those cases Ada seems to be [empirically] the
>> forerunner/center-stage-star... so, what was your complaint?
>
> The senseless diatribe against relational databases and programming
> languages other than Ada.

Hardly senseless. Relational databases have their uses, but they're wildly 
overused for things that are only weakly related to transactional data. As 
Dmitry said, there are better approaches to persistence.

Similarly, C has its place, but it is wildly overused for things that would 
be better done in a more strongly typed language.

For instance, I *know* that my Ada web server cannot suffer from an SQL 
injection attack, because there is no database used by the server. Nor can 
any URL cause the launching of a shell, because it doesn't have the 
capability to run another program (nor even the code that could do so) --  
everything it can do (including the Ada search engine) is all compiled-in 
Ada code. I'm sure there is some way to break in (probably via the 
underlying Windows, much less like via the Ada code itself), but of course 
it is only necessary to be hard enough to attack to eliminate the value to 
doing so.

Anyway, this argument is probably pointless, since most things are now 
getting programmed in things like PHP, which make C++ look like a strongly 
types fortress. ;-) I presume that in the very near future, it will become 
apparent that attempting to protect anything on such systems is futile and 
that will lead to laws eliminating all liability for privacy breaches (and 
by collerary, all privacy). <Half smile-as I'm half serious>

                             Randy.


 

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 3/2/2011 9:23 PM, Randy Brukardt wrote:
> You might remember when I referred to "98% of code being garbage, including
> most Ada code" (for which you called me a "crank").

98% is pretty cranky :-)

> Specifically, when you use "pragma Import" in Ada code, you are telling the
> Ada compiler what the other side expects for parameter types, number of
> parameters, and the like. There can be no check that these declarations are
> correct, in Ada or in the other language. (At least not unless you are the
> compiler vendor for both languages, a highly unlikely situation for most of
> us.) The effect is that any error in these specifications causes random
> behavior that is often very difficult to trace to the actual mistake.

That's no longer (always) true - compiled files and libraries now come
augmented with type information, so in fact interface errors will be 
caught even across language boundaries. That's true for "mangled" C++
names as well as Java class files and .net assemblies and type
libraries. Plain old C is probably in the worst position here, since
the lack of overloading and the need for backward compatibility means
that compiled C code may lack type information.

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 3/2/2011 10:01 PM, Randy Brukardt wrote:
> Relational databases have their uses, but they're wildly
> overused for things that are only weakly related to transactional data. As
> Dmitry said, there are better approaches to persistence.

Are there? Relational databases have the feature of *working*. They are
among the most widely used programs, especially in the finance industry
(so you are in fact benefiting from the money Wall Street spends on
them), they scale well from tiny table sizes to enormous ones, and
using them is a well-understood art. If you're working for a company of
reasonable size, it is most likely already using databases, so you can
piggyback on the services the company is already using for maintenance,
support and backup.

Do those "better" methods buy you all that?

 > Nor can any URL cause the launching of a shell, because it doesn't have
 > the capability to run another program

Normal web servers offer the ability to launch scripts based on URL
patterns (CGI, remember?), so this means you have failed to implement
a standard bit of functionality.

Re: How do I write directly to a memory address?

[Simon Wright]

Hyman Rosen <hyrosen@mail.com> writes:

> The error was not in interfacing with the client. The error
> as wrapping a string parameter in quotes when it was incorrect
> to do so. It has nothing to do with Ada except to demonstrate
> that using Ada does not prevent a programmer from making the
> same stupid logic errors that programmers make elsewhere.

Actually, the error was in passing the wrong resultFormat parameter to
PQexecParams, which caused the call to return binary instead of text,
which resulted in the automatic wrapping by quotes when returned.

Which was a misunderstanding of the interface expected by the client.

Which was an error (made by the Ada programmer, of course) in
interfacing with the client.

Re: How do I write directly to a memory address?

[Simon Wright]

"Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de> writes:

> On Wed, 02 Mar 2011 10:40:19 -0500, Hyman Rosen wrote:
>
>> On 3/2/2011 10:30 AM, Dmitry A. Kazakov wrote:

>> The error as wrapping a string parameter in quotes when it was
>> incorrect to do so. It has nothing to do with Ada except to
>> demonstrate that using Ada does not prevent a programmer from making
>> the same stupid logic errors that programmers make elsewhere.
>
> Of course it does. No Ada programmer would add anything to an actual
> parameter. Things are passed as-is in Ada. It was a requirement of
> untyped SQL to quote strings in a statement, as well as using other
> idiotic escape sequences.

Actually, Dmitry, - as reported by Thomas - the value returned by
PostgreSQL was the required string, but because the result had been
mistakenly requested in binary format, when the string was returned in
the PQresult it was annotated (I expect via PQformat) as binary, so the
quotes got added (by the Ada) on the way out.

Re: How do I write directly to a memory address?

[Dmitry A. Kazakov]

On Wed, 02 Mar 2011 17:10:38 -0500, Hyman Rosen wrote:

> On 3/2/2011 4:55 PM, Dmitry A. Kazakov wrote:
>> Yes, if Ada were such a pitiful language as SQL is
> 
> No. if Ada were used as a dynamic query language as SQL is.

And it is luckily not.

> The only reason quote injection bugs don't occur in dynamic
> Ada code is that there's no such thing as dynamic Ada code.

Yes, there is no unsafe untyped code in Ada, unless when communicating with
alien components.
 
> What same thing? DB client/drivers do not have SQL interpreters.
> What are you talking about?

About the way the driver treats bound parameters of pre-compiled
statements. It may well expand "?" with literals, instead of passing the
parameter over the socket, which BTW also requires some encoding.

>> Prepared statements are interpreted at run time. There is no way to check
>> them and their parameters statically. Preparing does nothing more than a
>> very superficial pre-compilation.
> 
> Check their parameters for what?

For type errors, which includes improper representation of type value.

> What are you talking about? What does
> this have to do with erroneously tacking quotes around a string?

If string were passed to the driver as a string no such error could happen.
The problem was in improperly done untyped conversion required by the
driver's interface.

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de

Re: How do I write directly to a memory address?

[Dmitry A. Kazakov]

On Thu, 03 Mar 2011 08:04:45 +0000, Simon Wright wrote:

> "Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de> writes:
> 
>> On Wed, 02 Mar 2011 10:40:19 -0500, Hyman Rosen wrote:
>>
>>> On 3/2/2011 10:30 AM, Dmitry A. Kazakov wrote:
> 
>>> The error as wrapping a string parameter in quotes when it was
>>> incorrect to do so. It has nothing to do with Ada except to
>>> demonstrate that using Ada does not prevent a programmer from making
>>> the same stupid logic errors that programmers make elsewhere.
>>
>> Of course it does. No Ada programmer would add anything to an actual
>> parameter. Things are passed as-is in Ada. It was a requirement of
>> untyped SQL to quote strings in a statement, as well as using other
>> idiotic escape sequences.
> 
> Actually, Dmitry, - as reported by Thomas - the value returned by
> PostgreSQL was the required string, but because the result had been
> mistakenly requested in binary format, when the string was returned in
> the PQresult it was annotated (I expect via PQformat) as binary, so the
> quotes got added (by the Ada) on the way out.

Out parameter or in parameter, that is irrelevant. The problem is that
"string" is requested in a "format." That is evidently untyped.

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 3/3/2011 3:04 AM, Simon Wright wrote:
> Actually, Dmitry, - as reported by Thomas - the value returned by
> PostgreSQL was the required string, but because the result had been
> mistakenly requested in binary format, when the string was returned in
> the PQresult it was annotated (I expect via PQformat) as binary, so the
> quotes got added (by the Ada) on the way out.

Thomas found two different bugs. The one I'm talking about is this:

 > When I insert data into a PostgreSQL database using parameterized
 > queries, I end up with more characters than I've bargained for.
 >
 > If I do this:
 >
 >    Conn.Execute ("INSERT INTO tbl (name) VALUES ('Peter')");
 >
 > I end up with Peter in the database. Plain Peter. 5 characters.
 >
 > If I instead do this:
 >
 >    N : aliased constant String := "Peter";
 >    P : constant Prepared_Statement := Prepare
 >      ("INSERT INTO tbl (name) VALUES ($1)");
 >
 >    Conn.Execute (Stmt => P,
 >                  Params => (1 => +N'Access));
 >
 >
 > I end up with 'Peter' in the database. 7 characters. Two single
 > quotes added by GNATcoll.

No return values, no binary data, just a plain old logic error.

Re: How do I write directly to a memory address?

[Dmitry A. Kazakov]

On Thu, 03 Mar 2011 01:05:53 -0500, Hyman Rosen wrote:

> Do those "better" methods buy you all that?

No, because of the present economical model of software developing.

Quality does not have any significant value. Actually it has a negative
value. Software vendors sell upgrades. Software houses do man-hours. Bug is
a little helper to justify growing costs.

Customer is happy to see bugs. If everything runs alright, he has a
suspicion that he payed too much. The best way to impress him is a steady
flow of minor to medium glitches, promptly fixed, showing that the
"software process" runs. If there were no bugs and incompatibilities
introduced by each new version of Windows, .NET, and, name it, why would he
sign a maintenance contract?

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 3/3/2011 3:52 AM, Dmitry A. Kazakov wrote:
> On Thu, 03 Mar 2011 01:05:53 -0500, Hyman Rosen wrote:
>
>> Do those "better" methods buy you all that?
>
> No, because of the present economical model of software developing.

Nonsense and unresponsive both. You have no evidence to support
your thesis that using relational databases to store data is bad.
Such databases reliably store massive amounts of data for thousands
of companies. You claim that some nebulous "quality" will accrue to
a roll-your-own data storage solution that you build in Ada, even
though it will need to be maintained, supported, and backed up in
ways alien to the existing system administrative function of the
company. I thoroughly disbelieve your claim.

> Quality does not have any significant value. Actually it has a negative
> value. Software vendors sell upgrades. Software houses do man-hours. Bug is
> a little helper to justify growing costs.

This is certainly not universally true. Consumer applications such
as games are reviewed upon release and the presence of errors can
destroy sales and ruin a company
(e.g., <http://pc.gamespy.com/pc/hellgate-london/923551p1.html>).
Furthermore, such software must be fixed by their manufacturers for
free many years after its initial release. Your claims are nonsense.

When upgrades are sold, they are sold by claiming new features,
not by claiming fixed errors.

Re: How do I write directly to a memory address?

[Dmitry A. Kazakov]

On Thu, 03 Mar 2011 12:51:52 -0500, Hyman Rosen wrote:

> On 3/3/2011 3:52 AM, Dmitry A. Kazakov wrote:
>> On Thu, 03 Mar 2011 01:05:53 -0500, Hyman Rosen wrote:
>>
>>> Do those "better" methods buy you all that?
>>
>> No, because of the present economical model of software developing.
> 
> Nonsense and unresponsive both. You have no evidence to support
> your thesis that using relational databases to store data is bad.

Now I wonder if you ever used DB, because I am using them on daily basis.

>> Quality does not have any significant value. Actually it has a negative
>> value. Software vendors sell upgrades. Software houses do man-hours. Bug is
>> a little helper to justify growing costs.
> 
> This is certainly not universally true. Consumer applications such
> as games are reviewed upon release and the presence of errors can
> destroy sales and ruin a company

When you bought a game last time? Was it Angry Birds? (:-)) No game is
usable before the patch 1.2. The game must be rolled out to a certain
event, e.g. Christmas and nobody would mind if it crashes. Vendors cut
games into pieces in order to sell them as DLCs. For more than 10 years I
saw no game with a usable UI. The most exciting is the saga of 3rd mouse
button. Mouses have no 2 button for about 20 years. Nevertheless each game
maps something vital to the non-existent button. Less than a half of games
can survive Alt-tab. None have normal saving. 20 years ago Doom I had
saving, behold 20 years of steady progress. Graphics is way worse than a
cheap PC accelerator can deliver. That is because games are developed for
consoles and nobody cares for a fair PC port. Original new games are
non-existent. There are endless remakes of endless sequels of corridor
shooters like CoD, so-called "RPG" where there is neither roles nor
playing, boring never changing simulators like ANNO and car races. Don't
even try to search for a good quest, there is none. Of course you will tell
me that this is what customers wanted...

> When upgrades are sold, they are sold by claiming new features,
> not by claiming fixed errors.

Sure, Windows, Visual Studio, MS-Office are all bought because their
excellent new features...

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 3/3/2011 1:32 PM, Dmitry A. Kazakov wrote:
 > Now I wonder if you ever used DB, because I am using them on daily basis.

Yes, also on a daily basis, with symmetric four-way replication
to sites around the world. We use Sybase and Oracle.

 >> This is certainly not universally true. Consumer applications such
 >> as games are reviewed upon release and the presence of errors can
 >> destroy sales and ruin a company
 >
 > When you bought a game last time? Was it Angry Birds? (:-))

What's wrong with Angry Birds? I've bought Dragon Age, Mass Effect,
Mass Effect 2, Batman: Arkham Asylum, and various others. I also
own a variety of games on the Nintendo DS and Wii. Both of those
systems do not allow games to be patched, so the initial version
is the only version.

 > No game is usable before the patch 1.2. The game must be rolled out
 > to a certain event, e.g. Christmas and nobody would mind if it crashes.

Certainly the former is false for unpatchable console games.
And certainly release date pressure causes games to be released
containing errors, but those are errors are unwanted and absolutely
can destroy a game's sales and the company that created it. There
are any number of such infamous debacles.

However, customers are in fact tolerant of errors when they do not
impact the entire experience too severely, and hitting release dates
is important as well - a company cannot make money on a game if it is
not being sold. So a company must find a balance.

 > Vendors cut games into pieces in order to sell them as DLCs.

Of what relevance is that?

 > For more than 10 years I saw no game with a usable UI.

I found Dragon Age: Origins to be perfectly usable.

 > The most exciting is the saga of 3rd mouse button.  Mouses have no 2
 > button for about 20 years. Nevertheless each game maps something vital
 > to the non-existent button.

Huh?

 > Less than a half of games can survive Alt-tab.

Many games play perfectly well inside a window instead of full screen.

 > None have normal saving. 20 years ago Doom I had saving, behold 20
 > years of steady progress.

How a game saves is a gameplay design decision. It has nothing to do
with software design. Mass Effect and Dragon Age have auto saving,
quick saving bound to a function key, and ordinary menu-based saving
at any point except during combat (deliberately).

 > Graphics is way worse than a cheap PC accelerator can deliver.

Huh? I mostly play on a PC. But the more advanced consoles (Xbox 360
and PS3) have beautiful graphics.

 > That is because games are developed for consoles and nobody cares
 > for a fair PC port.

Diablo, Starcraft, and World of Warcraft are all exclusively on PCs and
have generated billions of dollars in revenue.

 > Original new games are non-existent.

See Angry Birds.

 > There are endless remakes of endless sequels of corridor
 > shooters like CoD, so-called "RPG" where there is neither roles nor
 > playing, boring never changing simulators like ANNO and car races. Don't
 > even try to search for a good quest, there is none. Of course you will tell
 > me that this is what customers wanted...

It is the same as for Hollywood movies. The expense involved in their
creation leads to a very risk-averse design philosophy. You might want
to read Mark Rosewater's game design articles on Magic the Gathering
<http://www.wizards.com/Magic/Magazine/Archive.aspx?author=Mark%20Rosewater>
He worked as a writer on the TV show Roseanne before that, and one of
his most compelling insights is that the best way to sell a new thing
is to say that "it is just like this, except for that" because people
want both the known and the new. Then every once in a while a pioneer
invents something genuinely new and popular, and that becomes the new
known from which derivatives can be cloned.

But in any case, the originality of game design and the quality of
user interface design is not especially related to the design of the
software. Indeed, here on c.l.a. we often see people thinking that it
would be a good idea to write a browser in Ada, or a web server in Ada,
or an operating system in Ada.

 > Sure, Windows, Visual Studio, MS-Office are all bought because their
 > excellent new features...

Yes, in fact. Certainly Visual Studio is upgraded with support for
new languages (C#, F#) and systems (.net). Windows and Office are
supported by Microsoft with free patch downloads, so it is not
necessary to buy new versions just to get defects fixed. In fact, I
expect that most people just have whatever version of Windows their
computer came with, and whatever version of Office they first bought.

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 3/3/2011 1:32 PM, Dmitry A. Kazakov wrote:
> That is because games are developed for
> consoles and nobody cares for a fair PC port.
 > Original new games are non-existent.

And besides Angry Birds, there's Minecraft.
<http://www.techdirt.com/articles/20110303/02203613336/minecraft-creator-says-no-such-thing-as-lost-sale.shtml>

Re: How do I write directly to a memory address?

[Vinzent Hoefler]

Hyman Rosen wrote:

> On 3/2/2011 6:18 PM, Vinzent Hoefler wrote:
>> How do you count the cost of such incidents?
>
> How do you count the cost of the extra development that would
> be required for all software to come to some standard of not
> having known errors?
>
> As it stands, anyone who wishes to have software written with
> such exactitude is free to pay for it, and many do, in exactly
> the cases you indicated where the cost of error is prohibitively
> high.

Well, let me be sarcastic here and apply some business math. Consider
the 1:10 rule, you'll find:

For each bug you did not find due to lack of design you save $1.
For each bug you did not find due to lack of coding, you save $10.
For each bug you did not find due to lack of testing you save $100.
For each bug you did not find due to lack of customers you save $1000.

Unfortunately, neither not coding nor not delivering the software to
the customer is a viable business option, so you save every penny you can
in design and testing.


Vinzent.

-- 
A C program is like a fast dance on a newly waxed dance floor by people carrying
razors.
    --  Waldi Ravens

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 3/3/2011 4:24 PM, Vinzent Hoefler wrote:
> Consider the 1:10 rule

Anecdote. Probably invented by people who want to sell fancy
design tools and Ada compilers :-) Who says an error found by
users is the result of design problems and is expensive to fix?
Maybe it's just an off-by-one error that's causing an exception
to be thrown and the solution is to rejigger the loop a bit.

Re: How do I write directly to a memory address?

[Vinzent Hoefler]

Hyman Rosen wrote:

> On 3/3/2011 4:24 PM, Vinzent Hoefler wrote:
>> Consider the 1:10 rule
>
> Anecdote. Probably invented by people who want to sell fancy
> design tools and Ada compilers :-)

You mean fancy tools like PC-Lint, Polyspace, VectorCAST?

> Who says an error found by
> users is the result of design problems and is expensive to fix?

Nobody. Funny thing about bugs is that you don't know them in
advance, so anything here is just based on statistics here. And
we know, that statistics is just another way to lie to people.

> Maybe it's just an off-by-one error that's causing an exception
> to be thrown and the solution is to rejigger the loop a bit.

Or maybe, it's just a simple missing size check and the whole freaking
mail server is taken over by some spammer. :->

See, with open source you can even tell the user to "fuc^H^Hix
it yourself" and save the maintenance cost. ;)


Vinzent.

-- 
A C program is like a fast dance on a newly waxed dance floor by people carrying
razors.
   --  Waldi Ravens

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 3/3/2011 4:39 PM, Vinzent Hoefler wrote:
> You mean fancy tools like PC-Lint, Polyspace, VectorCAST?

Sure. The best one of all was Purify by Pure Software, which
was great until IBM got a hold of it.

> Funny thing about bugs is that you don't know them in
> advance, so anything here is just based on statistics here. And
> we know, that statistics is just another way to lie to people.

Yep. As JP Rosen said in The Ada Paradox(es), even if you have
rigorous research on the benefits of Ada, no one will believe it.

Re: How do I write directly to a memory address?

[Dmitry A. Kazakov]

On Thu, 03 Mar 2011 15:08:23 -0500, Hyman Rosen wrote:

> On 3/3/2011 1:32 PM, Dmitry A. Kazakov wrote:

>  > Vendors cut games into pieces in order to sell them as DLCs.
> 
> Of what relevance is that?

It is relevant to the product quality. You get less for more money.

>  > For more than 10 years I saw no game with a usable UI.
> 
> I found Dragon Age: Origins to be perfectly usable.

Hmm, that cheap imitation of cheap NWM 2? Do you liked DA?

>  > None have normal saving. 20 years ago Doom I had saving, behold 20
>  > years of steady progress.
> 
> How a game saves is a gameplay design decision.

No doubts. The point is that the design decision is not what makes the game
better.

>  > Graphics is way worse than a cheap PC accelerator can deliver.
> 
> Huh? I mostly play on a PC. But the more advanced consoles (Xbox 360
> and PS3) have beautiful graphics.

Maybe you should think about ordering a new pair of spectacles...

>  > Sure, Windows, Visual Studio, MS-Office are all bought because their
>  > excellent new features...
> 
> Yes, in fact. Certainly Visual Studio is upgraded with support for
> new languages (C#, F#) and systems (.net).

It is certainly upgraded in order to make your C++ programs no more running
under Windows NT, 95, 98, me, 2000. A nice new feature!

> Windows and Office are
> supported by Microsoft with free patch downloads, so it is not
> necessary to buy new versions just to get defects fixed.

It rather introduces new defects like xdoc files. Everybody who have to use
Office admits that each new version is worse than the previous one. It has
a worse UI and more bugs than before. I also like their "fixing" FrontPage
... to non-existence. FP is replaced by some garbage editor program, unable
to create simplest HTML documents.

Visual Studio UI also has been deteriorating from 2003. 2005 is worse than
2003. 2008 is worse than 2005. 2010 is disastrous. Only the compiler is
slightly better. The debugger became definitely worse. It never hanged in
2003, never blocked the system or crashed the studio. In 2010 that happens
pretty frequently. 2003 had a decent help system, it is ruined now. 2003
had manageable project files. Now it is an XML mess. 2003 had a usable GUI
editor. Now it is a garbage. Well, precompiled headers didn't work then,
they still don't work now, almost a decade later. 2010 requires 10 fold
more time to start. Did I forget something? The only improvement is that
they finally ditched these idiotic manifest files. But 2003 didn't have
them, that was an "improvement" of 2005!

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 3/3/2011 4:55 PM, Dmitry A. Kazakov wrote:
>>   >  Vendors cut games into pieces in order to sell them as DLCs.
>> Of what relevance is that?
> It is relevant to the product quality. You get less for more money.

So far I have played a few games with DLC and in none of them did
I feel that the game before the DLC had less quality or quantity.
The DLC was a welcome addition to give me more of the game that I
enjoyed without my having to wait years for a sequel. And typically
the DLC was nowhere near as rich and fun as the original game.

>> I found Dragon Age: Origins to be perfectly usable.
> Hmm, that cheap imitation of cheap NWM 2? Do you liked DA?

I never played NWN2, having been disappointed by NWN. DA is
rather an evolutionary descendant of the Baldur's Gate games,
and yes, I loved DA. (Except that it was too easy, even in
Nightmare mode. But awesome storytelling.)

> Maybe you should think about ordering a new pair of spectacles...

You consistently find yourself in the position of disparaging a
wide array of things which many other people like. Maybe it's
just you.

Re: How do I write directly to a memory address?

[Georg Bauhaus]

On 3/3/11 10:32 PM, Hyman Rosen wrote:
> On 3/3/2011 4:24 PM, Vinzent Hoefler wrote:
>> Consider the 1:10 rule
>
> Anecdote. Probably invented by people who want to sell fancy
> design tools and Ada compilers :-)

Robert Dewar, in one or more of his speaches (video online),
attributes the *10 rule to an IBM study.

In The Mythical Man-Month::The Tar Pit, F P Brooks Jr
illustrates the cost of turning A Program into A Programming
Systems Product.  He arrives at 9x = 3x * 3x. along
two distinct paths from a garage into a software production
facility.

But today, all iOS developers work in a  copy of the same
garage. ;)  Others write programs for just one µ-ctlr,
so there might be a small divisor reducing cost.

Re: How do I write directly to a memory address?

[Randy Brukardt]

"Hyman Rosen" <hyrosen@mail.com> wrote in message 
news:4d6f2fcb$0$14547$882e7ee2@usenet-news.net...
> On 3/2/2011 10:01 PM, Randy Brukardt wrote:
>> Relational databases have their uses, but they're wildly
>> overused for things that are only weakly related to transactional data. 
>> As
>> Dmitry said, there are better approaches to persistence.
>
> Are there? Relational databases have the feature of *working*. They are
> among the most widely used programs, especially in the finance industry
> (so you are in fact benefiting from the money Wall Street spends on
> them)

Yup -- if all you have is a hammer, everything looks like a nail. :-)

>... , they scale well from tiny table sizes to enormous ones,

Which is the best (and virtually only) reason for using them, IMHO. If you 
don't need wild scaling, you probably don't need a database. And that is 
especially true on the "tiny table" side.

>  and using them is a well-understood art.

See my first comment.

> If you're working for a company of
> reasonable size, it is most likely already using databases, so you can
> piggyback on the services the company is already using for maintenance,
> support and backup.

If a technology needs much maintainence or support, it is already a lost 
cause. See my 98% note above. People aren't flocking to buy iPhones and 
iPads instead of Windows netbooks because they could use the same mechanism 
for maintenance and support! They're buying them because they don't need 
(much) maintenance and support.

A well-designed persistence mechanism is the same thing; it just works as 
part of your program and considerations about *how* it works are irrelevant. 
It's the same dynamic that has led to the heavy use of containers rather 
than roll-your-own data structures in new programs. Interfacing to a 
database is hard for most programming languages, with a significant 
disconnect between the data types in the program and in the database. Good 
persistence mechanisms don't suffer from that.

> Do those "better" methods buy you all that?

Doing things the same old, "safe" ways also buy you all of the problems of 
interfacing, the need for experienced database administrators, etc. Does 
those costs buy enough? Who knows.

> > Nor can any URL cause the launching of a shell, because it doesn't have
> > the capability to run another program
>
> Normal web servers offer the ability to launch scripts based on URL
> patterns (CGI, remember?), so this means you have failed to implement
> a standard bit of functionality.

Given that I don't need or want that functionality, all I'm doing is 
following the important principle of least priviledge (admittedly a bit 
extremely). The advice is always don't run services you don't need, don't 
give permissions to users that don't need them, etc. I'm doing the same 
here, don't provide a way to launch programs because I don't need it.

Note that my web server (as opposed to the AWS package discussed here by 
others, please don't be confused by the similar names) was never intended to 
do anything beyond run the web sites I'm responsible for. Someone else could 
take the source code and tailor it for another site, but the entire idea was 
to make the security as strong as possible by requiring anything that the 
web site could respond to be compiled-in Ada code. I'm planning to port the 
code to Linux in the near future, which will eliminate it's primary weak 
link (running on top of Windows).

I'm well aware that other people have different requirements. There is no 
one-size-fits-all answer to security or functionality.

                                       Randy.

Re: How do I write directly to a memory address?

[Nasser M. Abbasi]

On 3/3/2011 4:22 PM, Randy Brukardt wrote:

>
> A well-designed persistence mechanism is the same thing; it just works as
> part of your program and considerations about *how* it works are irrelevant.
> It's the same dynamic that has led to the heavy use of containers rather
> than roll-your-own data structures in new programs. Interfacing to a
> database is hard for most programming languages, with a significant
> disconnect between the data types in the program and in the database. Good
> persistence mechanisms don't suffer from that.
>

There are OO databaes. I once worked on one using Java. Forgot the name of it now.
It was easy to program using Java.

http://en.wikipedia.org/wiki/Object_database

"Object databases based on persistent programming acquired a niche
in application areas such as engineering and spatial databases,
telecommunications, and scientific areas such as high energy physics
and molecular biology. They have made little impact on mainstream
commercial data processing, though there is some usage in specialized
areas of financial services.[6] It is also worth noting that object
databases held the record for the World's largest database (being the
first to hold over 1000 terabytes at Stanford Linear Accelerator Center)[7]
and the highest ingest rate ever recorded for a commercial database at over
one Terabyte per hour."

--Nasser

Re: How do I write directly to a memory address?

[Hyman Rosen]

On 3/3/2011 7:22 PM, Randy Brukardt wrote:
> Which is the best (and virtually only) reason for using them, IMHO.
 > If you don't need wild scaling, you probably don't need a database.

I have found in practice that it is much more useful to have data
stored in a database instead of in a custom persistence mechanism.
The main reason is that as part of my job, I frequently have to
search the data in various ad hoc ways. It is easy to do this with
a database; I write some SQL and retrieve the data instantly, or
if the query is too slow, I can get an appropriate index added and
then retrieve the data instantly. When I have to deal with the
custom persisters, I find that the only way to retrieve data is by
writing programs to invoke their custom methods, and then they
support queries only in the way they have envisioned that the data
would be needed, so that it takes more programming work to do what
I need.