From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-0.8 required=5.0 tests=BAYES_00,INVALID_DATE,
	MSGID_SHORT autolearn=no autolearn_force=no version=3.4.4
Path: utzoo!censor!geac!torsqnt!jarvis.csri.toronto.edu!cs.utexas.edu!swrinde!zaphod.mps.ohio-state.edu!rpi!crdgw1!sunroof!hammondr
From: hammondr@sunroof.crd.ge.com (Richard A Hammond)
Newsgroups: comp.lang.ada
Subject: Re: problems/risks due to programming language, stories requested
Keywords: C, Ada, risks
Message-ID: <5694@crdgw1.crd.ge.com>
Date: 2 Mar 90 13:31:42 GMT
References: <6960@internal.Apple.COM> <1990Feb28.213543.21748@sun.soe.clarkson.edu> <34416@news.Think.COM>
Sender: news@crdgw1.crd.ge.com
Organization: General Electric Corporate R&D Center
List-Id: <comp.lang.ada>

Slowly, and carefully, for Bill Wolfe's understanding, let's go through this
once more.

The original article asked for examples of cases where using a different
language would have prevented the error.  He gave 3 examples, one of
which was:
   | | Subject: AT&T Bug
   | | Date: Fri Jan 19 12:18:33 1990
   | | 
   | | This is the bug that cause the AT&T breakdown
   | | the other day (no, it wasn't an MCI virus):
   | | 
   | | In the switching software (written in C), there was a long
   | | "do . . . while" construct, which contained
   | |    a "switch" statement, which contained 
   | |       an "if" clause, which contained a
   | |          "break," which was intended for
   | |       the "if" clause, but instead broke from
   | |    the "switch" statement.

I claim that this information is insufficient to find C guilty in this case.
This is not to say that you can't find examples in C of such problems.
To name a few:

1) Comments with Begin/End delimiters can easily hide code if one leaves
   out the end comment delimiter.  Particularly bad if the compiler doesn't
   warn about nested comments.  This also applies to Pascal, CMS-2, JOVIAL, ...

2) Writing :	if ( a = b )
   rather than:	if ( a == b )

3) Leaving out the "break" at the end of a case.

All these are directly caused by C's language design and another language
would avoid one or more of them (Ada avoids them all).

If the explanation for the AT&T bug was:

we originally had:		we changed it to:
	case ...:		case ...: if (...) {
		stmts_a				stmts_a;
		break;				break;	 -- should have removed
					   }
					   stmts_b;

Then I would agree that it is possible to follow Bill's argument and
assign the bug to the language, although even there it is a bit of a stretch.

But, the explanation is "... a "break," which was intended for the "if" clause."
Which doesn't support any conclusion other than the programmer didn't know
the language.

Why re-hash this?  Well, I'm tired of Bill Wolfe's arguments which run:

We know that Communism is evil.  We know that they had a bad reactor accident.
Therefore, changing to capitalism would have prevented the reactor accident!

I suggest that Bill needs some more elementary logic courses if he really thinks
that the statement of the AT&T bug supports his conclusion.

It would be very helpful if the original poster (from Purdue) explained why
he thought that the bug statement supported assigning it to the class of bugs
prevented by using a different language.

I agree with Bill that C does not provide very good support for the software
engineering process.  I think the examples I gave above are clear examples,
the AT&T bug statement is not.

Rich Hammond