From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-0.9 required=5.0 tests=BAYES_00,FORGED_GMAIL_RCVD, FREEMAIL_FROM autolearn=no autolearn_force=no version=3.4.4 X-Google-Thread: 103376,382fcf8feeefdd50 X-Google-Thread: 1014db,382fcf8feeefdd50 X-Google-Attributes: gid103376,gid1014db,domainid0,public,usenet X-Google-Language: ENGLISH,ASCII Path: g2news2.google.com!postnews.google.com!l64g2000hse.googlegroups.com!not-for-mail From: Maciej Sobczak Newsgroups: comp.lang.ada,comp.lang.c Subject: Re: computer language used to program Mars Lander Date: Tue, 15 Jul 2008 00:27:48 -0700 (PDT) Organization: http://groups.google.com Message-ID: <749ee60d-e6e8-45f5-a855-cc98a35c3279@l64g2000hse.googlegroups.com> References: <185ee7f9-9d4f-4f49-8dbe-6b623b8a8223@c58g2000hsc.googlegroups.com> <887fc0a7-0a5a-4d2e-a9ea-eb9e32d6a818@m36g2000hse.googlegroups.com> NNTP-Posting-Host: 128.141.45.248 Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Trace: posting.google.com 1216106868 22608 127.0.0.1 (15 Jul 2008 07:27:48 GMT) X-Complaints-To: groups-abuse@google.com NNTP-Posting-Date: Tue, 15 Jul 2008 07:27:48 +0000 (UTC) Complaints-To: groups-abuse@google.com Injection-Info: l64g2000hse.googlegroups.com; posting-host=128.141.45.248; posting-account=bMuEOQoAAACUUr_ghL3RBIi5neBZ5w_S User-Agent: G2/1.0 X-HTTP-UserAgent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9) Gecko/2008061004 Firefox/3.0,gzip(gfe),gzip(gfe) Xref: g2news2.google.com comp.lang.ada:6885 comp.lang.c:69778 Date: 2008-07-15T00:27:48-07:00 List-Id: On 14 Lip, 13:49, Nick Keighley wrote: > I suspect its a damn sight easier to prove C correct than C++. > > =A0 =A0 a =3D b + c; > > probably does what it says in C (assuming b and c have good values > and it doesn't overflow). In C++ there could be half a dozen > overloaded > operators in there. Your reasoning is completely broken. Let's try this one: I suspect its a damn sight easier to prove C correct than Ada. a =3D b + c; probably does what it says in C. In Ada (substitute :=3D for =3D ) there could be half a dozen overloaded operators in there (and some controlled operations as well). Do you think that there are some monkeys in the project that randomly overload operators? If yes, then Ada is equally vulnerable. Another point: the operator + in C *is* overloaded and not only its meaning, but also the generated object code differs depending on the types of a and b. Yes, this is what overloading is all about and yes, you can have serious errors in C because of that, especially when combined with implicit conversions. What C++ or Ada can offer in this area is at least to get rid of those implicit conversions. This is a huge gain for proving correctness of the code. -- Maciej Sobczak * www.msobczak.com * www.inspirel.com