From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM autolearn=unavailable autolearn_force=no version=3.4.4 X-Received: by 10.182.247.101 with SMTP id yd5mr16630115obc.41.1414759974108; Fri, 31 Oct 2014 05:52:54 -0700 (PDT) X-Received: by 10.140.34.76 with SMTP id k70mr503qgk.40.1414759974076; Fri, 31 Oct 2014 05:52:54 -0700 (PDT) Path: border1.nntp.dca1.giganews.com!nntp.giganews.com!news.glorb.com!r10no2189163igi.0!news-out.google.com!u5ni17qab.1!nntp.google.com!u7no1425985qaz.1!postnews.google.com!glegroupsg2000goo.googlegroups.com!not-for-mail Newsgroups: comp.lang.ada Date: Fri, 31 Oct 2014 05:52:53 -0700 (PDT) In-Reply-To: Complaints-To: groups-abuse@google.com Injection-Info: glegroupsg2000goo.googlegroups.com; posting-host=80.254.158.52; posting-account=bMuEOQoAAACUUr_ghL3RBIi5neBZ5w_S NNTP-Posting-Host: 80.254.158.52 References: <220f97ab-9aa2-4961-b140-2b271c3ab99a@googlegroups.com> <99759c3f-a35f-4745-a8fd-2fb6ab6fb1aa@googlegroups.com> <48dc1630-8e7d-4e29-8bdd-53d74932d9d0@googlegroups.com> <88a7f98c-55c2-4b5f-8a9d-c8b7512781c8@googlegroups.com> <50cacb19-5d0b-4dbe-b91b-0b3b462913d6@googlegroups.com> <07d0ad94-160b-4873-ba1b-403e8c0bc420@googlegroups.com> User-Agent: G2/1.0 MIME-Version: 1.0 Message-ID: <8100a013-e50d-4a19-b506-716288a2ccb4@googlegroups.com> Subject: Re: F-22 ADA Programming From: Maciej Sobczak Injection-Date: Fri, 31 Oct 2014 12:52:54 +0000 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Xref: number.nntp.giganews.com comp.lang.ada:190252 Date: 2014-10-31T05:52:53-07:00 List-Id: > > That C++ bugs have more severe consequences than Ada bugs? :-) >=20 > Are you kidding me? >=20 > Are you not aware that buffer overflows are a major Yes, I am. And the recent Heartbleed mess is a very good example of why you= are both right and wrong at the same time. The problem is - most of the buffer overflows that we had to deal with were= related to foundation infrastructure, which has long historic links. Nobod= y is going to replace those foundations without taking those historic links= into account - and choosing Ada at the top level does not help much if fou= ndations are not replaced. In the context of Heartbleed this means that you= r Ada-based web service (like with AWS) would be compromised anyway, becaus= e it would use the foundations that are broken, but which you would not be = willing to reimplement yourself. And if you attempt to do it, you will take= the risk of introducing new bugs, perhaps not buffer overflows, but maybe = more subtle (and not less dangerous), like related to the cryptographic cor= rectness of your new foundations. This is a huge economic question mark. It= is not obvious (and has no existing data to back up) that replacing the so= ftware world with Ada would be automatically beneficial. Which brings us to another question: what "switching to Ada" is supposed to= mean, anyway? That we will take literally billions of lines of C code and = put our several thousands of Ada on top of it and call it a success? This i= s pointless, the impact on overall quality would be exactly zero (think Hea= rtbleed). Or maybe that we will replace the billions of LOC in C with new a= nd untested billions of LOC in Ada? We both know it's not going to happen, = and it would not even be necessarily good. Things look different in those deployments where you can control the whole = stack, like in embedded systems. There, "switching to Ada" is actually mean= ingful and I fully applaud it. Which is actually very relevant and viable w= ith most safety critical systems. > C and C++ pointers are another area where wild storage references are > common and have the same damaging effects as buffer overflows. Things lik= e > that just don't happen in Ada and other safe languages. They also don't happen with appropriate language subsetting, which is a val= id and widely used strategy in safety critical systems. There is no need to= abandon the whole language just because you want to get rid of one languag= e feature. > There's no excuse > for using C or C++ in safety or even business-critical applications. The excuse is economy of replacing billions of lines in foundation layers. = And, let's be a bit objective, statistically it looks like both safety and = business are doing fine. Fuckups get more media attention for obvious reaso= ns (media have their economy, too), but from what I see more banks are thri= ving thanks to well working systems than falling due to buffer overflows. T= hese are the excuses you are looking for and these are the reasons why futu= re banking systems will be written in C++ and Java, too. > Nonsense. Most people are not even qualified to choose the tools they use And who is going to forbid them? > > If I understand things correctly, lack of due diligence has to be prove= n > >in court.=20 >=20 > That depends. In criminal cases in America they are supposed to have to > prove guilt. But in civil cases and that's where the money is, accused > parties have to prove their innocence. OK, easy. There is a concept of widely accepted practice (also known as "no= body was ever fired for buying IBM"). If all universities teach that Java i= s the best technology and if all companies use it, then it must be an accep= ted practice. Then, just as "nobody was ever fired for buying IBM", nobody = will be ever sued for writing business systems in Java. On the contrary - choosing niche technologies might look like taking unnece= ssary risks and this is certainly a question mark in court. Ada is a niche = technology and its technical properties might not be obvious to the judge. > You continue to try to twist the discussion into the framework of avoidin= g > liability and who to collect money from, where I am coming from the angle= of > wanting people to be aware of the issues and do the right thing, because > it's the right thing to do. Right. So for most people the right thing to do is not to take risks and do= what everybody else does and write in C. Or in Java. Sorry. If all this se= ems twisted to you, it was not me who has twisted the world. --=20 Maciej Sobczak * http://www.inspirel.com