From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 11232c,59ec73856b699922 X-Google-Attributes: gid11232c,public X-Google-Thread: 103376,583275b6950bf4e6 X-Google-Attributes: gid103376,public X-Google-Thread: fdb77,5f529c91be2ac930 X-Google-Attributes: gidfdb77,public X-Google-Thread: 1108a1,59ec73856b699922 X-Google-Attributes: gid1108a1,public X-Google-ArrivalTime: 2003-05-09 11:52:32 PST Path: archiver1.google.com!postnews1.google.com!not-for-mail From: jimmaureenrogers@worldnet.att.net (Jim Rogers) Newsgroups: comp.lang.java.advocacy,comp.object,comp.lang.ada,misc.misc Subject: Re: Using Ada for device drivers? (Was: the Ada mandate, and why it collapsed and died) Date: 9 May 2003 11:52:31 -0700 Organization: http://groups.google.com/ Message-ID: <82347202.0305091052.d8161a4@posting.google.com> References: <9fa75d42.0304230424.10612b1a@posting.google.com> <416273D61ACF7FEF.82C1D1AC17296926.FF0BFD4934A03813@lp.airnews.net> <9fa75d42.0305010621.55e99deb@posting.google.com> <254c16a.0305011035.13133e8d@posting.google.com> <9fa75d42.0305011727.5eae0222@posting.google.com> <17cd177c.0305072114.24f04783@posting.google.com> <9fa75d42.0305090612.261d5a5c@posting.google.com> NNTP-Posting-Host: 209.194.156.4 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Trace: posting.google.com 1052506352 1044 127.0.0.1 (9 May 2003 18:52:32 GMT) X-Complaints-To: groups-abuse@google.com NNTP-Posting-Date: 9 May 2003 18:52:32 GMT Xref: archiver1.google.com comp.lang.java.advocacy:63419 comp.object:63110 comp.lang.ada:37122 misc.misc:14050 Date: 2003-05-09T18:52:32+00:00 List-Id: softeng3456@netscape.net (soft-eng) wrote in message news:<9fa75d42.0305090612.261d5a5c@posting.google.com>... > Do you really need your own sub-range of integers > very often? Arrays with variable index ranges? > You must do a very different type of programming > from what I do. Perhaps not so different as you think. User defined numeric types have a very convenient set of behaviors in Ada. Those behaviors become even more convenient when user defined discrete types are created for array indexing. The most convenient feature when dealing with arrays is Ada's ability to efficiently deal with array bounds checking. For example, if I define an Ada string with a length of 10 characters: Name : String(1..10); I can then perform I/O using that string object and never need to worry about array bounds violations. Ada.Text_Io.Get_Line(Item => Name, Last => Count); The Get_Line procedure will read from standard input and place the characters read into the variable "Name". It will record the number of characters read in the variable "Count". The input routine will not overflow the array. It will assign no more characters than can fit into the receiving array. In C I would need to do something like the following: char name[11]; scanf("%.10s", name); The point here is that I must hardcode the size limit into the scanf format string. If I change the size of the array then I must also change the scanf format string. Unfortunately, array bounds violations are still a common failure mode in C programs. The techniques for avoiding array bounds violations are well known. Unfortunately they are not used as frequently as one would like. Another issue with Ada arrays is iterating through the array elements. This is also much easier to do safely than in C. In Ada one could safely iterate through the above defined string as follows: for index in Name'Range loop Ada.Text_IO.Put(Item => Name(Index)); end loop; Using C you could do the following: int i; for(i = 0; name[i]; ++i) { putc(name[i]); } This relies upon having a properly formatted, null- terminated string. If, however, the string is not properly null-terminated, or the character array was a victim of bounds violation, the loop can easily read beyond the end of the character array. Now a bounds violation in one part of the program is propogated into other parts of the program. Detecting and correcting this fault is not fun. The Ada model of allowing array indices to start at any discrete value is very convenient for array slicing. If I wanted to create my own procedure to print an array character by character, I could do the following: procedure My_Print(Item : in String) is begin for i in Item'Range loop Ada.Text_IO.Put(Item(i)); end loop; end My_Print; I could then successfully call this procedure either with an entire string object or with a slice of a string object: My_Print(Name); My_Print(Name(3..6)); The first call would print the entire 10 characters in the Name string. The second call would print only the 3rd, 4th, 5th and 6th characters in the string. An eqivalent C function would be: void myPrint(char *c, int l) { int i; for(i = 0; i < l; ++i) { putc(c[i]); } } The problem here is that neither the run time code nor the compiler will know if the parameter c actually points to a character in a character array. Neither can it tell if the second parameter "l" will cause an array bounds violation during the iteration. The Ada solution is entirely safe in this regard. An array slice cannot reference elements outside the array bounds. An array parameter must reference an actual array. There is no masking caused by pointer referencing. Jim Rogers