From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Thread: 103376,703c4f68db81387d X-Google-Attributes: gid103376,public X-Google-Language: ENGLISH,UTF8 Path: g2news1.google.com!news1.google.com!proxad.net!newsfeed1.ip.tiscali.net!tiscali!transit1.news.tiscali.nl!dreader2.news.tiscali.nl!not-for-mail Newsgroups: comp.lang.ada Cc: mail2news@news.demon.co.uk Subject: Re: [OT] Re: Teaching new tricks to an old dog (C++ -->Ada) References: <4229bad9$0$1019$afc38c87@news.optusnet.com.au> <87r7iu85lf.fsf@insalien.org> <13886201.p35jjuWv0U@linux1.krischik.com> From: Ludovic Brenta Date: Sun, 06 Mar 2005 14:26:53 +0100 Message-ID: <87mztg7vmq.fsf@insalien.org> User-Agent: Gnus/5.1007 (Gnus v5.10.7) Emacs/21.3 (gnu/linux) Cancel-Lock: sha1:5CGNqnDW307y90fqztmWn1Ax72I= MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Organization: Tiscali bv NNTP-Posting-Date: 06 Mar 2005 14:26:28 CET NNTP-Posting-Host: 83.134.241.69 X-Trace: 1110115588 dreader2.news.tiscali.nl 44076 83.134.241.69:35195 X-Complaints-To: abuse@tiscali.nl Xref: g2news1.google.com comp.lang.ada:8751 Date: 2005-03-06T14:26:28+01:00 List-Id: "Paul E. Bennett" writes: > Martin Krischik wrote: > >> >> >> Paul E. Bennett wrote: >> >>> Ludovic Brenta wrote: >>> >>>> * when the compiler cannot check some code statically, it inserts >>>> run-time checks which are guaranteed to catch all errors by raising >>>> exceptions. In C++ you must code these checks by hand, and of >>>> course at some point you'll forget one crucial check which will cost >>>> you days in debugging. >>> >>> I think the fallacy of that statement has been proven already (in a very >>> expensive way). >> >> You mean the case where some managers decided to use some software written >> for one pice of hardware on another - incompatible - pice of hardware - >> without retesting? >> >> In my book that was a management bug - If the managers had ordered to run >> the testsuite only once the problem would have shown. The hardware was so >> incompatible it would have failed all the time. >> >> Last not least: Runtime check where disabled for that incident. So if >> anything: this incident speak in favor of runtime checks. >> >> Read up your facts: http://en.wikipedia.org/wiki/Ariane_5_Flight_501 > > Yes, I have read that and the full report. However, I think my comment > still stands. You stated "when the compiler cannot check some code > statically, it inserts run-time checks which are guaranteed to catch all > errors by raising exceptions". Martin didn't state that, I did. > The code had to be compiled, for the new hardware, to be installed > in the guidance system and hence should have had the run-time checks > in place if static checking could not be done. You have admitted in > your response that these checks were not active (by management > decision) so the Ada compiler was circumvented and prohibited from > adding these checks. This is correct, and boils down to the fact that pointy-haired managers can override even an Ada compiler. Are you susprised? But try that with a C++ compiler, and C++ programmers who have never heard of automatic run-time checks. Who would you blame? > Considering that the proposition in this thread has been "Ada > protects you from making silly mistakes" I consider that your take > is counter to the evidence. I still maintain that language is > immaterial to the safety of the system, relying on decent > rigourously applied development processes, reviews and > testing. Therefore, I tend to look at the development processes and > their "real" CMM rating. I guess the Ariane team went down a few > notches on that project. Ada, *by default*, protects you against silly mistakes. You or your pointy-haired manager can override the protection. C++, *by default*, does not protect you. Nobody can add protection. -- Ludovic Brenta.