From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: fac41,2c6139ce13be9980 X-Google-Attributes: gidfac41,public X-Google-Thread: 1014db,3d3f20d31be1c33a X-Google-Attributes: gid1014db,public X-Google-Thread: 103376,3d3f20d31be1c33a X-Google-Attributes: gid103376,public X-Google-Thread: 1108a1,2c6139ce13be9980 X-Google-Attributes: gid1108a1,public X-Google-Thread: f43e6,2c6139ce13be9980 X-Google-Attributes: gidf43e6,public X-Google-Thread: 109fba,2c6139ce13be9980 X-Google-Attributes: gid109fba,public From: stt@houdini.camb.inmet.com (Tucker Taft) Subject: Re: Is ADA as good for graphics programming as C? (WAS: Re: Avoiding the second historic mistake) Date: 1997/07/09 Message-ID: #1/1 X-Deja-AN: 255835052 Sender: news@inmet.camb.inmet.com (USENET news) X-Nntp-Posting-Host: houdini.camb.inmet.com References: Followup-To: comp.object,comp.software-eng,comp.lang.ada,comp.lang.eiffel,comp.lang.c,comp.lang.c++ Organization: Intermetrics, Inc. Newsgroups: comp.object,comp.software-eng,comp.lang.ada,comp.lang.eiffel,comp.lang.c,comp.lang.c++ Date: 1997-07-09T00:00:00+00:00 List-Id: Don Harrison (donh@syd.csa.com.au) wrote: : Donovan Baarda wrote: : :Eiffel is IMHO a better choice for safety-critical applications without : :excessive real time requirements. Design by contract obviously (and : :measurably?) contributes significantly to program safety. Combining this : :with a complete inheritanc heirachy of library classes with all the : :contracts defined and inheritable has to make a huge difference. : I agree on all points. ... I'm curious what you mean by safety-critical. In my experience with safety-critical applications, you cannot have any significant amount of out-of-line run-time support, and little or no use of dynamic storage allocation after system startup. Eiffel's dependence on dynamic storage allocation and garbage collection basically rules it out for most (serious) safety-critical applications, despite all its admittedly nice invariants and assertions. One of the important features of Ada in the safety-critical domain is that there is a very useful subset that makes little or no use of out-of-line run-time support, and essentially no use of dynamic storage allocation. Furthermore, there are FAA-certified versions of the minimal run-time support required. I doubt the FAA will ever certify a garbage collector. Finally there are available tools (such as the "SPARK" tools from Praxis, Ltd.) which add support for all of the kinds of assertions that Eiffel has, including full static analysis and theorem proving support of the assertions, while allowing the programmer to code within a subset of Ada that requires essentially no out-of-line run-time support, and can still be compiled by any commercial Ada compiler. These are some of the reasons why Ada is the language of choice in many applications that are safety-critical. It is relatively straightforward to add additional assertion-checking via pragmas and static analysis tools. It is not so easy to take a language like Eiffel that is fundamentally oriented toward dynamic storage allocation (and pervasive dynamic binding), and adapt it to work in the fully statically analyzable environment required for applications where human life is at stake. Ada95 was designed to be able to support programming in a way that minimizes dynamic storage allocation, unnecessary dynamic binding, etc. while still supporting the object-oriented paradigm and a very strong and separately compilable contract between the clients and the implementation(s) of an abstract interface. The "contract" enforced at compile-time by the Ada compiler is much stronger than the contract enforced at compile-time by most compilers, since it includes strong type distinctions between otherwise equivalent scalar, array, and pointer types, plus compiler-enforced parameter modes, and the ability to use formal parameter names to verify actual/formal parameter association. : Don. : =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- : Don Harrison donh@syd.csa.com.au -Tucker Taft stt@inmet.com http://www.inmet.com/~stt/ Intermetrics, Inc. Burlington, MA USA