Re: Boeing and Dreamliner

[Hyman Rosen <hyrosen@mail.com>]

Richard Riehle wrote:
 > In C++ it is perfectly legal to do all kinds of assignment statements
 > where the result is not entirely predictable.

I'm not sure what you mean by this. If you're talking about order
of evaluation, Ada has the same lack of predictability, although
Java does not.

> A key difference between Ada and many other languages is
> the absence of structural equivalence in favor of named equivalence.

Again, I don't know how this applies to C++, except for one case I
can think of - a union with record members all of which share the
identical set of leading fields. X Window uses this feature to allow
access to the type of an event.

> Also, unchecked assignment (Unchecked_Conversion) only permits
 > assignment in the direction for which it is instantiated.
 > This eliminates many kinds of errors.

It's true that C and C++ allow interconversion between the basic
arithmetic types without requiring an explicit conversion, but I've
never noticed it as being a particularly fruitful source of errors.
Compilers are perfectly happy to whinge about these if you ask them
to, in any case.

> Quite simply, the amount of error checking performed by an Ada compiler
> is substantially greater than in C++.   This does not mean C++ is evil.  It
> simply means it is inappropriate for software that demands a high level of
> dependability, especially when one has Ada available as an option.

Proponents of SPARK have argued that plain Ada contains ten times as many
errors as SPARK code, so I suppose the continued use of plain Ada means that
its practitioners realize that their code does not demand that much
dependability.

> C++ is more dangerous for safety-critical software than Ada.

You are most likely correct. But Java provides many of the same sorts
of error checking - pointer access and bounds checking - that Ada does,
and with garbage collection, doesn't offer the possibility of an
unchecked deallocation sending code astray. So maybe it's better than
Ada?

> I know you are a skilled and experienced C++ developer.   Does it not
> occur to you that simple little things such as automatic type promotion,
> incorrect placement of curly braces, and errors in pointer arithmetic,
> to name a few issues, might result in questionable code?

They might, especially pointer arithmetic. I doubt that the others ever
affect real code, althouggh it's obviously possible to concoct examples.
But pointer arithmetic is used for processing within arrays. Ada will
catch you if you step off the ends and C won't, but if you have a muddle
in the middle, you can have it with indexes as well as with pointers.

> What about incorrectly defined destructors?

But Ada has finalizers which can be equally wrong.

> Or default assignment operations?

Ada has default bitwise assignment too. You can turn it off in Ada,
abd you can turn it off in C++.

> Or many more such entertaining features of C++ that add power, but
> also add the potential for undetected errors?   You know the list is
> even longer than the one I just presented.

I guess it's like riding a motorcycle.