From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,f948976d12c7ee33 X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2003-06-30 22:31:27 PST Path: archiver1.google.com!news1.google.com!newsfeed.stanford.edu!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!wn14feed!worldnet.att.net!199.45.49.37!cyclone1.gnilink.net!spamkiller2.gnilink.net!nwrdny02.gnilink.net.POSTED!53ab2750!not-for-mail From: Hyman Rosen User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5a) Gecko/20030611 Thunderbird/0.1a X-Accept-Language: en-us, en MIME-Version: 1.0 Newsgroups: comp.lang.ada Subject: Re: Boeing and Dreamliner References: <3EFC6FC2.B96DAEA4@adaworks.com> <1056731513.272294@master.nyc.kbcfp.com> <3EFF2F6D.3793971@adaworks.com> <3F00E081.898E3C4A@adaworks.com> In-Reply-To: <3F00E081.898E3C4A@adaworks.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Message-ID: Date: Tue, 01 Jul 2003 05:31:20 GMT NNTP-Posting-Host: 162.84.201.206 X-Complaints-To: abuse@verizon.net X-Trace: nwrdny02.gnilink.net 1057037480 162.84.201.206 (Tue, 01 Jul 2003 01:31:20 EDT) NNTP-Posting-Date: Tue, 01 Jul 2003 01:31:20 EDT Xref: archiver1.google.com comp.lang.ada:39942 Date: 2003-07-01T05:31:20+00:00 List-Id: Richard Riehle wrote: > In C++ it is perfectly legal to do all kinds of assignment statements > where the result is not entirely predictable. I'm not sure what you mean by this. If you're talking about order of evaluation, Ada has the same lack of predictability, although Java does not. > A key difference between Ada and many other languages is > the absence of structural equivalence in favor of named equivalence. Again, I don't know how this applies to C++, except for one case I can think of - a union with record members all of which share the identical set of leading fields. X Window uses this feature to allow access to the type of an event. > Also, unchecked assignment (Unchecked_Conversion) only permits > assignment in the direction for which it is instantiated. > This eliminates many kinds of errors. It's true that C and C++ allow interconversion between the basic arithmetic types without requiring an explicit conversion, but I've never noticed it as being a particularly fruitful source of errors. Compilers are perfectly happy to whinge about these if you ask them to, in any case. > Quite simply, the amount of error checking performed by an Ada compiler > is substantially greater than in C++. This does not mean C++ is evil. It > simply means it is inappropriate for software that demands a high level of > dependability, especially when one has Ada available as an option. Proponents of SPARK have argued that plain Ada contains ten times as many errors as SPARK code, so I suppose the continued use of plain Ada means that its practitioners realize that their code does not demand that much dependability. > C++ is more dangerous for safety-critical software than Ada. You are most likely correct. But Java provides many of the same sorts of error checking - pointer access and bounds checking - that Ada does, and with garbage collection, doesn't offer the possibility of an unchecked deallocation sending code astray. So maybe it's better than Ada? > I know you are a skilled and experienced C++ developer. Does it not > occur to you that simple little things such as automatic type promotion, > incorrect placement of curly braces, and errors in pointer arithmetic, > to name a few issues, might result in questionable code? They might, especially pointer arithmetic. I doubt that the others ever affect real code, althouggh it's obviously possible to concoct examples. But pointer arithmetic is used for processing within arrays. Ada will catch you if you step off the ends and C won't, but if you have a muddle in the middle, you can have it with indexes as well as with pointers. > What about incorrectly defined destructors? But Ada has finalizers which can be equally wrong. > Or default assignment operations? Ada has default bitwise assignment too. You can turn it off in Ada, abd you can turn it off in C++. > Or many more such entertaining features of C++ that add power, but > also add the potential for undetected errors? You know the list is > even longer than the one I just presented. I guess it's like riding a motorcycle.