From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID
	autolearn=no autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: fac41,9a0ff0bffdf63657
X-Google-Attributes: gidfac41,public
X-Google-Thread: 103376,4b06f8f15f01a568
X-Google-Attributes: gid103376,public
X-Google-Thread: f43e6,9a0ff0bffdf63657
X-Google-Attributes: gidf43e6,public
From: Ehud Lamm <mslamm@mscc.huji.ac.il>
Subject: Re: Is there a language that Dijkstra liked? (was: Re: Software
 landmines (loops))
Date: 1998/10/26
Message-ID: 
 <Pine.A41.3.96-heb-2.07.981026223340.101470B-100000@pluto.mscc.huji.ac.il>#1/1
X-Deja-AN: 405321559
References: 
 <Pine.A41.3.96-heb-2.07.981026131810.53604A-100000@pluto.mscc.huji.ac.il>
 <F1Fz6p.Lx2.0.-s@inmet.camb.inmet.com> <712i5t$9i$1@nnrp1.dejanews.com>
Content-Type: TEXT/PLAIN; charset=US-ASCII
Organization: The hebrew University of Jerusalem
Mime-Version: 1.0
Newsgroups: comp.lang.eiffel,comp.software-eng,comp.lang.ada
Date: 1998-10-26T00:00:00+00:00
List-Id: <comp.lang.ada>

On Mon, 26 Oct 1998 dennison@telepath.com wrote:

> In article <F1Fz6p.Lx2.0.-s@inmet.camb.inmet.com>,
> I've seen one instance where a C array bounds indexing bug caused garbage to
> get passed through 2 intermediate machines, processed, and sent to a third
> which blew up trying to dereference the pointer it got by using the resultant
> garbage as another array index into an array of poiners. Two engineers were
> flown into the customer site and put up in hotels for 2 weeks while they
> tried to figure out what was going on. Of course if it were written in Ada, a
> range check would have caused the program to bomb at the line where the
> invalid index was first used. A decent compiler will then print a stack dump
> with the error, routine, and line number. We could probably have fixed it
> over the phone in less than a day. It only takes one bug like that to
> completely erase any cost savings you thought you were getting by usingthat
> cheap C compiler.

Run time checking is extremely important. The ususal reason not to do it
is that it has a performence impact. My experience is that in most cases
this cost is negligable, and worth it.

One thing lacked by ADA is a real DBC mechanism like Eiffel. This makes
run time checks even more powerful.

Still - Remember you can achieve all the run time checking functionality
in any language. It is just that in some languages you have to code it
explicitly. But you want your code to be of quallity - you just have to do
it.

Ehud Lamm     mslamm@mscc.huji.ac.il
http://www2.cybercities.com/e/ehud