From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
	autolearn_force=no version=3.4.4
X-Google-Thread: 103376,703c4f68db81387d
X-Google-Thread: 109fba,703c4f68db81387d
X-Google-Thread: 115aec,703c4f68db81387d
X-Google-Thread: f43e6,703c4f68db81387d
X-Google-Attributes: gid103376,gid109fba,gid115aec,gidf43e6,public
X-Google-Language: ENGLISH,ASCII-7-bit
Path: 
 g2news1.google.com!news1.google.com!newsread.com!news-xfer.newsread.com!news.glorb.com!uio.no!newsfeed1.funet.fi!newsfeed3.funet.fi!newsfeeds.funet.fi!feeder2.news.jippii.net!reader1.news.jippii.net!53ab2750!not-for-mail
From: Tapio Kelloniemi <spam17@thack.org>
Subject: Re: Class hierarchy of exceptions (Ada, C++)
References: <BPu2e.108090$Vf.4154474@news000.worldonline.dk>
Newsgroups: comp.lang.ada,comp.lang.c++,comp.realtime,comp.software-eng
Message-ID: <S9w2e.4955$u7.933@reader1.news.jippii.net>
Date: Wed, 30 Mar 2005 11:35:14 GMT
NNTP-Posting-Host: 217.30.176.187
X-Complaints-To: newsmaster@saunalahti.com
X-Trace: reader1.news.jippii.net 1112182514 217.30.176.187 (Wed,
 30 Mar 2005 14:35:14 EEST)
NNTP-Posting-Date: Wed, 30 Mar 2005 14:35:14 EEST
Organization: Saunalahti Customer
Xref: g2news1.google.com comp.lang.ada:10145 comp.lang.c++:47947
 comp.realtime:1827 comp.software-eng:5463
Date: 2005-03-30T11:35:14+00:00
List-Id: <comp.lang.ada>

"Peter Koch Larsen" <pklspam@mailme.dk> wrote:
>"Tapio Kelloniemi" <spam17@thack.org> skrev i en meddelelse
>news:IQX1e.4368$sO2.1682@reader1.news.jippii.net...
>> The question is not only about compiler warnings or errors. Ada (as a
>> language) has been designed so that it is possible for the
>> compiler to check many mistakes which may cause bad results at run time.
>> Ada also makes it easier for the user to notice this kind of errors.
>> For example:
>>
>> procedure X is
>>
>>   type Metres is new Natural;
>>   type Seconds is new Natural;
>>
>>   M : Metrses := 0;
>>   S : Seconds := 10;
>> begin
>>   if M < S then --  Error, < is not defined for these types
>
>But now you have problems calculating the velocity, right?
>
>type Velocity is new Natural;
>V: Velocity = M/S; // probably a compiler error.
Yes, but I can tell the compiler that I know better:
V : Velocity := Velocity (Integer (M) / Integer (S));

Also other readers of my code now know surely that this is what I meant.

>> This is a bit more verbose than using pure int instead of Metres and
>> Seconds, but if I wanted a C++ compiler to check this kind of error, I'm
>> afread that the resulting C++ code would be much more verbose.
>
>Not so. There is an excellent library which does exactly what you want -
>using templates, of course.

That is a good thing. If all C++ programmers used it, I think their
programs would benefit a lot of it.

>> Such mistakes as using a pointer to nothing and writing past the array
>> bounds don't often happen in Ada.
>What makes you believe they happen regularly in C++?

They just happen. Why people had otherwise created such tools as valgrind
(http://valgrind.kde.org/). I also use it myself for Ada to eliminate memory
leaks. Writing past array bounds unintentionally is quite easy. In Ada
Constraint_Error is raised, but C++ program segfaults. Or even worse, it
does not segfault immediately, but when the function is exited (as the
return address has been destroyed). STL is safer, but it cannot always be
used (eg. when interfacing to foreign code).

>>>An example. First compile with the default behaviour, then with all
>>>warnings tu
>>>rned on:
[--]
>> If a replace I < J; with null; the result is:
>> gcc -c -gnatg temp.adb
>> temp.adb:2:04: warning: "I" is not modified, could be declared constant
>> temp.adb:2:04: warning: variable "I" is not referenced
>> temp.adb:3:04: warning: "J" is not modified, could be declared constant
>> temp.adb:3:04: warning: variable "J" is not referenced
>> gnatmake: "temp.adb" compilation error
>
>I see no real difference here between a good-quality C++ compiler and Ada.

Another example:

int* f()
{
  int i = 3;
  int& l = *(new int);

  l = i;
  int* p = &i; // Should be int* p = &l;

  return p;
}

int main()
{
  int* p = f();
  *p = 4;
  return 0;
}

# g++ -Wall -o temp temp.cc
#

Not even a warning and the program does not crash on my system! Valgrind
revealed the error (and thought it was a G++ bug).
If the code above is modified a bit, even the best compiler cannot
know for sure that we are doing evil things.

The same in Ada:

procedure Temp is
   type Int_Ptr is access Integer;

   function F return Int_Ptr is
      I : Integer := 3;
      L : Int_Ptr := new Integer;
      P : Int_Ptr;
   begin
      L.all := I;
      P := I'Access; --  Should be P := L;
      return P;
   end F;

   A : Int_Ptr;
begin
   A := F;
   A.all := 4;
end Temp;

# gcc -c -gnatg temp.adb
temp.adb:5:04: (style): subprogram body has no previous spec
temp.adb:11:12: prefix of "Access" attribute must be aliased

So if I really want to pass a pointer to a local to the caller, I should
change
      I : Integer := 3;
to
      I : aliased Integer := 3;

Also note that the lines which were "mistyped" are much closer to each
other in C++ than in Ada.

-- 
Tapio