comp.lang.ada
 help / color / mirror / Atom feed
From: James Rogers <jimmaureenrogers@att.net>
Subject: Re: C bug of the day
Date: 13 Jun 2003 04:17:30 -0400
Date: 2003-06-13T04:17:30-04:00	[thread overview]
Message-ID: <Xns9398C378C97C4jimmaureenrogers@204.127.36.1> (raw)
In-Reply-To: 3ee8901a@andromeda.datanet.hu

"Balog Pal" <pasa@lib.hu> wrote in news:3ee8901a@andromeda.datanet.hu:

 > "James Rogers" <jimmaureenrogers@att.net> wrote in message
 > news:Xns9397C17B49692jimmaureenrogers@204.127.36.1...
 >
 >> Interesting. Do you think the fundamental safety problem in C code
 >> is ininitialized integers?
 >
 > Not "the" bat a very seriously fundamental problem I find in practice.
 >
 >> What about memory leaks
 >
 > Memleaks: I find not a problem in C++.  (it is in C)   [user shall not
 > handle memory in C++, containers and self-managing classes can solve
 > that
 > problem.]

Do you ever deal with C++ code written using C style primitives such
as arrays? I understand that such code still exists.

 >
 >> de-referencing
 >> null pointers, and array bounds violations?
 >
 > null pointers: not really. Dangling pointers is a problem. But it is not
 > a
 > coding-level problem but more generic, object lifetime problem on the
 > design
 > level.

I agree that pointer lifetime issues are a design issue. One of the
sometimes more difficult rules in Ada deals with pointer lifetime
issues. (In Ada they are called access variables, but the lifetime
issue applies here.) The language has very strict rules about access
value lifetimes. The compilers enforce those rules. The result is
a very low occurrance of dangling pointers.

 >
 > Array bounds: C, not C++. As normally in C++ we use containers, and
 > those do
 > bounts checks in debug build, that's enough to cath the typos/offby1
 > goofing. Generally.

Again, what about C++ code written using C style primitives such as
strings and other forms of arrays?

What C++ allows, and provides for "free" with the STL, is the
ability to wrap the C style primitives such as arrays in a class,
with all the bounds checking built into the class.

This provides safety at the expense of some efficiency. Although
the STL is part of the language definition, it is not part of the
language syntax. A C++ compiler cannot optimize out bounds checks
from STL or other container classes.

 > My guess is "we're cool guys not using lint". ;-o
 > btw lint will pick every case of uninited variable I guess, how you tell
 > it
 > to pass those you actually want uninited?
 >
 >> The reason is that many programmers neglect to use tools such as
 >> lint, which support my point. Programmers are frequently lazy.
 >
 > Well, if it was part of the package -- I still don't know whether I used
 > it
 > or not. (More probably yes.)  with C++ it's quite a crude tool, isn't
 > it?

Do modern C++ compilers produce the level of diagnostic output available
from (or better than) lint?

 >
 > Can you tune it to pick up most real problems while not producing 10
 > times
 > more noise?

This has always been an issue with lint. Tuning the output to give
no false reports while still not missing any real problems is not
easy.
 >
 >> A language that requires extra work to achieve safety will
 >> frequently be used to create unsafe programs. This is not
 >> because it is impossible to create safe programs with the language.
 >> It is because doing so requires extra work.
 >
 > Sure, that's why the other poster claimed the uninitialised is a bad
 > default
 > behavior.

I agree it is bad. I just did not think it was the most often encountered
problem.

Ada goes a bit further in this area than most C++ programs.
Ada allows you to define your own numeric types (as primitives, not
classes). You are allowed to define several characteristics about
these types.

type My_Index is range 1..10;

The above line defines an integer type with a valid range of values
from 1 through 10 inclusive. Now, let's combine that definition with
an array type definition:

type Nums is array (My_Index) of Float;

This defines an array type indexed by the type My_Index. Each element
of the array is a Float.

The compiler can now optimize out bounds checking for accessing
an array of Nums. The only index type allowed is type My_Index.
Every possible value of that type maps to an array element.

Trying to assign an out of range value to a variable of My_Index
causes the program to raise the exception Constraint_Error at run time.

Note that it would be illegal to initialize a variable of My_Index to
0. 0 is not a valid value for My_Index. The Ada compiler detects the
use of uninitialized variables.

 >
 >> On the other hand, a language that requires extra work to remove
 >> built in safety features will frequently be used to create safe
 >> programs. This is not because it is impossible to create unsafe
 >> programs with the language. It is because doing so requires extra
 >> work.
 >
 > And that is not so symmetric unfortunately.  Most safety you must reach
 > at
 > the design level. The level of language features may be too far away
 > from
 > that to know what is safe, or what is reasonable.  [sometimes even
 > design
 > falls on face, like the syncronised stuff in the first java containers.]

In Ada, I would simply use a container type as a data member in a
protected type definition. This allows me to have all the synchronization
behavior I need without suffering performance hits for the container
itself.

One common Ada container type is an unbounded string. It behaves
something like a Java String type. If I want to share that string
between several Ada tasks (similar to Java threads) I do the following:

protected type String_Buf is
    procedure Write(Item : in String);
    function Read return String;
private
    Buf : Unbounded_String;
end String_Buf;

The above code defines the interface, and private data member, for a
String_Buf. An Ada protected type is protected from inappropriate
mutual access by tasks. In this case any task calling the Write
procedure has exclusive access to the instance of String_Buf, while
any task calling the Read function has shared access to the instance
of String_Buf. This allows simultaneous reads and exclusive writes.

Note that this access control is far more sophisticated than what is
provided by Java synchronization.

The actual implementation of the String_Buf type follows:

protected body String_Buf is
    procedure Write(Item : in String) is
    begin
       Buf := To_Unbounded_String(Item);
    end Write;
    function Read return String is
    begin
       return To_String(Buf);
    end Read;
end String_Buf;

All locking and unlocking is implicit.
Each assignment to Buf causes the contents of Buf to be adjusted to
exactly the number of characters required. Dynamic memory issues are
handled automatically, just as in C++ with proper constructors and
destructors.

Jim Rogers

      [ Send an empty e-mail to c++-help@netlab.cs.rpi.edu for info ]
      [ about comp.lang.c++.moderated. First time posters: do this! ]



  reply	other threads:[~2003-06-13  8:17 UTC|newest]

Thread overview: 195+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-06-03 13:38 C bug of the day Hyman Rosen
2003-06-03 21:35 ` Ron Natalie
2003-06-03 21:38 ` John H. Lindsay
2003-06-04 13:25   ` Hyman Rosen
2003-06-03 21:49 ` Warren W. Gay VE3WWG
2003-06-04 13:26   ` Hyman Rosen
2003-06-05  7:35     ` Raoul Gough
2003-06-04 17:59   ` Carlos Moreno
2003-06-04 18:02   ` Ken Hagan
2003-06-10 16:51     ` Matthew Heaney
2003-06-04 18:05   ` Peter van Merkerk
2003-06-05  7:36     ` Hyman Rosen
2003-06-05 15:58       ` Terje Slettebø
2003-06-05 20:51       ` Dave Harris
2003-06-10 13:20         ` kanze
2003-06-10 13:40           ` Vinzent Hoefler
2003-06-10 13:51             ` Preben Randhol
2003-06-10 20:32               ` Jim Rogers
2003-06-11  4:01                 ` Wesley Groleau
2003-06-11  4:25                   ` Hyman Rosen
2003-06-11  9:41                   ` kanze
2003-06-11  9:31                 ` kanze
2003-06-11 12:48                   ` James Rogers
2003-06-11 16:43                     ` Wesley Groleau
2003-06-11 21:41                       ` Mike Silva
2003-06-12 12:39                     ` kanze
2003-06-12 12:52                       ` Preben Randhol
2003-06-13  1:32                       ` James Rogers
2003-06-13  9:37                       ` AG
2003-06-13 12:21                         ` Peter Amey
2003-06-13 13:38                         ` Ed Falis
2003-06-13 14:43                         ` kanze
2003-06-13 16:06                           ` Wesley Groleau
2003-06-13 21:32                           ` AG
2003-06-11  9:22               ` kanze
2003-06-11  9:49                 ` Erlo Haugen
2003-06-11 10:11                   ` Vinzent Hoefler
2003-06-11 10:50                     ` Erlo Haugen
2003-06-11 11:08                       ` Vinzent Hoefler
2003-06-11 11:29                         ` Erlo Haugen
2003-06-11 11:58                           ` Vinzent Hoefler
2003-06-11 12:38                             ` Erlo Haugen
2003-06-11 12:59                               ` Vinzent Hoefler
2003-06-11 13:13                                 ` Erlo Haugen
2003-06-12  3:26                         ` Wesley Groleau
2003-06-12 20:24                           ` Pascal Obry
2003-06-13 23:40                             ` Randy Brukardt
2003-06-14 10:57                               ` Replacement for Text_IO? (was Re: C bug of the day) Dale Stanbrough
2003-06-16 22:06                                 ` Randy Brukardt
2003-06-16 22:35                                 ` Gautier Write-only
2003-06-17  1:31                                   ` Randy Brukardt
2003-06-17  1:56                                   ` Dale Stanbrough
2003-06-17  8:46                                     ` Georg Bauhaus
2003-06-17 11:42                                       ` Dale Stanbrough
2003-06-17 12:53                                       ` Larry Kilgallen
     [not found]                         ` <sqilr-9d3.ln1@beastie.ix.netcom.com>
2003-06-12  7:35                           ` Compilers on old machines (was: " Vinzent Hoefler
2003-06-13 23:33                         ` C bug of the day Randy Brukardt
2003-06-16 11:23                           ` Vinzent Hoefler
2003-06-16 21:41                             ` Randy Brukardt
2003-06-16 21:45                               ` Vinzent Hoefler
2003-06-17 10:52                         ` Replacement for Text_IO? (was Re: C bug of the day) Larry Kilgallen
2003-06-11 10:36                   ` C bug of the day Peter Hermann
2003-06-11 10:43                     ` Erlo Haugen
2003-06-11 13:12                       ` Bernd Trog
2003-06-11 16:40                   ` Warren W. Gay VE3WWG
2003-06-12  7:16                     ` Erlo Haugen
2003-06-11 16:40                 ` Wesley Groleau
2003-06-11 16:59                   ` Larry Kilgallen
2003-06-12  3:28                     ` Wesley Groleau
2003-06-11 18:05                   ` Robert I. Eachus
2003-06-12 12:56                   ` kanze
2003-06-11 22:31             ` Kevin Cline
2003-06-12  7:06               ` Vinzent Hoefler
2003-06-12 18:40                 ` Mike Silva
2003-06-12 19:03                   ` Robert I. Eachus
2003-06-13 15:07                     ` kanze
2003-06-13 15:23                       ` Vinzent Hoefler
2003-06-12 10:21               ` Georg Bauhaus
2003-06-12 21:58                 ` Matthew Heaney
2003-06-13 15:13                   ` kanze
2003-06-14  6:10                     ` Simon Wright
2003-06-12 14:23               ` kanze
2003-06-13  1:52                 ` James Rogers
2003-06-13 15:24                   ` kanze
2003-06-13 15:31                     ` Vinzent Hoefler
2003-06-14 10:37                       ` Preben Randhol
2003-06-14  6:12                     ` Simon Wright
2003-06-14 14:39                       ` Larry Kilgallen
2003-06-12 17:33               ` Matthew Heaney
2003-06-12 20:38               ` Simon Wright
2003-06-10 16:55           ` Preben Randhol
2003-06-11 10:10           ` James Rogers
2003-06-12  0:12             ` Andrei Alexandrescu
2003-06-12  9:23               ` James Rogers
2003-06-12 10:27                 ` Andrei Alexandrescu
2003-06-13  8:16                   ` James Rogers
2003-06-13 15:55                     ` Terje Slettebø
2003-06-14  9:57                       ` Ron Natalie
2003-06-14 20:27                         ` Terje Slettebø
2003-06-16 22:46                           ` kanze
2003-06-16 22:54                           ` Ron Natalie
2003-06-15  0:07                         ` Dave Harris
2003-06-16 22:50                           ` kanze
2003-06-17 15:33                             ` Dave Harris
2003-06-15  1:54                         ` Wesley Groleau
2003-06-15 10:07                           ` Terje Slettebø
2003-06-18 21:15                         ` Balog Pal
2003-06-14 20:27                       ` Francis Glassborow
2003-06-15 10:06                         ` Terje Slettebø
2003-06-15 18:31                           ` Francis Glassborow
2003-06-16  8:45                             ` Terje Slettebø
2003-06-16 22:42                               ` Francis Glassborow
2003-06-17 17:51                             ` kanze
2003-06-18 15:47                               ` John Potter
2003-06-15 15:04                         ` John Potter
2003-06-15 21:55                           ` Francis Glassborow
2003-06-16  9:06                             ` John Potter
2003-06-16 22:43                               ` Francis Glassborow
2003-06-13 19:22                     ` Hyman Rosen
2003-06-14  9:50                     ` kanze
2003-06-14  9:51                     ` Wesley Groleau
2003-06-14 10:01                     ` Dave Harris
2003-06-15  0:45                       ` Terje Slettebø
2003-06-15 18:12                         ` Dave Harris
2003-06-16 22:52                       ` kanze
2003-06-17 10:46                         ` Larry Kilgallen
2003-06-14 10:15                     ` Andrei Alexandrescu
2003-06-14 16:16                     ` Simon Wright
2003-06-18 21:15                     ` Balog Pal
2003-06-12 19:43                 ` Balog Pal
2003-06-13  8:17                   ` James Rogers [this message]
2003-06-13 19:10                     ` Terje Slettebø
2003-06-14  9:53                     ` LLeweLLyn
2003-06-14 17:10                     ` Addding new attributes to Ada0Y Robert I. Eachus
2003-06-12 13:25             ` C bug of the day kanze
2003-06-13  0:39               ` Larry Kilgallen
2003-06-13 21:25                 ` LLeweLLyn
2003-06-13 23:42                   ` Wesley Groleau
2003-06-16 22:53                 ` kanze
2003-06-17 15:43                   ` Terje Slettebø
2003-06-18  1:41                     ` Wesley Groleau
2003-06-18 13:52                       ` Hyman Rosen
2003-06-18 14:37                         ` Vinzent Hoefler
2003-06-18 15:17                           ` Hyman Rosen
2003-06-19  8:30                         ` Dmitry A. Kazakov
2003-06-19 23:33                           ` Hyman Rosen
2003-06-20  1:18                             ` Wesley Groleau
2003-06-20  4:56                             ` Robert I. Eachus
2003-06-20  5:05                               ` Hyman Rosen
2003-06-20  5:54                                 ` Robert I. Eachus
2003-06-20  7:10                             ` Dmitry A. Kazakov
2003-06-20 21:12                               ` Mark A. Biggar
2003-06-21  7:28                                 ` Dmitry A. Kazakov
2003-06-18 21:12                       ` kanze
2003-06-19  3:24                         ` James Rogers
2003-06-19 14:02                           ` kanze
2003-06-19 23:29                             ` tmoran
2003-06-20  9:38                               ` Hyman Rosen
2003-06-20 12:25                               ` kanze
2003-06-24  1:59                               ` Matthew Heaney
2003-06-20  0:42                             ` Jim Rogers
2003-06-20  9:38                               ` Wesley Groleau
2003-06-20  9:39                               ` Hyman Rosen
2003-06-19  4:28                         ` Wesley Groleau
2003-06-20 23:02                         ` Stephen Leake
2003-06-21 19:41                     ` Dave Harris
2003-06-23  0:02                       ` Terje Slettebø
2003-06-23 15:51                         ` Dave Harris
2003-06-17 10:35                 ` Andy Sawyer
2003-06-17 17:48                   ` Ludovic Brenta
2003-06-17 17:52                   ` Larry Kilgallen
2003-06-18 14:10                     ` Preben Randhol
2003-06-18 15:39                     ` Andy Sawyer
2003-06-13  8:00               ` Mike Silva
2003-06-15  0:40                 ` Robert I. Eachus
2003-06-16 22:57                   ` kanze
2003-06-13  8:05               ` Wesley Groleau
2003-06-14  9:56                 ` LLeweLLyn
2003-06-15  0:42                   ` Ed Avis
2003-06-15 10:01                     ` LLeweLLyn
2003-06-15 21:59                       ` Ed Avis
2003-06-16  9:04                       ` Wesley Groleau
2003-06-15  0:45                   ` Wesley Groleau
2003-06-13  8:17               ` James Rogers
2003-06-14  9:52                 ` kanze
2003-06-15  0:43                   ` James Rogers
2003-06-15 18:48                     ` Garbage Collector [Was: C bug of the day] Martin Krischik
2003-06-16 23:30                       ` Robert A Duff
2003-06-17  3:51                         ` Robert I. Eachus
2003-06-14 16:22                 ` Bounded integer types (was: C bug of the day) Ed Avis
2003-06-03 21:59 ` C bug of the day Mike Silva
2003-06-04 16:41 ` LLeweLLyn
2003-06-04 22:37   ` Wesley Groleau
2003-06-09 23:50 ` Balog Pal
2003-06-21 19:26 ` Florian Weimer
replies disabled

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox