From: James Rogers <jimmaureenrogers@att.net>
Subject: Re: C bug of the day
Date: 13 Jun 2003 04:17:03 -0400
Date: 2003-06-13T04:17:03-04:00 [thread overview]
Message-ID: <Xns9398C9067948jimmaureenrogers@204.127.36.1> (raw)
In-Reply-To: d6652001.0306120418.37a97d1c@posting.google.com
kanze@gabi-soft.fr wrote in
news:d6652001.0306120418.37a97d1c@posting.google.com:
> James Rogers <jimmaureenrogers@att.net> wrote in message
> news:<Xns9396BDBB14558jimmaureenrogers@204.127.36.1>...
>> kanze@gabi-soft.fr wrote in
>> news:d6652001.0306100323.338a2a1c@posting.google.com:
>
>> > That doesn't mean C++ is perfect, of course. I'd rather have a
>> > language in which all of the defaults were fundamentally safe, but
>> > with the freedom to override them if you had special constraints,
>> > or even in cases where you came across a case which the language
>> > authors hadn't considered. I don't know such a language, however;
>> > it may exist somewhere, but if it does, it certainly isn't very
>> > popular or wide spread.
>
>> Since this was cross-posted to comp.lang.ada I think it is fair to
>> mention that there is a language that meets your description above.
>> That language is Ada.
>
> Permit me to be sceptical. If your claim is that Ada has more of the
> safe defaults than C++, I doubt anyone would dare argue it. If your
> claim is even that most of the defaults are the safe version, from what
> little I know of the language, it would seem true. But to say that in
> 1983, they got everything right, including problems that weren't even
> understood until significantly later. Well, I'm sceptical. Perfection
> just isn't of this world.
I am sorry. I did not mean that Ada is perfect. I meant that Ada is a
fundamentally safe language with the ability to turn off checking if
you encounter a situation where checking presents a problem for you.
>
> One point where I'm pretty sure Ada 83 didn't have the right default
> (although they may have fixed it in Ada 95): garbage collection. While
> there are places where it is necessary to turn garbage collection off
> (which seriously limits the use of a language in which you cannot have
> untraced pointers, which the garbage collector cannot see), the safe
> option is obviously to have it on by default, no?
Is garbage collection always the right default? For web applications
this may be true. Ada was originally designed for hard real time
embedded systems. In 1983 and 1995 there was no way to implement
deterministic garbage collection for hard real time systems with
nanosecond timing requirements.
That said, like C++, Ada does not prohibit garbage collection.
>
>> Its defaults are fundamentally safe. It provides the ability to
>> override the safety constraints whenever you choose to. Note how Ada
>> differs from Java. You cannot turn off array bounds checking for
>> Java. In Ada you can. In fact, many Ada compilers will optimize out
>> bounds checking when they can determine the checks are unnecessary.
>
> I believe that this is standard practice in all languages which support
> array bounds checking.
>
This is standard practice in theory. For many languages the reality is
that such optimizations are rare because the compiler lacks the
information needed to prove the safety of removing the bounds checks.
>> In other words, you can arrive at the same level of safety which is
>> the default for C++.
>
> And you're bragging about it:-) ?
No, I am being practical. You can remove all safety checks in Ada and
produce a program as unsafe as anything you might write in C. On the
other hand, you can write a C++ program carefully and produce a very
safe result. Note that there is a lot of crossover in safety here.
>
> Seriously, I am aware that 1) Ada generally adopts the safe option, and
> 2) you can generally "work around" the safety checks if necessary
> (hopefully on a case by case basis, using source code constructs;
> e.g. by writing array.unsafe_at( index ) rather than array[ index ]).
> In my original statement, I'll admit that I wasn't thinking so much
> about Ada, as about some other, more popular languages which claim a lot
> of safety that they don't necessarily give. Still, even thinking about
> Ada, I don't think I'd change it. As I say, I simply cannot believe
> that the language is perfect.
And your are correct. The language is not perfect.
>
>> With Ada, however, you need to remove safety checks to get
>> there. Manually removing safety checks is not usually needed for
>> performance reasons.
>
> Most of the time, when you want to remove safety checks, it is because
> you are writing low level software. On another level, I'm quite happy
> that the operating systems I use don't normally allow me to write to raw
> disk. But if I'm writing a file system manager, I will need this
> permission. Similarly, address arithmetic is something to be avoided at
> all costs. Unless, of course, you are writing a garbage collector (or
> in C++, an array class).
If you want to get really low level in Ada you can directly call assembler
routines, just as in C or C++. This has the same problems and benefits as
in C or C++.
>
>> Most programmers will use a language in the manner which requires
>> minimum effort. This is why safety checks are not terribly common in
>> C++. It is also why manually turning off safety checks is not terribly
>> common in Ada.
>
> I would certainly not claim that the defaults for C++ are safer than for
> Java. I've been using C++ now for close to fifteen years, and almost
> exclusively for ten (except for a short excursion into Java). Certain
> avoidance manoevers have become instinctive, but I know that they are
> missing in 99% of the code I see. I suspect that I would need a lot
> less avoidance manoeuvres in Ada -- perhaps none in day to day coding.
> But I really doubt that there would never be a case where I couldn't do
> better than the default.
You can add additional checks if you wish in your own code. Ada does
not prevent you from doing what you need to do. If, for instance,
you wanted to create a type representing all the odd numbers from
1 through 101 you would need to create the equivalent of a C++ class.
You would also need to define your own arithmetic operators for
such a type. Ada's built in safety features would be of only limited
help for such a type.
Compare this with defining a numeric type with all integers from
1 through 101:
type My_Ints is range 1..101;
In this case Ada automatically provides all the checking and
numeric operators for you.
Jim Rogers
[ Send an empty e-mail to c++-help@netlab.cs.rpi.edu for info ]
[ about comp.lang.c++.moderated. First time posters: do this! ]
next prev parent reply other threads:[~2003-06-13 8:17 UTC|newest]
Thread overview: 195+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-06-03 13:38 C bug of the day Hyman Rosen
2003-06-03 21:35 ` Ron Natalie
2003-06-03 21:38 ` John H. Lindsay
2003-06-04 13:25 ` Hyman Rosen
2003-06-03 21:49 ` Warren W. Gay VE3WWG
2003-06-04 13:26 ` Hyman Rosen
2003-06-05 7:35 ` Raoul Gough
2003-06-04 17:59 ` Carlos Moreno
2003-06-04 18:02 ` Ken Hagan
2003-06-10 16:51 ` Matthew Heaney
2003-06-04 18:05 ` Peter van Merkerk
2003-06-05 7:36 ` Hyman Rosen
2003-06-05 15:58 ` Terje Slettebø
2003-06-05 20:51 ` Dave Harris
2003-06-10 13:20 ` kanze
2003-06-10 13:40 ` Vinzent Hoefler
2003-06-10 13:51 ` Preben Randhol
2003-06-10 20:32 ` Jim Rogers
2003-06-11 4:01 ` Wesley Groleau
2003-06-11 4:25 ` Hyman Rosen
2003-06-11 9:41 ` kanze
2003-06-11 9:31 ` kanze
2003-06-11 12:48 ` James Rogers
2003-06-11 16:43 ` Wesley Groleau
2003-06-11 21:41 ` Mike Silva
2003-06-12 12:39 ` kanze
2003-06-12 12:52 ` Preben Randhol
2003-06-13 1:32 ` James Rogers
2003-06-13 9:37 ` AG
2003-06-13 12:21 ` Peter Amey
2003-06-13 13:38 ` Ed Falis
2003-06-13 14:43 ` kanze
2003-06-13 16:06 ` Wesley Groleau
2003-06-13 21:32 ` AG
2003-06-11 9:22 ` kanze
2003-06-11 9:49 ` Erlo Haugen
2003-06-11 10:11 ` Vinzent Hoefler
2003-06-11 10:50 ` Erlo Haugen
2003-06-11 11:08 ` Vinzent Hoefler
2003-06-11 11:29 ` Erlo Haugen
2003-06-11 11:58 ` Vinzent Hoefler
2003-06-11 12:38 ` Erlo Haugen
2003-06-11 12:59 ` Vinzent Hoefler
2003-06-11 13:13 ` Erlo Haugen
2003-06-12 3:26 ` Wesley Groleau
2003-06-12 20:24 ` Pascal Obry
2003-06-13 23:40 ` Randy Brukardt
2003-06-14 10:57 ` Replacement for Text_IO? (was Re: C bug of the day) Dale Stanbrough
2003-06-16 22:06 ` Randy Brukardt
2003-06-16 22:35 ` Gautier Write-only
2003-06-17 1:31 ` Randy Brukardt
2003-06-17 1:56 ` Dale Stanbrough
2003-06-17 8:46 ` Georg Bauhaus
2003-06-17 11:42 ` Dale Stanbrough
2003-06-17 12:53 ` Larry Kilgallen
[not found] ` <sqilr-9d3.ln1@beastie.ix.netcom.com>
2003-06-12 7:35 ` Compilers on old machines (was: " Vinzent Hoefler
2003-06-13 23:33 ` C bug of the day Randy Brukardt
2003-06-16 11:23 ` Vinzent Hoefler
2003-06-16 21:41 ` Randy Brukardt
2003-06-16 21:45 ` Vinzent Hoefler
2003-06-17 10:52 ` Replacement for Text_IO? (was Re: C bug of the day) Larry Kilgallen
2003-06-11 10:36 ` C bug of the day Peter Hermann
2003-06-11 10:43 ` Erlo Haugen
2003-06-11 13:12 ` Bernd Trog
2003-06-11 16:40 ` Warren W. Gay VE3WWG
2003-06-12 7:16 ` Erlo Haugen
2003-06-11 16:40 ` Wesley Groleau
2003-06-11 16:59 ` Larry Kilgallen
2003-06-12 3:28 ` Wesley Groleau
2003-06-11 18:05 ` Robert I. Eachus
2003-06-12 12:56 ` kanze
2003-06-11 22:31 ` Kevin Cline
2003-06-12 7:06 ` Vinzent Hoefler
2003-06-12 18:40 ` Mike Silva
2003-06-12 19:03 ` Robert I. Eachus
2003-06-13 15:07 ` kanze
2003-06-13 15:23 ` Vinzent Hoefler
2003-06-12 10:21 ` Georg Bauhaus
2003-06-12 21:58 ` Matthew Heaney
2003-06-13 15:13 ` kanze
2003-06-14 6:10 ` Simon Wright
2003-06-12 14:23 ` kanze
2003-06-13 1:52 ` James Rogers
2003-06-13 15:24 ` kanze
2003-06-13 15:31 ` Vinzent Hoefler
2003-06-14 10:37 ` Preben Randhol
2003-06-14 6:12 ` Simon Wright
2003-06-14 14:39 ` Larry Kilgallen
2003-06-12 17:33 ` Matthew Heaney
2003-06-12 20:38 ` Simon Wright
2003-06-10 16:55 ` Preben Randhol
2003-06-11 10:10 ` James Rogers
2003-06-12 0:12 ` Andrei Alexandrescu
2003-06-12 9:23 ` James Rogers
2003-06-12 10:27 ` Andrei Alexandrescu
2003-06-13 8:16 ` James Rogers
2003-06-13 15:55 ` Terje Slettebø
2003-06-14 9:57 ` Ron Natalie
2003-06-14 20:27 ` Terje Slettebø
2003-06-16 22:46 ` kanze
2003-06-16 22:54 ` Ron Natalie
2003-06-15 0:07 ` Dave Harris
2003-06-16 22:50 ` kanze
2003-06-17 15:33 ` Dave Harris
2003-06-15 1:54 ` Wesley Groleau
2003-06-15 10:07 ` Terje Slettebø
2003-06-18 21:15 ` Balog Pal
2003-06-14 20:27 ` Francis Glassborow
2003-06-15 10:06 ` Terje Slettebø
2003-06-15 18:31 ` Francis Glassborow
2003-06-16 8:45 ` Terje Slettebø
2003-06-16 22:42 ` Francis Glassborow
2003-06-17 17:51 ` kanze
2003-06-18 15:47 ` John Potter
2003-06-15 15:04 ` John Potter
2003-06-15 21:55 ` Francis Glassborow
2003-06-16 9:06 ` John Potter
2003-06-16 22:43 ` Francis Glassborow
2003-06-13 19:22 ` Hyman Rosen
2003-06-14 9:50 ` kanze
2003-06-14 9:51 ` Wesley Groleau
2003-06-14 10:01 ` Dave Harris
2003-06-15 0:45 ` Terje Slettebø
2003-06-15 18:12 ` Dave Harris
2003-06-16 22:52 ` kanze
2003-06-17 10:46 ` Larry Kilgallen
2003-06-14 10:15 ` Andrei Alexandrescu
2003-06-14 16:16 ` Simon Wright
2003-06-18 21:15 ` Balog Pal
2003-06-12 19:43 ` Balog Pal
2003-06-13 8:17 ` James Rogers
2003-06-13 19:10 ` Terje Slettebø
2003-06-14 9:53 ` LLeweLLyn
2003-06-14 17:10 ` Addding new attributes to Ada0Y Robert I. Eachus
2003-06-12 13:25 ` C bug of the day kanze
2003-06-13 0:39 ` Larry Kilgallen
2003-06-13 21:25 ` LLeweLLyn
2003-06-13 23:42 ` Wesley Groleau
2003-06-16 22:53 ` kanze
2003-06-17 15:43 ` Terje Slettebø
2003-06-18 1:41 ` Wesley Groleau
2003-06-18 13:52 ` Hyman Rosen
2003-06-18 14:37 ` Vinzent Hoefler
2003-06-18 15:17 ` Hyman Rosen
2003-06-19 8:30 ` Dmitry A. Kazakov
2003-06-19 23:33 ` Hyman Rosen
2003-06-20 1:18 ` Wesley Groleau
2003-06-20 4:56 ` Robert I. Eachus
2003-06-20 5:05 ` Hyman Rosen
2003-06-20 5:54 ` Robert I. Eachus
2003-06-20 7:10 ` Dmitry A. Kazakov
2003-06-20 21:12 ` Mark A. Biggar
2003-06-21 7:28 ` Dmitry A. Kazakov
2003-06-18 21:12 ` kanze
2003-06-19 3:24 ` James Rogers
2003-06-19 14:02 ` kanze
2003-06-19 23:29 ` tmoran
2003-06-20 9:38 ` Hyman Rosen
2003-06-20 12:25 ` kanze
2003-06-24 1:59 ` Matthew Heaney
2003-06-20 0:42 ` Jim Rogers
2003-06-20 9:38 ` Wesley Groleau
2003-06-20 9:39 ` Hyman Rosen
2003-06-19 4:28 ` Wesley Groleau
2003-06-20 23:02 ` Stephen Leake
2003-06-21 19:41 ` Dave Harris
2003-06-23 0:02 ` Terje Slettebø
2003-06-23 15:51 ` Dave Harris
2003-06-17 10:35 ` Andy Sawyer
2003-06-17 17:48 ` Ludovic Brenta
2003-06-17 17:52 ` Larry Kilgallen
2003-06-18 14:10 ` Preben Randhol
2003-06-18 15:39 ` Andy Sawyer
2003-06-13 8:00 ` Mike Silva
2003-06-15 0:40 ` Robert I. Eachus
2003-06-16 22:57 ` kanze
2003-06-13 8:05 ` Wesley Groleau
2003-06-14 9:56 ` LLeweLLyn
2003-06-15 0:42 ` Ed Avis
2003-06-15 10:01 ` LLeweLLyn
2003-06-15 21:59 ` Ed Avis
2003-06-16 9:04 ` Wesley Groleau
2003-06-15 0:45 ` Wesley Groleau
2003-06-13 8:17 ` James Rogers [this message]
2003-06-14 9:52 ` kanze
2003-06-15 0:43 ` James Rogers
2003-06-15 18:48 ` Garbage Collector [Was: C bug of the day] Martin Krischik
2003-06-16 23:30 ` Robert A Duff
2003-06-17 3:51 ` Robert I. Eachus
2003-06-14 16:22 ` Bounded integer types (was: C bug of the day) Ed Avis
2003-06-03 21:59 ` C bug of the day Mike Silva
2003-06-04 16:41 ` LLeweLLyn
2003-06-04 22:37 ` Wesley Groleau
2003-06-09 23:50 ` Balog Pal
2003-06-21 19:26 ` Florian Weimer
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox