From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,FREEMAIL_FROM, HEADER_SPAM autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,b30bd69fa8f63cb2 X-Google-Attributes: gid103376,public X-Google-Thread: fc772,b30bd69fa8f63cb2 X-Google-Attributes: gidfc772,public X-Google-ArrivalTime: 2003-06-13 01:14:50 PST Path: archiver1.google.com!news1.google.com!newsfeed.stanford.edu!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!c03.atl99!news.webusenet.com!diablo.voicenet.com!news-out.spamkiller.net!propagator2-maxim!news-in-maxim.spamkiller.net!usc.edu!rpi!not-for-mail From: James Rogers Newsgroups: comp.lang.ada,comp.lang.c++.moderated Subject: Re: C bug of the day Date: 13 Jun 2003 04:17:03 -0400 Organization: AT&T Worldnet Sender: cppmods@netlab.cs.rpi.edu Message-ID: References: <1054751321.434656@master.nyc.kbcfp.com> NNTP-Posting-Host: netlab.cs.rpi.edu X-Original-Date: Fri, 13 Jun 2003 01:49:18 GMT X-Submission-Address: c++-submit@netlab.cs.rpi.edu X-Auth: PGPMoose V1.1 PGP comp.lang.c++.moderated iQBVAwUAPumIe0HMCo9UcraBAQHPYQIAk0yL/qj3HIALRDOt1lEiSuPOwFs1N/mS 3vxCv1vcWxRlgsUc6vALWG1fPayErREh6M+Y/sipx8rPltL6jzTIAg== =o0C9 Xref: archiver1.google.com comp.lang.ada:39088 comp.lang.c++.moderated:68268 Date: 2003-06-13T04:17:03-04:00 List-Id: kanze@gabi-soft.fr wrote in news:d6652001.0306120418.37a97d1c@posting.google.com: > James Rogers wrote in message > news:... >> kanze@gabi-soft.fr wrote in >> news:d6652001.0306100323.338a2a1c@posting.google.com: > >> > That doesn't mean C++ is perfect, of course. I'd rather have a >> > language in which all of the defaults were fundamentally safe, but >> > with the freedom to override them if you had special constraints, >> > or even in cases where you came across a case which the language >> > authors hadn't considered. I don't know such a language, however; >> > it may exist somewhere, but if it does, it certainly isn't very >> > popular or wide spread. > >> Since this was cross-posted to comp.lang.ada I think it is fair to >> mention that there is a language that meets your description above. >> That language is Ada. > > Permit me to be sceptical. If your claim is that Ada has more of the > safe defaults than C++, I doubt anyone would dare argue it. If your > claim is even that most of the defaults are the safe version, from what > little I know of the language, it would seem true. But to say that in > 1983, they got everything right, including problems that weren't even > understood until significantly later. Well, I'm sceptical. Perfection > just isn't of this world. I am sorry. I did not mean that Ada is perfect. I meant that Ada is a fundamentally safe language with the ability to turn off checking if you encounter a situation where checking presents a problem for you. > > One point where I'm pretty sure Ada 83 didn't have the right default > (although they may have fixed it in Ada 95): garbage collection. While > there are places where it is necessary to turn garbage collection off > (which seriously limits the use of a language in which you cannot have > untraced pointers, which the garbage collector cannot see), the safe > option is obviously to have it on by default, no? Is garbage collection always the right default? For web applications this may be true. Ada was originally designed for hard real time embedded systems. In 1983 and 1995 there was no way to implement deterministic garbage collection for hard real time systems with nanosecond timing requirements. That said, like C++, Ada does not prohibit garbage collection. > >> Its defaults are fundamentally safe. It provides the ability to >> override the safety constraints whenever you choose to. Note how Ada >> differs from Java. You cannot turn off array bounds checking for >> Java. In Ada you can. In fact, many Ada compilers will optimize out >> bounds checking when they can determine the checks are unnecessary. > > I believe that this is standard practice in all languages which support > array bounds checking. > This is standard practice in theory. For many languages the reality is that such optimizations are rare because the compiler lacks the information needed to prove the safety of removing the bounds checks. >> In other words, you can arrive at the same level of safety which is >> the default for C++. > > And you're bragging about it:-) ? No, I am being practical. You can remove all safety checks in Ada and produce a program as unsafe as anything you might write in C. On the other hand, you can write a C++ program carefully and produce a very safe result. Note that there is a lot of crossover in safety here. > > Seriously, I am aware that 1) Ada generally adopts the safe option, and > 2) you can generally "work around" the safety checks if necessary > (hopefully on a case by case basis, using source code constructs; > e.g. by writing array.unsafe_at( index ) rather than array[ index ]). > In my original statement, I'll admit that I wasn't thinking so much > about Ada, as about some other, more popular languages which claim a lot > of safety that they don't necessarily give. Still, even thinking about > Ada, I don't think I'd change it. As I say, I simply cannot believe > that the language is perfect. And your are correct. The language is not perfect. > >> With Ada, however, you need to remove safety checks to get >> there. Manually removing safety checks is not usually needed for >> performance reasons. > > Most of the time, when you want to remove safety checks, it is because > you are writing low level software. On another level, I'm quite happy > that the operating systems I use don't normally allow me to write to raw > disk. But if I'm writing a file system manager, I will need this > permission. Similarly, address arithmetic is something to be avoided at > all costs. Unless, of course, you are writing a garbage collector (or > in C++, an array class). If you want to get really low level in Ada you can directly call assembler routines, just as in C or C++. This has the same problems and benefits as in C or C++. > >> Most programmers will use a language in the manner which requires >> minimum effort. This is why safety checks are not terribly common in >> C++. It is also why manually turning off safety checks is not terribly >> common in Ada. > > I would certainly not claim that the defaults for C++ are safer than for > Java. I've been using C++ now for close to fifteen years, and almost > exclusively for ten (except for a short excursion into Java). Certain > avoidance manoevers have become instinctive, but I know that they are > missing in 99% of the code I see. I suspect that I would need a lot > less avoidance manoeuvres in Ada -- perhaps none in day to day coding. > But I really doubt that there would never be a case where I couldn't do > better than the default. You can add additional checks if you wish in your own code. Ada does not prevent you from doing what you need to do. If, for instance, you wanted to create a type representing all the odd numbers from 1 through 101 you would need to create the equivalent of a C++ class. You would also need to define your own arithmetic operators for such a type. Ada's built in safety features would be of only limited help for such a type. Compare this with defining a numeric type with all integers from 1 through 101: type My_Ints is range 1..101; In this case Ada automatically provides all the checking and numeric operators for you. Jim Rogers [ Send an empty e-mail to c++-help@netlab.cs.rpi.edu for info ] [ about comp.lang.c++.moderated. First time posters: do this! ]