From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-0.3 required=5.0 tests=BAYES_00,
	REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 1108a1,59ec73856b699922
X-Google-Attributes: gid1108a1,public
X-Google-Thread: fdb77,5f529c91be2ac930
X-Google-Attributes: gidfdb77,public
X-Google-Thread: 103376,583275b6950bf4e6
X-Google-Attributes: gid103376,public
X-Google-Thread: f43e6,899fc98b2883af4a
X-Google-Attributes: gidf43e6,public
X-Google-ArrivalTime: 2003-05-16 20:47:05 PST
Path: 
 archiver1.google.com!news1.google.com!newsfeed.stanford.edu!logbridge.uoregon.edu!arclight.uoregon.edu!wn13feed!worldnet.att.net!bgtnsc04-news.ops.worldnet.att.net.POSTED!not-for-mail
Reply-To: "James S. Rogers" <jimmaureenrogers@worldnet.att.net>
From: "James S. Rogers" <jimmaureenrogers@worldnet.att.net>
Newsgroups: 
 comp.lang.java.advocacy,comp.object,comp.lang.ada,comp.software-eng
References: <9fa75d42.0304230424.10612b1a@posting.google.com>
 <9fa75d42.0305091549.48b9c5d9@posting.google.com>
 <dstanbro-DDA263.20492210052003@mec2.bigpond.net.au>
 <ZpGva.13$1Q1.6@read3.inet.fi>
 <7507f79d.0305121629.5b8b7369@posting.google.com>
 <ln0wa.54$a03.44@read3.inet.fi>
 <9fa75d42.0305130543.60381450@posting.google.com>
 <254c16a.0305140549.3a87281b@posting.google.com>
 <9fa75d42.0305141747.5680c577@posting.google.com>
 <3ec4b1c9$1@news.wineasy.se> <AFdxa.3805$3t6.46222@news.xtra.co.nz>
 <9fa75d42.0305161748.1735fc32@posting.google.com>
Subject: Re: Quality systems (Was: Using Ada for device drivers? (Was: the Ada
 mandate, and why it collapsed and died))
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Message-ID: <Ygixa.86459$cO3.5860233@bgtnsc04-news.ops.worldnet.att.net>
Date: Sat, 17 May 2003 03:47:04 GMT
NNTP-Posting-Host: 12.86.34.127
X-Complaints-To: abuse@worldnet.att.net
X-Trace: bgtnsc04-news.ops.worldnet.att.net 1053143224 12.86.34.127 (Sat,
 17 May 2003 03:47:04 GMT)
NNTP-Posting-Date: Sat, 17 May 2003 03:47:04 GMT
Organization: AT&T Worldnet
Xref: archiver1.google.com comp.lang.java.advocacy:63982 comp.object:63594
 comp.lang.ada:37432 comp.software-eng:19254
Date: 2003-05-17T03:47:04+00:00
List-Id: <comp.lang.ada>

"soft-eng" <softeng3456@netscape.net> wrote in message
news:9fa75d42.0305161748.1735fc32@posting.google.com...
> C would catch that in a vanilla situation (assigning
> an integer to a string pointer), so I
> assume the situation was far from vanilla, in
> which case it is possible for things like
> that to happen in Ada.

This is an interesting statement. You say that with no technical
detail.

One of the big differences between the Ada type system and the
C/C++/Java type systems regarding numeric types is the complete
lack of implicit conversion between numeric types in Ada.

My experience is that implicit language conversions make coding
very convenient. They also make coding somewhat unpredictable.
The worst example of that, in my experience, is PL1.

Another insidious problem with C style numerics is value overflows.
C, C++, and Java do not detect or flag numeric overflows or
underflows. For instance, a Java byte has a range of values of
-128 to 127. Calculations that overflow those ranges produce a
value wrapping. This behavior is appropriate for modular or
unsigned types. It is not appropriate for signed types.

The smaller integer types are provided to allow the programmer to
conserve memory. This conservation comes at a price; the need to
guard against value overflows. The result is that int and long are
generally used because it is easier to excuse a little extra memory
usage than to explain erroneous calculations.

I am sure you would agree that a good programmer will carefully
analyze the problem domain before using a short or a byte type.
The problem arises during program maintenance, when the
requirements change and a value needs to handle values beyond
the range of a short or a byte. The program will still compile and
run without flagging errors. The results of calculations will, however
reveal serious errors.

Ada's strong typing allows you to define small types with limited
value ranges. On the surface this may seem to be just what you
get from the C family of languages. Strong typing does make a
difference here. Ada signed numeric types do not exhibit value
roll over. Instead, a run-time exception will be raised if an out of
range value is calculated. To fix the maintenance problem described
above in Ada you simply replace the original numeric type definition
with one that fits the new requirements. This typically means changing
one line in one file.

Fixing the problem in C requires a much longer search through the
source. You must change all the variable declarations in the file
containing the function(s) that need to use the larger type in a
calculation. You then need to change all the parameters passed
to those functions, particularly if they are passed by reference.
All those changes require a very carefully crafted and executed
test suite to confirm that the job was done properly.  Even the
testing is simplified due to the Ada strong type model.

Jim Rogers