From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
	autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 103376,463c5796782db6d8
X-Google-Attributes: gid103376,public
X-Google-ArrivalTime: 2003-04-09 11:41:06 PST
Path: 
 archiver1.google.com!news1.google.com!newsfeed.stanford.edu!logbridge.uoregon.edu!fu-berlin.de!uni-berlin.de!firewall.mdc-dayton.COM!not-for-mail
From: Vinzent Hoefler <ada.rocks@jlfencey.com>
Newsgroups: comp.lang.ada
Subject: Re: [Spark] Arrays of Strings
Date: Wed, 09 Apr 2003 14:41:02 -0400
Organization: JeLlyFish software
Message-ID: <b71pg0$aain3$1@ID-175126.news.dfncis.de>
References: <slrnb95ehu.ob.lutz@taranis.iks-jena.de>
 <pan.2003.04.08.18.08.55.205947@T-Online.de>
 <slrnb97pl4.or.lutz@taranis.iks-jena.de>
 <1049891888.75004@master.nyc.kbcfp.com>
 <b714ol$9v3of$1@ID-175126.news.dfncis.de>
 <1049908902.143649@master.nyc.kbcfp.com>
NNTP-Posting-Host: firewall.mdc-dayton.com (12.161.103.180)
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
X-Trace: fu-berlin.de 1049913665 10832611 12.161.103.180 (16 [175126])
X-Newsreader: Forte Agent 1.8/32.548
Xref: archiver1.google.com comp.lang.ada:36028
Date: 2003-04-09T14:41:02-04:00
List-Id: <comp.lang.ada>

Hyman Rosen <hyrosen@mail.com> wrote:

>Vinzent Hoefler wrote:
>> The reliability is not in the subset like in MISRA-C, it is in the
>> static analysis. I think, it is called *proof*.
>
>I am starting to be a little disturbed now that I've thought about
>this a little more.

Thinking never hurted anybody. :)

>You seem to be telling me that it's OK to have
>variables declared loosely (Natural instead of the array range type)

Yes, I noticed that in Lutz' code later myself. My quoting was a
little bit misleading (even to myself), I guess.

But still it had nothing to do with your comments about "subset", I
was thinking more about the "character indexing stuff" you complained
about.

>becuase a program verifier will notice problems regardless.

Although this *might* be true sometimes, it was definitely not my
intention to say such stupid thing.

But sometimes a restricted subset might lead to code that could be
expressed (far) more easily with the original superset of the
language. That was what I was trying to say.

>I've been told here frequently
>that Ada's style lends itself to avoiding buffer overflows because
>you declare variables that loop over array ranges, and so there is
>never an opportunity to go off the end.

This doesn't apply to the code here, because the assignments are quite
static anyway, but generally I'd say, yes, this is right.

Call it experience. :-)

>I find that the posted code looks very much like something you would
>see in C (except for that awful buffer setting stuff).

Well, it's still code interfacing to a C-kernel. ;->

And it was called test_...


Vinzent.

--=20
Parents strongly cautioned  --  this  posting  is  intended for mature
audiences  over  18.  It  may  contain some material that many parents
would not find suitable for children and may include intense violence,
sexual situations, coarse language and suggestive dialogue.