From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: fdb77,5f529c91be2ac930 X-Google-Attributes: gidfdb77,public X-Google-Thread: 1108a1,59ec73856b699922 X-Google-Attributes: gid1108a1,public X-Google-Thread: 103376,583275b6950bf4e6 X-Google-Attributes: gid103376,public X-Google-Thread: 11232c,59ec73856b699922 X-Google-Attributes: gid11232c,public X-Google-ArrivalTime: 2003-05-09 19:53:07 PST Path: archiver1.google.com!news1.google.com!newsfeed.stanford.edu!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!news.airnews.net!cabal12.airnews.net!usenet From: "John R. Strohm" Newsgroups: comp.lang.java.advocacy,comp.object,comp.lang.ada,misc.misc Subject: Re: Using Ada for device drivers? (Was: the Ada mandate, and why it collapsed and died) Date: Fri, 9 May 2003 21:44:29 -0500 Organization: Airnews.net! at Internet America Message-ID: References: <9fa75d42.0304230424.10612b1a@posting.google.com> <9fa75d42.0305010621.55e99deb@posting.google.com> <254c16a.0305011035.13133e8d@posting.google.com> <9fa75d42.0305011727.5eae0222@posting.google.com> <17cd177c.0305072114.24f04783@posting.google.com> <9fa75d42.0305090612.261d5a5c@posting.google.com> <9fa75d42.0305091549.48b9c5d9@posting.google.com> Xref: archiver1.google.com comp.lang.java.advocacy:63442 comp.object:63138 comp.lang.ada:37131 misc.misc:14063 Date: 2003-05-09T21:44:29-05:00 List-Id: X-A-Notice: References line has been trimed due to 512 byte limitation Abuse-Reports-To: abuse at airmail.net to report improper postings NNTP-Proxy-Relay: library1-aux.airnews.net NNTP-Posting-Time: Fri, 09 May 2003 21:50:29 -0500 (CDT) NNTP-Posting-Host: !dQgP1k-XV\OHm? (Encoded at Airnews!) X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 "soft-eng" wrote in message news:9fa75d42.0305091549.48b9c5d9@posting.google.com... > "John R. Strohm" wrote in message news:... > > > Let me guess, you're one of these people who believes that only freshmen > > need subscript range checking, aren't you? You're one of these people who'd > > rather debug a segmentation fault from a core dump than see a message > > "Subscript out of range in at ", right? > > Well, no. When I was a freshman and in the habit of making > too many such mistakes, I would indeed have preferred the > latter messages. Even to the extent of making it the primary > criteria for choosing a language. > > But for how long can you keep on making the same type > of mistakes? It only takes one such error in commercial code to create a buffer overrun vulnerability. Haven't we seen enough of those? (Was it Edsger Dijkstra who compared testing with subscript checking enabled and running production with it disabled to sailing in the harbor with a life jacket and then taking the jacket off when you ventured out onto the open ocean? Maybe it was Tony Hoare. I've sailed on the Pacific, in 10-foot seas as I recall; I have a LOT of respect for open ocean.) It only takes one such error in safety-critical code to kill someone. (To the best of my knowledge, the actual code error behind the Therac-25 fatalities has never been explained. I would not be at all surprised to learn that it was a buffer indexing problem that could have been caught automatically by a type-safe language used properly.) I take safety-critical code very seriously. (Maybe it comes from working on F-16, knowing that friends of mine would be flying those airplanes, betting their lives on that code.) And then there was image processing on the TI 320C80, where you HAD to do it in assembly language, and the first warning that you'd overrun your buffer was that the processor (and emulator) hung up hard, waiting for a memory fetch that would never finish...