From: Niklas Holsti <niklas.holsti@tidorum.invalid>
Subject: Re: Text_IO, was: Re: Something I don't understand
Date: Thu, 20 Feb 2014 22:45:26 +0200
Date: 2014-02-20T22:45:26+02:00 [thread overview]
Message-ID: <bmn7qvFige6U1@mid.individual.net> (raw)
In-Reply-To: <wccha7u4v92.fsf@shell01.TheWorld.com>
On 14-02-20 00:01 , Robert A Duff wrote:
> Niklas Holsti <niklas.holsti@tidorum.invalid> writes:
>
>> No, dynamic type safety is not fully "Ada type safe". Ada is (mainly)
>> statically type safe; dynamism only enters in subtype safety.
>
> Well, if you take the view that "types" are "those things that can be
> checked statically", then all programming languages are statically type
> safe, rendering the notion meaningless.
Type safety to me means that code reading a datum interprets the datum's
representation correctly, using the same type/representation as the code
that wrote the datum. The value read is the value written, not some
unpredictable reinterpretation of the bits in memory.
This notion has nothing to do with what is statically checked or not
checked, and even less with what *can* be checked statically. Type
safety could be implemented by dynamically tagging each datum with its
type and checking tags at run time.
But "Ada type safety" to me means that type safety is checked
statically. Perhaps I am being too pedantic and strict about this, but I
think I'm not alone in this view.
> In other words, the term "subtype" in Ada is a cheat, deliberately used
> to enable bogus claims about static type safety in Ada, as if the
> run-time checks associated with subtypes somehow don't count.
Subtype checking deals with permitted values, not with correct use of
the machine representation. I don't see any cheating, it is well
understood that such constraints or assertions on values need run-time
checks, although more and more of them can also be proved with SPARK or
other such tools.
Consequently, when I program in Ada, and subprogram Foo signals a
Constraint_Error because its parameter X (type Integer) has the value
105, while the subtype of X permits only 1..10, I can be sure that the
caller of Foo really provided the parameter value 105 (type Integer). I
don't need to worry that the caller provided a Float parameter which Foo
tried to interpret as Integer.
Simon's proposal for printf-like formatting in Ada is not, IMO, "Ada
type safe", because it needs a run-time check to verify that the type of
a parameter is correct, and this is because the correct type depends on
the *value* of the format string. But I admit that one can take the
other view, that the type of the parameter is always correct, and any
run-time problems are "subtype" errors in the value of the format string.
Clearly, however, Simon's proposal (and any proposal that depends on a
potentially dynamic format or template value) reduces the level of
static type checking, which IMO is bad.
--
Niklas Holsti
Tidorum Ltd
niklas holsti tidorum fi
. @ .
next prev parent reply other threads:[~2014-02-20 20:45 UTC|newest]
Thread overview: 77+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-02-13 23:57 Something I don't understand Laurent
2014-02-14 0:18 ` adambeneschan
2014-02-14 7:05 ` Charles H. Sampson
2014-02-15 15:27 ` Laurent
2014-02-15 19:10 ` Laurent
2014-02-15 20:05 ` Niklas Holsti
2014-02-15 21:16 ` Laurent
2014-02-15 21:40 ` Jeffrey Carter
2014-02-16 1:39 ` Robert A Duff
2014-02-16 9:08 ` Text_IO, was: " Simon Clubley
2014-02-16 9:43 ` Dmitry A. Kazakov
2014-02-16 16:57 ` Dennis Lee Bieber
2014-02-16 16:17 ` Robert A Duff
2014-02-17 12:52 ` Simon Clubley
2014-02-17 15:32 ` G.B.
2014-02-17 15:35 ` G.B.
2014-02-17 17:34 ` Mike H
2014-02-17 16:59 ` Niklas Holsti
2014-02-17 17:17 ` Dmitry A. Kazakov
2014-02-17 17:42 ` Niklas Holsti
2014-02-17 19:55 ` Dmitry A. Kazakov
2014-02-18 7:14 ` Niklas Holsti
2014-02-18 8:40 ` Dmitry A. Kazakov
2014-02-18 9:00 ` Niklas Holsti
2014-02-18 9:31 ` Dmitry A. Kazakov
2014-02-19 8:36 ` Niklas Holsti
2014-02-19 9:40 ` Dmitry A. Kazakov
2014-02-19 13:20 ` Niklas Holsti
2014-02-19 14:13 ` Dmitry A. Kazakov
2014-02-19 15:37 ` Georg Bauhaus
2014-02-19 16:32 ` Laurent
2014-02-19 17:46 ` Simon Clubley
2014-02-20 2:39 ` Dennis Lee Bieber
2014-02-20 11:44 ` G.B.
2014-02-19 21:45 ` Niklas Holsti
2014-02-20 9:52 ` Dmitry A. Kazakov
2014-02-20 18:19 ` Niklas Holsti
2014-02-19 15:06 ` Robert A Duff
2014-02-19 17:03 ` Niklas Holsti
2014-02-19 22:30 ` Robert A Duff
2014-02-17 18:13 ` Simon Clubley
2014-02-17 20:09 ` Dmitry A. Kazakov
2014-02-18 7:50 ` Georg Bauhaus
2014-02-18 8:28 ` Dmitry A. Kazakov
2014-02-17 20:22 ` Niklas Holsti
2014-02-18 0:50 ` Simon Clubley
2014-02-18 6:56 ` Niklas Holsti
2014-02-18 8:04 ` Georg Bauhaus
2014-02-19 22:01 ` Robert A Duff
2014-02-20 8:25 ` Dmitry A. Kazakov
2014-02-20 15:54 ` Robert A Duff
2014-02-20 17:54 ` Dmitry A. Kazakov
2014-02-20 20:45 ` Niklas Holsti [this message]
2014-02-19 21:52 ` Robert A Duff
2014-02-20 0:50 ` Simon Clubley
2014-02-19 21:46 ` Robert A Duff
2014-02-20 0:09 ` Jeffrey Carter
2014-02-20 1:09 ` Simon Clubley
2014-02-20 7:06 ` Niklas Holsti
2014-02-20 13:05 ` Simon Clubley
2014-02-20 11:51 ` G.B.
2014-02-20 12:53 ` Simon Clubley
2014-02-21 11:50 ` Brian Drummond
2014-02-23 21:37 ` AdaMagica
2014-02-23 23:23 ` Bill Findlay
2014-02-24 4:29 ` AdaMagica
2014-02-24 12:22 ` Brian Drummond
2014-02-24 19:03 ` AdaMagica
2014-02-20 20:02 ` Niklas Holsti
2014-02-19 21:15 ` Robert A Duff
2014-02-19 22:01 ` Simon Clubley
2014-02-16 14:50 ` Mike H
2014-02-17 16:09 ` Laurent
2014-02-17 17:42 ` Mike H
2014-02-18 1:05 ` Dennis Lee Bieber
2014-02-17 22:31 ` Jeffrey Carter
2014-02-19 12:51 ` Laurent
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox