From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Thread: 103376,fc52c633190162e0 X-Google-Attributes: gid103376,public X-Google-Language: ENGLISH,ASCII-7-bit Newsgroups: comp.lang.ada Subject: Re: why learn C? References: <1172144043.746296.44680@m58g2000cwm.googlegroups.com> <1172161751.573558.24140@h3g2000cwc.googlegroups.com> <546qkhF1tr7dtU1@mid.individual.net> <5ZULh.48$YL5.40@newssvr29.news.prodigy.net> <1175215906.645110.217810@e65g2000hsc.googlegroups.com> <1175230700.925143.28490@n59g2000hsh.googlegroups.com> From: Markus E Leypold Organization: N/A Date: Fri, 30 Mar 2007 10:29:47 +0200 Message-ID: User-Agent: Some cool user agent (SCUG) Cancel-Lock: sha1:UuDBaF8C6thrGZ1FdyB7PmALwnM= MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii NNTP-Posting-Host: 88.72.239.156 X-Trace: news.arcor-ip.de 1175242970 88.72.239.156 (30 Mar 2007 10:22:50 +0200) X-Complaints-To: abuse@arcor-ip.de Path: g2news1.google.com!news3.google.com!news4.google.com!border1.nntp.dca.giganews.com!nntp.giganews.com!newsfeed00.sul.t-online.de!newsfeed01.sul.t-online.de!t-online.de!newsfeed.arcor-ip.de!news.arcor-ip.de!not-for-mail Xref: g2news1.google.com comp.lang.ada:14682 Date: 2007-03-30T10:29:47+02:00 List-Id: "kevin cline" writes: > On Mar 29, 10:09 pm, "Steve" wrote: >> "kevin cline" wrote in message >> >> news:1175215906.645110.217810@e65g2000hsc.googlegroups.com... >> >> >> >> > On Mar 20, 12:37 pm, wrote: >> >> "Marc Boyer" wrote in message > >> >> >> It has always seemed rather odd to me that people who are as intelligent >> >> as programmers, rarely question the silliness of using tools such as C >> >> and C++ for serious work. >> >> They simply take for granted that the kind >> >> of errors that are so common in those languages are somehow akin to >> >> the laws of nature. >> >> > No, what actually happened is that expert C++ developers learned to >> > use C++ in such a way that those errors can not happen. While it is >> > possible to write unsafe code in C++, it is also possible to adopt >> > coding guidelines that makes it easy to find and eliminate unsafe >> > code, and for most applications, that's quite good enough. One reason >> > that experts choose C++ over Ada for performance-critical applications >> > because C++ templates allow compile-time type safety in high-level >> > code in a way that Ada generics do not. >> >> Please give an example of one case where a C++ template gives more compile >> time safety than an Ada generic. I have found just the opposite to be true. > > Christopher Grein covered the topic thoroughly here: (http://home.t- > online.de/home/Christ-Usch.Grein/Ada/Dimension.html) > > On attempts to achieve compile-time checking of physical units > computations in Ada, he wrote: > > "Our attempt leads us to a plethora of overloaded functions. The > number of function definitions afforded runs into the hundreds... So > we have to confess that our attempt to let the compiler check > equations at compile time has miserably failed." > > "The big difference is that C++ templates allow type checking during > compile-time, so that no overhead neither in memory space nor in > runtime is incurred. In this respect, C++ templates ARE MORE POWERFUL > than Ada generics." > > Ada gives you low-level type safety out of the box, but does not > afford the tools necessary to achieve type-safety in high-level > programming. I'm inclined to shout nonsense here: You people tend to mistake a type system for a proof system on the correctness of your program. That are two different things. Type safety is to avoid execution errors (once again see Cardelli's introduction into type systems), whereas a type system is hardly ever powerful enough to proof interesting things about the correctness of your code -- so if you start proofing correctness you can well start with a simple, but safe type system and handle pre- and post-conditions completely in your proof system (that also applies to subrange types and this kind of stuff). (And yes that critique also applies to Ada subtyping to a certain extend.) > Low-level C++ coding is not type safe, but C++ provides > powerful mechanisms to write high-level type-safe code. That's a bit like saying, "I can write type safe code in C". The point is, I might be able to write safe code in C, but type safe is an attribute applying to a language (NOT a single instance of code) and means that if the type checks are passed, the code is safe with regard to execution errors (execution errors as defined in Cardelli's paper again: That are error that bring the program into "undefined states" or "invoke undefined behaviour" (hello, comp.std.c, can you hear me :-)))). The definition allow show that "this piece of code is type safe" makes no sense, and that saying "I can write type safe code by keeping to certain rules" makes hardly sense also, since it's the very essence of type safety that it's the type checks that are the litmus test wether you stuck to the rules or not. Regards -- Markus