From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,f039470e8f537101 X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2003-07-27 15:19:26 PST Path: archiver1.google.com!postnews1.google.com!not-for-mail From: aek@vib.usr.pu.ru (Alexander Kopilovitch) Newsgroups: comp.lang.ada Subject: Re: Ariane5 FAQ Date: 27 Jul 2003 15:19:25 -0700 Organization: http://groups.google.com/ Message-ID: References: <1058968422.225561@master.nyc.kbcfp.com> <3F200AD0.94F79098@adaworks.com> <7u9Ua.13412$634.10307@nwrdny03.gnilink.net> <3F215120.1040706@attbi.com> <1059151910.357790@master.nyc.kbcfp.com> NNTP-Posting-Host: 195.242.17.125 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Trace: posting.google.com 1059344366 7696 127.0.0.1 (27 Jul 2003 22:19:26 GMT) X-Complaints-To: groups-abuse@google.com NNTP-Posting-Date: 27 Jul 2003 22:19:26 GMT Xref: archiver1.google.com comp.lang.ada:40876 Date: 2003-07-27T22:19:26+00:00 List-Id: Hyman Rosen wrote: >one of the things I do is correct misstatements about that language. >Another thing I like to do is to point out places where Ada afficionados >have, in my opinion, too high an opinion of themselves or their language. Well, so why didn't you exploit a direct oppotunity for that in Ariane 5 crash case? You must know well that one thing Ada advocates are proud of is Ada's capability to carry more information about programmer's intentions and decisions directly in source code than other general-purpose programming languages. It means that with Ada lesser part of such information need comments to be expressed clearly. At the same time both official report and c.l.a. discussions tell you that the critical point from which the actual low-level chain of events started was that the limitations for some variables that were not reflected in comments (although were described in documentation). And that this misled the developers of the simulator which was used for rocket's testing instead of real device. But those limitations should be very simple and fundamental kind of information about programmer's intentions and decisions. So, if the above claims are right then that information must be in source code, not in comments, and if it were there then the simulator's developers had no chance to miss it. There should be something like RANGE qualifier, no more. Yes, one can say that RANGE will imply unwanted check, but once more, there should be a pragma, which suppresses that check. So, combination of RANGE and pragma will clearly convey the intentions, both to compiler and to another programmer. With those statements you can conclude that either Ada language is not so greate in this aspect as some people claim or there was some programmer's fault -- if the present language feature was not used properly. (Only possible escape is that it was Ada 83, and the missed feature was added later - for Ada 95 or even later). Good opportunity, isn't it? -:) Alexander Kopilovitch aek@vib.usr.pu.ru Saint-Petersburg Russia