From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Thread: 103376,c9d5fc258548b22a X-Google-NewGroupId: yes X-Google-Attributes: gida07f3367d7,domainid0,public,usenet X-Google-Language: ENGLISH,ASCII Path: g2news2.google.com!postnews.google.com!o13g2000yql.googlegroups.com!not-for-mail From: Ludovic Brenta Newsgroups: comp.lang.ada Subject: Re: How do I write directly to a memory address? Date: Mon, 7 Feb 2011 08:54:01 -0800 (PST) Organization: http://groups.google.com Message-ID: References: <67063a5b-f588-45ea-bf22-ca4ba0196ee6@l11g2000yqb.googlegroups.com> <31c357bd-c8dc-4583-a454-86d9c579e5f4@m13g2000yqb.googlegroups.com> <05a3673e-fb97-449c-94ed-1139eb085c32@x1g2000yqb.googlegroups.com> <8r86vgFc3uU1@mid.individual.net> <19fh1chm74f9.11cws0j5bckze.dlg@40tude.net> <4d4ff70e$0$6886$9b4e6d93@newsspool2.arcor-online.net> <737a6396-72bd-4a1e-8895-7d50f287960e@d28g2000yqc.googlegroups.com> <4d5008a5$0$6879$9b4e6d93@newsspool2.arcor-online.net> NNTP-Posting-Host: 153.98.68.197 Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Trace: posting.google.com 1297097642 6113 127.0.0.1 (7 Feb 2011 16:54:02 GMT) X-Complaints-To: groups-abuse@google.com NNTP-Posting-Date: Mon, 7 Feb 2011 16:54:02 +0000 (UTC) Complaints-To: groups-abuse@google.com Injection-Info: o13g2000yql.googlegroups.com; posting-host=153.98.68.197; posting-account=pcLQNgkAAAD9TrXkhkIgiY6-MDtJjIlC User-Agent: G2/1.0 X-HTTP-UserAgent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.6) Gecko/2009012111 Red Hat/3.0.6-1.el5 Firefox/3.0.6,gzip(gfe) Xref: g2news2.google.com comp.lang.ada:17907 Date: 2011-02-07T08:54:01-08:00 List-Id: Georg Bauhaus wrote: > Exactly. =A0Style has, by hypothesis, a strong impact on on code > quality [...] I would rephrase that as: style has, *in my experience*, a strong impact on code quality. >> In Ada, this bad style is simply not possible. > > It sure is possible to write awful and dangerous Ada text, even > with the dangers hidden. =A0While this style is possible, Ada culture > is less tolerant. (Or, more skeptical of the "practical" programmer.) In Ada, it is pretty difficult to hide such dangers. In the case I was talking about, had the subprogram been written in Ada, the programmer would have had to declare a copy of the "in" argument explicitly or to make the argument "in out"; both would have made the bug immediately obvious to any reviewer. The reason why the bug eluded so many people and survived 15 years was that reviewers failed to see the assignment as the cause for the bug. Perhaps because they were tainted by Ada culture where, if you assign to an argument, this necessarily means the argument is "in out". You can always program dangerously in Ada but you have to be explicit about it. >>> For further ammunition for Verdun style language comparisons, >>> see function Ada.Numerics.Discrete_Random.Random. > >> What does that mean? > > It means that Ada function Ada.Numerics.Discrete_Random.Random > only works because it violates its "contract". =A0The parameter (a > generator object) is passed "in", but is modified. Its mutation > is one effect of calling function Random. The generator is not modified; its associated (pointed-to) state is. When reviewing a function that takes a pointer (or an object containing a pointer), I expect and look for writes through the pointer, so again the bug I was talking about would not have survived a code review. >>> I think there are better arguments. > >> No. > > Yes, and you have named them. =A0They seem to have a little less > to do with the language definitions, but rather with "encouragement" > to write your intentions properly. > (In at least one video (lecture? Ada UK?) Robert Dewar > has been emphasizing a cultural issue a few times). Well, I came to wonder what intentions are conveyed by "void foo (int arg)" and why modifying arg inside foo could be intentional. Since I came up with no convincing reason (the only reasons being variants of premature optimization), I concluded that the possibility of "void foo (int arg)" as opposed to "void foo (const int arg)" was a flaw in the C language, that cost me a lot of effort. -- Ludovic Brenta.