From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Thread: 103376,fc52c633190162e0 X-Google-Attributes: gid103376,public X-Google-Language: ENGLISH,ASCII-7-bit Newsgroups: comp.lang.ada Subject: Re: why learn C? References: <1172144043.746296.44680@m58g2000cwm.googlegroups.com> <1172161751.573558.24140@h3g2000cwc.googlegroups.com> <546qkhF1tr7dtU1@mid.individual.net> <5ZULh.48$YL5.40@newssvr29.news.prodigy.net> <1175215906.645110.217810@e65g2000hsc.googlegroups.com> <1175230700.925143.28490@n59g2000hsh.googlegroups.com> From: Markus E Leypold Organization: N/A Date: Fri, 30 Mar 2007 10:35:38 +0200 Message-ID: User-Agent: Some cool user agent (SCUG) Cancel-Lock: sha1:roKAbl1loh7kHcNsh05ApDMmmHg= MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii NNTP-Posting-Host: 88.72.239.156 X-Trace: news.arcor-ip.de 1175243322 88.72.239.156 (30 Mar 2007 10:28:42 +0200) X-Complaints-To: abuse@arcor-ip.de Path: g2news1.google.com!news3.google.com!border1.nntp.dca.giganews.com!nntp.giganews.com!newsfeed00.sul.t-online.de!newsfeed01.sul.t-online.de!t-online.de!newsfeed.arcor-ip.de!news.arcor-ip.de!not-for-mail Xref: g2news1.google.com comp.lang.ada:14683 Date: 2007-03-30T10:35:38+02:00 List-Id: Markus E Leypold writes: > "kevin cline" writes: > >> On Mar 29, 10:09 pm, "Steve" wrote: >>> "kevin cline" wrote in message >>> >>> news:1175215906.645110.217810@e65g2000hsc.googlegroups.com... >>> >>> >>> >>> > On Mar 20, 12:37 pm, wrote: >>> >> "Marc Boyer" wrote in message > >>> >>> >> It has always seemed rather odd to me that people who are as intelligent >>> >> as programmers, rarely question the silliness of using tools such as C >>> >> and C++ for serious work. >>> >> They simply take for granted that the kind >>> >> of errors that are so common in those languages are somehow akin to >>> >> the laws of nature. >>> >>> > No, what actually happened is that expert C++ developers learned to >>> > use C++ in such a way that those errors can not happen. While it is >>> > possible to write unsafe code in C++, it is also possible to adopt >>> > coding guidelines that makes it easy to find and eliminate unsafe >>> > code, and for most applications, that's quite good enough. One reason >>> > that experts choose C++ over Ada for performance-critical applications >>> > because C++ templates allow compile-time type safety in high-level >>> > code in a way that Ada generics do not. >>> >>> Please give an example of one case where a C++ template gives more compile >>> time safety than an Ada generic. I have found just the opposite to be true. >> >> Christopher Grein covered the topic thoroughly here: (http://home.t- >> online.de/home/Christ-Usch.Grein/Ada/Dimension.html) >> >> On attempts to achieve compile-time checking of physical units >> computations in Ada, he wrote: >> >> "Our attempt leads us to a plethora of overloaded functions. The >> number of function definitions afforded runs into the hundreds... So >> we have to confess that our attempt to let the compiler check >> equations at compile time has miserably failed." >> >> "The big difference is that C++ templates allow type checking during >> compile-time, so that no overhead neither in memory space nor in >> runtime is incurred. In this respect, C++ templates ARE MORE POWERFUL >> than Ada generics." >> >> Ada gives you low-level type safety out of the box, but does not >> afford the tools necessary to achieve type-safety in high-level >> programming. > > I'm inclined to shout nonsense here: You people tend to mistake a type > system for a proof system on the correctness of your program. That are > two different things. Type safety is to avoid execution errors (once > again see Cardelli's introduction into type systems), whereas a type > system is hardly ever powerful enough to proof interesting things > about the correctness of your code -- so if you start proofing > correctness you can well start with a simple, but safe type system and > handle pre- and post-conditions completely in your proof system (that > also applies to subrange types and this kind of stuff). > > (And yes that critique also applies to Ada subtyping to a certain > extend.) > >> Low-level C++ coding is not type safe, but C++ provides >> powerful mechanisms to write high-level type-safe code. > > That's a bit like saying, "I can write type safe code in C". The point > is, I might be able to write safe code in C, but type safe is an > attribute applying to a language (NOT a single instance of code) and > means that if the type checks are passed, the code is safe with regard > to execution errors (execution errors as defined in Cardelli's paper > again: That are error that bring the program into "undefined states" > or "invoke undefined behaviour" (hello, comp.std.c, can you hear me > :-)))). > > The definition allow show that "this piece of code is type safe" makes Should've been: "The definition also shows ..." > no sense, and that saying "I can write type safe code by keeping to > certain rules" makes hardly sense also, since it's the very essence of > type safety that it's the type checks that are the litmus test wether > you stuck to the rules or not. > > Regards -- Markus