From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
	autolearn_force=no version=3.4.4
X-Google-Thread: a07f3367d7,aba1514f4a1fc450
X-Google-Attributes: gida07f3367d7,public,usenet
X-Google-NewGroupId: yes
X-Google-Language: ENGLISH,ASCII-7-bit
Received: by 10.68.222.225 with SMTP id qp1mr1881913pbc.8.1345989958061;
        Sun, 26 Aug 2012 07:05:58 -0700 (PDT)
Path: 
 a8ni56467944pbd.1!nntp.google.com!border1.nntp.dca.giganews.com!nntp.giganews.com!news.snarked.org!newsfeed.news.ucla.edu!ihnp4.UCSD.Edu!nntp.ucr.edu!solaris.cc.vt.edu!news.vt.edu!news.glorb.com!eternal-september.org!feeder.eternal-september.org!mx04.eternal-september.org!.POSTED!not-for-mail
From: Brian Drummond <brian@shapes.demon.co.uk>
Newsgroups: comp.lang.ada
Subject: Re: Have the Itanium critics all been proven wrong?
Date: Wed, 22 Aug 2012 12:48:34 +0000 (UTC)
Organization: A noiseless patient Spider
Message-ID: <k12kf2$t5q$2@dont-email.me>
References: <5021874F.1747D0BF@sonic.net> <1e1tf9-0kp2.ln1@ntp6.tmsw.no>
	<k0gn5r$l9h$1@needham.csi.cam.ac.uk> <GPRWr.31944$Bw1.31300@newsfe05.iad>
	<k0gq97$li8$1@needham.csi.cam.ac.uk> <k0h6ef$jke$1@speranza.aioe.org>
	<46f19bfc-930e-4f06-b5a6-c60f39cfda0c@p14g2000yqk.googlegroups.com>
	<k0r609$4ij$1@speranza.aioe.org>
	<077b12f6-1196-4b5c-bbdb-04291b1ae616@q22g2000vbx.googlegroups.com>
	<k0rree$lkn$1@speranza.aioe.org>
	<CC5730C5.1BC2E%yaldnif.w@blueyonder.co.uk>
	<k0t67b$b8r$1@speranza.aioe.org>
	<CC585119.1BCCC%yaldnif.w@blueyonder.co.uk>
	<k0uenp$fbg$1@speranza.aioe.org> <k0vo9u$fer$1@dont-email.me>
	<589825d2-d998-456a-9c37-c8ae13e1e7bc@e29g2000vbm.googlegroups.com>
	<a9iagtF1rqU1@mid.individual.net>
	<4c83f0f4-30e2-44bd-8b73-ada05de9322b@q22g2000vbx.googlegroups.com>
	<741f71aa-deb9-49eb-8d33-1f6d5bebdacd@googlegroups.com>
Mime-Version: 1.0
Injection-Date: Wed, 22 Aug 2012 12:48:34 +0000 (UTC)
Injection-Info: mx04.eternal-september.org;
 posting-host="0e44dd4a3c4e0a6e83a86f947fb780ae";
	logging-data="29882"; mail-complaints-to="abuse@eternal-september.org";
	posting-account="U2FsdGVkX19Gxn2AbG5NozVDSbF31P1bx2SpbXq+eco="
User-Agent: Pan/0.135 (Tomorrow I'll Wake Up and Scald Myself with Tea; GIT
	30dc37b master)
Cancel-Lock: sha1:cZ1S6U24C+Ir1wc9ccCwYXAU7jY=
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Date: 2012-08-22T12:48:34+00:00
List-Id: <comp.lang.ada>

On Wed, 22 Aug 2012 03:28:24 -0700, Ludovic Brenta wrote:

> Michael S a wrote on comp.lang.ada:
>> "not possible to clobber arbitrary memory locations" is probably good
>> enough definition of what I consider "safe" computer language.
> [...]
>> So let's do not call it "two languages". Let's talk about "full Ada"
>> and "checked Ada" where "checked Ada" is a subset in which "it is not
>> possible to clobber arbitrary memory locations". Hopefully  "checked
>> Ada" is still much closer in # features to the "full Ada" than to
>> SPARK.
> 
> Yes.  SPARK imposes a lot of restrictions which in turn exclude most of
> the standard run-time library.
> 
>>>> Q.
>>>> Do people actually use the "second" Ada language for really big and
>>>> really complex application programs?
 
> I work on such an application: 2 million lines of code, multiple
> processes running 24x7 on multiple machines, mission-critical, multiple
> GUIs.  
...
> Like I said we use almost every feature Ada has to offer, from high-
> level tasks and protected objects to the lowest level of bit
> manipulation ...  But these "scary" bits are few, far
> between and well isolated; they must represent less than 0.5% of our
> code base (still, 10 kSLOC or so...).  It is important to note that we
> could do without those low-level tricks; they exist only for performance
> reasons or to detect and diagnose rare errors.

Interesting and good to know. But dare I ask ... (if you have any such 
statistics to hand, or even a gut feel) ... what percentage of the bugs 
arise out of that 0.5% of the code?

- Brian