Re: C bug of the day

[LLeweLLyn <llewelly.at@xmission.dot.com>]

Kilgallen@SpamCop.net (Larry Kilgallen) writes:

> In article <d6652001.0306120418.37a97d1c@posting.google.com>,
>kanze@gabi-soft.fr writes: 
>> James Rogers <jimmaureenrogers@att.net> wrote in message
>> news:<Xns9396BDBB14558jimmaureenrogers@204.127.36.1>...
>
>>> Since this was cross-posted to comp.lang.ada I think it is fair to
>>> mention that there is a language that meets your description above.
>>> That language is Ada.
>> 
>> Permit me to be sceptical.  If your claim is that Ada has more of the
>> safe defaults than C++, I doubt anyone would dare argue it.  If your
>> claim is even that most of the defaults are the safe version, from
what
>> little I know of the language, it would seem true.  But to say that
in
>> 1983, they got everything right, including problems that weren't even
>> understood until significantly later.  Well, I'm sceptical.
Perfection
>> just isn't of this world.
>> 
>> One point where I'm pretty sure Ada 83 didn't have the right default
>> (although they may have fixed it in Ada 95): garbage collection.
While
>> there are places where it is necessary to turn garbage collection off
>> (which seriously limits the use of a language in which you cannot
have
>> untraced pointers, which the garbage collector cannot see), the safe
>> option is obviously to have it on by default, no?

What kinds of programs are most commonly written in Ada?

For some kinds of programs, traditional gc algorithms do not work
    well, or are completely unacceptable. If Ada is frequently used in
    real-time systems (that is my impression), off might be a better
    default.

Of course for C++, on would be the best default - but plenty of
    programs would need to replace the garbage collector, 
    plenty would need to turn it off, and some would need different
    solutions for different components of the same program.

>
> Perhaps it depends on what one means by the word "safe" :-),
> but even with Ada 95 provision of any garbage collection is
> up to the compiler vendor.  Since the language definition
> does not mandate garbage collection, it cannot very well
> mandate that it be defaulted on or defaulted off.

But quick search of rm95 turns up what looks to be a way to prevent
    objects accessed by specific access types from being garbage
    collected. (http://www.adapower.com/rm95/arm95_210.html#SEC210)
    This description seems to imply that if an implementation provides
    garbage collection it is on by default. I've never written a
    non-toy Ada program, so maybe I misunderstand, but that's more
    than C++ provides. 

Another bit - it seems Ada allows creation of variable-sized objects
    on the stack. I suspect that use of dynamic memory in C++ could be
    significantly reduced in most programs, by aggressive use 
    of such a feature (which C++ doesn't have - alloca isn't part of the
    standard, and a safe constructing and destructing wrapper around it
    is harder than it first appears). (Variable-sized stack objects
    probably couldn't eliminate the need for dynamic memory in most
    programs because all too often the function that knows what type
    an object should be is called from the function that (via virtual
    functions) manipulates the object. )

In some sense one could argue that both languages chose a safe
    allocation default: by default, objects are stack allocated, and
    have scope-controlled lifetimes. It takes explicit work to create 
    dynamicly allocated objects. Trouble is C++ has an education
    problem here - too many C++ programmers are (wrongly) taught to
    allocate dynamicly every time they want an object for any
    purpose! Right defaults are important, but IMO in several cases
    poor C++ education has taught many programmers to do the wrong
    thing even where the default is right. (Fortunately this problem
    appears to be in the process of being solved; I don't see as much
    unsafe C++ code as I once did.) 

> Does the C++ standard mandate garbage collection be on or off ?

Niether. The C++ standard says nothing whatsoever about garbage
    collection. It doesn't even require an implementation to document
    whether garbage collection is availible, on, off, etc. In
    practice, few C++ implementations provide garbage collection
    - but garbage collectors that work well with many implementations
    can be found
    (e.g. http://www.hpl.hp.com/personal/Hans_Boehm/gc/). And an
    implementation providing garbage collection but not documenting it
    seems almost unimaginable.

>
>> Seriously, I am aware that 1) Ada generally adopts the safe option,
and
>> 2) you can generally "work around" the safety checks if necessary
>> (hopefully on a case by case basis, using source code constructs;
>> e.g. by writing array.unsafe_at( index ) rather than array[ index ]).
>> In my original statement, I'll admit that I wasn't thinking so much
>> about Ada, as about some other, more popular languages which claim a
lot
>> of safety that they don't necessarily give.  Still, even thinking
about
>> Ada, I don't think I'd change it.  As I say, I simply cannot believe
>> that the language is perfect.
>
> I don't think anyone in comp.lang.ada believes Ada is perfect either.
> The typical Ada expert believes in code review, formal inspection,
> fault analysis, project specification and many other activities that
> would be useless if there were a perfect programming language.

Perhaps this is more important than the safety of the language
    defaults; IMO the biggest safety problem for most C++ progammers
    is that too many shops do no code review, formal inspection, etc,
    and in many shops that do, so many progammers have so little
    experience reviewing code, have so many misunderstandings, and
    must deal with such rotten code, that code review is less helpful
    (in the short term) than it might be.
    
>
>> I would certainly not claim that the defaults for C++ are safer than
for
>> Java.

The problem with Java is that all too often, it does not provide one
    with any choice - garbage collection is not the default - it is
    the only choice, and no matter how much it interferes with (for
    example) the real-time needs of one's program, there is no
    escape. Reference types are not the default - they are the only
    choice. Java does not support user-defined value types. Most of
    the laws laid down by the Java language designers work well, most
    of the time. But if one must write an application for which they
    do not work well, one is in a surprisingly hard spot, for the
    language provides no escape (except to write native functions in C
    or assembler :-).

In this respect Java is unlike C++, which all too often has the unsafe
    default, but allows one to change about that default, and also
    unlike Ada, which usually has the safe default, but also allows
    one to change it.

>> I've been using C++ now for close to fifteen years, and almost
>> exclusively for ten (except for a short excursion into Java).
Certain
>> avoidance manoevers have become instinctive, but I know that they are
>> missing in 99% of the code I see.  I suspect that I would need a lot
>> less avoidance manoeuvres in Ada -- perhaps none in day to day
coding.
>> But I really doubt that there would never be a case where I couldn't
do
>> better than the default.
>
> Sometimes "better" is subjective, but if a compiler can be told to
> include or omit those checks it is easier to try it both ways to
> see if omitting checks really has an effect on performance.
[snip]

Certainly. And since many programs need checks, performance is not
    crucial for most programs, and performance can often be improved
    in other ways, I often wish C++ had checks enabled by default, and
    one had to do work to disable them - but no, all too often one
    must write, download, or find in the standard library some
    user-defined type that does checking, and enable checks on a case
    by case basis, or, enable the debug mode in some implementations
    of the standard library.

      [ Send an empty e-mail to c++-help@netlab.cs.rpi.edu for info ]
      [ about comp.lang.c++.moderated. First time posters: do this! ]