From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.2 required=5.0 tests=BAYES_00,FROM_LOCAL_HEX, FROM_STARTS_WITH_NUMS autolearn=no autolearn_force=no version=3.4.4 X-Google-Thread: 103376,c9d5fc258548b22a X-Google-NewGroupId: yes X-Google-Attributes: gida07f3367d7,domainid0,public,usenet X-Google-Language: ENGLISH,ASCII-7-bit Path: g2news2.google.com!news3.google.com!feeder.news-service.com!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail From: "Vinzent Hoefler" <0439279208b62c95f1880bf0f8776eeb@t-domaingrabbing.de> Newsgroups: comp.lang.ada Subject: Re: How do I write directly to a memory address? Date: Wed, 09 Feb 2011 19:25:16 +0100 Message-ID: References: <67063a5b-f588-45ea-bf22-ca4ba0196ee6@l11g2000yqb.googlegroups.com> <19fh1chm74f9.11cws0j5bckze.dlg@40tude.net> <4d4ff70e$0$6886$9b4e6d93@newsspool2.arcor-online.net> <737a6396-72bd-4a1e-8895-7d50f287960e@d28g2000yqc.googlegroups.com> <4d5008a5$0$6879$9b4e6d93@newsspool2.arcor-online.net> <4d5031fe$0$6765$9b4e6d93@newsspool3.arcor-online.net> <1f229967-d3cf-42b6-8087-c97ee08652f3@i40g2000yqh.googlegroups.com> <4d5110ea$0$7669$9b4e6d93@newsspool1.arcor-online.net> <1fb3ce45-ffcc-4c1c-8f76-d151975c8425@x1g2000yqb.googlegroups.com> <4d511500$0$7665$9b4e6d93@newsspool1.arcor-online.net> <4d518a90$0$7651$9b4e6d93@newsspool1.arcor-online.net> <4d51b471$0$6772$9b4e6d93@newsspool3.arcor-online.net> <1lajq4dvy7368.41bre951qpy3$.dlg@40tude.net> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit X-Trace: individual.net 5gWl64UdLFVXvpPbxyuH2wLbZcKkAVM2Ah0IXW3z5MU5uiCKOX Cancel-Lock: sha1:ziXbiopniujbUicvTsl80NUchwU= User-Agent: Opera Mail/11.01 (Win32) Xref: g2news2.google.com comp.lang.ada:18082 Date: 2011-02-09T19:25:16+01:00 List-Id: Dmitry A. Kazakov wrote: > On Tue, 08 Feb 2011 22:41:35 +0100, Vinzent Hoefler wrote: > >> Georg Bauhaus wrote: >> >>> On 2/8/11 9:48 PM, Vinzent Hoefler wrote: >>>> Georg Bauhaus wrote: >>>> >>>>> I wish they were collected in some unbiased public wiki, >>>>> together with a kind of cost analysis, metaphorical or real, >>>>> of the observed effects. Wouldn't this be a nice addition >>>>> to the Style Guide? A chapter on Bug Avoidance Techniques (BAT)?. >>>> >>>> Look at MISRA-C to see what BAT does to C. And then again, look at >>>> Ada and compare how many of these rules could are applicable to Ada >>>> at all. >>> >>> I know ;-) Suppose pclint -w4 were built into every C compiler. >>> What effects would this change likely have on program production? >>> The skeptic's view: >>> >>> - more annoyed programmers >>> - clever ways of working around compilers >>> - pride issues >> >> Yes. >> >> But potentially better programs, too. > > Unfortunately not. The problem is that the C language was not designed in > order to be used at this level of scrutiny. It becomes extremely annoying > because many warnings are false negatives. It is a structural problem of C: > the number of false negatives cannot be reduced without increasing the > number of false positives. And this is not the compiler's problem only. > When you read C program you have to set your alarm level much lower than > for Ada. Because otherwise, you won't be able to understand the program at > all. So tell me what I did wrong. In the eight months I spent in the auto-motive sector [so I literally moved up ;)] I did MISRA-C, both compilers were tuned to their maximum warning level and PC-Lint was run with a quite restrictive set of rules. The goal was zero warnings from those tools. I think, I had two which could not be circumvented and thus could count as false-positives. Ok, in some sense it was a toy program (~ 12k sLOC), but that's still less than 0.2 warnings per sLOC. > So as Ludovic put it, each time you read a C program you see a bug. I would > add: and *know* that there are dozen other bugs you just do not care to > look after. Well, there were more bugs than warnings, that I am sure of. >> Of course, with Ada you can have all this for free (pun intended). > > Ada has such problems as well: > > overriding function Foo return Bar; > function Foo return Bar is > begin > raise Use_Error; -- This won't compile > end No_Way; Quite right. Your point is that the appropriate return statement would be dead code, which is not allowed in DO-178B Level A software? ;) Vinzent. -- You know, we're sitting on four million pounds of fuel, one nuclear weapon, and a thing that has 270,000 moving parts built by the lowest bidder. Makes you feel good, doesn't it? -- Rockhound, "Armageddon"