From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,a00006d3c4735d70 X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2004-01-07 15:35:15 PST Path: archiver1.google.com!news2.google.com!news.maxwell.syr.edu!newsfeed.mathworks.com!nntp.TheWorld.com!not-for-mail From: Robert A Duff Newsgroups: comp.lang.ada Subject: Re: Certified C compilers for safety-critical embedded systems Date: 07 Jan 2004 18:35:12 -0500 Organization: The World Public Access UNIX, Brookline, MA Message-ID: References: <3fe00b82.90228601@News.CIS.DFN.DE> <5802069.JsgInS3tXa@linux1.krischik.com> <1072464162.325936@master.nyc.kbcfp.com> <1563361.SfB03k3vvC@linux1.krischik.com> <11LvOkBBXw7$EAJw@phaedsys.demon.co.uk> <3ff0687f.528387944@News.CIS.DFN.DE> <1086072.fFeiH4ICbz@linux1.krischik.com> <3ff18d4d.603356952@News.CIS.DFN.DE> <1731094.1f7Irsyk1h@linux1.krischik.com> <3ff1b8ef.614528516@News.CIS.DFN.DE> <3FF1E06D.A351CCB4@yahoo.com> <3ff20cc8.635997032@News.CIS.DFN.DE> <3ff9df16.30249104@News.CIS.DFN.DE> <3FFC0201.6020303@noplace.com> NNTP-Posting-Host: pip1-5.std.com Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: pcls4.std.com 1073518513 9341 192.74.137.185 (7 Jan 2004 23:35:13 GMT) X-Complaints-To: abuse@TheWorld.com NNTP-Posting-Date: Wed, 7 Jan 2004 23:35:13 +0000 (UTC) User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.2 Xref: archiver1.google.com comp.lang.ada:4191 Date: 2004-01-07T18:35:12-05:00 List-Id: Stephen Leake writes: > The canonical example is a random number generator: > > function Random (Gen : in out Generator) return Float; > > "Obviously", this should be a function (the C and Ada standards say so > :). During the Ada 9X project, some folks suggested making it a procedure. This was considered a non-starter, primarily because Fortran uses a function, and that's what people expect. It is rather strange that (some of) the same language designers who choked at the idea of making Random a procedure were adamant about forbidding 'in out' params. There are all kinds of advantages to using functions over procedures. One is that you can use a function to initialize an object, right at the point of declaration. Using a procedure is error prone, because the initialization is far-separated from the declaration, and because it requires making constants into variables. Furthermore, some kinds of subtypes *cannot* be initialized by procedures -- String, for example. Limiting the applicability of functions by forbidding 'in out' is poor language design. The programmer should be the one to decide when side effects are appropriate. The mistake is in thinking that Ada "functions" are the same thing as maths "functions" -- they are not. Ada functions are simply a procedure with a different calling syntax. IMHO, both kinds of subprograms should have been called "procedures". >... Also "obviously", it needs to modify the state of the generator. > Not so obviously, that state needs to be stored in the parameter, so I > can call Random from several different threads. It is also possible to implement the generator as a private type that has a pointer into the heap. But then you need to horse around with finalization in order to manage the memory. And note that the generator type cannot simply *be* a limited controlled type, because of the accessibility rules -- more horsing around. - Bob