Teaching new tricks to an old dog (C++ -->Ada)

Also I am not sure if ADA is suitable for library writing, or you will
have to switch to another language to do that.

Neither the "American Dental Association" or the "American Disabilities
Act" are really suitable computer computer languages for writing
libraries or anything else for that matter. :-)

Ada, on the other hand is very suited to that task. Ada is a name not
an Acronym. Ada is named for Ada Augusta Lady Lovelace. She was the
daughter of the poet Lord Byron and also was the worlds first computer
programmer. She wrote several sample programs intended for Charles
Babbage's never built Analytical Engine.

--
ma**@biggar.org
ma***********@c omcast.net

>Which is why other means are needed for quality software. Rigorous testing

and code reviews come to mind.

IMHO one word is missing: Which is why other means are *also* needed
for quality software. Rigorous testing and code reviews come to mind.

Needed (not exhaustive):
- a good definition (requirements etc)
- education
- reviews, brainstorms and other inter-person interactions
- sensible management
- sensible coding standards, *with a sensible escape mechanism*
- good checking tools (Compiler, even for Ada a subset verificator is
often used)
- automtated (regression) test tools
- test coverage check (somtimes even full path coverage check)
- unit tests, integration tests, system tests etc.
Wouter van Ooijen

-- ------------------------------------
http://www.voti.nl
Webshop for PICs and other electronics
http://www.voti.nl/hvu
Teacher electronics and informatics

Wouter van Ooijen (www.voti.nl wrote:

In my book that was a management bug - If the managers had ordered to run
the testsuite only once the problem would have shown. The hardware was so
incompatibl e it would have failed all the time.
I assume you do know that it was not the computer hardware but the
phyiscal paremeters (acceleration) of the rocket itself?

Last not least: Runtime check where disabled for that incident. So if
anything: this incident speak in favor of runtime checks.

Yes, I do. I was just simplifying the hole rocket as "hardware".
If this accident speaks for anything IMHO it speaks for sensible
management. Which is apparently a problem on both sides of the ocean
:(

Yes indeed.

With Regards

Martin
--
mailto://kr******@users. sourceforge.net
Ada programming at: http://ada.krischik.com

<veröffentlic ht & per Mail versendet>

Paul E. Bennett wrote:

reviews and testing. Therefore, I tend to look at the development
processes and their "real" CMM rating. I guess the Ariane team went down a
few notches on that project.

Only it was a contractors team and they where not there anymore to be asked
if the Ariane 4 software could be run on the Ariane 5.

That was one of the reaons why the testsuite was not run: The did not have
the personal to do it the they would have to hire and teach new contractors
to do it.

My point stands: management bug.

Martin

--
mailto://kr******@users. sourceforge.net
Ada programming at: http://ada.krischik.com

Wes Groleau wrote:

Martin Krischik wrote:

But as I said, not impossible. I have a regex generic which can be
instanciated for character and wide character strings and basicly any
other descreed type you want to run regular expressing over.

Is that for sale or open-source or not available?

It's part of AdaCL: http://adacl.sourceforge.net

Martin
--
mailto://kr******@users. sourceforge.net
Ada programming at: http://ada.krischik.com

Martin Krischik writes:

<veröffentlich t & per Mail versendet>

Paul E. Bennett wrote:

reviews and testing. Therefore, I tend to look at the development
processes and their "real" CMM rating. I guess the Ariane team went down a
few notches on that project.

Only it was a contractors team and they where not there anymore to be asked
if the Ariane 4 software could be run on the Ariane 5.

That was one of the reaons why the testsuite was not run: The did not have
the personal to do it the they would have to hire and teach new contractors
to do it.

My point stands: management bug.

Martin

I thought it was because the telemetry data required to simulate a
launch was classified, and managers decided that the contractors
"didn't need to know" this data. If it weren't for this secrecy, the
contractors would have found the bug on the first simulated run of the
software.

--
Ludovic Brenta.

"Peter Koch Larsen" <pk*****@mailme .dk> wrote in
message
news:y8******** *************@n ews000.worldonl ine.dk...

After reading some ideas about Ada,

My conclusion is that there are some nice ideas out there, but that they mainly protect against the "sloppy" programmer.

Actually, the inherent type safety, along with the
visibility rules in Ada
do a bit more than "protect against the 'sloppy'
programmer." I wonder
there is real protection against a truly sloppy
programmer, in Ada or
elsewhere.

Then again, perhaps we are all a little sloppy now
and then. I know I sometimes
make stupid mistakes while coding that the Ada
compiler brings to my attention.

The larger issue is how Ada scales up to
programming in the large for safety-critical
software. Few other languages do scale up as well
as Ada. For a small, one-person
job, I'm not sure it matters so much what
programming language you choose. However,
when you are building a large team of programmers
and need high level of confirmability
wrt the inter-relationship of the varioius
modules, Ada serves much better than most
alternatives.

A key idea in Ada, one that I like much better
than in other languages (although this
aspect of Modula-3 is pretty good), is the model
for separate compilation. Space
in this posting does not allow one to do full
credit to this capability, but it is one of
those features of the language that, when used as
it is supposed be used, makes the
team development process so much easier.

For real-time embedded systems, Ada allows easy
navigation from one level of abstraction
to another, and allows that navigation to be safe.
We can, and usually do, design our
programs at a high level of abstraction.
However, when it is required to descend to the
machine level, we can do, but with greater safety
(built-in rules) than one might do with
some other language.

Anyone who has ever made an mistake in pointer
arithmetic knows how entertaining
it is to spend long hours searching for the source
of some run-time fault. Never made
that kind of mistake? You only need to make it
once for it to be memorable.

Some find Ada to be a little difficult to learn at
first. In particular, the rules that govern
something called "visibility " give new programmers
a bit of trouble. For those programmers
who insist on fighting this feature, there is no
end of trouble. I like to use the analogy of
the rotating-brush floor buffer. When you flip
the switch on that buffer, you need to know
just how to control it or it will run away with
you. Once you let the buffer have its way, you
can make subtle little movements to make it go
where you want it to go instead of dragging
you all over the floor.

The more persnickety features of Ada are a lot
like the floor buffer. Once you learn how to
control them, use them to your advantage, and
understand their purpose, the language becomes
easy and fun to use. The problem is that most
programmers fight those features and complain
because they refuse to abide by them. Those who
do learn the visibility rules tend to build
excellent, dependable, and maintainable software,
and with much less sweat, tears, and blood
than the corresponding programmer in language X.
Or is the wrong end of the third-from-the-end
letter of the alphabet?

Richard Riehle

"Ioannis Vranos" <iv*@remove.thi s.grad.com> wrote
in message news:1110059861 .560004@athnrd0 2...

Once again, I have nothing against learning Ada, however personally I like the most powerful languages. The next thing I am going to learn after C++ (because I haven't learned it all yet), is probably some form of assembly language.
Ada is every bit as powerful as C++. Just a bit
safer.
For example I like that I can do:

[snipped a bunch of code]

Everything you just coded in C++ is easily done,
but with slightly
different, and definitely safer, syntax. We can
get to the bit level,
the byte level, or the word level for data. In
at least one embedded
system, deployed on a bare-board using an Ada
run-time, that I
know quite well, we inserted actual machine code,
including some
code to disable interrupts temporarily.

Speaking of powerful languages, consider the power
of Ada to allow
you to build concurrent programs directly within
the language. There
is no need to make separate Posix/Unix calls.
Moreover, Ada has,
at present, the most robust model for controlling
mutual exclusion
found in any non-experimental language. If is
really power you need,
especially programming power, Ada will stand
against any competitor.

Richard Riehle

"Wouter van Ooijen (www.voti.nl)" <wo****@voti.nl >
wrote in message
news:42******** *********@news. xs4all.nl...

If you want to realy broaden your perspective I would suggest something in the lazy-functional field like Haskell.

Haskell has a lot to recommend it. In fact, it is
sad that more programmers
are not schooled in the value of functional
languages.

However, we must select the right tool for the
right job. There are problems
where Haskell would be preferred to Ada.
Large-scale, safety-critical software
systems developed by a team of programmers is not
the domain where I would
choose Haskell, or ML, or Scheme, or Lisp, or most
other functional languages.

Where Ada is the right choice, nearly all the
time, is for large-scale software systems
that involve an equally large number of
developers, and where the software modules
developed by that team must snap together just
right -- no guesswork. This is Ada's
strength. Few languages can compete in this
domain, although many programmers
do try to use less disciplined languages with some
modest success. Eiffel might be
a good alternative, but my preference for that
kind of software is still Ada.

Consider a military commmand and control system, a
complex system with a lot
of requirementss built in. Now, think of this
system in terms of its size: 4.5 million
lines of source code. This is the kind of
project that is perfect for Ada. In fact,
any software system over a half-million lines of
source code should be coded in
Ada. Some authors have set that threshold at 100
KSLOC.

If you have a small, 20 KSLOC software system, go
ahead and use a different
language. Just keep in mind that as that
software grows over time, you might
find yourself wishing you had chosen Ada in the
first place.

Richard Riehle

Ludovic Brenta wrote:

[ ... ]

Yes, assembly is the most powerful and flexible language. That's why
all compilers emit assembler.
Not so -- machine language is clearly more flexible than asembly
language (especially on machines where an operation can be encoded in
more than one way). Not all compilers emit assemly language output
either. "Powerful" is meaningless WRT a langauge unless you define what
you mean by it in considerably more detail than I've seen thus far in
this thread (or any other, for that matter).

As an aside: an "assembler" is a program that takes input in "assembly
language" and produces an object file as output. Calling the language
"assembler" is roughly equivalent to referring to Ada as "compiler" --
wrong, and to anybody who isn't entirely clueless about the subject at
hand, downright stupid. I realize that for years IBM (among others)
abused the (English) language by referring to the language as
"assembler" , but please avoid their mistake.

[ ... ]
Here, Ada makes it explicit that unsafe programming is taking place.
First, Obj must be declared as "aliased", which means that two or
more paths can access it. In our case, Obj and Obj_As_String are
the two paths. This is another of Ada's nice safety-related
features. Since aliasing must be made explicit, the reader of the
program knows up front whether or not aliasing takes place. The
reader of a C++ program has no such knowledge.
Nonsense -- in C++ you use a reinterpret_cas t, which is equally
explicit about what's being done. If somebody reading C++ doesn't
recognize what a reinterpret_cas t means, then he simply doesn't know
C++.
Also, the writer of the program must
think twice, and understand the consequences if they make an object
aliased.
Anybody who uses a reinterpet_cast without a second (and third) thought
simply isn't a programmer, and of he wrote Ada instead, it'd still be
garbage.
Secondly, the representation clause for Obj_As_String ("for
Obj_As_String'A ddress use ...") says exactly what is happening.
Anybody who thinks that (for example):

unsigned char *a = reinterpret_cas t<char *>(&x);

doesn't state exactly what it happening, simply doesn't know C++.

Any language (programming or otherwise) is foreign to those who don't
know that language. It may well be that you don't realize what it
means, and that's perfectly fine -- but assuming it must be inexact
because you don't know exactly what it means is considerably less fine.
I could make the code less verbose by using use clauses, similar to
"using namespace std" which you seem fond of. In avionics, our
coding standards forbid that because we want everything to be
explicit.

A poor idea. Just for example, consider writing a generic sorting
function. It needs to swap items that it's sorting. In well-written
C++, this will often be done with a using clause. Specifically, if the
type of items has provided its own specialized version of swap, then my
sorting functino should use that, but otherwise it should use std::swap
to swap them.

If I try to specify whatever_type:: swap(x,y), then compilation will
fail if the type has not provided a swap function. Conversely, if I
specify std::swap(x,y), then the specialized swap function won't be
used for those types that provide one.

The solution is something like:

using namespace std;

template<class T>
void sort // ...

// ...
swap(x,y);

and now, thanks to Koenig lookup, this will refer to a swap
specifically for the type of x and y if there is one, but will use the
swap in the standard library for those (many) types that don't provide
special swapping code.

[ ... ]

Someone who places much hopes on the language to protect him from
his mistakes, probably ADA is better than C++ on this.

Hear, hear!

Actually, having used both (as well as Verilog and VHDL, which are
based fairly close on C and Ada respectively) I'm not particularly
convinced this is true.

Personally, I think the _vast_ majority of the safety of Ada is an
illusion. In the end, code that works well is a product of a good
programming doing his job well, NOT of a particular language.

Now, it's certainly true that people can (and frequently do) cite
statistics showing that code written in Ada has fewer bugs, etc., as
proving that the language is safer. Even assuming the citations are
correct (which I'm not sure is true, but for the moment, let's assume
they are), they don't necessarily prove that -- or much of anything
else, for that matter.

The problem is that the reputation of a language tends to become a
self-fulfilling prophecy. Managers who are running safety critical
projects often choose Ada because they "know" it's safer -- and then
run their projects in ways that would assure solid results, regardless
of implementation language.

Likewise, programmers who are strongly attracted toward disciplined
software engineering, will often be attracted to Ada because it has
that reputation (and to an extent, that "feeling" as well).

At the opposite extreme, the managers who are most interested in
pushing a product out the door in minimal time and don't mind bugs,
rarely choose Ada -- and run their projects in ways that would produce
buggy products regardless of language. Likewise, the "cowboy"
programmers never learn Ada at all -- as soon as they learn of its
reputation, they avoid it like the plague.

As such, showing causation (rather than mere correlation) becomes
essentially impossible at best -- and here in the real world, the truth
could even be exactly the opposite of what the statistics "prove."

Then again, all of the above should probably be taken with a large
grain of salt. That wouldn't necessary if what I'd been consuming for
the last couple of hours was salt, but thanks to Warren Winiarski, that
wasn't the case... :-)

--
Later,
Jerry.

The universe is a figment of its own imagination.