I 'm following various posting in "comp.lang. ada, comp.lang.c++ ,
comp.realtime, comp.software-eng" groups regarding selection of a
programming language of C, C++ or Ada for safety critical real-time
applications. The majority of expert/people recommend Ada for safety
critical real-time applications. I've many years of experience in C/C++ (and
Delphi) but no Ada knowledge.
May I ask if it is too difficult to move from C/C++ to Ada?
What is the best way of learning Ada for a C/C++ programmer?
Jul 23 '05
822 29366
Ludovic Brenta wrote: Generally speaking, the very fact that you feel an urge to distinguish between "C++" and "modern C++" is an indication that C++ is a poor language containing many unsafe features, some of which you obligingly enumerated above. By contrast, there is no distinction between "Ada" and "modern Ada". Ada is safe by design, from the ground up.
With Ada aside (I find no reason why one should not learn it), C++ is a
powerful and systems programming language, and power implies painful low
level details. However it also provides all major high level facilities,
and if you stick in high level programming it is very safe, while it
maintains the maximum space and run-time efficiency principle.
For example consider using std::string for strings, std::vector for
arrays etc.
Now for one specific example, I wrote a buffer overflow in a C++ library a few years ago, and it took me and two other people 3 days to find it. The fix was, of course, trivial once the bug was found. As it turned out, this particular bug would have been impossible to write in Ada. I can't post the code, as it is proprietary and I don't have it at hand anyway, but the gist of it is that, in Ada, loop variables (a) are constants and (b) do not exist outside of the loop:
procedure Proc (A : in String) is begin for J in A'Range loop J := J + 4; -- illegal, J is constant inside the loop end loop; Do_Womething_Wi th (J); -- illegal, J no longer exists end Proc;
Yes but this limits flexibility.
Also notice that, in Ada, the "for" statement declares the loop variable automatically.
That's not a big deal. The bug in the C++ library was that I was mistakenly reusing the loop variable after the loop, instead of the intended variable. Of course, the loop variable was an index pointing after the end of the buffer.
It looks like the code was not ISO C++ compliant. Some other features that make Ada inherently safer than C++ are:
* assignment is not an operator; it is an operation which does not return a value. Thus, bugs like "if (something = 0)" cannot exist.
* case statements (Ada's equivalent of a switch in C++) are required to handle all possible cases. Thus it is impossible to forget one. And, of course, there is no "break;" crap in Ada.
* conditions cannot mix "and" and "or" without parentheses. Thus there is no possibility that the programmer make wrong assumptions about precedence of operators or order of evaluation.
* the type system, when used appropriately, makes it possible for the compiler to find semantic errors in addition to just syntax errors. For example, you can declare that Numers_Of_Apple s and Numers_Of_Orang es cannot be mixed. This is not possible with C++'s typedef.
* conversions from floating point to integer types involve rounding. The rounding is precisely and deterministical ly defined by the ISO standard for the Ada language. Similarly, floating-point and fixed-point types can be declared with known, deterministic, guaranteed precision.
* pointer types cannot be converted to one another. You cannot convert a pointer-to-String to a pointer-to-random-object.
* accessibility rules are rather complex, but they are designed to minimise the chance of mistakes. Basically, the scope of a pointer type must be included in the scope of the pointed-to type. This makes many mistakes impossible, such as returning a pointer to an object which no longer exists.
* when the compiler cannot check some code statically, it inserts run-time checks which are guaranteed to catch all errors by raising exceptions. In C++ you must code these checks by hand, and of course at some point you'll forget one crucial check which will cost you days in debugging.
In general, we cannot compare the two languages because they have
different design ideals.
C++ supports 4 paradigms. Each paradigm is supported well with maximum
run-time/space *efficiency*. At the same time it leaves no room for a
lower level language except of assembly.
On the other hand I do not know ADAs ideals (for example I do not think
it supports the generic programming paradigm - templates), but I suspect
they are to be an easy (restricted to easy parts), safe (not letting you
do low level operations), application development language, which is OK
for usual application development.
--
Ioannis Vranos http://www23.brinkster.com/noicys
In article <3S************ *********@news0 00.worldonline. dk>, "Peter Koch Larsen" <pk*****@mailme .dk> writes: - You might end up making more mistakes with Ada because of inexperience with Ada.
Wrong. I took that route 4 years ago, and found that the compiler would catch all my stupid mistakes. When it comes to reliability, Ada compilers are your friends; C++ compilers are your enemies.
Out of curiosiy, could you give some few examples where Ada catches faults not found by a C++ compiler. I assume - of course - code written in modern C++: no casts, functions instead of macroes, a limited use of pointers and so on.
Which C++ compilers prevent those practices deprecated in your second
sentence ?
Ioannis Vranos <iv*@remove.thi s.grad.com> writes:
[snip] On the other hand I do not know ADAs ideals (for example I do not think it supports the generic programming paradigm - templates), but I suspect they are to be an easy (restricted to easy parts), safe (not letting you do low level operations), application development language, which is OK for usual application development.
First of all, the language is called Ada. It is not an acronym, but a
woman's name.
Ada supports generic ("template") programming very well. It
furthermore lets you do all the low-level operations you can think of:
Reading from a memory location, converting bit sequences into
integers, performing pointer arithmetic etc. You can f.x. convert an
octet into an array of Booleans and thus refer to each "bit" as a
Boolean value.
Give it a try - it never hurts to gain experience with new/other
programming languages. The people at comp.lang.ada are always willing
to help and answer questions.
Regards,
- Mark Lorenzen
In article <y8************ *********@news0 00.worldonline. dk>, "Peter Koch Larsen" <pk*****@mailme .dk> writes: "Ludovic Brenta" <lu************ @insalien.org> skrev i en meddelelse news:87******** ****@insalien.o rg...
it at hand anyway, but the gist of it is that, in Ada, loop variables (a) are constants and (b) do not exist outside of the loop:
This is inherited from Pascal if I remember correctly. Of course, good C++ style is to declare your variable in the loop.
That is also good style in macro assemblers, and presumably in paper-only
languages used to write machine code where you toggle in the binary. But
the purpose of a compiler is to help you avoid errors, whether you think
of such things at the time or not.
* conditions cannot mix "and" and "or" without parentheses. Thus there is no possibility that the programmer make wrong assumptions about precedence of operators or order of evaluation.
This seems ridiculous. I would expect a programmer to know the precedence rules or at least insert parentheses if they are in doubt.
Expectations are one thing, but having the compiler help you is better. * the type system, when used appropriately, makes it possible for the compiler to find semantic errors in addition to just syntax errors. For example, you can declare that Numers_Of_Apple s and Numers_Of_Orang es cannot be mixed. This is not possible with C++'s typedef.
I like that idea. It is possible using templates, of course. Is it general enough? If you replace "apples" with "weight" and "oranges" with "length", is it then permissible to multiply a length with a weight but not add the two together?
It is possible, with enough work, to do such things.
It is preferable to mandate that such project-specific needs be
programmed only by senior programming staff. Thus the junior
members of the staff just say this_box_length * this_box_weight .
Any responsibility for the meaningfulness of that result is on the
shoulders of senior staff.
My conclusion is that there are some nice ideas out there, but that they mainly protect against the "sloppy" programmer.
My conclusion after 35 years with computers is that there are "sloppy"
programmers out there. So I look for mechanisms to guard against such
things. Formal inspection is great, but it is a waste of resources if
used to catch small errors that can be avoided with proper choice of
tools.
Ioannis Vranos writes: In general, we cannot compare the two languages because they have different design ideals.
C++ supports 4 paradigms. Each paradigm is supported well with maximum run-time/space *efficiency*. At the same time it leaves no room for a lower level language except of assembly.
Ada's efficiency is on par with C++'s, thank you very much. In fact,
the most widely used Ada compiler is none other than GCC.
On the other hand I do not know ADAs ideals (for example I do not think it supports the generic programming paradigm - templates),
Ada can teach C++ how to do templates properly. In Ada they are
called "generics". The reason why Ada's generics are better (IMHO)
than C++'s templates is that Ada alows you to express constraints
between generic parameters. There is also a rich set of possible
generic parameters. A generic parameter can be a type, an object, a
subprogram, or a package (in which case the actual package must be an
instance of some designated generic package!). For example, in Ada,
you can say that a generic takes a type parameter which must be a
subclass of some designated class. You can then go on to say that a
second parameter must be an instance of that particular subclass.
Ada supports procedural programming, object-oriented programming,
genericity, and exceptions, just like C++.
And, Ada supports multitasking. How's that for a multiparadigm
language?
The one thing that C++ supports that Ada doesn't is multiple
inheritance. This feature was left out as unsafe. Interface
inheritance Ã* la Java is being added in Ada 2005.
but I suspect they are to be an easy (restricted to easy parts), safe (not letting you do low level operations), application development language, which is OK for usual application development.
Ada also has low-level facilities for systems programming. These
facilities allow doing bit-level programming *cleanly* and
*explicitly*. An entire chapter of the Ada reference manual is
devoted to this - chapter 13, "representa tion issues".
This means that, uness you see a representation clause or uses of
Unchecked_Conve rsion or Unchecked_Deall ocation, you can pretty much
assume that an Ada program uses only safe features. In Ada, unsafe
programming is possible but must be explicit.
There is also a gem of a language feature: pragma Restrictions. This
pragma allows you to restrict usage of some language features, *and
the compiler enforces the restrictions*. But the possible
restrictions are implementation-defined.
--
Ludovic Brenta.
Martin Krischik wrote: Well that's easy:
unsigned int X = -1;
char Y [10]; Y [10] = "X";
Or bit more subtle:
unsigned int X Day_Of_Month = 32;
Day_Of_Month does not compile. You can make the Day_Of_Month an enum:
enum Day_Of_Month { Mon=1, Sun=7};
int main()
{
Day_Of_Month X= 32;
}
C:\c>g++ temp.cpp -o temp.exe
temp.cpp: In function `int main()':
temp.cpp:6: error: invalid conversion from `int' to `Day_Of_Month'
C:\c>
The char Y thing does not compile, but try this:
#include <vector>
int main()
{
using namespace std;
vector<char> Y (10);
Y.at(10) = 'X';
}
The most important thing that you may be missing, is that in C++ you can
choose the level of abstraction and safety you want by using some
third-party library or framework that fits your needs.
For example consider this:
// Using .NET facilities
int main()
{
using namespace System;
array<int> ^IntArray= {1,2,3,4,5,6,7, 8,9,0};
IntArray[10]= 10;
}
C:\c>temp
Unhandled Exception: System.IndexOut OfRangeExceptio n: Index was outside
the boun
ds of the array.
at main()
C:\c>
#include <iostream>
#include <ostream>
int main()
{
using namespace System;
using namespace std;
int x= 71;
char c= x.ToString()[0];
cout<<c<<endl;
cout<<x.ToStrin g()->Length<<endl ;
}
C:\c>temp
7
2
C:\c>
The above make use of the .NET 2 framework facilities, which provide
additional safety and the high level things you are mentioning.
Bottom line is in C++ you can be as safe and as high level you like.
Just pick the suitable libraries or frameworks.
--
Ioannis Vranos http://www23.brinkster.com/noicys
Mark Lorenzen wrote: You can do everything in Ada that you can in C and C++.
I suppose you mean in the application-programming domain. But I do not
think this is true in the systems programming domain, that is efficiency
under *severe* run-time and space constraints.
Also I am not sure if ADA is suitable for library writing, or you will
have to switch to another language to do that.
I do not say this is bad, since the design ideals of ADA are different
from C++. In effect, we are comparing different things here.
--
Ioannis Vranos http://www23.brinkster.com/noicys
Ioannis Vranos writes: Bottom line is in C++ you can be as safe and as high level you like. Just pick the suitable libraries or frameworks.
No, you cannot be as safe as you like. For this, you would need the
ability to restrict usage of unsafe features. Just because you also
have safe features at your disposal does not force you to use them.
Your sentence should read: in C++, despite all the high-level
features, you can be as unsafe as you like because the compiler will
let you.
--
Ludovic Brenta.
Ioannis Vranos <iv*@remove.thi s.grad.com> writes: Mark Lorenzen wrote:
You can do everything in Ada that you can in C and C++.
I suppose you mean in the application-programming domain. But I do not think this is true in the systems programming domain, that is efficiency under *severe* run-time and space constraints.
Why? I see no reason that an executable programmed in Ada should be a
slow or big?
Also I am not sure if ADA is suitable for library writing, or you will have to switch to another language to do that.
Why?
Regards,
- Mark Lorenzen
"Larry Kilgallen" <Ki*******@Spam Cop.net> wrote in message
news:tx******** **@eisner.encom passerve.org... - You might end up making more mistakes with Ada because of inexperience with Ada.
But if you do, they will typically be caught at compile-time.
I would argue that this isn't strictly true. Of course, the bonehead errors
will be caught by the compiler, but the same is true for C++.
I found that, while I could write servicible code pretty quickly in Ada, it
took a long time, coming from C (and Pascal before that), to really
understand how to exploit the language.
By way of example, someone in this thread posted an example using a
Day_of_Month type. It would never occur to a C programmer that the day of
the month was anything other than an integer. At the other extreme, once
discovering all this wonderful capability, it is very easy to get carried
away and take it to extremes. It takes quite some experience to understand
the correct balance for just this one useful feature of the language.
I also feel that Ada programs are more difficult -for experienced
programmers- to read. Sure, any Joe off the street can probably get more
from an Ada program than a C++ program, but C and C++ have a lot of idioms
that express fairly large concepts in immediately recognizable ways. With
Ada, not only is there less of this, but the language is so wordy that even
simple functions seem to go on and on.
Still, if I was back doing safety critical code, I don't think I could
honestly argue that C++ was a viable choice.
... This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Mediocre Person |
last post by:
Well, after years of teaching grade 12 students c++, I've decided to
make a switch to Python.
Why?
* interactive mode for learning
* less fussing with edit - compile - link - run - debug - edit -
compile - link - run -.....
* lots of modules
* I was getting tired of teaching c++! Bored teacher = bad instruction.
|
by: Gabriel Zachmann |
last post by:
This post is not strictly Python-specific, still
I would like to learn other university teachers' opinion.
Currently, I'm teaching "introduction to OO programming" at the undergrad
level. My syllabus this semester consists of a bit of Python (as an example
of a scripting language) and C++ (as an example of a compiled language).
With C++, I go all the way up to meta-programming.
My question now is: do you think I should switch over to...
|
by: andy_irl |
last post by:
Hi there
I have been asked to teach HTML to a group in our local village
community. It is nothing too serious, just a community development
grant aided scheme. It will be a 10 week course of two hours per week
and will mainly consist of mature students. I may or may not include
GUI's depending if I can fit it all in to the time allocated.
I was wondering if anyone could point me to any useful teaching
resources for HTML on the web ie...
|
by: Pierre Senellart |
last post by:
I am going to teach a basic Web design course (fundamentals of HTML/CSS,
plus some basic client-side (JavaScript) and server-side (PHP, perhaps
XSLT) scripting). Most of the students do not have any previous knowledge
of all of this.
I am strongly considering teaching XHTML 1.0 Strict instead of HTML 4.01
strict, for the following reasons:
- XML syntax is far more simple to teach than HTML/SGML, simply because
there are not as many...
|
by: msnews.microsoft.com |
last post by:
I am teaching C# to my 11 year old child. One challenge is that all the C#
books I own and that I have seen in bookstores are full of language that is
not easily comprehended by a student at that age. Can anyone recommend
books (or perhaps websites) tuned for younger audiences?
BTW, its amazing how fast a student can absorb this kind of information at
that age. Lucky them!
Thanks, Bruce
| |
by: Richard Aubin |
last post by:
I'm really new to vb.net programming and programming in general.
I would like to teach myself on how to program effectively and I have the
financial and time resources to do so.
Can I anyone recommend and point me in the right direction where I should
start?
--
Richard Aubin
|
by: e.expelliarmus |
last post by:
check this out buddies. kool website for:
* hacking and anti hacking tricks
* anti hackng tricks.
* registry tweaks
* orkut tricks
* small virus
* computer tricks
and loads of different tricks...
www.realm-of-tricks.blogspot.com
www.registrydecoded.blogspot.com
|
by: JosAH |
last post by:
Greetings,
Introduction
This week's tip describes a few old tricks that are almost forgotten by most
people around here. Sometimes there's no need for these tricks anymore because
processors nowadays are so fast and memory comes in abundance. But still, if
we implement an algorithm that is better, or more efficient, than another one,
those faster processors run the first algorithm faster than the other one. If
an algorithm takes less...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
| |
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |