Teaching new tricks to an old dog (C++ -->Ada)

[Georg Bauhaus]

Hum, since you answered "no" and I answered "yes" it seems there is something
about "templates recurse" that I did not understand. In short what is a
recursive template in C++ ?

In Ada, you cannot instantiate a generic within itself (as Marius
has said elsewhere). In C++, you can, and you should provide
termination lest the instantiation loop exhausts something (at
link time, I believe):

template<typename T>
struct G {
G<G> r;
};

Georg

 

[Larry Kilgallen]

Somewhere in this thread Loduvic writes:

* in Ada, loop variables (a) are constants and (b) do not exist outside
of the loop

This is safer, but limiting.
In C++ may want to declare the variable outside the loop,
break out early and use the loop variable. Let me guess: You can't
break out early in Ada, right?

You can, but if I want to export the loop variable I use something like:

for each_fluvark in fluvark_array'range loop
...
if some_value = 42
then
last_value_of_fluvark_index := fluvark_index;
exit;
end if;
...
end loop;

making quite explicit the difference between the changing value of the
index and the final value at which we exited the loop.

A few other questions:

Do you have nested functions like Pascal have?

Even Bliss has nested functions. What Ada has that Pascal has in addition
to nested functions is uplevel addressing, allowing an inner function to
access data declared in outer scopes.

 

[=?ISO-8859-1?Q?Falk_Tannh=E4user?=]

Hum, since you answered "no" and I answered "yes" it seems there is something
about "templates recurse" that I did not understand. In short what is a
recursive template in C++ ?

One example in C++:

template<unsigned N> struct factorial
{
static unsigned const value = N * factorial<N-1>::value;
};

// Partial template specialisation to terminate the recursion:
template<> struct factorial<0>
{
static unsigned const value = 1;
};

With this, 'factorial<7>::value' will be a compile time constant equal to 5040.

Another example:

template<typename T> struct pointer_info
{
typedef T base_type;
static unsigned const indir_level = 0;
};

// Partial template specialisation for types that are pointers:
template<typename T> struct pointer_info<T*>
{
typedef typename pointer_info<T>::base_type base_type;
static unsigned const indir_level = pointer_info<T>::indir_level + 1;
};

With this, suppose that you have
typedef int***** foo_t;
Then 'pointer_info<foo_t>::base_type' is a typedef (alias) for 'int' and
'pointer_info<foo_t>::indir_level' is a compile time constant equal to 5.

Falk

 

[Jerry Coffin]

Martin Dowie wrote:

[ ... ]

Hey! I did add a smiley! I just thought it was an opinion from a
reputable source that tied in with the post.

Sorry -- I rarely add an explicit smiley. Regardless of how my messages
might read, I rarely take much of it _terribly_ seriously.

[ ... ]

Would I be allowed to use embedded SQL in the Ada code (GNADE)? Or a
binding to Postgres or MySQL (APQ) or similar (ODBC)?

For the question at hand, I'd postulate that an embedded SQL
implementation simply wouldn't do the job. Binding to MySQL or using
ODBC would undoubtedly work, but using MySQL, Oracle, MS SQL Server,
etc., puts us back in the situation where we basically just have SQL
talking to a server written in C.

Now, I have no problem with that at all -- but it certainly doesn't
seem to be in keeping with what Richard was advocating.

Then again, your headers indicate that you post with Mozilla
Thunderbird running on Windows, connecting through BT Internet. What
percentage of the millions of lines of code used to write and transmit
your message do you suppose was written in Ada, and what percentage in
C and C++?

Ada advocate: "The world WOULD be better if you used Ada."
C++ advocate: "The world IS better because of the cool code I wrote."

 

[Pascal Obry]

One example in C++:

template<unsigned N> struct factorial
{
static unsigned const value = N * factorial<N-1>::value;
};

// Partial template specialisation to terminate the recursion:
template<> struct factorial<0>
{
static unsigned const value = 1;
};

With this, 'factorial<7>::value' will be a compile time constant equal to
5040.

Ok, thanks. This is definitly a recursive definition. AFAIK there is no such
thing in Ada.

Pascal.

--

--|------------------------------------------------------
--| Pascal Obry Team-Ada Member
--| 45, rue Gabriel Peri - 78114 Magny Les Hameaux FRANCE
--|------------------------------------------------------
--| http://www.obry.org
--| "The best way to travel is by means of imagination"
--|
--| gpg --keyserver wwwkeys.pgp.net --recv-key C1082595

 

[Adrien Plisson]

Ada advocate: "The world WOULD be better if you used Ada."
C++ advocate: "The world IS better because of the cool code I wrote."

about Air Traffic Control:

C++ Advocate: "The world WOULDN'T be safer if they used C++"
Ada Advocate: "The world IS safer, because of the cool system we wrote"


about buffer overflows:

Ada advocate: "Networks WOULD be more secure if you used Ada"
C++ advocate: "Networks WOULD be more secure if we used Ada"

 

[Martin Dowie]

Sorry -- I rarely add an explicit smiley. Regardless of how my messages
might read, I rarely take much of it _terribly_ seriously.

I'll bare that in mind...



....did you see my implicit smiley!

For the question at hand, I'd postulate that an embedded SQL
implementation simply wouldn't do the job. Binding to MySQL or using
ODBC would undoubtedly work, but using MySQL, Oracle, MS SQL Server,
etc., puts us back in the situation where we basically just have SQL
talking to a server written in C.

Not necessarily, esp in the fields that Richard comes across day-in-day
out. I did have a link at work that was for a web page for a Relational
Database written in Ada that Lockhead(?) had developed.

Then again, your headers indicate that you post with Mozilla
Thunderbird running on Windows, connecting through BT Internet. What
percentage of the millions of lines of code used to write and transmit
your message do you suppose was written in Ada, and what percentage in
C and C++?

I have no idea - quite possibly 0% but there are plenty of Ada apps
around - just not mass public market ones (that I know of). On the other
had there is a chance the packets that delivered this email went through
some Ada...

http://www.linuxjournal.com/article/3675

Ada advocate: "The world WOULD be better if you used Ada."
C++ advocate: "The world IS better because of the cool code I wrote."

What on earth would the C advocate say!! ;-)

Cheers

-- Martin

 

[Martin Dowie]

Sorry -- I rarely add an explicit smiley. Regardless of how my messages
might read, I rarely take much of it _terribly_ seriously.

I'll bare that in mind...



....did you see my implicit smiley!

For the question at hand, I'd postulate that an embedded SQL
implementation simply wouldn't do the job. Binding to MySQL or using
ODBC would undoubtedly work, but using MySQL, Oracle, MS SQL Server,
etc., puts us back in the situation where we basically just have SQL
talking to a server written in C.

Not necessarily, esp in the fields that Richard comes across day-in-day
out. I did have a link at work that was for a web page for a Relational
Database written in Ada that Lockheed(?) had developed.

Then again, your headers indicate that you post with Mozilla
Thunderbird running on Windows, connecting through BT Internet. What
percentage of the millions of lines of code used to write and transmit
your message do you suppose was written in Ada, and what percentage in
C and C++?

I have no idea - quite possibly 0% but there are plenty of Ada apps
around - just not mass public market ones (that I know of). On the other
had there is a chance the packets that delivered this email went through
some Ada...

http://www.linuxjournal.com/article/3675

Ada advocate: "The world WOULD be better if you used Ada."
C++ advocate: "The world IS better because of the cool code I wrote."

What on earth would the C advocate say!! ;-)

Cheers

-- Martin

 

[Dmitry A. Kazakov]

Jerry Coffin wrote:

What on earth would the C advocate say!! ;-)

C advocate: "The world WILL be better with the next cool patch for the cool
code I'm keep on writing."

 

[xpyttl]

What on earth would the C advocate say!! ;-)

Leave me alone, I've got work to do!

...

 

[Randy Brukardt]

....

To be both professional and efficient, how about if we just paste in
the entire text of the LRM before each statement? That would leave
nobody room for _any_ doubt about what the code means. Oh...well,
you're probably right: to go with, we'd better paste in the entire text
of a real dictionary, and (just in case) a complete set of books
teaching how to read English. The people you're obviously targeting as
reading the code undoubtedly need that -- after all, every word in
"Language Reference Manual" has three whole syllables!

That's certainly the process it takes to write a language standard; you have
to decide what every word means, or even specify the dictionary to use if
the word isn't defined in the standard. Ada programmers do care about such
things. It's not unusual to put a reference to the standard (or nowdays, a
link to the standard) into comments of Ada code.

There is an art to how much needs to be explicit, but if in doubt (and when
it comes to non-obvious language rules like precidence or visibility, it's
always in doubt), it is always better to err on the side of explicitness.

Ada advocate: "The world WOULD be better if you used Ada."

And the world IS better because of the various rock solid programs I wrote
in Ada. I suspect that many of the people in comp.lang.ada could and would
say the same.

OTOH, there is a lot of "cool" code out there that crashes systems and adds
security holes. Those things are much less likely in Ada code (certainly not
impossible, of course, especially since we have to sit on top of C-based
OSes).

Randy Brukardt


It's not unusual

 

[Ludovic Brenta]

Dr. Adrian Wrigley wrote:

[ ... ]

Isn't there some confusion here?

Surely the "aliasing" issue (ignored by C++ completely(?)) is
largely independent if the
"reinterpret_cast"/"Unchecked_Conversion" issue?

Yes -- he started by mentioning aliasing, but mostly seemed to be
talking about type punning, so that was what I replied to. The
discussion centered around safety, which is essentially orthogonal
to aliasing.

No, I did insist on aliasing as the main point, and then briefly about
the representation clause that caused two objects to be overlaid.

Aliasing is definitely *not* orthogonal to safety. The coding
standards I have reviewed for avionics, as well as the "Guide for the
use of the Ada programming language in High Integrity Systems" [1] all
discuss how aliasing adversely affects safety. It is important, in
safty-critical software, to understand aliasing: what it is, when it
takes place, and what the consequences are. Performance in this
context is a minor concern compared to predictability of the software.

[1] http://www.dkuug.dk/JTC1/SC22/WG9/n359.pdf

 

[Randy Brukardt]

....

Ada does not use the dot notation for calling member methods for
tagged types.

You mean "Ada 95 does not use...".

Ada 2005 provides "prefixed name" notation for calling methods as an option.
This unifies the syntax for tagged type calls, protected type calls, and
task entry calls (and interfaces which can be implemented by any of those
unifies it further).

Randy Brukardt

 

[Jerry Coffin]

Ludovic Brenta wrote:

[ ... ]

No, I did insist on aliasing as the main point, and then briefly
about the representation clause that caused two objects to be
overlaid.

Well, I just went back and reread your post, and I still don't see it,
but if you think that's what you said, so be it.

Aliasing is definitely *not* orthogonal to safety. The coding
standards I have reviewed for avionics, as well as the "Guide for the
use of the Ada programming language in High Integrity Systems" [1]
all discuss how aliasing adversely affects safety. It is important,
in safty-critical software, to understand aliasing: what it is, when
it takes place, and what the consequences are. Performance in this
context is a minor concern compared to predictability of the
software.

[1] http://www.dkuug.dk/JTC1/SC22/WG9/n359.pdf

I read through the reference above, and what it says about aliasing is
basically "We've built a program verification system that doesn't
understand aliasing, so attempting to use our system on code that uses
aliasing won't work."

Perhaps you intended to post some other link?

 

[Ludovic Brenta]

[1] http://www.dkuug.dk/JTC1/SC22/WG9/n359.pdf

I read through the reference above, and what it says about aliasing
is basically "We've built a program verification system that doesn't
understand aliasing, so attempting to use our system on code that
uses aliasing won't work."

Perhaps you intended to post some other link?

You seem to have mastered techniques to read faster than light

The document does not assume any tools to exist; it does not even
mandate the use of any tools. All it says is that aliasing makes
"information flow analysis" and "symbolic execution" difficult. In
other words, it makes it more difficult to prove the correctness of
software. And provability of software is the single most important
concern in safety-critical applications.

In other application domains, of course, aliasing is not so frowned
upon. But this thread is about safety and, as others like Ioannis
have noted, safty does have a cost, e.g. in terms of flexibility.

 

[Jerry Coffin]

Adrien Plisson wrote:

[ ... ]

about Air Traffic Control:

C++ Advocate: "The world WOULDN'T be safer if they used C++"

But they did, and do use C++ on regular basis. E.g.:

http://www.barco.com/airtrafficcontrol/en/products/product.asp?element=1833

Ada Advocate: "The world IS safer, because of the cool system we

wrote"

Right -- that's why things like this:

http://www.computing.co.uk/news/1130528

never happen!

Serously though, if you think the ATC system is written exclusively or
even primarily in Ada, you're simply mistaken. It's certainly true that
for some time now, SOME of the new development has been done in Ada,
but it's also true that some of the new development has been done in
C++. It's also true that there's LOTS of ancient code written in things
like JOVIAL.

about buffer overflows:

Ada advocate: "Networks WOULD be more secure if you used Ada"
C++ advocate: "Networks WOULD be more secure if we used Ada"

So far, no C++ advocate seems to have said anything similar to what you
claim, but in a way you're probably right. If we depended on Ada to do
the job, the Internet (for one) would be drastically more secure,
though only because nobody used it! (<- explicit smiley for those
who seem to need them...)

 

[Martin Dowie]

But they did, and do use C++ on regular basis. E.g.:

http://www.barco.com/airtrafficcontrol/en/products/product.asp?element=1833

But the link you give does not say that C++ was used - perhaps it was
(it actually says "...ODS Toolbox does not require special programming
skills in C/C++...").

But it Ada is used on all sorts of traffic systems from air to rail to
GPS. A list of such systems is available at:

http://www.act-europe.fr/aa_lookwho.php

Cheers

-- Martin

 

[Jerry Coffin]

You seem to have mastered techniques to read faster than light

Do you believe that the document was unavailable before you posted the
link to it? In fairness, I'm not sure I'd read this exact version
previously though, so when I have a bit more time, I'll probably reread
it more carefully. Having Ada in the title doesn't _necessarily_ rule
out its containing useful information.

[ ... ]

The document does not assume any tools to exist; it does not even
mandate the use of any tools.

Sorry -- I probably should have said "techniques" rather than "tools",
though I _hope_ anybody using these techniques uses tools to do so --
I'm reasonably certain that on any more than a truly trivial system,
doing the job by hand would be exceptionally error prone.

In any case, the "problem" with aliasing isn't in safety per se, but in
verification. Better verification techniques might eliminate the
problem.

Likewise, it should be added that these techniques have problems with a
number of other perfectly valid and legitimate types of programming
that are not necessarily unsafe either.

All it says is that aliasing makes
"information flow analysis" and "symbolic execution" difficult. In
other words, it makes it more difficult to prove the correctness of
software. And provability of software is the single most important
concern in safety-critical applications.

I doubt that, but if it really was true, Ada should almost certainly be
avoided as well -- pure functional programming makes verification
_considerably_ easier (and only in part because eliminating assignments
eliminates the issue of aliasing).

In other application domains, of course, aliasing is not so frowned
upon. But this thread is about safety and, as others like Ioannis
have noted, safty does have a cost, e.g. in terms of flexibility.

I don't agree that safety necessarily has to have a cost in
flexibility. Certainly if Ada was the only way to achieve safety, the
cost would be extreme, but I remain convinced there are other ways.

In fact, much of language design is a matter of not merely balancing
the two (which Ada does reasonably well) but of finding real solutions
that allow flexibility without losing safety. Unfortunately, when Ada
was being designed, the two seem to have been seen as direct tradeoffs,
where increasing one necessarily reduced the other. In some cases, it
looks to me like flexibility was constricted on the simple assumption
that doing so _must_ improve safety, even if nobody knew how.

 

[Wes Groleau]

What on earth would the C advocate say!! ;-)

"Oops. Sorry, I'll fix that in a jiffy!"

 

[Ioannis Vranos]

This is safer, but limiting.

Of course you can!

Can this be done in Ada?


#include <iostream>
#include <vector>
#include <ctime>
#include <algorithm>


int main()
{
using namespace std;

vector<int> vec(1000);

// Seeds the random number generator
srand(time(0));

// Use rand() to fill vector with values
// As you see the operation is entirely safe.
generate(vec.begin(), vec.end(), rand);

vector<int>::size_type i;

// Finds the first index where a value is smaller than 1000
// in low level style
for(i=0; i<vec.size(); ++i)
if(vec<1000)
break;

i==vec.size()? cout<<"No number <1000 was found\n"
:cout<<"Number <1000 found at index "<<i<<"\n";
}