Teaching new tricks to an old dog (C++ -->Ada)

[fmdf]

3. Many of you want us to believe that ADa performs ra nge checking
without loss of performance: it can be true at compile time with fixed
ranges, but it can't definitely be done without chechinkg array bounds
every time data is accessed if we don't know these bounds before
compiling (e.g.: typical cases where dynamic allocation of memory is
used)

Do you think C++ is more performing at range checking? When you don't
anymore need checkings in a Ada program you can use "Pragma
Suppress()". What can you do in a C++ program? I suppose you can only
rewrite that code.

Suppose you want a class type to hold a value in range -100 .. 100, I
think you have to code a lot to build a class that can't be mistakenly
used to hold absolut greater values.

Please compare the following two simple programs each of them have a
bug overflowing a value. I am sure that they can be better coded, or
that better solutions can be implemented as I'm not either a C++ or Ada
professional programmer, yet the C++ code is not as expressive and
compact as the Ada counterpart.

// over.cpp

#include <iostream>

using std::cout;
using std:stream;

class Range_Error
{
public:
Range_Error()
: message( "raised \"Out of Range\"" ) {}
const char* what() const { return message; }
private:
const char* message;
};

class Var_T
{
public:
Var_T( const int& i = int() )
{
assign( i );
}
Var_T& operator++( )
{
assign( ++Var );
return *this;
}
bool assign( const int& i )
{
if ( i >= 0 && i <= 100 )
Var = i;
else throw Range_Error();
return true;
}
friend std:stream& operator<<( std:stream& out, const Var_T&
obj )
{
out << obj.Var;
return out;
}
private:
int Var;
};

int main()
{
Var_T Var( 0 );
try
{
for ( int i = 0; i <= 100; ++i ) // range check error expected
++Var;
cout << Var << '\n';
}
catch( Range_Error ERR )
{
cout << ERR.what() << '\n';
}
return 0;
}


-- over.adb

with Ada.Text_IO;
use Ada.Text_IO;

procedure Over is
-- Pragma Suppress( Range_Check );
type Var_T is range 0 .. 100;
package Var_IO is new Ada.Text_IO.Integer_IO( Var_T );
Var : Var_T := 0;

begin
for Index in 0 .. 100 loop -- range check failing is expected
Var := Var + 1;
end loop;
Var_IO.Put ( Var );
New_Line;
exception
when Constraint_Error =>
Put_Line ( "Constrained Error" );
when others =>
Put_Line ( "Unknown Error" );
end Over;


Ada example is less than half longer than C++, it is most expressive,
it catches all exceptions (not only out of range) and it suppresses all
range checks when uncommenting "Pragma".

What dou you think of this kind of Ada unefficient and too many lines
of code example?

Ciao,

fabio de francesco

 

[Ioannis Vranos]

Exactly, the C++ meta-template programming seems quite interesting.

I agree about the interesting info for both languages myself too. Just
to be accurate, it is "template metaprogramming".

 

[Ioannis Vranos]

I agree about the interesting info for both languages myself too. Just
to be accurate, it is "template metaprogramming".

Two interesting links:

http://home.earthlink.net/~joshwalker1/writing/TemplateMetaprogramming.html

http://www.codeproject.com/cpp/crc_meta.asp


Again, it is a whole field of its own with many books about it. It is
about turning *any* run-time operation to compile time (and the output
can be the compiler messages).

 

[fmdf]

Do you think C++ is more performing at range checking? When you don't
anymore need checkings in a Ada program you can use "Pragma
Suppress()". What can you do in a C++ program? I suppose you can only
rewrite that code.

Suppose you want a class type to hold a value in range -100 .. 100, I
think you have to code a lot to build a class that can't be mistakenly
used to hold absolut greater values.

Please compare the following two simple programs each of them have a
bug overflowing a value. I am sure that they can be better coded, or
that better solutions can be implemented as I'm not either a C++ or Ada
professional programmer, yet the C++ code is not as expressive and
compact as the Ada counterpart.

// over.cpp

#include <iostream>

using std::cout;
using std:stream;

class Range_Error
{
public:
Range_Error()
: message( "raised \"Out of Range\"" ) {}
const char* what() const { return message; }
private:
const char* message;
};

class Var_T
{
public:
Var_T( const int& i = int() )
{
assign( i );
}
Var_T& operator++( )
{
assign( ++Var );
return *this;
}
bool assign( const int& i )
{
if ( i >= 0 && i <= 100 )
Var = i;
else throw Range_Error();
return true;
}
friend std:stream& operator<<( std:stream& out, const Var_T&
obj )
{
out << obj.Var;
return out;
}
private:
int Var;
};

int main()
{
Var_T Var( 0 );
try
{
for ( int i = 0; i <= 100; ++i ) // range check error expected
++Var;
cout << Var << '\n';
}
catch( Range_Error ERR )
{
cout << ERR.what() << '\n';
}
return 0;
}


-- over.adb

with Ada.Text_IO;
use Ada.Text_IO;

procedure Over is
-- Pragma Suppress( Range_Check );
type Var_T is range 0 .. 100;
package Var_IO is new Ada.Text_IO.Integer_IO( Var_T );
Var : Var_T := 0;

begin
for Index in 0 .. 100 loop -- range check failing is expected
Var := Var + 1;
end loop;
Var_IO.Put ( Var );
New_Line;
exception
when Constraint_Error =>
Put_Line ( "Constrained Error" );
when others =>
Put_Line ( "Unknown Error" );
end Over;


Ada example is less than half longer than C++, it is most expressive,
it catches all exceptions (not only out of range) and it suppresses all
range checks when uncommenting "Pragma".

Sorry for my English... Please read:

Ada example is more than a half shorter than C++ one, it is more
expressive, it ...

 

[fmdf]

[cut]

And no C++ compiler will check that Data is valid. That's the point. If
you
add the check explicitly no C++ compiler will be able to remove it. In the
Ada
case the compiler knows lot more about the program and can decide to remove
the check if it knows that the index will never be outside the object
range. This is always the case for:

for K in Data'Range loop
... Data(k)...

Pascal.

In order to suppress all checks, with Ada we can use Pragma Suppress()
yet with C++ we have to write a totally different new code when you
don't want anymore checks (if using C++ "try .. catch" constructs).

Is it true, isn't it?

fabio de francesco

 

[Ioannis Vranos]

-- over.adb

with Ada.Text_IO;
use Ada.Text_IO;

procedure Over is
-- Pragma Suppress( Range_Check );
type Var_T is range 0 .. 100;
package Var_IO is new Ada.Text_IO.Integer_IO( Var_T );
Var : Var_T := 0;

begin
for Index in 0 .. 100 loop -- range check failing is expected
Var := Var + 1;
end loop;
Var_IO.Put ( Var );
New_Line;
exception
when Constraint_Error =>
Put_Line ( "Constrained Error" );
when others =>
Put_Line ( "Unknown Error" );
end Over;


Ada example is less than half longer than C++, it is most expressive,

Your C++ code in a bit better shape (and more spaces, I like to add
spaces to make the code more readable):


#include <iostream>
#include <stdexcept>


class Var_T
{
public:
Var_T( const int& i = int() )
{
if ( i >= 0 && i <= 100 )
Var = i;

else throw std:ut_of_range("raised \"Out of Range\"");
}

Var_T& operator++( )
{
assign( ++Var );

return *this;
}

bool assign( const int& i )
{
if ( i >= 0 && i <= 100 )
Var = i;

else throw std:ut_of_range("raised \"Out of Range\"");

return true;
}

int rvalue() const { return Var; }


private:
int Var;
};



inline std:stream& operator<<( std:stream &out, const Var_T &obj )
{
out << obj.rvalue();

return out;
}


int main() try
{
Var_T Var;

for ( int i = 0; i <= 100; ++i ) // range check error expected
++Var;

std::cout << Var << "\n";
}

catch(std::exception &ERR)
{
std::cerr << ERR.what() << "\n";
}

it catches all exceptions (not only out of range) and it suppresses all
range checks when uncommenting "Pragma".

What dou you think of this kind of Ada unefficient and too many lines
of code example?

At first personally I do not think Ada is inefficient, but I have the
feeling that C++ is more powerful.

About the run-time checks one can easily implement a macro mechanism to
disable checks too, with the definition of a constant like before the
compilation like:


#define NOCHECKS


Second, templates can be used for compile-time constraints, but I do not
know these stuff yet, so perhaps someone may provide this. And then one
could provide such a checking mechanism via templates (not of course to
mention once again template metaprogramming where an increment operation
could become compile-time).

 

[Jim Rogers]

What does an Air Defense Artillery unit have to do with this?

It is just possible the fire control system was written in Ada

Jim Rogers

 

[Ioannis Vranos]

Ok, you want to play this game I like it...

How would you implement this (100% Ada, no external libraries as used in
your C++ example):

package API is
pragma Remote_Call_Interface;

procedure Call_Me (Str : in String);
end API;

Seriously, we are not going to build thousands of examples for C++ and Ada,
right ?

What is it doing?

 

[Ioannis Vranos]

Note that it is for this very reason that Java was born (a safer C++). Java
has indeed removed lot of unsafe constructs from C++.

Please do not start a real flame! Java is far behind C++. It is a silver
bullet. Check this interesting article about silver bullets:


http://www.itworld.com/AppDev/710/lw-02-stroustrup/page_1.html


Also do not confuse the language with its framework. It is a language
using a closed to other languages framework.


When I compare C++ to Java, I compare C++ on .NET vs Java on Java framework.

Java *loses* in both areas regarding facilities.


Regarding Ada I think it is interesting language, with about the same
design ideals (a bias to systems programming) with C++, and this time my
opinion is that both languages provide some advantages and disadvantages
between them.

In general we can say they are the same "powerful" (=expressiveness, low
level abilities, high level abilities), and with C++ providing more
paradigms and complete paradigm support, and Ada providing more implicit
safety.

 

[fabio de francesco]

Your C++ code in a bit better shape (and more spaces, I like to add
spaces to make the code more readable):


#include <iostream>
#include <stdexcept>

[cut]

Ioannis Vranos

Thank you for your reply and for introducing me to "stdexcept" and
"std:ut_of_range". I didn't know those features so I want to learn
some more about them.

B.Stroustrup wrote in his "C++ Programming Language" that He was partly
inspired by Ada (and by a misterious to me "Clu") in creating C++
templates and exceptions. Does it mean these languages are closer than
everyone would expect?

Ciao,

fabio de francesco


Ciao,

 

[Jerry Coffin]

Pascal Obry wrote:

[ ... ]

Most of us on the Ada side are considering that what is important in
a language is not what it permits but what it prohibits for just this
reason. We will all step on the wrong side at some point, we want the
language and the compiler to be able to warn us. Of course this can
look frustrating but it is invaluable in the long run.

Short of using things like casts that are designed specifically to
_prevent_ the compiler from giving warnings (and which have their
counterparts in Ada) what practices on the "wrong side" do you see that
a C++ compiler can't warn about?

Note that it is for this very reason that Java was born (a safer
C++). Java has indeed removed lot of unsafe constructs from C++.

Thinking of Java as a safer C++ betrays misundertanding of one (or
probably) both languages. Comparisons between Ada and C++ are at least
somewhat reasonable -- while they approach the problems from entirely
different directions, both attempt to address roughly similar problem
spaces. In particular, both attempt to provide the ability to work at
nearly any level from direct bit-bashing, up to relatively high-level
expression of algorithms and their applications to collections of
objects and such.

Java differs substantially from either of these by eliminating not only
the lowest level of access, but the top levels as well. While it's
possible that the original _reason_ for inventing Java was safety
(personally, I doubt it, but I don't claim to be a mind-reader to be
able to say for sure), the result is considerably different. In point
of fact, I don't think of Java as particularly closely related to C or
C++ at all. Once you look past the syntax (I.e. the superficial parts
of the language) Java isn't much like C or C++ at all -- under the
skin, it strikes me as much more of a Smalltalk with odd syntax than C
(or C++) with modified features. Don't get me wrong -- Java isn't
really like Smalltalk either, but IMO, it's closer to Smalltalk than to
C++.

I should add that I happen to rather like Smalltalk, so that's not
entirely bad. Unfortunately, I think Smalltalk is a lot better off with
Smalltalk syntax. While I can believe that borrowing C's syntax
contributed heavily to the success of Java, I'm personally of the
opinion that C's syntax is probably its weakest point, while
Smalltalk's is a major strength.

 

[red floyd]

@newssvr21.news.prodigy.com:




It is just possible the fire control system was written in Ada

Jim Rogers

That's quite possible. In my artillery control software days, we tended
to use C (systems: LTACFIRE and IFSAS), partly because we had a custom
hardware platform without a validated compiler, and the second system
was a port of the first.

I knew Ada, but I never admitted it if at all possible, because I hated
Ada 83 with a passion. Ada 95 has cleaned up most of the warts.

 

[Jerry Coffin]

Well, I don't think this is *big* news to anyone!

Perhaps not -- but the strong implication that C++ was NOT used in such
systems, seems to leave only two possible conclusions: the person who
made the implication was either ignorant or lying.

I prefer to think this WAS big news, meaning the implication was simply
an honest mistake rather than an outright lie, or the result of such a
shallow view as to ignore the majority of the system.

 

[fabio de francesco]

[skip]

About the run-time checks one can easily implement a macro mechanism to
disable checks too, with the definition of a constant like before the

compilation like:


#define NOCHECKS

I think that you have to heavily modify the program code, isn't true?
Instead by means of "pragma suppress();" you can leave your code as it
is, so when you have finished with all tests you do on it you can
suppress checks with only one statement. It means that every time you
come back to updating that code you can easily turn all checks on anew
every time you need it. (With pragma suppress(...) the program will
print "101" and go normally to the end).

Second, templates can be used for compile-time constraints, but I do not
know these stuff yet, so perhaps someone may provide this. And then one
could provide such a checking mechanism via templates (not of course to
mention once again template metaprogramming where an increment operation
could become compile-time).

Ioannis Vranos

If there is anyone who may provide such a checking mechanism via
templates it would be appreciated.

Ciao,

fabio de francesco

 

[Jerry Coffin]

Randy Brukardt wrote:

[ ... ]

Why would the Internet not be used?

Two major reasons, plus a third upon which I'll elucidate further
below.

First of all, work on ARPAnet started out around the mid-1960's, but it
only became available to most of the public around the early 1990's or
so. Had development been delayed for 20 years or so until Ada compilers
were available, we'd be waiting another five years or so before it
became available to most of its current users.

Second, if the work had been done exclusively or primarily in a
language the DoD considered its own, I suspect opening it up to the
public would have taken even longer, if it was ever allowed to happen
at all.

Ada is a fully general purpose programming language, and if the
Internet was mostly written in Ada, the applications and uses
would be pretty much the same (just with fewer trivial bugs).

Your claim of fewer bugs is just the sort of unsupported anti-C comment
we see all the time.

The third reason: if you look closely at most internet protocols, you
quickly realize that they have a distinctly "hackish" character. Most
work "well enough", but have massive defects from a theoretical
viewpoint.

The mindset that embraces Ada simply would never have designed things
that way. Heck, I'm clearly on the C++ side of the fence, and I stil
find many of them at least mildly distasteful. Had they been designed
by Ada programmers, the hackish character would be gone. Instead, the
system would be designed to operate in harmony as a coordinated system.
To ensure that, connecting to this system would only be allowed after
passing an extensive (and expensive) certification process, and only
one OS in existence would be capable of passing -- and it wouldn't be
from a bunch of hackers like Microsoft either. It would be from some
place thoroughly professional, with a thoroughly professional license
fee (i.e. well out of reach of over 99% of the people who currently use
the Internet).

Its users would all be ecstatic about how well it worked, and would be
able to tell each other about the other day when they ran it under a
simulated load, and it showed so little degradation that they just KNOW
it'll still work beautifully when it has grown to over a thousand
users!

 

[Ioannis Vranos]

Thank you for your reply and for introducing me to "stdexcept" and
"std:ut_of_range". I didn't know those features so I want to learn
some more about them.

There are a lot of great things to learn in C++, if you have TC++PL 3,
take a look at chapter 19 for example (myself have "paused" in the
beginning of chapter 19 since more than a year ago, so as to learn some
..NET-specific programming).

B.Stroustrup wrote in his "C++ Programming Language" that He was partly
inspired by Ada (and by a misterious to me "Clu") in creating C++
templates and exceptions. Does it mean these languages are closer than
everyone would expect?

One thing is sure, in this discussion thread with Ada programmers, I
"feel like home", and Ada people provide examples based on facts.

I had not thought to look in TC++PL for Ada, but indeed it looks like
there are some references:


"A programmer coming from a different language (say C, Fortran,
Smalltalk, Lisp, ML, Ada, Eiffel, Pascal, or Modula2) should realize
that to gain the benefits of C++, they must spend time learning and
internalizing programming styles and techniques suitable to C++. The
same applies to programmers used to an earlier and less expressive
version of C++."


"Templates were partly inspired by Ada’s generics (both their strengths
and their weaknesses) and partly by Clu’s parameterized modules.
Similarly, the C++ exception-handling mechanism was inspired
partly by Ada [Ichbiah,1979], Clu [Liskov,1979], and ML [Wikströ
m,1987]. Other developments in the 1985 to 1995 time span – such as
multiple inheritance, pure virtual functions, and namespaces – were
primarily generalizations driven by experience with the use of C++
rather than ideas imported from other languages."


"[Ichbiah,1979]

Jean D. Ichbiah, et al.: Rationale for the Design of the ADA Programming
Language. SIGPLAN Notices. Vol. 14 No. 6. June 1979."



"For many people trained in languages such as C, Pascal, Modula2, and
Ada, there is an almost irresistible urge to organize software as a set
of switch-statements. This urge should usually be resisted. Use virtual
functions (2.5.5, 12.2.6) rather than RTTI to handle most cases when
run-time discrimination based on type is needed."

 

[Pascal Obry]

Your claim of fewer bugs is just the sort of unsupported anti-C comment
we see all the time.

Just plain wrong, there is data (a PHD) see
http://www.adaic.com/whyada/ada-vs-c/cada_art.html

Pascal.

--

--|------------------------------------------------------
--| Pascal Obry Team-Ada Member
--| 45, rue Gabriel Peri - 78114 Magny Les Hameaux FRANCE
--|------------------------------------------------------
--| http://www.obry.org
--| "The best way to travel is by means of imagination"
--|
--| gpg --keyserver wwwkeys.pgp.net --recv-key C1082595

 

[Ioannis Vranos]

If there is anyone who may provide such a checking mechanism via
templates it would be appreciated.

I also note here that apart from "template metaprogramming" there is
also the support of "lambda expressions", another field of its own as
far as I know.

A C++ library providing high-level support for them is Boost:

http://www.boost.org/doc/html/lambda.html


If you download the library you can check its C++ source code.

 

[Pascal Obry]

What is it doing?

Create stub/skeleton and a partition* that can be called from another one.

In the context of Annex - E (Distributed Programming) partition is an
executable part of a complete application.

Pascal.

--

--|------------------------------------------------------
--| Pascal Obry Team-Ada Member
--| 45, rue Gabriel Peri - 78114 Magny Les Hameaux FRANCE
--|------------------------------------------------------
--| http://www.obry.org
--| "The best way to travel is by means of imagination"
--|
--| gpg --keyserver wwwkeys.pgp.net --recv-key C1082595

 

[Pascal Obry]

Short of using things like casts that are designed specifically to
_prevent_ the compiler from giving warnings (and which have their
counterparts in Ada) what practices on the "wrong side" do you see that
a C++ compiler can't warn about?

We have already had a long thread about that!

Thinking of Java as a safer C++ betrays misundertanding of one (or

That's not a misunderstanding. That's how Sun has described Java. They started
from C++ and have removed many unsafe features. They eventually stop the
process at some point and this has given birth to Java. That's history.

Pascal.

--

--|------------------------------------------------------
--| Pascal Obry Team-Ada Member
--| 45, rue Gabriel Peri - 78114 Magny Les Hameaux FRANCE
--|------------------------------------------------------
--| http://www.obry.org
--| "The best way to travel is by means of imagination"
--|
--| gpg --keyserver wwwkeys.pgp.net --recv-key C1082595