Re: Safety and power in languages

mfeldman@seas.gwu.edu (Michael Feldman)
12 Feb 1996 23:42:10 -0500

          From comp.compilers

Related articles
Re: Possible to write compiler to Java VM? ncohen@watson.ibm.com (1996-01-29)
Safety and power in languages truesoft!sw@uunet.uu.net (1996-02-02)
Re: Safety and power in languages bobduff@world.std.com (1996-02-04)
Re: Safety and power in languages salomon@silver.cs.umanitoba.ca (1996-02-09)
Re: Safety and power in languages truesoft!sw@uunet.uu.net (1996-02-09)
Re: Safety and power in languages mfeldman@seas.gwu.edu (1996-02-12)
Re: Safety and power in languages fabre@gr.osf.org (Christian Fabre) (1996-02-13)
Re: Safety and power in languages eachus@spectre.mitre.org (1996-02-13)
Re: Safety and power in languages darius@phidani.be (Darius Blasband) (1996-02-13)
Re: Safety and power in languages Roger@natron.demon.co.uk (Roger Barnett) (1996-02-14)
| List of all articles for this month |

From: mfeldman@seas.gwu.edu (Michael Feldman)
Newsgroups: comp.lang.java,comp.compilers,comp.lang.ada
Date: 12 Feb 1996 23:42:10 -0500
Organization: George Washington University
References: 96-01-116 96-02-026 96-02-057
Keywords: design, Ada

Daniel J. Salomon <salomon@silver.cs.umanitoba.ca> wrote:


>Let me give two concrete examples of what I am talking about.


>Ada requires that all variant records have an explicit discriminant,
>whereas C union types do not even provide explicit discriminants.
>Requiring an explicit discriminant prevents a lot of errors, but I
>have written plenty of correct and reliable C code that did not have
>an explicit discriminant. In many algorithms the type of a union
>variable can be known from the context in which it is used. So you
>see, in Ada I am forced to write code in a certain way the prevent
>possible bugs, not necessarily to correct existing bugs.


Good point. Many don't realize this about variant records. In Ada, you
use Unchecked_Conversion to get the effect of an undiscriminated
union. Some do not even know that this is possible in Ada. As usual,
you need to be pretty explicit in your use of it.


Another small feature with a big safety payoff is that pointers in Ada
are (required to be) initialized to NULL. Obviously, a careless
programmer might leave a pointer _dangling_, but at least


- an attempt to dereference a NULL pointer will raise Constraint_Error
    instead of dumping core, and


- dereferencing a _garbage_ (uninitialized) pointer is nearly impossible,
    because of the initialization-to-NULL rule.


I have seen a number of reports showing that many, if not most,
hard-to-trace bugs in C come from memory-reference problems - garbage
pointers, overrunning subscripts, etc. Undoubtedly C++ improves this,
but Ada is _designed_ to minimize the likelihood of it happening.


Mike Feldman
--


Post a followup to this message

Return to the comp.compilers page.
Search the comp.compilers archives again.