Re: Safety and power in languages

Daniel J. Salomon <salomon@silver.cs.umanitoba.ca> wrote:


>Let me give two concrete examples of what I am talking about.


>Ada requires that all variant records have an explicit discriminant,
>whereas C union types do not even provide explicit discriminants.
>Requiring an explicit discriminant prevents a lot of errors, but I
>have written plenty of correct and reliable C code that did not have
>an explicit discriminant. In many algorithms the type of a union
>variable can be known from the context in which it is used. So you
>see, in Ada I am forced to write code in a certain way the prevent
>possible bugs, not necessarily to correct existing bugs.


Good point. Many don't realize this about variant records. In Ada, you
use Unchecked_Conversion to get the effect of an undiscriminated
union. Some do not even know that this is possible in Ada. As usual,
you need to be pretty explicit in your use of it.


Another small feature with a big safety payoff is that pointers in Ada
are (required to be) initialized to NULL. Obviously, a careless
programmer might leave a pointer _dangling_, but at least


- an attempt to dereference a NULL pointer will raise Constraint_Error
    instead of dumping core, and


- dereferencing a _garbage_ (uninitialized) pointer is nearly impossible,
    because of the initialization-to-NULL rule.


I have seen a number of reports showing that many, if not most,
hard-to-trace bugs in C come from memory-reference problems - garbage
pointers, overrunning subscripts, etc. Undoubtedly C++ improves this,
but Ada is _designed_ to minimize the likelihood of it happening.


Mike Feldman
--

Return to the comp.compilers page.
Search the comp.compilers archives again.