Ada, SPARK [Was: Re: tolf and detab (language succinctness)]

bearophile bearophileHUGS at lycos.com
Fri Oct 29 10:27:25 PDT 2010


Bruno Medeiros:

> I'm not an expert on high-reliability/critical systems, but I had the 
> impression that the majority of it was written in C (even if with 
> restricting code guidelines). Or that at least, much more critical 
> software is written in C than in Ada. Is that not the case?

MISRA C is one of the most used high-integrity code guidelines for C:
http://en.wikipedia.org/wiki/MISRA_C
MISRA C has 127 rules, 93 are required and 34 are advisory. They forbid you lot of things.

C language is acceptable for some usages, but it's surely not the best language you may find for high-integrity code, even if your code passes MISRA C tests. I don't know how much Ada is used compared to C in those situations, but I know Ada is used today for those purposes. SPARK is an Ada subset (like MISRA, but smaller) that allows to write stronger code.

Even MISRA C guidelines say that:
http://www.adahome.com/articles/1998-07/nw_adarecommended.html

If D becomes widespread, then someone may write a guidelines (plus testing software to enforce them), like a kind of MISRA D. D is a little safer than C, but I don't know how much fit for those purposes, because sometimes high-integrity code is also embedded. In this regard the good thing of Ada is that it was designed from the start for those purposes, so you start from a better starting point.

Numerical computing, high-perfpormance videogames, and medium-integrity code are three of the possible applications I see for the D2 language.

The D numerical computing applications will enjoy design ideas from Chapel and X10 languages, while the medium-integrity D applications will enjoy ideas from Ada, SPARK, ATS, MISRA C, etc.

Bye,
bearophile


More information about the Digitalmars-d mailing list