From Ada 2012
bearophile
bearophileHUGS at lycos.com
Thu May 3 16:49:32 PDT 2012
Paulo Pinto:
>but thanks to the increase in security concern in software,
>actually it seems to be picking up users in Europe, for projects
>where human lifes are at risk.<
Recently I am seeing a little grow of the interest in Ada. Maybe
they have accepted that despite the flaws of Ada, it's the best
tool for certain purposes. But more probably, several other more
important factors are at play, probably political too.
>But D would, of course, be an easier upgrade path for C or C++
>developers.<
In my opinion for a decent C or C++ programmer it's not too much
hard to learn the Zen of Ada, they share similar roots (Ada is
closer to Pascal, C++ closer to C, but the paradigms used are
similar. Example: Ada templates require explicit instantiation,
but learning this doesn't require a C++ programmer to change
his/her/hir brain a lot).
D seems fit to write videogame engines, but despite D is safer
than C and C++, for high integrity software, I think D will need
an external tool that enforces very strict safe coding standards,
because @safe can't be enough. Example: on default Ada all
integral values don't overflow silently. Another example: there
are strict and safe built-in ways to use multi-cores. Another
example: kinds of pointers.
I have not used Ada a lot, but I like how you usually define
(strong) types for most classes of variables, like for integral
values, each with their range, if they are sub-ranges (subtypes)
of other strong ranges, and so on.
A small example. If you have two matrices, where one contains
(r,c) row-column pairs of indexes of the other matrix, it's easy
to enforce the tuple items to be inside the number of rows or
columns of the other matrix. If the second matrix has to contain
only positive values, plus let's say the -3 -2 and -1 values to
signal special cases, it's easy to define such integral type, and
so on. And the compiler will verify things at compile-time where
possible (example: If you write a literal of a string of
enumerated chars, or the second matrix, it will verify at
compile-time that the values of the literal are in the specified
ranges), and insert out of range tests for run-time. Such range
kinds and tests don't require advanced type system features to be
implemented by the Ada compilers, but they are able to catch a
lot of bugs early, that in C/C++/D bite you often. In most C++
code I've seen there is not even a bit of such strong static
typing of the integral values. This makes the code harder to
modify, and just "int" used for ten different purposes makes it
easy to use an integral variable where a totally different one
was needed, this turns the C++/D code into a "soup" that's buggy
and harder to debug. I don't like the carefree attitude of
C-style languages regarding strong typing of integral values. I
have seen that computer language features 30+ years old are able
to avoid most of such troubles.
In functional languages as Haskell and F# such work on indexes
and ranged values and so on is much less needed, but in
high-performance Ada/C/C++/Delphi/D coding, they are used quite
often.
Bye,
bearophile
More information about the Digitalmars-d
mailing list