Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Comment Re:Ada (Score 2) 505

There's a lot of good stuff here: and here:

And It's "Ada" not "ADA". The language name is not an acronym. Rather it's named after Ada Countess Lovelace, see The choice of the name was deliberate, Ada Lovelace is commonly cited as the first computer programmer (for Babbage's Analytical Engine). And that name long pre-dates the current initiatives for "women in computing." (There were a fair number of women involved with the Ada program, such as the late Jean Sammet, quite unusual in the late 1970s/early 1980s during the initial development of the requirements and then language itself.)

Comment Re:Ada (Score 1) 505

Only partially... Image processing routines have been subject to buffer overrun attacks. Buffer overrun attacks occur when array bounds aren't checked. The core question is the efficiency of such checks (versus the security they provide.)

If the compiler has type information on the index, then in many cases it can (easily) prove that a range check is not required.


      type index_t is range 1..10:
      type image_element_array is array (index_t) of image_elements;

Now any object declared of type index_t does not require a range check when used as index for an object of type image_element_array. Under some circumstances, -creating a value of type index_t- does require that check (e.g."my_index := my_index + 1;" will require a range check on the assignment. If you try to assign "11" to my_index, either directly or because the previous value of my_index was 10 and you tried to add 1 to it, you'll raise Constraint_Error exception at that statement. And this is where Ada started out superior to Pascal, because you never really knew what would happen in Pascal if you violated a range constraint.)

But the 'right way' to iterate over an array, one that is perfectly type safe, is
        my_image : image_element_array;
-- somehow my_image gets loaded
        for an_index in my_image'range loop ...
-- all values of an_index are within the range of values for my_image; compiler does not need to generate any range checks for my_image (an_index) !!

Comment Re:Ada (Score 3, Insightful) 505

The particular interesting thing about -avionics- is the cost of development is dwarfed by the cost of verification. I remember a presentation by Boeing Commercial Aircraft on the 777. They said, "We've done DO-178b Level A in a bunch of languages. For most languages, the cost to develop and the cost to verify is pretty much the same. For Ada [Ada83 - this was in the 90s], the cost to develop in Ada was 25% more than other languages. But the cost to -verify- that Ada was about 1/4 the cost of any other language. DO-178b Verification costs up to 10x development," He wouldn't say just how much that cost for 777, but he strongly implied it was multiple billions of dollars.

Comment Re:Ada (Score 1) 505

And those programs are vulnerable to exploitation due to the lack of bounds checking.

Please produce real numbers for real programs demonstrating a significant cost from bounds-checking.

Seriously, a single instruction bounds-check that prevents a security breach is a damn small price to pay! (Some instruction sets even do this as a side-effect, I think.)

Comment Re:Ada (Score 1) 505

1. It's maybe 1 instruction on most architectures.
2. If you want security, you have to pay for it.
3. In many cases, the compiler can prove the bounds check is not needed!
      for index in some_array'range loop
... some_array(index) ....
      end loop;
Unless you modify index (as an "l-value"), the compiler knows the values for index are exactly the bounds of the array (because 'range returns the range of values for the object some_index), so no bounds check is required. If the compiler does detect that index can be modified, it would need to insert a bounds check.

Comment Re:Ada (Score 2) 505

1. No address arithmetic. Arrays are programmed with bounds-checking, usually through dope vectors generated by the compiler. It is a requirement of the language to generate an exception if you try to go beyond the bounds of the array.

2. Ada handles pointers through access types (which, by the way, are always checked before dereferencing to be sure the pointer is not null). There are coding styles and means to do memory management, e.g. setting up a memory pool for a specific access type. Ada95 and beyond includes good support for constructors and destructors. Under some circumstances, the compiler can prove when there are no more extant values for a given access type and reclaim the entire pool.

That being said, if you're not a bit careful, you can program storage leaks in Ada through the normal mechanisms. It's not 100% foolproof. Some competence by the developer is required.

And there are means to escape the restrictions of the language. These have substantial syntactic sugar, so the developer (coder, reviewer, tester) knows "we are now doing something extraordinary. Certain checks provided by the language no longer apply here." In my experience, the most skilled developers work on this stuff (carefully) and then package it up (pun intended!) for use by the rest of the project.

And the Ariadne 5 incident is interesting, in part because the developers -turned off- the checks provided by the language!!! That's kinda like deciding you don't need seat belts in your car driving down the highway, because it passed crash testing.

Comment Re:Ada (Score 2) 505

#1 is not true. See There's been a GPL Ada compiler for at least 30 years. The Ada Core product is open source, you pay for maintenance.

For #2, the debate in many respects boils down to "simple programs in complex language" or "complex programs in a simple language." But see (and there are free versions of that, too), for a subset of Ada specifically designed to support proof-of-correctness.

Comment Re:Ada (Score 4, Interesting) 505

In part it's a cultural thing. Ada is considered "complex and verbose" (but compare with Java). Ada is, of course, from the DoD, so it's "obviously bad." Most importantly, Ada requires a bit more thought before you jump into the code.

The interesting thing about Ada is that a skilled practitioner learns how to use the language to his advantage. You code so the compiler checks as much as it can, so you can concentrate on things the compiler can't check. When the compiler and you agree the code is correct, it probably is, at least with respect to typos and coding errors.

One big criticism I have with most languages, even those with a type system, is they don't support strongly typed scalars. But that's where type errors are most common. I don't think I ever tried to "add apples to oranges". But I have tried to add "count of apples" to "count of oranges" (or more specifically, once tried to add horizontal pixel location to vertical pixel location.)

Furthermore, those who think their C code is "close to the machine" don't know much about modern machine architectures. Compilers do a LOT MORE work than they did in the days of the PDP-8/PDP-11 or original x86 family. Ada (among other 'higher level' languages) provides the modern compiler with a lot more information for code selection and optimization. For example, register flushing is a lot easier to manage in Ada because pointer types are always declared as such, and unless there are specific language constructs, the compiler can prove a given variable will not be accessed through its address (and therefore doesn't have to spill the register to memory.) That's a simple example, compiler optimizations and instruction scheduling are very complex topics.

Finally, I've always thought C syntax was harmful, because it's so easy to make a mistake, either through ignorance or simple typo ("=" vs "==").

I know experts can do amazing things in C. Aren't that may experts out there slinging code, and most of the software we use these days shows it!!

Comment Ada was always pretty easy to read (Score 2) 337

Even when the identifiers were in a foreign language... I worked for Siemens US research lab back in the '80s, and saw a fair amount of code that looked like

      for Untzelgerflekenzet in 1 .. Ausplotzenfargang loop
                  Geinengemacht (Zealer => Untzelgerflekenzet, Zugemacht => Sptizelgang);
      end loop;

(mostly made up German-sounding words there... I knew a bit of German, but the words you learn in high school German rarely made it into computer code.)

Slashdot Top Deals

If all the world's economists were laid end to end, we wouldn't reach a conclusion. -- William Baumol