Teaching new tricks to an old dog (C++ -->Ada)

[Jim Rogers]

The one remaining, does it support namespaces? What subset of the
procedural paradigm it does not support?

Ada support the concept of namespaces, but there is no reserved word
"namespace". Ada uses packages to provide encapsulation and namespace.
Packages have been part of the Ada language since its earliest version.

Packages normally appear in two parts. The package specification defines
the interface to the package. The package body contains the
implementation
of all subprograms, tasks, and protected objects declared in the
specification.

Here is a specification for a generic (aka template) package:

generic
type Target_Type is private;
Target_Size : Natural;
package Bit_Utils is
procedure Show_Bits(Item : Target_Type);
end Bit_Utils;


We know this is a generic package because of the reserved word
"generic". The two lines following "generic" define the
generic formal parameters for this package. In this case the
first parameter is a type and the second parameter is an
integer with a minimum value of 0. The package provides an
interface to a single procedure (similar to a function
returning void in C++) named Show_Bits that takes a
single parameter of the same type as the generic formal
type.

The body of this package is:

with Ada.Text_Io;
with Ada.Integer_Text_Io;
with System;
package body Bit_Utils is
type Bits_Array is array(Positive range <>) of Boolean;
pragma Pack(Bits_Array);

type Byte is mod 2**8;
type Byte_Array is array(Positive range <>) of Byte;
package Mod_Io is new Ada.Text_IO.Modular_IO(Byte);

procedure Show_Bits(Item : Target_Type) is
Bit_View : Bits_Array(1..Target_Size);
for Bit_View'Address use Item'Address;
Byte_View : Byte_Array(1..Target_Size / Byte'Size);
For Byte_View'Address use Item'Address;
begin
for I in Byte_View'range loop
Mod_Io.Put(Item => Byte_View(I), Width => 4);
end loop;
Ada.Text_IO.New_Line(2);
for I in Bit_View'range loop
Ada.Integer_Text_Io.Put(Item => Boolean'Pos(Bit_View(I)),
Width => 1);
if I mod System.Storage_Unit = 0 then
Ada.Text_IO.New_Line;
end if;
end loop;
end Show_Bits;
end Bit_Utils;

The first 3 lines begin with the reserved word "with".
Those lines declare a dependency upon the compilation units
following the word "with". In this case all three
compilation units are pre-defined packages.
We and the compiler know that this is a package body because
of the use of the phrase "package body" on the line 4.
This package body contains the implementation of the procedure
Show_Bits. It also contains three type definitions and the
instantiation of the generic package Ada.Text_IO.Modular_IO for
type Byte. Since none of these types are delcaled in the
package specification, they are invisible to any calling
entity. They are equivalent to C++ private types.

This package was used in a program with the following "main"
procedure:

with Bit_Utils;
with Ada.Text_Io;

procedure Bit_Output is
type My_Type is
record
Name : String (1 .. 4);
Age : Positive;
Weight : Long_Float;
end record;
package My_Bits is new Bit_Utils(My_Type,
My_Type'Size);
package Flt_Bits is new Bit_Utils(Long_Float,
Long_Float'Size);
Mt : My_Type := ("Jim ", 55, 0.45435);
D : Long_Float := 0.45435;
begin
Ada.Text_Io.Put_Line("Output of My_Type");
My_Bits.Show_Bits(Mt);
Ada.Text_Io.Put_Line("Output of Long_Float");
Flt_Bits.Show_Bits(D);
end Bit_Output;

The procedure Bit_Output serves the same purpose as does
"main" in C++. Note that Bit_Output is preceeded by two
context clauses. One declares a dependency on the Bit_Utils
package and the other declares a dependency on the
Ada.Text_IO package. Ada does not use a pre-processor.

The package Bit_Utils is instantiated for two different types
inside Bit_Output. Each instantiation is given a unique name,
prividing a unique namespace.

Also I saw that under severe constraints the run-time safety of the
language is better to be switched off.

If the program has been proved to be correct without the safety elements,
and there is a sufficient performance improvement, yes you should turn
off the run-time safety elements. You have control of the elements you
want to turn of through simple pragma statements.

I do not know much on the language, but can one define general-purpose
containers with Ada's generics that do range checking and throw an
exception when there is an attempt to access outside the boundaries of
the container, even if the aforementioned run-time safety is switched
off?

Yes you can. You can always program in your own checks manually.
The drawback of doing that is that you cannot simply turn them off
with a pragma, nor can the compiler so effectively optimize those
checks out of your program when they are unneeded.

Jim Rogers

 

[Wouter van Ooijen]

By way of example, someone in this thread posted an example using a

Day_of_Month type. It would never occur to a C programmer that the day of
the month was anything other than an integer.

C was the first language I used to write moderately large programs,
and I was always annoyed by the fact that the compiler could not help
me distinguish integers that represented different things. Maybe that
disqualifies me as a C programmer?


Wouter van Ooijen

-- ------------------------------------
http://www.voti.nl
Webshop for PICs and other electronics
http://www.voti.nl/hvu
Teacher electronics and informatics

 

[Wouter van Ooijen]

You can do everything in Ada that you can in C and C++. It is more

work in Ada to "force" things together than in C++. So Ada is not as
forgiving, when you have a bad design to begin with.

I am not sure I agree fully, but it sounds like a good thing: Ada as
bad-design filter!


Wouter van Ooijen

-- ------------------------------------
http://www.voti.nl
Webshop for PICs and other electronics
http://www.voti.nl/hvu
Teacher electronics and informatics

 

[Wouter van Ooijen]

You can do everything in Ada that you can in C and C++.

Computationally speaking you can do everything in 'real' serious
language. So for the above statement to have real meaning it needs to
be much moer specific.

I suppose you mean in the application-programming domain. But I do not
think this is true in the systems programming domain, that is
efficiency under *severe* run-time and space constraints.

No problem with Ada.

Also I am not sure if ADA is suitable for library writing, or you will
have to switch to another language to do that.

I don't see why you would want to use another language?


Wouter van Ooijen

-- ------------------------------------
http://www.voti.nl
Webshop for PICs and other electronics
http://www.voti.nl/hvu
Teacher electronics and informatics

 

[Wouter van Ooijen]

Out of curiosiy, could you give some few examples where Ada catches faults

not found by a C++ compiler. I assume - of course - code written in modern
C++: no casts, functions instead of macroes, a limited use of pointers and
so on.

Your 'of course' requires some tool (preferrably automated) that
ensures that only the 'safe' subset of C++ is used. In effect this
creates a new language.


Wouter van Ooijen

-- ------------------------------------
http://www.voti.nl
Webshop for PICs and other electronics
http://www.voti.nl/hvu
Teacher electronics and informatics

 

[Wouter van Ooijen]

My conclusion is that there are some nice ideas out there, but that they

mainly protect against the "sloppy" programmer.

You are absolutely right.

The point that you are probably missing is that *everyone* is a sloppy
programmer every once in a while. The frequency of this sloppiness of
course varies, but it is never zero. So every sloppy mistake caught by
the compiler is a good thing.


Wouter van Ooijen

-- ------------------------------------
http://www.voti.nl
Webshop for PICs and other electronics
http://www.voti.nl/hvu
Teacher electronics and informatics

 

[Wouter van Ooijen]

Once again, I have nothing against learning Ada, however personally I

like the most powerful languages. The next thing I am going to learn
after C++ (because I haven't learned it all yet), is probably some form
of assembly language.

If you want to realy broaden your perspective I would suggest
something in the lazy-functional field like Haskell.


Wouter van Ooijen

-- ------------------------------------
http://www.voti.nl
Webshop for PICs and other electronics
http://www.voti.nl/hvu
Teacher electronics and informatics

 

[Wouter van Ooijen]

What other mechanism would you suggest?

Termination of the program. Some might argue that they can't tolerate such
an event. But can such an environment tolerate a faulty running program?

Imagine a space rocket 1 second after launch. Terminating the control
program means the rocket will probably topple and destroy the launch
site. And exception raised + caught can try to use and alternative
algorithm, or any other means to continue as best as possible.

Note: the first Ariane 5 launch was a failure roughly because the
(Ada!) code was (out of necessity) written without exception handling.
(The real story is a bit longer, and explains that this was *not* a
software failure - it was a mangagement misjudgement).


Wouter van Ooijen

-- ------------------------------------
http://www.voti.nl
Webshop for PICs and other electronics
http://www.voti.nl/hvu
Teacher electronics and informatics

 

[Wouter van Ooijen]

Ada can teach C++ how to do templates properly.

I am definitely an Ada fan, but C++ templates are much much more
powerfull. AFAIK C++ is the only language in which you can create a
'unit' based type system that is almost fully compile-time checked.


Wouter van Ooijen

-- ------------------------------------
http://www.voti.nl
Webshop for PICs and other electronics
http://www.voti.nl/hvu
Teacher electronics and informatics

 

[Wouter van Ooijen]

In my book that was a management bug - If the managers had ordered to run

the testsuite only once the problem would have shown. The hardware was so
incompatible it would have failed all the time.

I assume you do know that it was not the computer hardware but the
phyiscal paremeters (acceleration) of the rocket itself?

Last not least: Runtime check where disabled for that incident. So if
anything: this incident speak in favor of runtime checks.

They were disabled in the Ariane 4 software after it was *proven* that
the exceptions could simply not occur on an Ariane 4. If the runtime
checks were not disabled the software would not fit so the rocket
would not fly. I am not sure that's the preferrable alternative.

If this accident speaks for anything IMHO it speaks for sensible
management. Which is apparently a problem on both sides of the ocean



Wouter van Ooijen

-- ------------------------------------
http://www.voti.nl
Webshop for PICs and other electronics
http://www.voti.nl/hvu
Teacher electronics and informatics

 

[Wouter van Ooijen]

It's kind of like driving. You can get into a lot of trouble if you do not

follow the traffic laws (you just have to obey the physicla ones ;-), but so
long as you do driving is a fairly safe practice.

Yet modern cars have many 'assist' features that try to prevent
dangerous behaviour of the driver. I know I have to brake
'oscillating' (forgive my language - feel free to try Dutch), but I am
glad my brake system will do it for me in the split second that I see
that car in front of me standing still.


Wouter van Ooijen

-- ------------------------------------
http://www.voti.nl
Webshop for PICs and other electronics
http://www.voti.nl/hvu
Teacher electronics and informatics

 

[Wouter van Ooijen]

Although I attempt to drive safely, I also rely on seat belts and air

I hope we all do. What i meant to say was that using a seat belt isn't an
excuse to drive on the wrong side of the road.

It think what you say translates to 'driving on the right side of the
road is a propper excuse for not using the seat belt'?


Wouter van Ooijen

-- ------------------------------------
http://www.voti.nl
Webshop for PICs and other electronics
http://www.voti.nl/hvu
Teacher electronics and informatics

 

[Martin Dowie]

I am definitely an Ada fan, but C++ templates are much much more
powerfull. AFAIK C++ is the only language in which you can create a
'unit' based type system that is almost fully compile-time checked.

There is are various ways of doing this in Ada just now but they are not
zero-cost. A new way nearly made it into the Ada2005 standard, but was
going to take too long to 'get right' so it was dropped. Might be looked
at again for the 5-year ISO 'mini' revision. I hope so anyway.

Cheers

-- Martin

 

[Peter Koch Larsen]

You are absolutely right.

The point that you are probably missing is that *everyone* is a sloppy
programmer every once in a while. The frequency of this sloppiness of
course varies, but it is never zero. So every sloppy mistake caught by
the compiler is a good thing.


Wouter van Ooijen

-- ------------------------------------
http://www.voti.nl
Webshop for PICs and other electronics
http://www.voti.nl/hvu
Teacher electronics and informatics

Which is why other means are needed for quality software. Rigorous testing
and code reviews come to mind.

/Peter

 

[Wes Groleau]

Compile time with every Ada compiler I've used.

What do you both of you mean by compile-time?

Any compliant Ada-83 or Ada-95 compiler can have generics
nested inside of subprograms whose parameters vary according
to run-time parameters or computed values from a higher scope.

--
Wes Groleau

People would have more leisure time if it weren't
for all the leisure-time activities that use it up.
-- Peg Bracken

 

[Wes Groleau]

I hope we all do. What i meant to say was that using a seat belt isn't an
excuse to drive on the wrong side of the road.

<sarcasm type="parody>

But who the #$%^& would want to live anywhere
where somebody else tells you what side of the
road you HAVE to drive on?

And only an incompetent driver would buy a car
that was unable to drive on the wrong side of the road!

</sarcasm>

 

[jimmaureenrogers]

"Wouter van Ooijen (www.voti.nl)" <[email protected]> skrev i en meddelelse

You are absolutely right.

The point that you are probably missing is that *everyone* is a sloppy
programmer every once in a while. The frequency of this sloppiness of
course varies, but it is never zero. So every sloppy mistake caught by
the compiler is a good thing.

[snip]

Which is why other means are needed for quality software. Rigorous testing
and code reviews come to mind.

Ada does not replace rigorous testing or code reviews. It supplements
them. Code reviews are extremely helpful. They also consume a lot of
time for the development team when they are done well. It is best to
remove as many silly errors from the code through automatic analysis
before exposing the code to developers for review.

I have never worked in an organization where code was judged ready for
review if it had not already produced a clean compile, with no warnings
or errors. When doing C code this meant also passing lint with no
errors or warnings.

The Ada compiler effectively combines the error messages common to a
good C compiler with the error and warning messages common to a good
lint tool. When you get a clean compile from an Ada compiler you are
ready to expose your code to others for a code review.

Jim Rogers

 

[Wes Groleau]

But as I said, not impossible. I have a regex generic which can be
instanciated for character and wide character strings and basicly any other
descreed type you want to run regular expressing over.

Is that for sale or open-source or not available?

 

[Paul E. Bennett]

Even I admit to having my sloppy moments. Fortunately they don't last too
long and reviews and/or testing catch those moments before they progress
very far.

Which is why other means are needed for quality software. Rigorous testing
and code reviews come to mind.

Something that some people here seem not able to accept because they
believe in the absolute protectiveness of their compiler.

--
********************************************************************
Paul E. Bennett ....................<email://[email protected]>
Forth based HIDECS Consultancy .....<http://www.amleth.demon.co.uk/>
Mob: +44 (0)7811-639972
Tel: +44 (0)1235-811095
Going Forth Safely ....EBA. http://www.electric-boat-association.org.uk/
********************************************************************

 

[Paul E. Bennett]

Ada does not replace rigorous testing or code reviews. It supplements
them. Code reviews are extremely helpful. They also consume a lot of
time for the development team when they are done well. It is best to
remove as many silly errors from the code through automatic analysis
before exposing the code to developers for review.

Thanks for that Jim. At least you seem to have been the first (assumed)
Ada user that has admitted that the compiler is not the final arbiter.

I have never worked in an organization where code was judged ready for
review if it had not already produced a clean compile, with no warnings
or errors. When doing C code this meant also passing lint with no
errors or warnings.

The Ada compiler effectively combines the error messages common to a
good C compiler with the error and warning messages common to a good
lint tool. When you get a clean compile from an Ada compiler you are
ready to expose your code to others for a code review.

At least code which passes such a hurdle is in a more reasonable state than
code which has not passed this threshold. I would also hope that you are
not waiting for all the code to pass this hurdle but are compiling,
reviewing and testing on a fairly continuous basis, submitting the code
that passes compile, review and unit testing into the stock for integration
and system testing.

--
********************************************************************
Paul E. Bennett ....................<email://[email protected]>
Forth based HIDECS Consultancy .....<http://www.amleth.demon.co.uk/>
Mob: +44 (0)7811-639972
Tel: +44 (0)1235-811095
Going Forth Safely ....EBA. http://www.electric-boat-association.org.uk/
********************************************************************