Re: where exactly c++,c fail and Ada gets thru'

Ananth the Boss wrote:
we are developing safety critical software.my seniors say that c and
c++ are not suitable for safety critical software development and ada
is very much safe.NASA aslo uses Ada.at what point c++ or c turns to be
not suitable for devleloping flight software. i may be wrong also. can
any one give some more justifications for telling "ADA is safe" thanks
in advance

The Coding Standards for the Joint Strike Fighter
http://public.research.att.com/~bs/JSF-AV-rules.pdf
give you an idea of the kinds of safety problems recognized in both
C and C++.

For example, the standard prohibits the use of C-style arrays as
function parameters. The problem cited is the degeneration of an
array function argument into a pointer. The pointer provides no
information about the size of the array it points to. This problem
commonly leads to overflowing arrays. Accessing elements beyond
the end of an array is always problematic. The C standard explicitly
allows one to access one element beyond the end of an array to
support common practice in thousands of C programs. The C
standard indicates that accessing more than one beyond the end
of an array leads to undefined behavior.

Polymorphism is one of the heavily used features of C++.
Polymorphism intentionally makes it difficult to determine
which over-ridden version of a function will be called. Safety
critical software standards require the ability to statically determine
which function will be called. Polymorphism seriously
complicates such static analysis.

Neither C nor C++ provides any standard means for detecting
overflow or underflow of numeric types. C provides no way to
ensure that a numeric type uses only a valid set of values. C++
forces you to define a class wrapping the numeric value. You
must also provide all the range checking, resulting in a very
inefficient use of programmer time as well as processor time.
C++ allows you to define a restricted range integer class as a
template. It does not allow you to define a restricted range
floating point class because you cannot use floating point
values as template parameters.

There is no way in C++ to define a template class that achieves
the equivalent of:

type Normalized_Type is digits 10 range 0.0..1.0;

Jim Rogers

.

Relevant Pages

  • Re: Why C Is Not My Favourite Programming Language
    ... And the number of modules in Python 2.4's Global Module Index is 362. ... The PDP architecture ideals ... fflushcan't be used to flush the contents of standard ... But it's not foolish that in ksh if you refer to an array name ...
    (comp.lang.c)
  • Re: "<>", a relational operator?
    ... And in Standard C there are significant restrictions ... OTOH in BCPL and B pointers were ... has no whole array operations; if you want something done to all (or ... the Standard isn't vague at all -- this is specifically ...
    (comp.lang.fortran)
  • Re: why cannot assign to function call
    ... hypothetical C-like languages, ... sizeof business would still indicate that a pointer was being passed. ... talk about variables of an array type. ... the earlier version of the standard didn't have numbered ...
    (comp.lang.python)
  • Re: Crazy stuff
    ... >>and the C standard states that it has the type array of char. ... C does not define "memory areas" at all. ...
    (comp.lang.c)
  • Re: Rules for valid pointer deallocation
    ... Here, you pointer isn't ... the array section array_ref. ... The Fortran standard does not say that the whole array ...
    (comp.lang.fortran)