From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM autolearn=unavailable autolearn_force=no version=3.4.4 X-Received: by 2002:a24:528d:: with SMTP id d135-v6mr1311295itb.22.1524258973757; Fri, 20 Apr 2018 14:16:13 -0700 (PDT) X-Received: by 2002:a9d:3051:: with SMTP id w17-v6mr724041otd.11.1524258973524; Fri, 20 Apr 2018 14:16:13 -0700 (PDT) Path: eternal-september.org!reader01.eternal-september.org!reader02.eternal-september.org!feeder.eternal-september.org!aioe.org!feeder.usenetexpress.com!feeder-in1.iad1.usenetexpress.com!border1.nntp.dca1.giganews.com!nntp.giganews.com!f63-v6no1221499itc.0!news-out.google.com!u64-v6ni2176itb.0!nntp.google.com!k65-v6no1211573ita.0!postnews.google.com!glegroupsg2000goo.googlegroups.com!not-for-mail Newsgroups: comp.lang.ada Date: Fri, 20 Apr 2018 14:16:13 -0700 (PDT) In-Reply-To: <87604lvkqp.fsf@nightsong.com> Complaints-To: groups-abuse@google.com Injection-Info: glegroupsg2000goo.googlegroups.com; posting-host=76.113.16.86; posting-account=lJ3JNwoAAAAQfH3VV9vttJLkThaxtTfC NNTP-Posting-Host: 76.113.16.86 References: <1c73f159-eae4-4ae7-a348-03964b007197@googlegroups.com> <878t9nemrl.fsf@nightsong.com> <87h8o7lowg.fsf@nightsong.com> <8736zqkwat.fsf@nightsong.com> <6839088c-f221-4650-a6ea-1841ae539486@googlegroups.com> <1e5f5681-0e2a-43cc-9437-2bd38078da08@googlegroups.com> <87604lvkqp.fsf@nightsong.com> User-Agent: G2/1.0 MIME-Version: 1.0 Message-ID: <0bd80336-595a-45b6-b4e5-26c13d5859cb@googlegroups.com> Subject: =?UTF-8?B?UmU6IEhvdyB0byBnZXQgQWRhIHRvIOKAnGNyb3NzIHRoZSBjaGFzbeKAnT8=?= From: Shark8 Injection-Date: Fri, 20 Apr 2018 21:16:13 +0000 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Xref: reader02.eternal-september.org comp.lang.ada:51649 Date: 2018-04-20T14:16:13-07:00 List-Id: On Friday, April 20, 2018 at 11:41:23 AM UTC-6, Paul Rubin wrote: > Shark8 writes: > > for an Ada+VHDL IDE >=20 > Dan'l Miller also mentioned Ada+VHDL. What is it? I was meaning it in the sense of using both together, like saying OpenGL+Po= stScript for a hypothetical windowing-system. > Of course there is a well-known general resemblance between Ada and VHDL,= but I don't know of any meaningful composition of them. It's more than superficial: VHDL is an outgrowth of the DoD's VHIC (Very Hi= gh Speed Integrated Circuit) project. Had the proposed APSE come to fruition, I imagine a VHDL analog would have = been done either separately or [more likely] as an extension. (APSE links: = https://www.sciencedirect.com/science/article/abs/pii/0920548987900481 http= s://en.wikipedia.org/wiki/APSE ) > > - Written in 100% Ada; SPARK proving for the compiler-proper. >=20 > Why would you want to do that, when a ton of SPARK verification > conditions are about proving integer overflow safety, memory > boundedness, and other freedom from exceptions? E.g. I think it stops > you from using natural programming techniques like recursion (at least, > MISRA C does not allow recursion). That is all crucial for realtime > systems, but a compiler is not a realtime system. The need for correctness within the compiler is clear, and the only way tha= t scales with something as complex as a compiler is proving. (Extensive tes= ts simply aren't good enough.) > If you use CompCert's approach (use recursion and unbounded arithmetic > and automatic memory management in the compiler as much as you want, > prove that the compiler won't generate bad code, use ordinary software > testing to give reasonable assurance that the compiler doesn't crash, > and call it a day) you can probably save a heck of a lot of work. "Extraordinary testing" simply isn't good enough. > Is it even possible to guarantee that a compiler can accept every valid > program and also never crash? =20 In complete generality, no. (Because of the "and" in conjunction with physi= cal machine limitations.) > > If Ada programs can have nested > parenthesized expressions or begin/end blocks of arbitrary depth, then > any sane approach to parsing will eventually run out of memory if the > nesting is deep enough. HOWEVER; it is possible to detect this situation and shut down compilation = w/o corruption. Within the constraints of the physical machine [and bookkeeping mechanisms]= , it is possible to ensure every possible valid program is translatable int= o IR. > CompCert itself is already a magnificant feat. I have no idea whether a > fully proven compiler in SPARK is feasible at all. Has anyone ever done > anything like that? I don't know; I think there is some work in this area, but this is more 2nd= -hand info guessing. > > - Application of SPARK provers to VHDL. >=20 > Does anyone do that? There's some work on HDL verification but it uses > completely different approaches. Unknown; but it's possible that those same "completely different approaches= " could be applied to Ada as well.