Re: Study shows Ada tools ten times more costly

[dog.ee.lbl.gov!overload.lbl.gov!agate!howland.reston.ans.net!usc!cs.utexa s.edu!csc.ti.com!tilde.csc.ti.com!mksol!mccall@ucbvax.Berkeley.EDU (fred j mcc all 575-3539)]

In <C78BBy.CM2@taurus.cs.nps.navy.mil> shimeall@cs.nps.navy.mil (timothy shimea
ll) writes:

>Frankly, tools to do for C (to take an example) the types of analysis 
>cannonically done for Ada are going to be MUCH more expensive, due
>to the ambiguous syntax of C.  Consider my favorite C ambiguity:

It's not ambiguous at all.  It means exactly one thing.  It means that
p is a pointer to a pointer to a pointer to an int.  

>void proc(p)
>int ***p;
>{
>...
>}
>The first * in the declaration of p indicates that it is an in-out 
>parameter.  The second indicates that the in-out parameter is a
>single-dimenstioned array.  The third indicates that each array
>element accesses an integer.
>or
>p is an in parameter for a three-dimensional array of integer
>or
>p is an in-out parameter for a two-dimensional array of integer
>or
>... (any other interpretations?)

>Now consider the design of a tool that will perform bounds-checking
>on p, prior to run-time.

You can't ever do this in C, particularly with this type of
declaration.  It's not as if there is some law against giving the
array declaration form if that is what is intended.  Once again, it is
a case of the language not forcing people to do things a certain way
being seen as 'bad'.

This is simply a matter of doing the appropriate interface design,
which you would have to do in any language.  There *are* places where
C syntax is ambiguous, but this is hardly one of them.

-- 
"Insisting on perfect safety is for people who don't have the balls to live
 in the real world."   -- Mary Shafer, NASA Ames Dryden
------------------------------------------------------------------------------
Fred.McCall@dseg.ti.com - I don't speak for others and they don't speak for me.