From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 109fba,582dff0b3f065a52 X-Google-Attributes: gid109fba,public X-Google-Thread: 1014db,582dff0b3f065a52 X-Google-Attributes: gid1014db,public X-Google-Thread: 103376,bc1361a952ec75ca X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2001-08-02 15:59:00 PST Path: archiver1.google.com!newsfeed.google.com!newsfeed.stanford.edu!nntp.cs.ubc.ca!newsfeed.direct.ca!look.ca!newshub2.rdc1.sfba.home.com!news.home.com!news1.rdc2.on.home.com.POSTED!not-for-mail Message-ID: <3B69DB35.4412459E@home.com> From: "Warren W. Gay VE3WWG" X-Mailer: Mozilla 4.75 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 Newsgroups: comp.lang.ada,comp.lang.c,comp.lang.c++ Subject: Re: How Ada could have prevented the Red Code distributed denial of service attack. References: <3b690498.1111845720@news.worldonline.nl> <9kbu15$9bj@augusta.math.psu.edu> <9kbvsr$a02@augusta.math.psu.edu> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Date: Thu, 02 Aug 2001 22:58:59 GMT NNTP-Posting-Host: 24.141.193.224 X-Complaints-To: abuse@home.net X-Trace: news1.rdc2.on.home.com 996793139 24.141.193.224 (Thu, 02 Aug 2001 15:58:59 PDT) NNTP-Posting-Date: Thu, 02 Aug 2001 15:58:59 PDT Organization: Excite@Home - The Leader in Broadband http://home.com/faster Xref: archiver1.google.com comp.lang.ada:11149 comp.lang.c:71771 comp.lang.c++:79501 Date: 2001-08-02T22:58:59+00:00 List-Id: Dan Cross wrote: > > In article , > Daniel Fischer wrote: > >> Or is it that we're no longer hiding those design related defects behind > >> our programming errors? > > > >Don't think so. The more possible programming related defects you need to > >consider, the more you think about your design. > > Hmm. But as the minutia that we have to deal with goes away as > programming becomes more abstract, we are freed to concentrate more on > the design. I'd have thought that worrying about the programming > related defects took up so much time there was little left to worry > about the design. Though on the other hand, one can see that if > something is really hard to implement, folks will think really hard > about how to make it easier (and hence less error prone). > > Maybe the problem is that as our ability to deal with complexity goes > up, we feel compelled to build more complex systems ``because we > can.'' In other words, it's a two edged sword. > > - Dan C. The level of "complexity" is _indeed_ the root of a lot of difficulty in software today. There have been a number of attemps to solve this, some of which include: - BASIC - COBOL - PL/I - PASCAL - 4GL - Java etc. Each approach has their own ups and downs. Yet, if your program was as simple as : 01 OPEN FILE #1, "X" 02 WRITE #1,"A" 03 CLOSE FILE #1 it's simplicity is such that you can say, "I know it is perfect" (which of course assumes the compiler/interpreter is perfect). As you move beyond this level of complexity, it becomes increasingly difficult to vouch for the correctness of the program under all circumstances. The difficulty today is that software is not only larger (especially with GUI), but some of it has become distributed with CORBA/DCE/COM/DCOM/etc. Still, as developers, we are tasked with producing "quality software". Ada is an excellent language tool, which helps improve upon the quality of the software, while making the code "simpler", and more "readable". The quality/readability aspects have been addressed here, so, let's look at how it can simplify your life : Array bounds as you need them (C/C++ and Java still insist that you start at zero and work up). (PL/I could have different bounds too). No need to know pointer context (C/C++ require obj.attr or obj->attr depending upon what you have). The Ada compiler knows hows to do obj.attr regardless of the context. Records with discriminants : Ada lets you define records (structs) with varying size, according to the discriminant. C/C++ still must define a char [1], and purposely work outside the array bounds to suit. For an example, look at man msgsnd(2) (msgsnd(3) on BSD). They use the struct { long mtype; /* message type */ char mtext[1]; /* body of message */ } If the size of your message text varies, you must fake it in C/C++, by allocating for the largest message, but abusing the bounds of the mtext[] member array. It turns out however, this can be dealt with in C/C++ by defining a specific instance of this structure with the max size for mtext[]. _However_, if you had to include a 3rd member in this message, then you'd be forced to fake it, with ugly pointer magic, probably hidden inside of a macro to keep the code readable. For example, if you added a process ID in the message: struct { long mtype; /* message type */ char mtext[1]; /* body of message */ pid_t PID; /* Process ID */ } You'd now have to have a fixed mtext[] array size, or through some pointer magic, locate member PID. String form of enumerated values (in Ada), upon demand. In C/C++, you must provide this for yourself. (ie. if you have C enum { Idle, Waiting, Running } e; How do you print out the string representation of e?) Array slice assignment and comparison (in Ada). In C/C++, you must code this for yourself, in loops etc. In Ada, you can assign array slices as in A_Array(1..3) := B_Array(5..7). In C/C++, you'd have to depend upon a function, or code a loop. Attributes in Ada (like My_Array'Length). In C/C++ you must mess with the sizeof operator (which can fool you with physical size instead of logical size), or code it yourself with macros (constants in Java). And Ada does much much more ;-) There are simply a number of other little things that Ada does for you, which _simplifies_ your job as a developer. The point of this post is that Ada helps in the direction of _simplifying_ your software development. Combine that with a rigorous check of your code, you come up with a good and powerful combination. Given that it's *free* (GNAT), all you need to do is install it and try it. Act now, while the Internet supplies last! ;-) -- Warren W. Gay VE3WWG http://members.home.net/ve3wwg