From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=unavailable autolearn_force=no version=3.4.4 X-Received: by 2002:a6b:3c0e:: with SMTP id k14-v6mr3795777iob.105.1530847955650; Thu, 05 Jul 2018 20:32:35 -0700 (PDT) X-Received: by 2002:a54:4e94:: with SMTP id c20-v6mr1942465oiy.5.1530847955320; Thu, 05 Jul 2018 20:32:35 -0700 (PDT) Path: eternal-september.org!reader01.eternal-september.org!reader02.eternal-september.org!feeder.eternal-september.org!feeder4.usenet.farm!feed.usenet.farm!feeder.usenetexpress.com!feeder-in1.iad1.usenetexpress.com!border1.nntp.dca1.giganews.com!nntp.giganews.com!g2-v6no158163itf.0!news-out.google.com!l67-v6ni3260itl.0!nntp.google.com!d7-v6no3236691itj.0!postnews.google.com!glegroupsg2000goo.googlegroups.com!not-for-mail Newsgroups: comp.lang.ada Date: Thu, 5 Jul 2018 20:32:35 -0700 (PDT) In-Reply-To: <2f5e4ce0-94e8-4b94-9da7-045ec90a9b22@googlegroups.com> Complaints-To: groups-abuse@google.com Injection-Info: glegroupsg2000goo.googlegroups.com; posting-host=47.185.195.62; posting-account=zwxLlwoAAAChLBU7oraRzNDnqQYkYbpo NNTP-Posting-Host: 47.185.195.62 References: <856189aa-fa00-4960-929e-174f352310ad@googlegroups.com> <2718c8d4-5f35-4fd8-a1aa-1e60069a7a5d@googlegroups.com> <39fce60c-9f56-42fb-b679-fa08810b00ee@googlegroups.com> <3701bf07-89a5-4cb0-a704-5aebb589ca79@googlegroups.com> <2f5e4ce0-94e8-4b94-9da7-045ec90a9b22@googlegroups.com> User-Agent: G2/1.0 MIME-Version: 1.0 Message-ID: <9bb99fb4-b9c7-4516-97b5-da41466e96be@googlegroups.com> Subject: Re: Teaching C/C++ from Ada perspective? From: "Dan'l Miller" Injection-Date: Fri, 06 Jul 2018 03:32:35 +0000 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Xref: reader02.eternal-september.org comp.lang.ada:53680 Date: 2018-07-05T20:32:35-07:00 List-Id: On Tuesday, July 3, 2018 at 3:00:27 AM UTC-5, Maciej Sobczak wrote: > > Overtly declaring the range of integers over which this portion of code= operates can be a key portion of eliminating all variants of the overflow/= overrun vuln(erabilitie)s that worms utilize as their attack vector to inse= rt machine code. > ... > > But never mind SEI software engineering principles, eh? >=20 > So can you kindly point me to where exactly SEI recommends defining integ= er range types ... Maciej, I'll see your integer range types as software-engineering principle= s emanating from the SEI team at CMU, and raise you one Tartan in 1978. Th= e integer ranges as constant attributes on integer (or, indeed, on any scal= ar type) comes not merely from the various team members, but from the impri= matur of William A. Wulf himself, the founder-progenitor-anchor-pillar of t= he entire software-engineering team at CMU. The Software Engineering Institute was formed on 14 November 1984. Prior t= o the official formation of the SEI, William Wulf's team were a DoD-support= ed research contractor at Carnegie Mellon University. The DoD High-Order L= anguage Working Group (HOLWG) authored a series of -man requirements for HO= LWG's new language: strawman, woodenman, tinman, ironman, steelman. Ironm= an and Steelman were issued to the {Yellow, Blue, Red, Green} color teams t= o design a language that conforms to the Ironman-at-first and then-Steelman= requirements. Steelman requirements added a brand-new requirement that ha= d no precursor in Ironman: =E2=80=9C3-1C. Numeric Variables. The range of each numeric variable must b= e specified in programs and shall be determined by the time of its allocati= on. Such specifications shall be interpreted as the minimum range to be imp= lemented and as the maximum range needed by the application. Explicit conve= rsion operations shall not be required between numeric ranges.=E2=80=9D https://en.wikisource.org/wiki/Steelman_language_requirements But notably (and the ultimate SEI/CMU answer to your question) there were 2= pre-disqualified noncolor/noncompetitor language designs that had a extra-= special relationship with HOLWG: Tartan from the pre-SEI team at CMU and -= 75+15PL/I from IBM. http://archive.adaic.com/pol-hist/history/holwg-93/holwg-93.htm As mentioned in the 2nd paragraph below Figure 9, Tartan was an apparent wo= rdplay on the color-naming of the 4 official competitors; tartan is a speci= fic kind of plaid in William Wulf's ancestral Scotland. -75+15PL/I was PL/= I with 75% of PL/I removed and a new 15% added. HOLWG issued Ironman requi= rements to CMU and IBM to design a language from Ironman, and harshly criti= que whether Ironman was on-track or off-track. HOLWG utilized the language= definitions (including the language designers' insights and criticisms) th= at they got back from Tartan and -75+15PL/I to author their Steelman requir= ements as a definitive improvement over their Ironman requirements. https://ia800804.us.archive.org/7/items/DTIC_ADA062815/DTIC_ADA062815.pdf In =C2=A71.7 Unresolved Issues, the =C2=A71.7.3 Definition of Integers over= tly recommends the content that became Steelman's new 3-1C requirement: =E2=80=9CIn the reference manual we chose fIxed as a primitive and defined = lnt as a special case by choosing attributes appropriately. We believe it i= s possible to treat int as primitive and define Fixed as nonprlmative by as= sociating =E2=80=A2range=E2=80=A2/precision bookkeeplng with the operations= .=E2=80=9D [Operations were Tartan's jargon for compile-time definitions o= f the values of the attributes of types.] [Btw, Dmitry, you & your Steelman 3-3F-esque compile-time constant tag attr= ibutes for untagged types should pay especial attention henceforth, because= , had more of Tartan made it into Steelman and thus into Green/Ada, then yo= u yourself [not language designers] would have been able to define your own= compile-time constant tag attributes for =E2=80=A2any=E2=80=A2 type. In t= he form of a standard library of Tartan-esque type compile-time operations,= you would have had your tags for untagged types feature in a hypothetical = more-Tartan-influenced Ada83+ almost 4 decades ago.] In =C2=A71.5.6 Definition of Types, we see:: =E2=80=9CA =E2=80=A2=E2=80=A2user=E2=80=A2=E2=80=A2 may introduce a new typ= e into his program with a type deflation. The type definition itself merely= introduces the and defines the representation of the type. Ope= rations are introduced by writing routines whose formal parameters are of t= he newly-dsflned type. =E2=80=A6 =C2=B6A type definition may be paremeterized with =E2=80=A2attributes=E2=80= =A2. The bindings in the formal parameter list must be =E2=80=A2const=E2=80= =A2 or mamfest. If a is omitted, it will be assumed to be const[,= =E2=80=A2Dmitry=E2=80=A2]. The names of the formal parameters of the type = are available throughout the elaboration of the program as =E2=80=A2constan= ts=E2=80=A2 [just as in Steelman requirement 3-3F], called =E2=80=A2attribu= tes=E2=80=A2 [just as they later became known in Ada]. They are accessed by= treating the as a =E2=80=A2record=E2=80=A2[, Dmitry] and the t= ype attribute as a [Steelman 3-3F-compliant] =E2=80=A2const=E2=80=A2 field.= Attributes for primitive types are given as part of the type definitions [= just as they later became in Ada].=E2=80=9D So there we have it, almost* precisely as Maciej requested: constant compile-time attributes for integer (and fixed-point) ranges (and = precision) from Carnegie Mellon University's DoD computer-science research = team that a few years later named themselves Software Engineering Institute= feeding directly into the requirements document that is to measure the amo= unt of software-engineering-ness present in any programming language. * just without mentioning C++ by name, mainly because C++ didn't exist yet = (nor did C with Classes), because C++ hadn't mimicked Ada to this degree un= til a half to full decade later Btw, Maciej, Steelman requirements are governing any programming language t= hat purports to be a software-in-the-large software-engineering language, C= ++ included. How well does 1990s-era {Ada95, C, C++, Java, Pascal}, and 2010s-era {D, Ru= st, Parasail} measure up against Steelman's software-engineering requiremen= ts? https://www.dwheeler.com/steelman/steeltab.htm http://jedbarber.id.au/steelman.html