From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-0.9 required=5.0 tests=BAYES_00,FORGED_GMAIL_RCVD, FREEMAIL_FROM autolearn=no autolearn_force=no version=3.4.4 X-Google-Thread: 103376,c406e0c4a6eb74ed X-Google-Attributes: gid103376,public X-Google-Language: ENGLISH,ASCII-7-bit Path: g2news1.google.com!postnews2.google.com!not-for-mail From: kevin.cline@gmail.com (Kevin Cline) Newsgroups: comp.lang.ada Subject: Re: ADA Popularity Discussion Request Date: 8 Sep 2004 19:52:36 -0700 Organization: http://groups.google.com Message-ID: References: <49dc98cf.0408110556.18ae7df@posting.google.com> <6F2Yc.848$8d1.621@newsread2.news.pas.earthlink.net> <1094529422.982635@yasure> <_xl%c.431$xA1.301@newsread3.news.pas.earthlink.net> NNTP-Posting-Host: 24.219.97.214 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Trace: posting.google.com 1094698377 18089 127.0.0.1 (9 Sep 2004 02:52:57 GMT) X-Complaints-To: groups-abuse@google.com NNTP-Posting-Date: Thu, 9 Sep 2004 02:52:57 +0000 (UTC) Xref: g2news1.google.com comp.lang.ada:3524 Date: 2004-09-08T19:52:36-07:00 List-Id: "Richard Riehle" wrote in message news:<_xl%c.431$xA1.301@newsread3.news.pas.earthlink.net>... > Much has been said, in this forum, about the wonders of test-driven > design in dynamically-typed languages as a benefit to on-going change > in a program. The original question was "Why isn't Ada more popular?" For general non-safety critical applications, there is now some question whether the benefits of static typing outweigh the cost. For the class of applications you are interested in, I would want to use a language that allowed me to most easily prove program correctness. But a relatively small number of programmers write those applications. > Engineering is concerned with design. Engineeering prefers, as much as > possible, settled knowledge rather than a continual test-debug model. > We try to get the design as close to correct early, even testing parts of > it along the way as we build it. However, testing every aspect of the > design is not always possible. In particular, as the deployed design > is required to deal with the real world, it must be able to adapt itself > to the unexpected. > > Let me give you an example. In am system I know something about, > one with a large number of components, a programmer included a > routine that had a built-in constraint (not a type constraint), in the > form of an if ... end if statement. The constraint was cleverly > written and the language in use was not strongly typed, so the > programmer could use long (as in long integer) as a reasonable > data type for his algorithmic mischief. I say mischief because > that was what it was, a small time-bomb intended to crash the > program long after he resigned and went on to another job. It might be possible to build a system to fail-safe in one component or another, but there is no software defense against buggy code, whether introduced deliberately or inadvertently. Even if the function returned a value in range it could have been written to return an incorrect value for certain inputs. For a great many applications, crashing is preferable to incorrect output. > No amount of testing would have caught this. No, but an inspection could have and should have. > Experienced software designers could easily relate many more > such stories. I don't have much experience with sabotaging programmers, but have a lot of experience with code that is just wrong. Some of it was Ada code. I found out that it is extremely difficult to write code and then test it, although coverage analysis helps. I've found that writing tests and then coding to meet them works better. At least you are forced to think very clearly about exactly what it is you are trying to do before you start doing it, and you have a clear indication of when you are done.